Forensics and Cyber Threat Research Area

Threat Intelligence | Insider Threat Detection | User Behavior Analytics | Cyber Threat Management | Data Security Intelligence | Cloud Security Intelligence Application Security Intelligence | Anomaly & Pattern Detection |  Security Information Event Management | Digital Forensics | Data Recovery | Malware Investigation | Packet Analytics | Packet Forensics | security operations and analytics platform architecture (SOAPA)

Computer Forensics Fundamentals

Home » Blog » Computer Forensics Fundamentals

 Posted in Digital Forensics

Computer Forensics Fundamentals

   6th December 2015  Leave a Comment on Computer Forensics Fundamentals 1 1433

Computer Forensics Fundamentals

Project Name: Computer Forensics Fundamentals

Description: This blog will help all forensics investigator for Computer Forensics Fundamentals

Author: Rohit D Sadgune

Frequently Asked Question on Computer Forensics Investigation

  • Checklist of Computer Forensics Fundamentals

 

  1. Protect the suspected digital media during the forensic examination from any possible alteration, damage, data corruption, or virus introduction.
  2. Discover all files on the suspected digital media. This includes existing normal files, deleted yet remaining files, hidden files, password-protected files, and encrypted files.
  3. Recover all (or as much as possible of) discovered deleted files.
  4. Reveal (to the greatest extent possible) the contents of hidden files as well as temporary or swap files used by both the application programs and the operating system.
  5. Access (if possible and legally appropriate) the contents of protected or encrypted files.
  6. Analyze all possibly relevant data found in special (and typically inaccessible) areas of a disk. This includes but is not limited to what is called unallocated space on a disk (currently unused, but possibly the repository of previous data that is relevant evidence), as well as slack space in a file (the remnant area at the end of a file in the last assigned disk cluster that is unused by current file data, but once again, may be a possible site for previously created and relevant evidence).
  7. Print out an overall analysis of the subject computer system, as well as a listing of all possibly relevant files and discovered file data.
  8. Provide an opinion of the system layout; the file structures discovered; any discovered data and authorship information; any attempts to hide, delete, protect, and encrypt information; and anything else that has been discovered and appears to be relevant to the overall computer system examination.
  9. Provide expert consultation and/or testimony, as required.

GO BACK TO COMPUTER FORENSICS CHECKLIST

Author: Rohit Sadgune
Core Working Areas :- Threat Intelligence, Digital Forensics, Incident Response, Fraud Investigation, Web Application Security Technical Certifications :- Computer Hacking Forensics Investigator | Certified Ethical Hacker | Certified Cyber crime investigator | Certified Professional Hacker | Certified Professional Forensics Analyst | Redhat certified Engineer | Cisco Certified Network Associates | Certified Firewall Solutions | Certified Network Monitoring Solution | Certified Proxy Solutions
Website

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here : *

Reload Image

Indicator of Attacks | Indicator of Compromise

Top SIEM Use Cases | Threat Hunting Hypothesis | Deep Packet Inspection | Insider Threat Hunting | Hunting Data Exfiltration | Banking Fraud | ATM Use Cases | Cross Channel Data Exfiltration | Hunting Endpoint Anomaly | Denial-of-service | Man-in-the-middle (MitM) attack | Spear phishing attacks | Drive-by attack | Eavesdropping attack | Birthday attack