Principal Computer Forensic Activities Checklist Form
Digital Forensics
1

Digital Forensic Checklist

Project Name: Digital Forensic Checklist

Description: This blog will help all forensics investigator for Digital Forensic Checklist

Author: Rohit D Sadgune

Frequently Asked Question on Computer Forensics Investigation

  • Checklist of Principal Digital Forensic Activities Checklist Form

 

  1. Safely seize computer systems and files to avoid contamination and/or interference.
  2. Safely collect data and software.
  3. Safe and non contaminating copying of disks and other data media.
  4. Review and report on data media.
  5. Source and review backup and archived files.
  6. Recover/reconstruct deleted files—logical methods.
  7. Recover material from swap and cache files.
  8. Recover deleted/damaged files—physical methods.
  9. Core-dump: Collect an image of the contents of the active memory of a computer at a particular time.
  10. Estimate if files have been used to generate forged output.
  11. Review single computers for proper working during relevant period, including service logs, fault records, and the like.
  12. Prove/test reports produced by complex client/server applications.
  13. Review complex computer systems and networks for proper working during relevant period, including service logs, fault records, and the like.
  14. Review system/program documentation for design methods, testing, audit, revisions, and operations management.
  15. Review applications programs for proper working during relevant period, including service logs, fault records, and the like.
  16. Identify and examine audit trails.
  17. Identify and review monitoring logs.
  18. Conduct telecoms call path tracing (PTTs or path-tracing telecoms and telecoms utilities companies only).
  19. Review access control services—quality and resilience of facilities (hardware and software, identification/authentication services).
  20. Review and assess access control services—quality of security management.
  21. Review and assess encryption methods—resilience and implementation.
  22. Set up proactive monitoring to detect unauthorized or suspect activity within application programs and operating systems and across local area and wide area networks.
  23. Monitor email.
  24. Use special alarm or trace programs.
  25. Use honeypots.
  26. Interact with third parties (suppliers, emergency response teams, and law enforcement agencies).
  27. Review and assess measuring devices and other sources of real evidence, including service logs, fault records, and the like.
  28. Use routine search programs to examine the contents of a file.
  29. Use purpose-written search programs to examine the contents of a file.
  30. Reconcile multi source files.
  31. Examine telecoms devices and location of associated activity logs and other records perhaps held by third parties.
  32. Reconstruct events.
  33. Reconstruct complex computer intrusion.
  34. Reconstruct complex fraud.
  35. Reconstruct system failure.
  36. Reconstruct disaster affecting computer-driven machinery or process.
  37. Review expert- or rule-based systems.
  38. Reverse compilation of suspect code.
  39. Use computer programs that purport to provide simulations or animations of events: review of accuracy, reliability, and quality.

GO BACK TO COMPUTER FORENSICS CHECKLIST

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Cyber Threat Analytics
Digital Forensics
Reconstructing Past Digital Events

Reconstructing Past Digital Events Project Name: Reconstruction of Past Digital Events Description: This blog will help all forensics investigator to Reconstruct of Past Digital Events. Author: Rohit D Sadgune Frequently Asked Question on Computer Forensics Investigation How to Reconstructing Past Digital Event Backup of Digital Events Importanance of Reconstructing Past …

Computer Forensics Fundamentals
Digital Forensics
Computer Forensics Fundamentals

Computer Forensics Fundamentals Project Name: Computer Forensics Fundamentals Description: This blog will help all forensics investigator for Computer Forensics Fundamentals Author: Rohit D Sadgune Frequently Asked Question on Computer Forensics Investigation Checklist of Computer Forensics Fundamentals   Protect the suspected digital media during the forensic examination from any possible alteration, …

Types of Computer Forensics Technology
Digital Forensics
Types of Computer Forensics Technology

Types of Computer Forensics Technology Project Name: Types of Computer Forensics Technology Description: This blog will help all forensics investigator for Types of Computer Forensics Technology Author: Rohit D Sadgune Frequently Asked Question on Computer Forensics Investigation Checklist of Types of Computer Forensics Technology   Move documentary evidence quickly from …

%d bloggers like this: