Digital Forensics. Module 10 CS 996
|
|
- Richard Gallagher
- 5 years ago
- Views:
Transcription
1 Digital Forensics Module 10 CS 996
2 Outline of Module #10 Review MidTerm exam Legal update Suni Munshani Howard Carmack EnCase workshop 4/19/2004 Module 10 2
3 QUESTION #5 Return-Path: Received: from ns4.inch.com (ns4.inch.com [ ]) by util.inch.com ( / /UTIL-INCH ) with ESMTP id i07eifot for Wed, 7 Jan :44: (EST) (envelope-from djshmq@greenwood.com) Received: from ([ ]) FAKED SOURCE IP ADDRESS by ns4.inch.com (8.12.8p2/8.12.8/MXER-INCH-3.0.8) with SMTP id i07eiwq for <fred@monarch-info.com>; Wed, 7 Jan :44: (EST) (envelope-from djshmq@greenwood.com) Received: from [ ] by id U8MT8xwBv0ra; Wed, 07 Jan A.B.C.0 IS NOT AN ALLOWED HOST ADDRESS :39: Message-ID: <47q73116dgh6$p8ch4$1$6m7o7-d@vwk5rh7ji> From: "Lily Frazier" <djshmq@greenwood.com> Reply-To: "Lily Frazier" djshmq@greenwood.com MISMATCHED USER NAME To: fred@monarch-info.com WRONG ADDRESS 4/19/2004 Module 10 3
4 QUESTION #6 Return-Path: Received: from ns4.inch.com (ns4.inch.com [ ]) By util.inch.com with ESMTP id i2ff9mjz For Mon, 15 Mar :09: (EST) (envelope-from Received: from lineaaf97.velocom.com.ar (lineaaf97.velocom.com.ar [ ]) By ns4.inch.com with SMTP id i2ff8wp For Mon, 15 Mar :09: (EST) TIME IS EARLIER THAN PREVIOUS HOP! (envelope-from Received: from jojomail.com (jojomail-com.mr.outblaze.com [ ]) By lineaaf97.velocom.com.ar (postfix) with ESMTP id EACAA360CA For Mon, 15 Mar :10: From: Seacoast O. Hydras NAME DOESN T MATCH ADDRESS To: Fred fred@monarch-info.com WRONG ADDRESS Subject: Fred just look in my eyes dzddr PHONY SUBJECT LINE Date: Mon, 15 Mar :10: Message-ID: <110101c40a9f$cf7c694d$7eeacbe4@jojomail.com> 4/19/2004 Module 10 4
5 Pornographic Attachments If not viewed, they stay in.pst folder If viewed, they are rendered and found by: Searching for images on hard drive Looking in temporary internet folder Looking in MRU key in registry 4/19/2004 Module 10 5
6 Outlook Timestamps Received: the last SMTP server Created: entered in to the.pst file Modified: changed version entered in.pst file 4/19/2004 Module 10 6
7 4/19/2004 Module 10 7
8 Legal Update Suni Munshani Howard Carmack, aka The Buffalo Spammer 4/19/2004 Module 10 8
9 Suni Munshani is Back! His case in Massachusetts court was dismissed due to fraud He is being prosecuted for fraud by US Attorney He appealed the dismissal Only isolated incident of perjury Not unconscionable scheme He lost the appeal (March 26, 2004) 4/19/2004 Module 10 9
10 Howard Carmack Convicted April 1, 2004 in Erie County Court, New York Sent 800 million spam messages using Earthlink Charges did not include Can-Spam law 4/19/2004 Module 10 10
11 Carmack Conviction Forgery: falsely made written instrument with intent to defraud Possession of forgery device, ie software Identity theft: falsely obtained services from Earthlink Falsifying business records: Earthlink s business records 4/19/2004 Module 10 11
12 EnCase Resources Academic CD Instructor Notes User Manual excerpts on analysis Training Manual Online videos 4/19/2004 Module 10 12
13 Analysis With EnCase Initialize case Bookmarks: reporting 4/19/2004 Module 10 13
14 Initialize Case: EnCase Scripts Allow custom forensic analysis Program in C++ like API Pre-made scripts Initialize Case Download from Install in: c:\program files\encase\scripts\examples Running scripts: View Scripts Select Script Run View report => Bookmarks 4/19/2004 Module 10 14
15 Using Bookmarks Save important data for report View Bookmarks: Create New Folder Text Images 4/19/2004 Module 10 15
16 4/19/2004 Module 10 16
17 4/19/2004 Module 10 17
18 Navigating Case View Table Signature analysis (in Search function) Hash analysis Gallery Timeline Report Disk 4/19/2004 Module 10 18
19 4/19/2004 Module 10 19
20 4/19/2004 Module 10 20
21 4/19/2004 Module 10 21
22 4/19/2004 Module 10 22
23 Finding Evidence Sorting columns in table view Filters, queries and scripts Recovering folders Keyword search 4/19/2004 Module 10 23
