Forensics and Cyber Threat Research Area

Threat Intelligence | Insider Threat Detection | User Behavior Analytics | Cyber Threat Management | Data Security Intelligence | Cloud Security Intelligence Application Security Intelligence | Anomaly & Pattern Detection |  Security Information Event Management | Digital Forensics | Data Recovery | Malware Investigation | Packet Analytics | Packet Forensics | security operations and analytics platform architecture (SOAPA)

Principal Computer Forensic Activities Checklist Form

Home » Blog » Digital Forensic Checklist

 Posted in Digital Forensics

Digital Forensic Checklist

   6th December 2015  Leave a Comment on Digital Forensic Checklist 0 1344

Digital Forensic Checklist

Project Name: Digital Forensic Checklist

Description: This blog will help all forensics investigator for Digital Forensic Checklist

Author: Rohit D Sadgune

Frequently Asked Question on Computer Forensics Investigation

  • Checklist of Principal Digital Forensic Activities Checklist Form

 

  1. Safely seize computer systems and files to avoid contamination and/or interference.
  2. Safely collect data and software.
  3. Safe and non contaminating copying of disks and other data media.
  4. Review and report on data media.
  5. Source and review backup and archived files.
  6. Recover/reconstruct deleted files—logical methods.
  7. Recover material from swap and cache files.
  8. Recover deleted/damaged files—physical methods.
  9. Core-dump: Collect an image of the contents of the active memory of a computer at a particular time.
  10. Estimate if files have been used to generate forged output.
  11. Review single computers for proper working during relevant period, including service logs, fault records, and the like.
  12. Prove/test reports produced by complex client/server applications.
  13. Review complex computer systems and networks for proper working during relevant period, including service logs, fault records, and the like.
  14. Review system/program documentation for design methods, testing, audit, revisions, and operations management.
  15. Review applications programs for proper working during relevant period, including service logs, fault records, and the like.
  16. Identify and examine audit trails.
  17. Identify and review monitoring logs.
  18. Conduct telecoms call path tracing (PTTs or path-tracing telecoms and telecoms utilities companies only).
  19. Review access control services—quality and resilience of facilities (hardware and software, identification/authentication services).
  20. Review and assess access control services—quality of security management.
  21. Review and assess encryption methods—resilience and implementation.
  22. Set up proactive monitoring to detect unauthorized or suspect activity within application programs and operating systems and across local area and wide area networks.
  23. Monitor email.
  24. Use special alarm or trace programs.
  25. Use honeypots.
  26. Interact with third parties (suppliers, emergency response teams, and law enforcement agencies).
  27. Review and assess measuring devices and other sources of real evidence, including service logs, fault records, and the like.
  28. Use routine search programs to examine the contents of a file.
  29. Use purpose-written search programs to examine the contents of a file.
  30. Reconcile multi source files.
  31. Examine telecoms devices and location of associated activity logs and other records perhaps held by third parties.
  32. Reconstruct events.
  33. Reconstruct complex computer intrusion.
  34. Reconstruct complex fraud.
  35. Reconstruct system failure.
  36. Reconstruct disaster affecting computer-driven machinery or process.
  37. Review expert- or rule-based systems.
  38. Reverse compilation of suspect code.
  39. Use computer programs that purport to provide simulations or animations of events: review of accuracy, reliability, and quality.

GO BACK TO COMPUTER FORENSICS CHECKLIST

Author: Rohit Sadgune
Core Working Areas :- Threat Intelligence, Digital Forensics, Incident Response, Fraud Investigation, Web Application Security Technical Certifications :- Computer Hacking Forensics Investigator | Certified Ethical Hacker | Certified Cyber crime investigator | Certified Professional Hacker | Certified Professional Forensics Analyst | Redhat certified Engineer | Cisco Certified Network Associates | Certified Firewall Solutions | Certified Network Monitoring Solution | Certified Proxy Solutions
Website

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here : *

Reload Image

Indicator of Attacks | Indicator of Compromise

Top SIEM Use Cases | Threat Hunting Hypothesis | Deep Packet Inspection | Insider Threat Hunting | Hunting Data Exfiltration | Banking Fraud | ATM Use Cases | Cross Channel Data Exfiltration | Hunting Endpoint Anomaly | Denial-of-service | Man-in-the-middle (MitM) attack | Spear phishing attacks | Drive-by attack | Eavesdropping attack | Birthday attack