Institute for Advanced Studies 16 th June 2010 Digital Triage
|
|
- Imogen Heath
- 5 years ago
- Views:
Transcription
1 Institute for Advanced Studies 16 th June 2010 Digital Triage Mike Dickson Forensic Analyst SCDEA e-crime
2 What Is Triage?
3
4 Three Casualty States Those who are likely to live, regardless of what care they receive Those who are likely to die, regardless of what care they receive; Those for whom immediate care might make a positive difference in outcome.
5 Triage is a means of prioritising tasks and allocating limited resources It is also NOT an exact science
6 The expression has other uses too, such as in banking to assess debt management: Good debt which is not a risk Manageable debt which needs assistance
7 The expression has other uses too, such as in banking to assess debt management: And toxic debt which anyone with any sense in their head would know could never be repaid no matter how much help you gave them.
8 The expression is also used in terms of gathering digital evidence at the scene Computers from which we know we have to gather evidence regardless Computers we definitely do not want to take Computers that we might want to take Triage establishes the last two categories
9 A triage may not be needed always if there is little material to take
10 Way Back A house used to have a PC Now there are generally multiple computers plus old ones plus the childrens computers plus laptops plus netbooks plus other joys such as iphones, Blackberries, hundreds of writeable CDs, DVDs, pen drives, media cards All likely with substantial data capacity and requiring to be forensically copied and examined
11 But What If.
12 What Does Digital Triage Give To Us? The ability to be selective about what items are taken that the scene of a search This allows us to manage to flow of items requiring examination This speeds up the overall examination process Ideally, triage can be run by persons who are unskilled in computer forensics
13 More Importantly it helps to avoid backlogs
14 How Does Digital Triage Work In Practice? Triage software is introduced to a suspect system The software has been preconfigured with information pertinent to the case, e.g. key words, hash values, file names The software conducts its search on the target and gives a simple YES/NO equivalent to say whether or not it has found anything of interest.
15 Considerations Triage has to run on the actual suspect system. This comes with all the usual disclaimers about the possibility of altering files, etc. However, as the computer being examined is not yet an exhibit we are trying to establish whether it is or not - then it follows that the examination of the system live is not fatal to the enquiry. The ACPO guidelines are only a guide; they were never drawn up with anything like triage (or massive backlogs) in mind.
16 Considerations The manufacturers of triage products should be able to articulate exactly what forensic impact their product has on any computer system on which it runs. Naturally, this should be minimised! There is little need for triage products to alter much other than the last accessed times on files it checks and perhaps a few registry entries showing that an external device (USB etc) has been introduced to the target system.
17 Some Triage Tools Currently Available ADF Triage ID (requires a bootable CD and a USB attached for output) Evidence Talks SPEKTOR (stand-alone, close to a forensic tool, rather pricey) EnCase Portable Field Search (USB software, geared for registered sex offender examinations) Helix (boots from CD, complicated interface)
18 I have reservations about them all! Most are quite complicated to use Some are so complicated (ahem like Helix) that they would require some form of training course, which will only add to the cost Not all of them are even user programmable; they make assumptions about what it is you are after!
19 So I Designed My Own Simple to use, runs straight off a USB pen drive which can be removed before the program has completed. Comes with a tool that will configure the pen drive and software for the types of files it should search and the keywords it is looking for Hash values in a binary tree (up to maybe 10,000 of them, perhaps more) Has a list of words to search for in file names Has a further list of file types we may be interested in (File sharing? Root kits? Wiping Tools? Accounts software?) Detects container data encryption Outputs the result in a simple way
20 What Can t Triage Do? It can t make your existing backlog disappear If you have taken the item then it s an exhibit and there is less excuse for running live tools on it More forensically secure tools are close to being a forensic examination so you may as well do it properly.
21 As said before TRIAGE IS NOT AN EXACT SCIENCE Unlike hindsight
22
23
24
25 Questions? Mike Dickson Forensic Analyst SCDEA e-crime
Guide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations
Guide to Computer Forensics and Investigations Fourth Edition Chapter 2 Understanding Computer Investigations Objectives Explain how to prepare a computer investigation Apply a systematic approach to an
More informationCybersecurity For The Small Business & Home User ( Geared toward Windows, but relevant to Apple )
Cybersecurity For The Small Business & Home User ( Geared toward Windows, but relevant to Apple ) Topics: Antivirus / DSSO/ Email Computer Backups Security On The Go Mobile Safety Your first line of defense
More informationMilitary Forensics COLLECT, EXPLOIT, AND REACT IN THE FIELD
Military Forensics COLLECT, EXPLOIT, AND REACT IN THE FIELD Military Forensics : COLLECT, EXPLOIT, AND REACT IN THE FIELD 2 Collect, Exploit, and React in the Field Timely access to battlefield intelligence
More information10/13/11. Objectives. Live Acquisition. When do we consider doing it? What is Live Acquisition? The Order of Volatility. When do we consider doing it?
