Digital Forensics. Module 7 CS 996
|
|
- Ariel Logan
- 5 years ago
- Views:
Transcription
1 Digital Forensics Module 7 CS 996
2 Module #6 Covered Using Autopsy Using Helix 3/30/2005 Module 7 2
3 Outline of Module #7 Review mid-term Helix presentation Forensic business news Gates v. Bando case Linux host forensics Windows host forensics 3/30/2005 Module 7 3
4 Write Blocker Products Parallel IDE $199 Serial ATA/IDE $281 SCSI $446 Firewire A/B and USB 1.x/2.0 com 3/30/2005 Module 7 4
5 Version 5 of EnCase Better analysis Outlook and Outlook Express AOL Personal File Cabinets MBOX archives Support for FireFox and Opera Linux for Encase! New products EnCase for Law Enforcement EnCase for Corporate EnCase for Corporate (Delux) 3/30/2005 Module 7 5
6 Gates v. Bando ( ) Started field of computer forensics Gates and Bando in field of industrial drive belts Gates accused Bando of stealing trade secrets (computer design programs) Gates then filed motion for summary judgment because Bando had destroyed evidence 3/30/2005 Module 7 6
7 Gates v. Bando, cont. Judge allows Gates access to Bando computers Gates uses Norton Unerase and file by file copy, thereby deleting information Bando s expert challenges Gates procedures Judge rejects Gates motion! Standards are set for forensic analysis y/library/preservation/gates.html 3/30/2005 Module 7 7
8 Forensic Analysis in Linux: Where to Look? history file user accounts logfiles program size root kits unusual files in unusual locations other?? 3/30/2005 Module 7 8
9 Look for Unauthorized Accounts 3/30/2005 Module 7 9
10 Log File Analysis 3/30/2005 Module 7 10
11 Program Size Changes 3/30/2005 Module 7 11
12 Rootkit: 3/30/2005 Module 7 12
13 Searching for Unusual Files 3/30/2005 Module 7 13
14 Investigating Windows Systems Basic Application log files Temp files Recently used documents Recycle bin History + temporary Internet files Registry Hidden Files ADS.chk files Swap space 3/30/2005 Module 7 14
15 Investigating Windows Registry Log files Windows IIS Application data search Graphics files in Windows 3/30/2005 Module 7 15
16 Using Helix Knoppix plus many forensic tools! Autopsy Sleuthkit Etc. Current version 1.6 ( e-fense, inc) Live Windows investigation Bootable Linux distribution 3/30/2005 Module 7 16
17 Helix: dd GUI-- GRAB 3/30/2005 Module 7 17
18 Helix for Windows 3/30/2005 Module 7 18
19 Helix: Acquisition 3/30/2005 Module 7 19
20 Helix Windows File Recovery 3/30/2005 Module 7 20
21 After Recovering Image 3/30/2005 Module 7 21
22 Helix Windows Security Report Live system analysis Security Report 3/30/2005 Module 7 22
23 Helix System Audit Audit report 3/30/2005 Module 7 23
24 Windows Registry Great digital dumpster for investigations! Two primary hives HKEY_LOCAL MACHINE HKEY_USERS Registry files No extension Full copy of hive data.alt extension Backup copy.log extension Changes to data.sav extension 3/30/2005 Module 7 24
25 Location of Registry Files Win2000 and XP C:\winnt\system32\config Win98 C:\windows 3/30/2005 Module 7 25
26 Discovering Deleted User Accounts Deleted accounts may not be visible in Windows Computer Manager (Win2000) Check registry HKEY_LOCAL_MACHINE\SOFTWARE\MICRO SOFT\WINDOWS NT\CURRENT VERSION\PROFILE LIST\ Shows deleted account names! 3/30/2005 Module 7 26
27 3/30/2005 Module 7 27
28 Searching Windows Registry Regedit has limited search ability Regedt32 has no search ability Resplendence Registrar: good search ability Freeware version: Resplendence Lite Searching under username What has user done on machine? Looking for recent searches of current user using Windows Search function 3/30/2005 Module 7 28
29 Investigating the Registry Registrar Lite editor (free at Investigate old user names Most recently used files Recent searches for files 3/30/2005 Module 7 29
