Forensics and Cyber Threat Research Area

Threat Intelligence | Insider Threat Detection | User Behavior Analytics | Cyber Threat Management | Data Security Intelligence | Cloud Security Intelligence Application Security Intelligence | Anomaly & Pattern Detection |  Security Information Event Management | Digital Forensics | Data Recovery | Malware Investigation | Packet Analytics | Packet Forensics | security operations and analytics platform architecture (SOAPA)

Duplication and Preservation of Digital Evidence

Home » Blog » Duplication and Preservation of Digital Evidence

 Posted in Digital Forensics

Duplication and Preservation of Digital Evidence

   6th December 2015  Leave a Comment on Duplication and Preservation of Digital Evidence 0 1033

Duplication and Preservation of Digital Evidence

Project Name: Duplication and Preservation of Digital Evidence

Description: This blog will help all forensics investigator for Duplication and Preservation of Digital Evidence

Author: Rohit D Sadgune

Frequently Asked Question on Computer Forensics Investigation

  • Checklist of Duplication and Preservation of Digital Evidence

 

  1. Shut down the computer.
  2. Document the hardware configuration of the system.
  3. Transport the computer system to a secure location.
  4. Make bit-stream backups of hard disks and floppy disks.
  5. Mathematically authenticate data on all storage devices.
  6. Document the system date and time.
  7. Make a list of key search words.
  8. Evaluate the Windows swap file.
  9. Evaluate file slack.
  10. Evaluate unallocated space (erased files).
  11. Search files, file slack, and unallocated space for keywords.
  12. Document file names, dates, and times.
  13. Identify file, program, and storage anomalies.
  14. Evaluate program functionality.
  15. Document your findings.
  16. Retain copies of software used.
  17. Establish a solid relationship with local law enforcement, as they will be a valuable resource in the evidence collection process.

GO BACK TO COMPUTER FORENSICS CHECKLIST

Author: Rohit Sadgune
Core Working Areas :- Threat Intelligence, Digital Forensics, Incident Response, Fraud Investigation, Web Application Security Technical Certifications :- Computer Hacking Forensics Investigator | Certified Ethical Hacker | Certified Cyber crime investigator | Certified Professional Hacker | Certified Professional Forensics Analyst | Redhat certified Engineer | Cisco Certified Network Associates | Certified Firewall Solutions | Certified Network Monitoring Solution | Certified Proxy Solutions
Website

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here : *

Reload Image

Indicator of Attacks | Indicator of Compromise

Top SIEM Use Cases | Threat Hunting Hypothesis | Deep Packet Inspection | Insider Threat Hunting | Hunting Data Exfiltration | Banking Fraud | ATM Use Cases | Cross Channel Data Exfiltration | Hunting Endpoint Anomaly | Denial-of-service | Man-in-the-middle (MitM) attack | Spear phishing attacks | Drive-by attack | Eavesdropping attack | Birthday attack