Live Acquisition Objectives Understand what Live Acquisition is and when it is appropriate Understand the concept of Order of Volatility Understand live acquisition issues and limitations Be able to perform
More informationQuick Preview of Drives Using Autopsy
Quick Preview of Drives Using Autopsy Ann Priestman Wifi: HyattMTG Access Code: osdfcon Motivation You want to be able to make a quick decision when faced with a lot of data o Doing a knock and talk. Want
More informationMFP: The Mobile Forensic Platform
MFP: The Mobile Forensic Platform Abstract Digital forensics experts perform investigations of machines for triage to see if there is a problem, as well as to gather evidence and run analyses. When the
More informationTesting the Date Maintenance of the File Allocation Table File System
Abstract Testing the Date Maintenance of the File Allocation Table File Tom Waghorn Edith Cowan University e-mail: twaghorn@student.ecu.edu.au The directory entries used in the File Allocation Table filesystems
More informationComputer Forensic Capabilities. Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice
Computer Forensic Capabilities Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice Agenda What is computer forensics? Where to find computer evidence Forensic
More informationCandidates will also develop competence in using a variety of mobile systems.
National Unit specification: general information Unit code: H1T1 11 Superclass: CB Publication date: July 2012 Source: Scottish Qualifications Authority Version: 01 Summary The purpose of this Unit is
More informationCyber Chain of Custody. Acquisition. Cyber Chain of Custody. Evidence Dynamics and the Introduction of Error. Must Be Proven!
Acquisition Cyber Chain of Custody Week 2 Protect the data from the Investigator Cyber Chain of Custody Cyber Chain of Custody Just like regular evidence, e- evidence must adhere to a Chain of Custody
More informationIntroduction to Volume Analysis, Part I: Foundations, The Sleuth Kit and Autopsy. Digital Forensics Course* Leonardo A. Martucci *based on the book:
Part I: Foundations, Introduction to Volume Analysis, The Sleuth Kit and Autopsy Course* Leonardo A. Martucci *based on the book: File System Forensic Analysis by Brian Carrier LAM 2007 1/12h Outline Part
More informationDigital Forensics Lecture 01- Disk Forensics
Digital Forensics Lecture 01- Disk Forensics An Introduction to Akbar S. Namin Texas Tech University Spring 2017 Digital Investigations and Evidence Investigation of some type of digital device that has
More informationDigital Forensics Validation, Performance Verification And Quality Control Checks. Crime Scene/Digital and Multimedia Division
Validation, Performance Verification And Quality Control Checks 5. VALIDATION, PERFORMANCE VERIFICATION AND QUALITY CONTROL CHECKS 5.1. Purpose 5.1.1. The purpose of this procedure is to establish guidelines
More informationHigher National Unit specification: general information. Computing: PC Hardware and Operating Systems Essentials
Higher National Unit specification: general information Unit code: H17E 34 Superclass: CA Publication date: March 2012 Source: Scottish Qualifications Authority Version: 01 Unit purpose This Unit is designed
More informationDigital Forensics at a University. Calvin Weeks Director, Oklahoma Digital Forensics Lab University of Oklahoma
Digital Forensics at a University Calvin Weeks Director, University of Oklahoma Calvin Weeks Director, Former Director of IT Security Certified EnCASE Examiner (EnCE) VP of the local chapter of HTCIA Co-Chair
More informationCourse 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationDOWNLOAD PDF CREATOR FOR WINDOWS 8 64 BIT
Chapter 1 : Media Creation Tool x64 - Windows 8 Downloads If you need to install or reinstall Windows, you can use the tools on this page to create your own installation media using either a USB flash
More informationRequirements for Forensic Photography & Imaging Certification (08/2017)