30 3/30/2005 Module 7 30
31 3/30/2005 Module 7 31
32 What Files Has User Searched For? HKEY_USERS\SID\Software\Microsoft\Inte rnet Explorer\Explorer Bars\ID\Files Named MRU\ List of recent Windows searches Why do we need this? Might not have access to disk image Court may give you a smaller sandbox! Minimize collateral damage in investigations! 3/30/2005 Module 7 32
33 Internet Temp File Time Stamps 3/30/2005 Module 7 33
34 3/30/2005 Module 7 34
35 Windows Log Files (Win2000) Configure for proactive forensics Review for potential evidence Location: c:\winnt\system32\config\ appevent.evt secevent.evt sysevent.evt Basic configuration: administrative tools computer management event viewer 3/30/2005 Module 7 35
36 3/30/2005 Module 7 36
37 Setting Audit Policy Administrative Tools Local Security Policy Local Policies Audit Policy Default: nothing logged! 3/30/2005 Module 7 37
38 3/30/2005 Module 7 38
39 Security Events of Interest Account logon Logs local access Account management Logs administrator activities Logon events Where account is used System events 3/30/2005 Module 7 39
40 Auditing IIS Log Files Default location: c:\winnt\system32\logfiles Configure through: Administrative Tools Internet Services Manager Three possible log file formats: W3C Extended: configurable Microsoft IIS: not configurable NCSA Common Format 3/30/2005 Module 7 40
41 IIS Log File Format 3/30/2005 Module 7 41
42 3/30/2005 Module 7 42
43 Investigative Searching Free evaluation Step #1: build document index of words Index specific folders Index entire harddrive! Step #2: run searches Desktop search Internet search 3/30/2005 Module 7 43
44 Search Options Boolean Stemming: grammatical forms Phonic: sounds like Fuzzy: misspellings Synonyms Files filters: date, size, name, etc. 3/30/2005 Module 7 44
45 Copernic Desktop Search 3/30/2005 Module 7 45
46 Managing Graphics Files in Windows Thumbsplus Finds and creates thumbnail view of all graphic files Creates database of images Finds images like selected image Free trial download 3/30/2005 Module 7 46
47 3/30/2005 Module 7 47
48 References for Module #7 Warren Kruse, Computer Forensics, Chapters 9-11, Dave Dittrich, Basic Steps in Forensic Analysis of Unix Systems ensics 3/30/2005 Module 7 48
Digital Forensics. Module 6 CS 996
Digital Forensics Module 6 CS 996 Module #5 Covered B of A case; corporate responsibility for security New security standards: NIST 800-53 and ITIL Another new security standard: ISF Standard of Good Practice
More informationGuide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations
Guide to Computer Forensics and Investigations Fourth Edition Chapter 2 Understanding Computer Investigations Objectives Explain how to prepare a computer investigation Apply a systematic approach to an
More informationDigital Forensics. Module 8 CS 996
Digital Forensics Module 8 CS 996 Outline of Module #8 Presentation on hping Discussion of important forensic cases Windows host forensics and Windows forensic tools Network forensic tools and methods
More informationAcknowledgments About the Authors
Preface p. xv Acknowledgments p. xix About the Authors p. xxi Case Studies p. xxv Live Incident Response p. 1 Windows Live Response p. 3 Analyzing Volatile Data p. 5 The System Date and Time p. 6 Current
More informationComputer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition. Chapter 5 Windows Forensics II
Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition Chapter 5 Windows Forensics II Objectives After completing this chapter, you should be able to:
More informationWindows Registry. Windows Registry. A Wealth of Evidence. What is the Registry? Some Evidence that Can Be Recovered. Registry History: Windows 3.
Windows Registry Windows Registry Week 3 Part 1 A great source of evidence and headaches What is the Registry? A Wealth of Evidence Collection of files that, together, form all the settings needed by applications
More informationDigital forensics. Andrej Brodnik. Andrej Brodnik: Digital Forensics
Digital forensics Andrej Brodnik Computer pre-knowledge: architecture of computers basics (BIOS) operating system secondary memory (disc) and its organization file systems chapter 15 Startup startup steps
More informationA+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 7 Fixing Windows Problems
: Managing, Maintaining, and Troubleshooting, 5e Chapter 7 Fixing Windows Problems Objectives Learn what to do when a hardware device, application, or Windows component gives a problem Learn what to do
More informationComputer Hacking Forensic Investigator. Module X Data Acquisition and Duplication
Computer Hacking Forensic Investigator Module X Data Acquisition and Duplication Scenario Allen a forensic investigator was hired by a bank to investigate employee fraud. The bank has four 30 GB machines
More informationA+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems
A+ Guide to Managing and Maintaining Your PC, 7e Chapter 16 Fixing Windows Problems Objectives Learn what to do when a hardware device, application, or Windows component gives a problem Learn what to do
More informationComputer Forensics: Investigating Data and Image Files, 2nd Edition. Chapter 3 Forensic Investigations Using EnCase
Computer Forensics: Investigating Data and Image Files, 2nd Edition Chapter 3 Forensic Investigations Using EnCase Objectives After completing this chapter, you should be able to: Understand evidence files
More informationWindows Core Forensics Forensic Toolkit / Password Recovery Toolkit /
The Windows Forensics Core Training follows up the AccessData BootCamp training. This advanced AccessData training class provides the knowledge and skills necessary to use AccessData products to conduct
More informationOHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE
OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE I. Description of Course: 1. Department/Course: CNET - 174 2. Title: Computer Forensics 3. Cross Reference: 4. Units: 3 Lec Hrs:
More informationMatt Danner Flashback Data
Preservation Strategies and Data Collection from a Forensic Expert's Point of View Best practices on executing preservation and administering collection protocols with emphasis on forensically sound methods
More informationForensics on the Windows Platform, Part Two by Jamie Morris last updated February 11, 2003
SecurityFocus HOME Infocus: Forensics on the Windows Platform, Part Two 2003-02-17 12:56:05-0900 SFOnline Forensics on the Windows Platform, Part Two by Jamie Morris last updated February 11, 2003 Introduction
More informationEd Ferrara, MSIA, CISSP
MIS 5208 - Lecture 12 Investigation Methods Data Acquisition Ed Ferrara, MSIA, CISSP eferrara@temple.edu Objectives List digital evidence storage formats Explain ways to determine the best acquisition
More informationDigital Forensics. Module 6 CS 996
Digital Forensics Module 6 CS 996 Review from Module #5 Class action suits and forensics ADS and slack space Basic Windows investigations Hard drive properties Hard drive case study Disposal of hard drives
More informationACRONIS TRUE IMAGE 11 HOME REVIEWER S GUIDE
ACRONIS TRUE IMAGE 11 HOME REVIEWER S GUIDE Acronis True Image 11.0 Home provides the maximum flexibility to ensure you are adequately protected and can recover from unforeseen events such as viruses,
More informationFile Backup Windows Live Mail Contacts Folder Location Xp
File Backup Windows Live Mail Contacts Folder Location Xp Our old xp computer died and I did not have a backup of our windows live mail contacts. /89411-where-windows-live-mail-address-book-contacts-folder-located.html
More informationForensic Analysis of ios Device Backups
Forensic Analysis of ios Device Backups ios Apple s mobile operating system Originally known as iphone OS Unveiled in 2007 Current version is 8.3, released April 8, 2015 ios Runs on: iphone ipod Touch
More informationDigital Forensics. Module 10 CS 996
Digital Forensics Module 10 CS 996 Outline of Module #10 Review MidTerm exam Legal update Suni Munshani Howard Carmack EnCase workshop 4/19/2004 Module 10 2 QUESTION #5 Return-Path:
More informationDigital Forensics. Module 9 CS 996
Digital Forensics Module 9 CS 996 Outline of Module #9 Presentation on Achilles Discussion of forensic topics in the news Windows host forensics and Windows forensic tools Network forensic tools and methods
More informationWEEK 2.0. Any sufficiently advanced technology is indistinguishable from magic.