24 4/19/2004 Module 10 24
25 Filters, Queries and Scripts Filters Use built-in capabilities Create queries when filter is run Queries Combine more than one filter in semi-custom query Scripts Create your own search function using C++ like language 4/19/2004 Module 10 25
26 4/19/2004 Module 10 26
27 4/19/2004 Module 10 27
28 String Search Adding keywords Choose files/folders to be searched Configure search 4/19/2004 Module 10 28
29 EnCase Search Method First does logical search Next does sector by sector Compound files like.pst and.dat need to be mounted separately CLUSTER N CHILD PORNOGRAPHY CLUSTER N+1 4/19/2004 Module 10 29
30 4/19/2004 Module 10 30
31 4/19/2004 Module 10 31
32 4/19/2004 Module 10 32
33 4/19/2004 Module 10 33
34 4/19/2004 Module 10 34
35 File Signatures Stated extension on evidence file Header information in the file itself Matches? 4/19/2004 Module 10 35
36 4/19/2004 Module 10 36
37 Compound File Analysis Registry 4/19/2004 Module 10 37
38 Access Registry 4/19/2004 Module 10 38
39 Win98: user.dat 4/19/2004 Module 10 39
40 View Folder Compound file Locate.dbx or.pst files View file structure 4/19/2004 Module 10 40
41 4/19/2004 Module 10 41
42 4/19/2004 Module 10 42
43 File Viewers Look at file outside Encase Add: View => File Viewers Create association: View => File Types Double click on file: copies and opens with viewer QuickView Plus different file formats Eliminates problems with trojans, viruses, etc. 4/19/2004 Module 10 43
44 Add File Viewer 4/19/2004 Module 10 44
45 Create Association (View Filetypes) 4/19/2004 Module 10 45
46 Slack Space in EnCase 4/19/2004 Module 10 46
47 References for Module #10 Bill Nelson, Guide to Computer Investigations, Warren Kruse, Computer Forensics, Kevin Mandia, Incident Response, EnCase Legal Journal (course web site) Suni Munshani: 4/19/2004 Module 10 47
Digital Forensics. Module 6 CS 996
Digital Forensics Module 6 CS 996 Review from Module #5 Class action suits and forensics ADS and slack space Basic Windows investigations Hard drive properties Hard drive case study Disposal of hard drives
More informationComputer Forensics: Investigating Data and Image Files, 2nd Edition. Chapter 3 Forensic Investigations Using EnCase
Computer Forensics: Investigating Data and Image Files, 2nd Edition Chapter 3 Forensic Investigations Using EnCase Objectives After completing this chapter, you should be able to: Understand evidence files
More informationDigital Forensics. Module 6 CS 996
Digital Forensics Module 6 CS 996 Module #5 Covered B of A case; corporate responsibility for security New security standards: NIST 800-53 and ITIL Another new security standard: ISF Standard of Good Practice
More informationANALYSIS AND VALIDATION
UNIT V ANALYSIS AND VALIDATION Validating Forensics Objectives Determine what data to analyze in a computer forensics investigation Explain tools used to validate data Explain common data-hiding techniques
More informationDigital Forensics ITP 375 (3 Units)
Digital Forensics ITP 375 (3 Units) Description In 2007, the FBI reported that over 200 major companies reported a loss of over 60 million dollars due to computer crime. Computers are becoming more of
More informationDigital Forensics Practicum CAINE 8.0. Review and User s Guide
Digital Forensics Practicum CAINE 8.0 Review and User s Guide Ana L. Hernandez Master of Science in Cybersecurity Digital Forensics Concentration University of South Florida 12-8-2017 Table of Contents
More informationProduct Questions: 486 Version: 12.0
Vendor: Eccouncil Exam Code: 312-49 Exam Name: Computer Hacking Forensic Investigator Exam v9 Version: DEMO Question: 1 Product Questions: 486 Version: 12.0 This organization maintains a database of hash
More informationAccessData Advanced Forensics
This advanced five-day course provides the knowledge and skills necessary to install, configure and effectively use Forensic Toolkit (FTK ), FTK Imager Password Recovery Toolkit (PRTK ) and Registry Viewer.