Requirements for Forensic Photography & Imaging Certification (08/2017) A. General Requirements 1. An applicant for certification must possess a high ethical and professional standing. 2. All applicants
More informationCSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak
CSN08101 Digital Forensics Lecture 6: Acquisition Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Objectives Storage Formats Acquisition Architecture Acquisition Methods Tools Data Acquisition
More informationNIST CFTT: Testing Disk Imaging Tools
NIST CFTT: Testing Disk Imaging Tools James R. Lyle National Institute of Standards and Technology Gaithersburg Md. 20899-8970 1. Introduction There is a critical need in the law enforcement community
More informationHigher National Unit specification: general information. Computing: PC Hardware and Operating Systems Support
Higher National Unit specification: general information Unit code: H17F 34 Superclass: CA Publication date: March 2012 Source: Scottish Qualifications Authority Version: 01 Unit purpose This Unit is designed
More informationHigher National Unit specification: general information
Higher National Unit specification: general information Unit code: FR22 35 Superclass: CB Publication date: August 2011 Source: Scottish Qualifications Authority Version: 01 Unit purpose This purpose of
More informationUnit title: IT in Business: Advanced Databases (SCQF level 8)
Higher National Unit Specification General information Unit code: F848 35 Superclass: CD Publication date: January 2017 Source: Scottish Qualifications Authority Version: 02 Unit purpose This unit is designed
More information24) Type a note then click the OK button to save the note. This is a good way to keep notes on items of interest.
23) Click File Analysis Tab - This allows forensic investigators to look for files on the system as they would on a regular system. Key file attributes are provided to assist the investigator (file size,
More informationFIRST RESPONDER FORENSICS
FIRST RESPONDER FORENSICS or Can I Pull the Plug Now? Mick Walsh Special Agent United States Secret Service Miami Electronic Crimes Task Force THE U.S. SECRET SERVICE Created in 1865 at the end of the
More informationManual Java Install Mac Os X Mountain Lion From Usb
Manual Java Install Mac Os X Mountain Lion From Usb I uninstalled java 8 on Mac OSX 10.8.2 and tried installing Java 7, but the installation failed. I put the Java 8 installer on a usb and tried installing
More informationRE-ISSUE OF INVITATION FOR BIDS IN TWO BID SYSTEM FOR PROCUREMENT, INSTALLATION, MAINTENANCE AND TRAINING OF PORTABLE FORENSIC KITS AT MUMBAI.
Request for proposal (RFP) Ref no;- Dated: 25 th September,2017 RE-ISSUE OF INVITATION FOR BIDS IN TWO BID SYSTEM FOR PROCUREMENT, INSTALLATION, MAINTENANCE AND TRAINING OF PORTABLE FORENSIC KITS AT MUMBAI.
More informationIncident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationData Privacy Breach Policy and Procedure
Data Privacy Breach Policy and Procedure Document Information Last revision date: April 16, 2018 Adopted date: Next review: January 1 Annually Overview A privacy breach is an action that results in an
More informationWhy You Should Not Use Arch
Why You Should Not Use Arch A new users guide to highly personalized, low maintenance operating system. Artur Frącek CC BY-NC-ND 4.0 1 Intro Arch is a very good Linux distribution so it is not a surprise
More informationIncident Response & Forensic Best Practice. Cyber Attack!
Incident Response & Forensic Best Practice Cyber Attack! Overview Incident Response Forensic Requirement / Evidence Handling Investigative Steps Log Interpretation Advanced Correlation For Traceability
More informationSQA Advanced Unit specification: general information
SQA Advanced Unit specification: general information Unit title: Routing Technology Unit code: HP1J 48 Superclass: CB Publication date: August 2017 Source: Scottish Qualifications Authority Version: 01
More informationCandidates will also be given the opportunity to develop practical skills using mobile systems.