WEEK 2.0 Any sufficiently advanced technology is indistinguishable from magic. Recycler A recycle bin for each user Created upon file deletion Only for RB aware programs ie Office, not command line tools
More informationS23: You Have Been Hacked, But Where s the Evidence? A Quick Intro to Digital Forensics Bill Pankey, Tunitas Group
S23: You Have Been Hacked, But Where s the Evidence? A Quick Intro to Digital Forensics Bill Pankey, Tunitas Group You Have Been Hacked, But Where s the Evidence? A Quick Intro to Digital Forensics Bill
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner ACCREDITATIONS EXAM INFORMATION The Certified Digital Forensics Examiner exam is taken online through Mile2 s Assessment and Certification System ( MACS ), which is
More informationIn this talk you will learn how information security awareness training can be delivered to IT staff, like developers, management and helpdesk
In this talk you will learn how information security awareness training can be delivered to IT staff, like developers, management and helpdesk personnel, using actual incidents to create a lasting impression.
More informationComputer Forensics In Forensis
Computer Forensics In Forensis Sean Peisert, UC Davis Matt Bishop, UC Davis Keith Marzullo, UC San Diego SADFE ~ May 22, 2008 Oakland, CA 1 What happened?? 2 2 Tradeoffs & Forensics Security vs. Usability
More informationIntroduction to Computer Forensics
Introduction to Computer Forensics Subrahmani Babu Scientist- C, Computer Forensic Laboratory Indian Computer Emergency Response Team (CERT-In) Department of Information Technology, Govt of India. babu_sivakami@cert-in.org.in
More informationWindows Xp Cannot Change Desktop Wallpaper Registry
Windows Xp Cannot Change Desktop Wallpaper Registry Looking for a way to delete desktop wallpapers from your Windows PC? Windows 10 has another set of newly created wallpapers that will be shipping In
More informationTilak Maharashtra University Bachelor of Computer Applications (BCA) Third Year BCA 621- Project. Examination 1
Tilak Maharashtra University Bachelor of Computer Applications (BCA) Third Year BCA 621- Project BCA 622 Unified Modeling Language (UML) 1. Getting started 1.1. Models 1.1.1. Importance of modeling 1.1.2.
More informationReport For Algonquin Township Highway Department
Report For Algonquin Township Highway Department Prepared For: Prepared By: Robert Hanlon Attorney at Law robert@robhanlonlaw.com Andy Garrett Garrett Discovery Inc agarrett@garrettdiscovery.com Date:
More informationMFP: The Mobile Forensic Platform
MFP: The Mobile Forensic Platform Abstract Digital forensics experts perform investigations of machines for triage to see if there is a problem, as well as to gather evidence and run analyses. When the
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Title: Certified Digital Forensics Examiner Duration: 5 days Class Format Options: Instructor-led classroom Live Online Training Prerequisites: A minimum of
More informationDisk Imaging with Knoppix
Introduction This document explains how to use the CD-ROM bootable version of Linux, named Knoppix, to make and restore images of computer hard drives. Knoppix makes a very good system recovery tool for
More informationAccessData Advanced Forensics
This advanced five-day course provides the knowledge and skills necessary to install, configure and effectively use Forensic Toolkit (FTK ), FTK Imager Password Recovery Toolkit (PRTK ) and Registry Viewer.
More informationKNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer
KNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer By: Ernest Baca www.linux-forensics.com ebaca@linux-forensics.com Page 1 of 18 Introduction I have recently become very
More informationShell Items, Eventlogs, Forensics
Shell Items, Eventlogs, Email Forensics Georgi Nikolov today Shell Items What are shell items? Figure 1: www.pinterest.com Shell Items Overview Data or file holding information for accessing another file
More informationSession 26 Backup/Restore and The Registry
Session 26 Backup/Restore and The Registry Nassau Community College ITE153 Operating Systems 1 Overview Set Up a Backup Five Types of Backup Volume Shadow Copy Best Practices The Registry Required: Windows
More informationUsb Port On Manually Disable Windows 7 Registry Pdf
Usb Port On Manually Disable Windows 7 Registry Pdf If you can find the switch, you can easily unlock and remove the write Step Click on the new registry key StorageDevicePolicies and on the right pan
More informationIndex. A agent notes worksheets, 168 aio file analysis dynamic analysis GNU debugger, , 362, 364. of recovered uncompressed aio binary,
Jones_index.qxd 8/29/2005 11:04 AM Page 637 Index A agent notes worksheets, 168 aio file analysis dynamic analysis GNU debugger, 358-360, 362, 364 of recovered uncompressed aio binary, 397-402, 408 overview,
More informationNIST Standards. October 14, 2016 Steve Konecny
NIST Standards October 14, 2016 Steve Konecny Overview Function Category Subcategory RS.AN 1: Notifications from detection systems are investigated RESPOND (RS) Analysis (RS.AN) Analysis is conducted to
More informationThis chapter gives an overview of how to manage a computing investigation.
UNDERSTANDING COMPUTER INVESTIGATIONS After reading this chapter and completing the exercises, you will be able to: Prepare a case Begin an investigation Understand computer forensics workstations and
More informationComputer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition. Chapter 7 Application Password Crackers
Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition Chapter 7 Application Password Crackers Objectives After completing this chapter, you should be
More informationCSE 4482 Computer Security Management: Assessment and Forensics. Computer Forensics: Working with Windows and DOS Systems
CSE 4482 Computer Security Management: Assessment and Forensics Computer Forensics: Working with Windows and DOS Systems Instructor: N. Vlajic,, Fall 2010 Required reading: Guide to Computer Forensics
More informationForensic Analysis of Windows 10 Volume Shadow Copy Service
Forensic Analysis of Windows 10 Volume Shadow Copy Service Ahmad Ghafarian, Ph.D. Dept. of Computer Science & Information Systems Mike Cottrell College of Business University of North Georgia Dahlonega,
More informationWindows Artifacts as a part of Digital Investigation
Windows Artifacts as a part of Digital Investigation Divyang Rahevar, Nisarg Trivedi Institute of Forensic Science Gujarat Forensic Sciences University Gandhinagar, Gujarat India divurahevar@gmail.com,
More informationDigital Forensics Practicum CAINE 8.0. Review and User s Guide
Digital Forensics Practicum CAINE 8.0 Review and User s Guide Ana L. Hernandez Master of Science in Cybersecurity Digital Forensics Concentration University of South Florida 12-8-2017 Table of Contents
More informationWindows Mail Files Backup And Restore Windows 7 Not Working
Windows Mail Files Backup And Restore Windows 7 Not Working How and where to back up your files and drives in Windows XP, Vista, 7, 8 and 8.1. no backup program at all and Windows Vista Home Basic does
More informationEC-Council Computer Hacking Forensics Investigator (CHFI) v9.0
Course Overview This course will provide participants the necessary skills to identify an intruders footprints and to properly gather the necessary evidence to prosecute in the court of law. Who Should
More informationBackground Using Registry
How To Change Windows Xp Logon Screen Background Using Registry Top four free software to change the lock or logon screen background of In prior versions of Windows 7, in Windows XP and Vista, changing
More informationIntroduction Wiping Transparent Wiping Transparent Wiping Reserved Space Enforcer NOTE: BCWipe Enforcer Jetico Central Manager custom wiping schemes
BCWipe Help File 1 Introduction Wiping is the term used to describe the process of securely erasing data, such as contents of a file or disk space. When files are properly wiped, data is erased beyond
More informationGuide to Computer Forensics. Third Edition. Chapter 12 Chapter 12 Investigations
Guide to Computer Forensics and Investigations Third Edition Chapter 12 Chapter 12 E-mail Investigations Objectives Explain the role of e-mail in investigations Describe client and server roles in e-mail
More informationANALYSIS AND VALIDATION
UNIT V ANALYSIS AND VALIDATION Validating Forensics Objectives Determine what data to analyze in a computer forensics investigation Explain tools used to validate data Explain common data-hiding techniques
More informationWebOutlook 2007 via Internet/Intranet User Guide
WebOutlook 2007 via Internet/Intranet Juergen Brogmus 13.02.2009 1 of 22 Content 1 General 3 2 Prerequisite for WebOutlook 3 3 How to get access to your mailbox via WebOutlook 4 4 Regional Settings 6 5
More informationExam Number/Code: Exam Name: Computer Hacking. Version: Demo. Forensic Investigator.