More informationDigital Forensics Lecture 01- Disk Forensics
Digital Forensics Lecture 01- Disk Forensics An Introduction to Akbar S. Namin Texas Tech University Spring 2017 Digital Investigations and Evidence Investigation of some type of digital device that has
More informationExam Number/Code: Exam Name: Computer Hacking. Version: Demo. Forensic Investigator.
Exam Number/Code:312-49 Exam Name: Computer Hacking Forensic Investigator Version: Demo http://www.it-exams.com QUESTION NO: 1 When an investigator contacts by telephone the domain administrator or controller
More informationEXPLORING FORENSIC DATA WITH SELF-ORGANIZING MAPS
Chapter 10 EXPLORING FORENSIC DATA WITH SELF-ORGANIZING MAPS B. Fei, J. ElofF, H. Venter and M. Olivier Abstract This paper discusses the application of a self-organizing map (SOM), an unsupervised learning
More informationDigital Forensics. Module 3 CS 996
Digital Forensics Module 3 CS 996 Review from Module #2 Spam investigations Analyzing message headers Tools NetScan Tools Pro Sam Spade Geolocation service (Quova) Methods to reduce spam Legal CANSPAM
More informationDigital Forensics. Module 1 CS 996
Digital Forensics Module 1 CS 996 Instructors Dr. Frederick Scholl Office Hours: 5-6 PM, Mondays E-mail: freds@monarch-info.com Phone 212-869-4458 I am not a lawyer! Kulesh Shanmugasundaram Professor Nasir
More informationDigital Forensics. Module 7 CS 996
Digital Forensics Module 7 CS 996 Module #6 Covered Using Autopsy Using Helix 3/30/2005 Module 7 2 Outline of Module #7 Review mid-term Helix presentation Forensic business news Gates v. Bando case Linux
More informationReport For Algonquin Township Highway Department
Report For Algonquin Township Highway Department Prepared For: Prepared By: Robert Hanlon Attorney at Law robert@robhanlonlaw.com Andy Garrett Garrett Discovery Inc agarrett@garrettdiscovery.com Date:
More informationAnalysis Villanova University Department of Computing Sciences D. Justin Price Spring 2014
Email Analysis Villanova University Department of Computing Sciences D. Justin Price Spring 2014 EMAIL ANALYSIS With the increase in e-mail scams and fraud attempts with phishing or spoofing Investigators
More informationAnalysis Villanova University Department of Computing Sciences D. Justin Price Fall 2014
Email Analysis Villanova University Department of Computing Sciences D. Justin Price Fall 2014 EMAIL ANALYSIS With the increase in e-mail scams and fraud attempts with phishing or spoofing Investigators
More informationFinancial CISM. Certified Information Security Manager (CISM) Download Full Version :
Financial CISM Certified Information Security Manager (CISM) Download Full Version : http://killexams.com/pass4sure/exam-detail/cism required based on preliminary forensic investigation, but doing so as
More informationParaben Examiner 9.0 Release Notes
Paraben E-mail Examiner 9.0 Release Notes 1 Paraben Corporation Welcome to Paraben s E-mail Examiner 9.0! Paraben s Email Examiner-EMX allows for the forensic examination of the most popular local e-mail
More informationVendor: ECCouncil. Exam Code: EC Exam Name: Computer Hacking Forensic Investigator Exam. Version: Demo
Vendor: ECCouncil Exam Code: EC1-349 Exam Name: Computer Hacking Forensic Investigator Exam Version: Demo QUESTION 1 What is the First Step required in preparing a computer for forensics investigation?