National Unit specification: general information Unit code: H1T0 10 Superclass: CB Publication date: July 2012 Source: Scottish Qualifications Authority Version: 01 Summary The purpose of this Unit is
More informationCOWLEY COLLEGE & Area Vocational Technical School
COWLEY COLLEGE & Area Vocational Technical School COURSE PROCEDURE FOR Student Level: This course is open to students on the college level in either the freshman or sophomore year. Catalog Description:
More informationRunning head: FTK IMAGER 1
Running head: FTK IMAGER 1 FTK Imager Jean-Raymond Ducasse CSOL-590 June 26, 2017 Thomas Plunkett FTK IMAGER 2 FTK Imager Outline Process for Adding Individual Files & Folders as Evidence Items Although
More informationIntroduction to Computer Forensics
Introduction to Computer Forensics Subrahmani Babu Scientist- C, Computer Forensic Laboratory Indian Computer Emergency Response Team (CERT-In) Department of Information Technology, Govt of India. babu_sivakami@cert-in.org.in
More informationSearching for Yahoo Chat fragments in Unallocated Space Detective Eric Oldenburg, Phoenix Police Department
Searching for Yahoo Chat fragments in Unallocated Space Detective Eric Oldenburg, Phoenix Police Department Purpose and Goal To demonstrate a methodology used for locating Yahoo Instant Messenger chat
More informationBackup challenge for Home Users
PARAGON Technologie GmbH, Systemprogrammierung Heinrich-von-Stephan-Str. 5c 79100 Freiburg, Germany Tel. +49 (0) 761 59018201 Fax +49 (0) 761 59018130 Internet www.paragon-software.com Email sales@paragon-software.com
More informationThis policy should be read in conjunction with LEAP s Conflict of Interest Policy.
Policy Number 4.1 Policy Name Release No. 2 Release Date August 2017 Date For Next Review August 2018 Policy LEAP Social Services/Different Abilities Services (LEAP) is committed to the effective, timely
More informationComputer Hacking Forensic Investigator. Module X Data Acquisition and Duplication
Computer Hacking Forensic Investigator Module X Data Acquisition and Duplication Scenario Allen a forensic investigator was hired by a bank to investigate employee fraud. The bank has four 30 GB machines
More informationUnderstanding Routers, Switches, and Network Hardware
Understanding Routers, Switches, and Network Hardware Rather than start off with a glossary of networking terms and in the process slam you with a technical terms with no easy point of reference let s
More informationDigital Cameras. An evaluation of the collection, preservation and evaluation of data collected from digital
Ronald Prine CSC 589 - Digital Forensics New Mexico Institute of Mining and Technology October 17, 2006 Digital Cameras Executive Summary An evaluation of the collection, preservation and evaluation of
More informationPractice Test. Guidance Software GD Guidance Software GD0-110 Certification Exam for EnCE Outside North America. Version 1.6
Guidance Software GD0-110 Guidance Software GD0-110 Certification Exam for EnCE Outside North America Practice Test Version 1.6 QUESTION NO: 1 A FAT directory has as a logical size of: A. One cluster B.
More informationFormat Hard Drive After Install Ubuntu From Usb
Format Hard Drive After Install Ubuntu From Usb is it possible to format and partition the new hdd (external to my laptop, and connected to my laptop via sata-usb adapter), and install Ubuntu on the new
More informationInvestigation of Non-traditional Equipment: Autos, Washers,
Investigation of Non-traditional Equipment: Autos, Washers, By: Ryan Ware Digital Forensics October 17, 2006 Executive Summary: Traditional digital forensics investigations usually involve the retrieval
More informationCOMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9
COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9 Course Code: 3401 Prepare for the CHFI certification while learning advanced forensics investigation techniques. EC-Council released the most advanced computer
More informationIntelligence-Led Policing. Executive Summary
Intelligence-Led Policing Executive Summary Five Trends to Help You See Ahead & Create Safer Communities Chicago debuted the first police call boxes in 1877, allowing citizens and police to report threats
More informationFlash Drive Won T Mount Windows 7 Won T Recognize
Flash Drive Won T Mount Windows 7 Won T Recognize So after inserting the flash drive, if I go to Start _ Computer, I won't see anything there for Windows 7 Professional doesn't mount my usb flash drive
More informationRead & Download (PDF Kindle) Windows Registry Forensics: Advanced Digital Forensic Analysis Of The Windows Registry
Read & Download (PDF Kindle) Windows Registry Forensics: Advanced Digital Forensic Analysis Of The Windows Registry Harlan Carvey brings readers an advanced book on Windows Registry. The first book of