Exam Number/Code:312-49 Exam Name: Computer Hacking Forensic Investigator Version: Demo http://www.it-exams.com QUESTION NO: 1 When an investigator contacts by telephone the domain administrator or controller
More informationAcronis Disk Director 11 Home. Quick Start Guide
Acronis Disk Director 11 Home Quick Start Guide Copyright Acronis, Inc., 2000-2010. All rights reserved. "Acronis", "Acronis Compute with Confidence", "Acronis Recovery Manager", "Acronis Secure Zone",
More informationForensics for Managers
Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, NSA/IAM 703-961-9456 Extension 128 Introduction US Marines, Special Intelligence Communicator Bachelors in Management Masters of Business
More informationRunning head: FTK IMAGER 1
Running head: FTK IMAGER 1 FTK Imager Jean-Raymond Ducasse CSOL-590 June 26, 2017 Thomas Plunkett FTK IMAGER 2 FTK Imager Outline Process for Adding Individual Files & Folders as Evidence Items Although
More informationThis version has been archived. Find the current version at on the Current Documents page. Archived Version. Capture of Live Systems
Scientific Working Group on Digital Evidence Capture of Live Systems Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification by e-mail
More informationCourse 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationComputer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition. Chapter 6 Linux Forensics
Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition Chapter 6 Linux Forensics Objectives After completing this chapter, you should be able to: Create
More informationComputer Forensic Capabilities. Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice
Computer Forensic Capabilities Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice Agenda What is computer forensics? Where to find computer evidence Forensic
More informationCyber Chain of Custody. Acquisition. Cyber Chain of Custody. Evidence Dynamics and the Introduction of Error. Must Be Proven!
Acquisition Cyber Chain of Custody Week 2 Protect the data from the Investigator Cyber Chain of Custody Cyber Chain of Custody Just like regular evidence, e- evidence must adhere to a Chain of Custody
More information10 th National Investigations Symposium
10 th National Investigations Symposium AVOIDING FORENSIC PITFALLS First Responders Guide to Preserving Electronic Evidence 6 November 2014 Bronwyn Barker Electronic Evidence Specialist Investigation 5
More informationForensic Analysis - 2nd Lab Session
File System Forensic and Analysis December 12, 2014 File System Analysis File System Analysis can be used for Analysis the activities of an attacker on the honeypot file system. Analysis of a malware leaving
More informationWhat will I learn today?
What will I learn today? CNG Safe Hierarchy Dashboard Customize Your View Toolbars and Buttons CNG Speed Bar What can We Do with a CNG Document So Many Ways to Search in CNG Sorting How to File in CNG
More informationSTEP 1: PREPARE FOR DATA MIGRATION 1. Right-click the desktop and choose New > Folder. a. Type For Transferring and press Enter to name the folder.
PC Support and Repair Chapter 5 Data Migration Lab 5144 When a new computer is purchased or a new operating system is installed, it is often desirable to migrate a user s data to the new computer or OS.