More informationNew Model for Cyber Crime Investigation Procedure
New Model for Cyber Crime Investigation Procedure * *Dept. of IT & Cyber Police, Youngdong University, Rep. of Korea ydshin@youngdong.ac.kr doi:10.4156/jnit.vol2.issue2.1 Abstract In this paper, we presented
More informationStates, Companies Begin to Can Spam
www. Govtech.com States, Companies Begin to Can Spam - p. 1 States, Companies Begin to Can Spam News Report January 4, 2005 One year after the Controlling the Assault of Non-Solicited Pornography and Marketing
More informationUnderstanding Computer Forensics
Understanding Computer Forensics also known as: How to do a computer forensic investigation... and not get burned Nick Klein SANS Canberra Community Night 11 February 2013 The scenario... Your boss tells
More informationComputer forensics technologies for personally identifiable information detection and audits
Rochester Institute of Technology RIT Scholar Works Articles 2010 Computer forensics technologies for personally identifiable information detection and audits Yin Pan Bill Stackpole Luther Troell Follow
More informationOFFICE OF THE PROSECUTING ATTORNEY DANIEL R. LUTZ 215 N. GRANT STREET WOOSTER, OHIO BAD CHECK PACKET
OFFICE OF THE PROSECUTING ATTORNEY DANIEL R. LUTZ 215 N. GRANT STREET WOOSTER, OHIO 44691 330-287-5633 BAD CHECK PACKET Requirements for Prosecution - Non-sufficient Funds (NSF) Checks: 1) Check must have
More informationCourse 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationTanium Endpoint Detection and Response. (ISC)² East Bay Chapter Training Day July 13, 2018
Tanium Endpoint Detection and Response (ISC)² East Bay Chapter Training Day July 13, 2018 $> WhoamI 11 Years of Security Experience Multiple Verticals (Technology, Industrial, Healthcare, Biotech) 9 Years
More informationGuide to Computer Forensics and Investigations Fourth Edition. Chapter 6 Working with Windows and DOS Systems
Guide to Computer Forensics and Investigations Fourth Edition Chapter 6 Working with Windows and DOS Systems Understanding Disk Drives Disk drives are made up of one or more platters coated with magnetic
More informationand the Forensic Science CC Spring 2007 Prof. Nehru
and the Introduction The Internet, (Information superhighway), has opened a medium for people to communicate and to access millions of pieces of information from computers located anywhere on the globe.
More informationCOWLEY COLLEGE & Area Vocational Technical School
COWLEY COLLEGE & Area Vocational Technical School COURSE PROCEDURE FOR Student Level: This course is open to students on the college level in either the freshman or sophomore year. Catalog Description:
More informationChapter 7 Forensic Duplication
Chapter 7 Forensic Duplication Ed Crowley Spring 11 Topics Response Strategies Forensic Duplicates and Evidence Federal Rules of Evidence What is a Forensic Duplicate? Hard Drive Development Forensic Tool
More informationCOMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
More informationEM L04 Using Workflow to Manage Your Patch Process and Follow CISSP Best Practices
EM L04 Using Workflow to Manage Your Patch Process and Follow CISSP Best Practices Hands-On Lab Description Most corporations today have some form of patch process in place. In this session, you will learn
More informationComputer Forensic Capabilities. Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice
Computer Forensic Capabilities Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice Agenda What is computer forensics? Where to find computer evidence Forensic
More informationS23: You Have Been Hacked, But Where s the Evidence? A Quick Intro to Digital Forensics Bill Pankey, Tunitas Group
S23: You Have Been Hacked, But Where s the Evidence? A Quick Intro to Digital Forensics Bill Pankey, Tunitas Group You Have Been Hacked, But Where s the Evidence? A Quick Intro to Digital Forensics Bill
More informationCYBERCRIME LEGISLATION DEVELOPMENT IN NIGERIA AN UPDATE. Octopus Conference, Strasbourg 06 June, 2012
CYBERCRIME LEGISLATION DEVELOPMENT IN NIGERIA AN UPDATE Octopus Conference, Strasbourg 06 June, 2012 T.GEORGE-MARIA TYENDEZWA Head, Computer Crime Prosecution Unit, Federal Ministry of Justice, Abuja,
More informationOverview. Top. Welcome to SysTools MailXaminer
Table of Contents Overview... 2 System Requirements... 3 Installation of SysTools MailXaminer... 4 Uninstall Software... 6 Software Menu Option... 8 Software Navigation Option... 10 Complete Steps to Recover,
More informationCOMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9
COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9 Course Code: 3401 Prepare for the CHFI certification while learning advanced forensics investigation techniques. EC-Council released the most advanced computer
More informationCASE BRIEFING Suni Munshani vs. Signal Lake Venture Fund II, LP, et al. Massachusetts Superior Court, Civil Action No BLS
Involved Parties CASE BRIEFING Suni Munshani vs. Signal Lake Venture Fund II, LP, et al. Massachusetts Superior Court, Civil Action No. 00-5529 BLS Suni Munshani was the plaintiff in the Suni Munshani
More informationLeveraging CybOX to Standardize Representation and Exchange of Digital Forensic Information
DIGITAL FORENSIC RESEARCH CONFERENCE Leveraging CybOX to Standardize Representation and Exchange of Digital Forensic Information By Eoghan Casey, Greg Back, and Sean Barnum Presented At The Digital Forensic
More informationCOMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS. Frank Gearhart, ISSA Colorado Springs
COMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS Frank Gearhart, ISSA Colorado Springs TECHNOLOGY + INVESTIGATION + STORYTELLING Know the case Find the evidence Follow the facts Create the timeline
More informationNews English.com Ready-to-use ESL / EFL Lessons
www.breaking News English.com Ready-to-use ESL / EFL Lessons 1,000 IDEAS & ACTIVITIES FOR LANGUAGE TEACHERS The Breaking News English.com Resource Book http://www.breakingnewsenglish.com/book.html Top
More informationITU/HIPPSA Technical Assistance on Cybercrime Law for the Republic of Rwanda, Kigali 11 th -12 th July 2013
HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa ITU/HIPPSA Technical Assistance on Cybercrime Law for the Republic of Rwanda, Kigali 11 th -12 th July 2013 Draft Computer
More informationComputer Forensics In Forensis
Computer Forensics In Forensis Sean Peisert, UC Davis Matt Bishop, UC Davis Keith Marzullo, UC San Diego SADFE ~ May 22, 2008 Oakland, CA 1 What happened?? 2 2 Tradeoffs & Forensics Security vs. Usability
More informationDigital Forensics for Attorneys
Lars E. Daniel, EnCE, ACE, AME, CTNS Digital Forensics Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital
More informationNetworking & Censorship
Networking & Censorship How We Use the Web Shopping Contributing content (wikis, blogs) Promoting business Learning Exploring our roots Exploring virtual worlds Paying taxes Gambling Lots more Online
More informationECCouncil Computer Hacking Forensic Investigator (V8)
ECCouncil 312-49v8 ECCouncil Computer Hacking Forensic Investigator (V8) Version: 9.0 QUESTION NO: 1 ECCouncil 312-49v8 Exam What is the First Step required in preparing a computer for forensics investigation?
More informationOperating System Specification Mac OS X Snow Leopard (10.6.0) or higher and Windows XP (SP3) or higher
BlackLight is a multi-platform forensic analysis tool that allows examiners to quickly and intuitively analyze digital forensic media. BlackLight is capable of analyzing data from Mac OS X computers, ios
More informationRunning head: FTK IMAGER 1
Running head: FTK IMAGER 1 FTK Imager Jean-Raymond Ducasse CSOL-590 June 26, 2017 Thomas Plunkett FTK IMAGER 2 FTK Imager Outline Process for Adding Individual Files & Folders as Evidence Items Although
More informationKillTest 䊾 䞣 催 ࢭ ད ᅌ㖦䊛 ᅌ㖦䊛 NZZV ]]] QORRZKYZ TKZ ϔᑈܡ䊏 ᮄ ࢭ
KillTest Exam : 312-49v8 Title : ECCouncil Computer Hacking Forensic Investigator (V8) Version : Demo 1 / 6 1.What is the First Step required in preparing a computer for forensics investigation? A. Do
More informationNotes: Describe the architecture of your product. Please provide also which Database technology is used for case management and evidence management.
EF-1. All protocols used between the different components in the distributed architecture (management server, agents, database, forensic analyst system, etc) shall be encrypted and signed. EF-2. The Enterprise
More informationLesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)
Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA) Introduction: Welcome to Honesty and Confidentiality Lesson Three: The False Claims Act is an important part
More informationComputer Forensics (the good, the bad & the ugly)
Computer Forensics (the good, the bad & the ugly) John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, MIIA, CISA, CGEIT, QiCA, CFE LHS Business Control Tel: +44 (0)1707 851454 47 Grangewood Fax: +44
More informationUser Manual. Published: 25-Oct-17 at 18:38:40
User Manual Published: 25-Oct-17 at 18:38:40 Chapter Contents Published: 25-Oct-17 at 18:38:36 Quick Start Guide... 11 Wibu CodeMeter Activation Dongle... 11 System Requirements... 11 Download... 11 Installation...