More informationData Breach Notification Policy
Data Breach Notification Policy Policy Owner Department University College Secretary Professional Support Version Number Date drafted/date of review 1.0 25 May 2018 Date Equality Impact Assessed Has Prevent
More informationOHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE
OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE I. Description of Course: 1. Department/Course: CNET - 174 2. Title: Computer Forensics 3. Cross Reference: 4. Units: 3 Lec Hrs:
More informationFormat Hard Drive After Install Ubuntu From Usb External
Format Hard Drive After Install Ubuntu From Usb External Will the files on my external hard drive be deleted when I use it on Ubuntu (since I It will allow you to select your manually created partition
More informationMCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE
Forensics Toolbox Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE Florida PI License C2800597 Forensics & Recovery LLC Florida PI Agency License A2900048 Latest Additions To My
More informationForensics for Cybersecurity. Pete Dedes, CCE, GCFA, GCIH
Forensics for Cybersecurity Pete Dedes, CCE, GCFA, GCIH WHO AM I? Pete Dedes, Forensics Analyst, Sword & Shield Enterprise Security Education Bachelor s of Science Computer Science, University of Tennessee
More informationUnit title: Mobile Technology: Architecture (SCQF level 6)
National Unit specification: general information Unit code: H2P9 12 Superclass: CB Publication date: October 2012 Source: Scottish Qualifications Authority Version: 01 Summary This Unit develops candidates
More informationReviewing the Results of the Forensic Analysis
CYBERSECURITY FORENSICS WORKSHOP Reviewing the Results of the Forensic Analysis Ian M Dowdeswell Incident Manager, Q-CERT 2 CYBERSECURITY FORENSICS WORKSHOP Caveats This is not an actual crime it has been
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationIntroduction to. Digital Forensics. Digital Forensics VEHICLE SOLUTIONS!
Introduction to DIGITAL FORENSICS The use of digital devices in everyday life continues to increase as people integrate technology into their lives. It is estimated that as of 2010, there were over 5 billion
More informationForensic Image Capture. Digital Forensics NETS1032 Winter 2018
Forensic Image Capture Digital Forensics NETS1032 Winter 2018 Storage Devices Storage devices are implemented using one or more of several technologies The oldest method of modern information storage is
More informationFast Incident Investigation and Response with CylanceOPTICS
Fast Incident Investigation and Response with CylanceOPTICS Feature Focus Incident Investigation and Response Identifying a potential security issue in any environment is important, however, to protect
More informationAnalytical model A structure and process for analyzing a dataset. For example, a decision tree is a model for the classification of a dataset.
Glossary of data mining terms: Accuracy Accuracy is an important factor in assessing the success of data mining. When applied to data, accuracy refers to the rate of correct values in the data. When applied
More informationAnalysis of the Db Windows Registry Data Structure
Analysis of the Db Windows Registry Data Structure Damir Kahvedžić Centre for Cyber Crime Investigation, University College Dublin, Ireland, Tel: +353 1 716 2485 Email: damir.kahvedzic@ucd.ie Tahar Kechadi
More informationTrends in Mobile Forensics from Cellebrite
Trends in Mobile Forensics from Cellebrite EBOOK 1 Cellebrite Survey Cellebrite is a well-known name in the field of computer forensics, and they recently conducted a survey as well as interviews with
More informationKNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer
KNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer By: Ernest Baca www.linux-forensics.com ebaca@linux-forensics.com Page 1 of 18 Introduction I have recently become very
More informationLesson 18: There is Only One Line Passing Through a Given Point with a Given
Lesson 18: There is Only One Line Passing Through a Given Point with a Given Student Outcomes Students graph equations in the form of using information about slope and intercept. Students know that if
More informationChapter 7 Forensic Duplication
Chapter 7 Forensic Duplication Ed Crowley Spring 11 Topics Response Strategies Forensic Duplicates and Evidence Federal Rules of Evidence What is a Forensic Duplicate? Hard Drive Development Forensic Tool
More informationDemand management Policy
Demand management Policy Policy summary This policy provides guidance on all aspects of demand management from taking of the initial call to the completion of tasks following attendance at incidents. Aim
More informationMichael McCartney, President