More informationUsing Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer. By:
Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer By: Ernest Baca ebaca@linux-forensics.com www.linux-forensics.com Page 1 of 7 Introduction: Since beginning my
More informationFinancial CISM. Certified Information Security Manager (CISM) Download Full Version :
Financial CISM Certified Information Security Manager (CISM) Download Full Version : http://killexams.com/pass4sure/exam-detail/cism required based on preliminary forensic investigation, but doing so as
More informationdtsearch Desktop dtsearch Network
dtsearch Desktop dtsearch Network Version 7 Copyright 1991-2017 dtsearch Corp. www.dtsearch.com SALES 1-800-483-4637 (301) 263-0731 Fax (301) 263-0781 sales@dtsearch.com TECHNICAL (301) 263-0731 tech@dtsearch.com
More informationForensic Analysis. The Treachery of Images. Alexandre Dulaunoy. February 5, Forensic Analysis Bibliography Use case Q and A
Bibliography Use case Q and A The Treachery of Images February 5, 2016 Bibliography Use case Q and A Introduction Disclaimer Images ( The Treachery of Images ) (1928) Rene Magritte La Trahison des Bibliography
More informationIntroduction to Volume Analysis, Part I: Foundations, The Sleuth Kit and Autopsy. Digital Forensics Course* Leonardo A. Martucci *based on the book:
Part I: Foundations, Introduction to Volume Analysis, The Sleuth Kit and Autopsy Course* Leonardo A. Martucci *based on the book: File System Forensic Analysis by Brian Carrier LAM 2007 1/12h Outline Part
More informationKernel for Exchange Server. Installation and Configuration Guide
Kernel for Exchange Server Installation and Configuration Guide Table of Contents Table of Contents... 2 1. Introduction... 3 2. Requirements and Prerequisites... 3 2.1 Basic System Requirements... 3 2.2
More informationIncident Response Data Acquisition Guidelines for Investigation Purposes 1
Incident Response Data Acquisition Guidelines for Investigation Purposes 1 1 Target Audience This document is aimed at general IT staff that may be in the position of being required to take action in response
More informationFull System Restore Manually Windows 7 No Disk
Full System Restore Manually Windows 7 No Disk Found Time to Complete: 20-30 Minutes. Video (English Only) - How to use System Restore within Windows 7 with a small amount of hard disk space reserved for
More informationCertification review procedure for standalone systems or peer-to-peer networks with Windows NT, 2000, and XP
Date: System ID: Certification review procedure for standalone systems or peer-to-peer networks with Windows NT, 2000, and XP Instructions: Complete each of the following steps. "No" responses indicate
More informationFrequently Asked Questions
Frequently Asked Questions CB-ISA225-U3 - IDE/SATA TO USB 3.0 Adapter 1. Will the CB-ISA225-U3 works with my Windows 8, 8.1, 10 or Mac OS X (10.6 or newer)? Yes, it will work correctly. 2. Does this device
More informationRemote Access Forensics for VNC and RDP on Windows Platform
Edith Cowan University Research Online Australian Digital Forensics Conference Conferences, Symposia and Campus Events 2010 Remote Access Forensics for VNC and RDP on Windows Platform Paresh Kerai Edith
More informationBIG DATA ANALYTICS IN FORENSIC AUDIT. Presented in Mombasa. Uphold public interest
BIG DATA ANALYTICS IN FORENSIC AUDIT Presented in Mombasa Uphold public interest Nasumba Kwatukha Kizito CPA,CIA,CISA,CISI,CRMA,CISM,CISSP,CFE,IIK Internal Audit, Risk and Compliance Strathmore University
More informationM-DCPS School Board Minutes Electronic Search System
Under the Archived School Board Meeting Minutes section, (ITS) has acquired a Web-based system to electronically search, view and print minutes from archived M-DCPS School Board meetings from 1885 through
More informationForensics Challenges. Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation
Forensics Challenges Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation Introduction Encrypted content is a challenge for investigators Makes it difficult
More informationEM Track-III Installation and Registration
EM Track-III Installation and Registration Document version 5.0 Contents EM Track-III Installation and Registration... 1 1 Installation... 2 1.1 Before you run the Installation... 3 1.2 Running a Single
More informationCOMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9
COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9 Course Code: 3401 Prepare for the CHFI certification while learning advanced forensics investigation techniques. EC-Council released the most advanced computer