More informationCriminal Justice Statistics on Cybercrime & Electronic Evidence
Criminal Justice Statistics on Cybercrime & Electronic Evidence Ghanaian Private Sector in Perspective & International Best Practices Albert Antwi-Boasiako, e-crime Bureau PRESENTATION OUTLINE Overview
More informationForensic and Log Analysis GUI
Forensic and Log Analysis GUI David Collett I am not representing my Employer April 2005 1 Introduction motivations and goals For sysadmins Agenda log analysis basic investigations, data recovery For forensics
More informationFederal Trade Commission Protecting Consumer Privacy. J. Howard Beales, III, Director Bureau of Consumer Protection Federal Trade Commission
Federal Trade Commission Protecting Consumer Privacy J. Howard Beales, III, Director Bureau of Consumer Protection Federal Trade Commission FTC s Approach to Privacy Consumers are concerned about consequences
More informationMEETINGS OF MINISTERS OF JUSTICE OR OEA/Ser.K/XXXIV
MEETINGS OF MINISTERS OF JUSTICE OR OEA/Ser.K/XXXIV OTHER MINISTERS OR ATTORNEYS GENERAL CIBER-VIII/doc.1/11 OF THE AMERICAS 6 November 2013 Original: English Eighth Meeting of the Working Group on Cyber-crime
More informationCertified Ethical Hacker
Certified Ethical Hacker ECCouncil 312-49 Dumps Available Here at: /eccouncil-exam/312-49-dumps.html Enrolling now you will get access to 316 questions in a unique set of 312-49 dumps Question 1 When an
More informationGuide to Computer Forensics. Third Edition. Chapter 12 Chapter 12 Investigations
Guide to Computer Forensics and Investigations Third Edition Chapter 12 Chapter 12 E-mail Investigations Objectives Explain the role of e-mail in investigations Describe client and server roles in e-mail
More informationManTech SMA. Computer Forensics and Intrusion Analysis. Fuzzy Hashing. Jesse Kornblum
ManTech SMA Computer Forensics and Intrusion Analysis Fuzzy Hashing Jesse Kornblum 1 Introduction Interactive Presentation The answer is always it depends Ask me anything at any time Computer Forensics
More informationAmcache and Shimcache Forensics
March, 2017 Amcache and Shimcache Forensics When and how to leverage Amcache and Shimcache artifacts Contents Overview... 3 Amcache... 3 Shimcache... 4 Leveraging Amcache and Shimcache artifacts... 5 Overview
More informationContents. Management. Client. Choosing One 1/20/17
Contents Email Management CSCU9B2 Email clients choosing and using Email message header and content Emailing to lists of people In and out message management Mime attachments and HTML email SMTP, HTTP,
More informationDigital Forensics. Outline. What is Digital Forensics? Outline cont. Jason Trent Laura Woodard
Outline Digital Forensics Jason Trent Laura Woodard What is Digital Forensics Who uses it Why is it used Where is it used JBRWWW Example March 9, 2006 Outline cont. Info you can find/use from volatile
More informationDigital Cameras. An evaluation of the collection, preservation and evaluation of data collected from digital
Ronald Prine CSC 589 - Digital Forensics New Mexico Institute of Mining and Technology October 17, 2006 Digital Cameras Executive Summary An evaluation of the collection, preservation and evaluation of
More informationCryptoEx: Applications for Encryption and Digital Signature
CryptoEx: Applications for Encryption and Digital Signature CryptoEx Products: Overview CryptoEx Outlook CryptoEx Notes CryptoEx Volume CryptoEx Pocket CryptoEx File CryptoEx Office CryptoEx Business Server
More informationGuide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations
Guide to Computer Forensics and Investigations Fourth Edition Chapter 2 Understanding Computer Investigations Objectives Explain how to prepare a computer investigation Apply a systematic approach to an
More informationCLOUD FORENSICS : AN OVERVIEW. Kumiko Ogawa
CLOUD FORENSICS : AN OVERVIEW Kumiko Ogawa What is Cloud Forensics Forensic Science - Application of science to the criminal and civil laws that are enforced by police agencies in a criminal justice system.
More informationComputer Forensics US-CERT
Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further
More informationChapter 7 Forensic Duplication
Chapter 7 Forensic Duplication Ed Crowley Spring 10 Topics Response Strategies Forensic Duplicates and Evidence Federal Rules of Evidence What is a Forensic Duplicate? Hard Drive Development Forensic Tool
More information2. Click New in the upper left corner of the standard toolbar (along the top) to open a new message box.