Michael McCartney, President Litigation Landscape Computer Forensics Overview Forensic Data vs. Non-Forensic Dangers of Hard Drives Forensic Process HR Escrow Proactive Forensics Pit falls to avoid 1 650
More informationICT Portable Devices and Portable Media Security
ICT Portable Devices and Portable Media Security Who Should Read This Policy Target Audience All Trust Staff, contractors, and other agents, who utilise trust equipment and access the organisation s data
More informationWindows 7 From Usb Without Boot Camp
Ubuntu Install Instructions Macbook Pro Windows 7 From Usb Without Boot Camp With Boot Camp you can use Windows 7 or Windows 8 on your Intel-based For detailed installation instructions, software updates,
More informationComputational Complexity and Implications for Security DRAFT Notes on Infeasible Computation for MA/CS 109 Leo Reyzin with the help of Nick Benes
Computational Complexity and Implications for Security DRAFT Notes on Infeasible Computation for MA/CS 109 Leo Reyzin with the help of Nick Benes The Study of Computational Complexity Let s summarize what
More informationBe Secure! Computer Security Incident Response Team (CSIRT) Guide. Plan Establish Connect. Maliha Alam Mehreen Shahid
Computer Security Incident Response Team (CSIRT) Guide Maliha Alam Mehreen Shahid Plan Establish Connect Be Secure! CSIRT Coordination Center Pakistan 2014 i Contents 1. What is CSIRT?... 1 2. Policy,
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Title: Certified Digital Forensics Examiner Duration: 5 days Class Format Options: Instructor-led classroom Live Online Training Prerequisites: A minimum of
More informationElectronic Signature Systems
Electronic Signature Systems A Guide for IT Personnel Copyright Topaz Systems Inc. All rights reserved. For Topaz Systems, Inc. trademarks and patents, visit www.topazsystems.com/legal. Table of Contents
More informationHigher National Unit Specification. General information for centres. Unit title: Communication: Using Information Technology and Desktop Publishing
Higher National Unit Specification General information for centres Unit code: D7LW 34 Unit purpose: This Unit is designed to allow candidates to develop the computer skills required by the communication
More informationGetting the best digital evidence is what matters XRY extracts more data faster, with full integrity
Getting the best digital evidence is what matters XRY extracts more data faster, with full integrity Successful investigations rely on fast, high quality extraction of data from mobile phones. Without
More informationMission Guide: GUI Windows
Mission Guide: GUI Windows Your Mission: Use F-Response to connect to a remote Windows machine Using F-Response to connect to a remote Windows machine and access one or more targets Step 1: Open and start
More informationDigital Forensics Lecture 02- Disk Forensics
Digital Forensics Lecture 02- Disk Forensics Hard Disk Data Acquisition Akbar S. Namin Texas Tech University Spring 2017 Analysis of data found on a storage device It is more common to do dead analysis
More informationISPE Annual Meeting 8 11 November 2015 Philadelphia, PA. Forensic Auditing for Data Integrity. Rebecca A. Brewer Quality Executive Partners
Forensic Auditing for Data Integrity Rebecca A. Brewer Quality Executive Partners Forensic Auditing for Data Integrity Brewer 1 Forensics the science of gathering and analyzing evidence to establish facts
More informationHow To Install Windows Updates 8 From Usb
How To Install Windows Updates 8 From Usb Hard Drive Iso You can also use Rufus to create a bootable USB drive with the ISO. writer, you can right-click on the ISO file in Windows 7 or 8 and burn it to
More informationON THE SELECTION OF WRITE BLOCKERS FOR DISK ACQUISITION: A COMPARATIVE PRACTICAL STUDY
ON THE SELECTION OF WRITE BLOCKERS FOR DISK ACQUISITION: A COMPARATIVE PRACTICAL STUDY Mousa Al Falayleh College of Computer Info. Tech. American University in the Emirates Dubai, United Arab Emirates
More informationWireless LAN Example Scenario
CHAPTER 5 The wireless LAN relies on high-speed wireless hot spots. Unlike public hot spots which have begun to appear in airports, hotel lobbies, and coffee shops, allowing anyone with a wireless-enabled
More informationDATA SECURITY MANAGEMENT. Chris Hare INSIDE. What is a Network? Network Devices; Hubs; Repeaters; Bridges; Routers; Switches; Network
87-01-01 DATA SECURITY MANAGEMENT NETWORK TECHNOLOGIES FOR INFORMATION SECURITY PRACTITIONERS: PART 1 Chris Hare INSIDE What is a Network? Network Devices; Hubs; Repeaters; Bridges; Routers; Switches;
More informationCyberSecurity Internships The Path to Meeting Industry Need
CyberSecurity Internships The Path to Meeting Industry Need Room Seacliff A Tuesday October 17 Bruce Maas Emeritus Vice Provost for IT and CIO University of Wisconsin-Madison Innovation Fellow Internet2