More informationHow To Manually Uninstall Symantec Antivirus Corporate Edition 10.x Client
How To Manually Uninstall Symantec Antivirus Corporate Edition 10.x Client Download Symantec Norton AntiVirus Definition Update (Upgrade/Patch). proactively block attacks and detect and remove threats
More informationUser Guide. Browser Password Recovery Pro. Contents
Browser Password Recovery Pro User Guide Contents About Benefits Requirements Installation Using GUI Version Right Click Menu Options Browser Password Removal Feature Browser Password Report Browser Settings
More informationFile Backup Windows Live Mail s Stored
File Backup Windows Live Mail 2011 Emails Stored Have you accidentally deleted an email folder in Windows Live Mail and are unable refer to step by step instructions given below for recovering emails using
More informationMachine Language and System Programming
زبان ماشين وبرنامه نويسی سيستم Machine Language and System Programming جلسه دوازدھم دانشگاه صنعتی ھمدان پاييز 1389 Objectives Explain the purpose and structure of file systems Describe Microsoft file structures
More informationCOWLEY COLLEGE & Area Vocational Technical School
COWLEY COLLEGE & Area Vocational Technical School COURSE PROCEDURE FOR Student Level: This course is open to students on the college level in either the freshman or sophomore year. Catalog Description:
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationVISUAL CORRELATION IN THE CONTEXT OF POST-MORTEM ANALYSIS
VISUAL CORRELATION IN THE CONTEXT OF POST-MORTEM ANALYSIS Michael Hayoz and Ulrich Ultes-Nitsche Research group on telecommunications, networks & security Department of Informatics, University of Fribourg,
More informationNIST CFTT: Testing Disk Imaging Tools
NIST CFTT: Testing Disk Imaging Tools James R. Lyle National Institute of Standards and Technology Gaithersburg Md. 20899-8970 1. Introduction There is a critical need in the law enforcement community
More informationChecklist for Rule 16(c) Pretrial Conference for Computer-Based Discovery
Checklist for Rule 16(c) Pretrial Conference for Computer-Based Discovery To aid and advance the ability for a litigation to successfully employ computer-based discovery, Rule 16(c) of the Federal Rules
More informationQuick Heal Total Security
For secure online banking, smooth Internet surfing, and robust protection for your PC. Features List Ransomware Protection Quick Heal anti-ransomware feature is more effective and advanced than other anti-ransomware
More informationChapter Two File Systems. CIS 4000 Intro. to Forensic Computing David McDonald, Ph.D.
Chapter Two File Systems CIS 4000 Intro. to Forensic Computing David McDonald, Ph.D. 1 Learning Objectives At the end of this section, you will be able to: Explain the purpose and structure of file systems
More informationGuide to Computer Forensics. Third Edition. Chapter 11 Chapter 11 Network Forensics
Guide to Computer Forensics and Investigations Third Edition Chapter 11 Chapter 11 Network Forensics Objectives Describe the importance of network forensics Explain standard procedures for performing a
More informationUser Guide Ahmad Bilal [Type the company name] 1/1/2009
User Guide Ahmad Bilal [Type the company name] 1/1/2009 Contents 1 LOGGING IN... 1 1.1 REMEMBER ME... 1 1.2 FORGOT PASSWORD... 2 2 HOME PAGE... 3 2.1 CABINETS... 4 2.2 SEARCH HISTORY... 5 2.2.1 Recent
More informationDigital Cameras. An evaluation of the collection, preservation and evaluation of data collected from digital
Ronald Prine CSC 589 - Digital Forensics New Mexico Institute of Mining and Technology October 17, 2006 Digital Cameras Executive Summary An evaluation of the collection, preservation and evaluation of
More informationAccessData Forensic Toolkit Release Notes
AccessData Forensic Toolkit 5.3.13 Release Notes Document Date: 9/1/2015 2015 AccessData Group, Inc. All rights reserved Introduction This document lists the new features, fixed issues, and known issues
More information(Title) Student s Name. Academic Institution
Running head: DIGITAL FORENSICS (Title) Student s Name Academic Institution DIGITAL FORENSICS 2 Introduction Digital forensics is a branch of forensic science that deals with investigations and recovery
More informationForensics for Cybersecurity. Pete Dedes, CCE, GCFA, GCIH
Forensics for Cybersecurity Pete Dedes, CCE, GCFA, GCIH WHO AM I? Pete Dedes, Forensics Analyst, Sword & Shield Enterprise Security Education Bachelor s of Science Computer Science, University of Tennessee
More information