Mail Exercise 1: Sending a Message 1. Click Mail in the Navigation Pane. 2. Click New in the upper left corner of the standard toolbar (along the top) to open a new message box. 3. Enter utstr3@mailbox.sc.edu
More informationDigital Evidence: I know it s there, how do I get it?
: I know it s there, how do I get it? January 24, 2019 Matthew Rollins Senior Assistant District Attorney Paulding County Judicial Circuit Josh Reed Network Intrusion Forensic Analyst United States Secret
More informationTalking to the Tech Asking the Right Questions
Talking to the Tech Asking the Right Questions Eric R. Zimmerman Senior director, Kroll Cyber Security eric.zimmerman@kroll.com 501-313-3778 @EricRZimmerman https://binaryforay.blogspot.com/ Why are we
More informationWindows Core Forensics Forensic Toolkit / Password Recovery Toolkit /
The Windows Forensics Core Training follows up the AccessData BootCamp training. This advanced AccessData training class provides the knowledge and skills necessary to use AccessData products to conduct
More informationSAULT COLLEGE OF APPLIED ARTS AND TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE
SAULT COLLEGE OF APPLIED ARTS AND TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE COURSE TITLE: CODE NO. : SEMESTER: Fall 2011 PROGRAM: AUTHOR: Computer Engineering Technologist - Networking Dan Kachur
More informationWestern Iowa Telephone Association (dba Wiatel, Western Iowa Telecom) AUP Wiatel Wiatel Company 1. Applicability. User 2. Compliance Required.
Western Iowa Telephone Association(dba Wiatel, Western Iowa Telecom) Acceptable Use Policy High Speed Internet Service Page 1 of 5 Western Iowa Telephone Association (dba Wiatel, Western Iowa Telecom)
More informationComputer Forensics CCIC Training
Computer Forensics CCIC Training Chapter 6: Recent Files Lauren Pixley and Cassidy Elwell May 2017 (Version 1) This work by California Cyber Training Complex is licensed under a Creative Commons Attribution-NonCommercial
More informationExam Questions EC1-349
Exam Questions EC1-349 ECCouncil Computer Hacking Forensic Investigator https://www.2passeasy.com/dumps/ec1-349/ 1.What is the First Step required in preparing a computer for forensics investigation? A.
More informationChapter 5 EVALUATION OF REGISTRY DATA REMOVAL BY SHREDDER PROGRAMS. 1. Introduction. Harry Velupillai and Pontjho Mokhonoana
Chapter 5 EVALUATION OF REGISTRY DATA REMOVAL BY SHREDDER PROGRAMS Harry Velupillai and Pontjho Mokhonoana Abstract Shredder programs attempt to overcome Window s inherent inability to erase data completely.
More informationSPAM UNDERSTANDING & AVOIDING
SPAM UNDERSTANDING & AVOIDING Modified: March 8, 2016 SPAM UNDERSTANDING & AVOIDING... 5 What is Spam?... 6 How to avoid Spam... 6 How to view message headers... 8 Checking and emptying Junk E-mail...
More informationComputer Science 572 Midterm Prof. Horowitz Tuesday, March 12, 2013, 12:30pm 1:45pm
Computer Science 572 Midterm Prof. Horowitz Tuesday, March 12, 2013, 12:30pm 1:45pm Name: Student Id Number: 1. This is a closed book exam. 2. Please answer all questions. 3. There are a total of 40 questions.