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner ACCREDITATIONS EXAM INFORMATION The Certified Digital Forensics Examiner exam is taken online through Mile2 s Assessment and Certification System ( MACS ), which is
More informationFlash Drive Won T Mount Windows 7 Won't Recognize
Flash Drive Won T Mount Windows 7 Won't Recognize So after inserting the flash drive, if I go to Start _ Computer, I won't see anything there for Windows 7 Professional doesn't mount my usb flash drive
More informationIncident Response Data Acquisition Guidelines for Investigation Purposes 1
Incident Response Data Acquisition Guidelines for Investigation Purposes 1 1 Target Audience This document is aimed at general IT staff that may be in the position of being required to take action in response
More informationANALYSIS AND VALIDATION
UNIT V ANALYSIS AND VALIDATION Validating Forensics Objectives Determine what data to analyze in a computer forensics investigation Explain tools used to validate data Explain common data-hiding techniques
More informationDigital Forensics Practicum CAINE 8.0. Review and User s Guide
Digital Forensics Practicum CAINE 8.0 Review and User s Guide Ana L. Hernandez Master of Science in Cybersecurity Digital Forensics Concentration University of South Florida 12-8-2017 Table of Contents
More informationReport For Algonquin Township Highway Department
Report For Algonquin Township Highway Department Prepared For: Prepared By: Robert Hanlon Attorney at Law robert@robhanlonlaw.com Andy Garrett Garrett Discovery Inc agarrett@garrettdiscovery.com Date:
More informationRegardless of the size and complexity of the computer and the operating system, all operating systems perform the same four basic functions:
Operating Systems Introduction The operating system (OS) controls almost all functions on a computer. In this chapter, you learn about the components, functions, and terminology related to the Windows
More informationSuperImager TM -Rugged USB Display Touch Screen SAS Drive Slots A Computer Forensic- Field Analysis Platform Unit
SuperImager TM -Rugged USB 3.0 12.1 Display Touch Screen SAS Drive Slots A Computer Forensic- Field Analysis Platform Unit (SIR-0024) The SuperImager Rugged USB 3.0 unit is a high speed potable, computer
More informationOperating System Specification Mac OS X Snow Leopard (10.6.0) or higher and Windows XP (SP3) or higher
BlackLight is a multi-platform forensic analysis tool that allows examiners to quickly and intuitively analyze digital forensic media. BlackLight is capable of analyzing data from Mac OS X computers, ios
More informationTaming the Mobile File Sharing Beast
White Paper File and Networking Services Taming the Mobile File Sharing Beast To Whom Should You Entrust the Enterprise Goods? Mobile file access and sharing is not only the rage, but it s fast becoming
More informationRaleigh/Wake City-County Bureau of Identification Crime Laboratory Division FORENSIC COMPUTER UNIT TECHNICAL PROCEDURES MANUAL
Raleigh/Wake City-County Bureau of Identification Crime Laboratory Division FORENSIC COMPUTER UNIT TECHNICAL PROCEDURES MANUAL Contents Chapter 1: Administration... 3 Chapter 2: Equipment Maintenance...
More informationHow WhereScape Data Automation Ensures You Are GDPR Compliant
How WhereScape Data Automation Ensures You Are GDPR Compliant This white paper summarizes how WhereScape automation software can help your organization deliver key requirements of the General Data Protection
More informationYour guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au
Your guide to the Payment Card Industry Data Security Standard (PCI DSS) 1 13 13 76 banksa.com.au CONTENTS Page Contents 1 Introduction 2 What are the 12 key requirements of PCIDSS? 3 Protect your business
More information.NET JAVA C ASE. Certified. Certified. Application Security Engineer.
.NET C ASE Certified Application Security Engineer JAVA C ASE Certified Application Security Engineer Certified Application Security Engineer www.eccouncil.org EC-Council Course Description The Certified
More informationThis Unit is suitable for candidates who have an interest in computer software or who are undertaking a course of study in computing.
National Unit Specification: general information CODE F1KP 11 SUMMARY This Unit is designed to enable candidates to correctly install and configure system and application software on a computer system.
More informationSSDD and SSDF Handset seizure Paraben * Seizure test SE K850, SE Xperia
SSDD and SSDF Handset seizure Paraben * Seizure test SE K850, SE Xperia Small Scale Digital Device (SSDD) SSDD definition A Small Scale Digital Device is any of a variety of small form factor devices utilizing
More information