More informationAGENDA. 24-Aug-15 FORENSIC TECHNOLOGY: ADDING VALUE TO LITIGATION FROM THE PERSPECTIVE OF A LAWYER
FORENSIC TECHNOLOGY: ADDING VALUE TO LITIGATION FROM THE PERSPECTIVE OF A LAWYER Presented @ ANNUAL GENERAL CONFERENCE OF NIGERIAN BAR ASSOCIATION by Dr. Peter O. Olayiwola, BBA, MBA, Ph.D., FNCS, MCPN,
More informationSac County Mutual Telephone Company Acceptable Use Policy High Speed Internet Service Page 1 of 5. Sac County Mutual Telephone Company
Page 1 of 5 Sac County Mutual Telephone Company ACCEPTABLE USE POLICY FOR HIGH SPEED INTERNET SERVICE This Acceptable Use Policy ( AUP ) governs high speed Internet service provided to you by Sac County
More informationFast Indexing Strategies for Robust Image Hashes
DIGITAL FORENSIC RESEARCH CONFERENCE Fast Indexing Strategies for Robust Image Hashes By Christian Winter, Martin Steinebach and York Yannikos Presented At The Digital Forensic Research Conference DFRWS
More informationContact Information. Contact Center Operating Hours. Other Contact Information. Contact Monday through Thursday Friday
Contact Information Contact Center Operating Hours Contact Monday through Thursday Friday Phone: 1.801.796.0944 8 AM 5 PM Eastern Time 8 AM 3 PM Eastern Time Online chat: http://support.paraben.com 10
More informationJ. A. Drew Hamilton, Jr., Ph.D. Director, Center for Cyber Innovation Professor, Computer Science & Engineering
J. A. Drew Hamilton, Jr., Ph.D. Director, Center for Cyber Innovation Professor, Computer Science & Engineering CCI Post Office Box 9627 Mississippi State, MS 39762 Voice: (662) 325-2294 Fax: (662) 325-7692
More informationExample: Packet Logging Workflow. Using Packet Captures. Enabling Packet Capture in Security Policy Rules
Example: Packet Logging Workflow Using Packet Captures This topic summarizes IDP packet logging basics. It includes the following sections: Using Packet Captures on page 1 Enabling Packet Capture in Security
More informationGlobal Alliance Against Child Sexual Abuse Online 2014 Reporting Form BOSNIA AND HERZEGOVINA. Policy Target No. 1
Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form BOSNIA AND HERZEGOVINA Policy Target No. 1 Enhancing efforts to identify victims and ensuring that they receive the necessary assistance,
More informationSource: https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-imager/
by Chirath De Alwis Source: https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-imager/ Forensic Toolkit or FTK is a computer forensics software product made by AccessData.
More information11/1/2018 Application Forensics
11/1/2018 Application Forensics Eric Swisher Vashaad Fincher Tracey MacLeavy Application Forensics Computer Forensics is the practice of collecting, analyzing and reporting on digital data in a way that
More informationEXAM - CFA-001. Certified Forensic Analyst (CFA) Buy Full Product.
GAQM EXAM - CFA-001 Certified Forensic Analyst (CFA) Buy Full Product http://www.examskey.com/cfa-001.html Examskey GAQM CFA-001 exam demo product is here for you to test the quality of the product. This
More informationIP CHANGES IN THE THAI COMPUTER CRIME ACT. Cyber crime in Thailand Introduction & Overview
IP CHANGES IN THE THAI COMPUTER CRIME ACT Cyber crime in Thailand Introduction & Overview POL.LT.COL.NAUGHTAKID PHROMCHAN DEPUTY SUPERINTENDENT SOCIAL MEDIA MONITORING CENTER, ROYAL THAI POLICE 7th November
More informationDigital Forensics. Also known as. General definition: Computer forensics or network forensics
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 3 Jan 29, 2014 Introduction ti to Digital Forensics Digital Forensics Also known as Computer forensics or network forensics General
More informationIntroduction to Antispam Practices
By Alina P Published: 2007-06-11 18:34 Introduction to Antispam Practices According to a research conducted by Microsoft and published by the Radicati Group, the percentage held by spam in the total number
More informationOVERVIEW OF SUBJECT REQUIREMENTS
Course Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank OVERVIEW OF SUBJECT REQUIREMENTS Note: This document is intended as a guide only. Enrolling students
More informationDeliverability Terms
Email Deliverability Terms The Purpose of this Document Deliverability is an important piece to any email marketing strategy, but keeping up with the growing number of email terms can be tiring. To help
More informationSPECIAL ISSUE, PAPER ID: IJDCST-09 ISSN
Digital Forensics CH. RAMESH BABU, Asst.Proffessor, Dept. Of MCA, K.B.N.College, Vijayawada Abstract: The need for computer intrusion forensics arises from the alarming increase in the number of computer
More informationContact Details and Technical Information
Contact Details and Technical Information GetData Forensic Pty Ltd GetData Forensics USA Suite 204 1007 North Sepulveda Blvd # 1543 13a Montgomery St Manhattan Beach, CA 90267 Kogarah NSW 2217 USA Australia
More informationForensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud
Forensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud Ezz El-Din Hemdan 1, Manjaiah D.H 2 Research Scholar, Department of Computer Science, Mangalore University,
More informationEnCase Forensic. User Manual
Guidance Software 215 north marengo avenue, 2nd floor pasadena, california 91101 phone: 626.229.9191 fax: 626.229.9199 e-mail: documentation@guidancesoftware.com www.guidancesoftware.com EnCase Forensic
More information