Comparing and Contrasting Windows and Linux Forensics. Zlatko Jovanovic. International Academy of Design and Technology
|
|
- Suzan Scott
- 8 years ago
- Views:
Transcription
1 Comparing and Contrasting Windows and Linux Forensics Zlatko Jovanovic International Academy of Design and Technology
2 Abstract Windows and Linux are the most common operating systems used on personal computers. There are many different versions and editions for both operating systems. Basic differences for those two operating systems influence existing special tools for computer forensics. Knowing the basics of operating system and choosing the right toll is crucial for any computer forensics investigation. This paper will try to name the basic differences, tools and techniques used in both Windows and Linux Forensics. I will not go in detail about the operating systems themselves assuming that the reader knows the basics. Otherwise, it would take much more material than this paper. Keywords: Windows Forensics, Linux Forensics, Operating System, File System.
3 Determining the Operating System Computer Forensics is a discipline concerned with the examination of the computer systems that are involved in the criminal activity, either as a target of the crime, or a tool for committing the crime. One of the very first issues in every computer forensics investigation is determining the Operating System (OS) on a suspect s computer. That is crucial because, if the OS is known, searching for, and finding the incriminating information and data, can be better organized and prepared, and therefore easier. Different OS s have different characteristics that influence certain specific steps in extracting and analyzing data. In some cases, Computer Forensics Investigator would ask for assistance if the OS found on the suspect s computer is not the one he is most comfortable with. That is seen with examining the Linux Os, because it requires good knowledge of the system commands. Most of the examination is done in Command Line Interface (CLI), while in Windows is done using the Graphic User Interface (GUI). Linux and Windows OS have differences that make investigation impossible, and, for data, dangerous, if the OS is not properly determined. Assuming the OS is not an option (Burdach). Basic Differences The biggest differences between Windows and Linux OS are different approaches to system and data files, and user accounts (Volonino, p. 254). For Computer Forensics, this is very important, because connection between data and user has huge impact on evidence found during the investigation.
4 While Windows can have many user accounts with administrative privileges, Linux OS have only one administrative account. That account is called root. This root account has complete control of the system. Administrative users are users that have access to the root account. In order to connect the user with the administrative action performed, logging is essential. Also, in Windows one user can access one application, while in Linux several users can access one application. In both Operating Systems file system is hierarchical, but as Volonino states, another significant difference is that, in Linux, everything including devices, partitions, and folders, is seen as a unified file system. This is important difference for the examination. Devices and physical structure of hard drive are listed in /dev directory (p. 254). Linux hard drive structure consists of: Inodes, Superblock, Data block, and Dentry (Nelson, p. 134) File management system for two OS s is different. Windows could have FAT (with its variations) or NTFS file system, while Linux could have EXT (with its variations) file system. But Linux can accommodate many different file systems by enabling VFS (virtual file system) within the kernel itself. (p. 255). This gives an option to have multiple partitions on the hard drive with both OS installed. In this case files can be accessed from any OS! There are two types of data files to review in Windows OS: user data, and system data and artifacts. User files are added to the system through the installation of the applications, or user creation. In other words, they are created by user, directly or indirectly. Examples are user profiles, program files, temporary files, special application-level files (ex. Internet history). System data and artifacts are files that are generated by the OS itself, log files, temporary files,
5 etc. Examples are metadata, system registry, event logs, swap files, printer spool, recycle bin (Volonino, p. 237). Both OS assign permissions for files, but the way of determining those permissions are different. In Linux, these permissions can be viewed by running the ls l command on a directory or on a particular file. Windows File permissions are found in Security tab of Properties section of My Computer, and are kept in Registry. Since in Linux OS everything is considered file, thing are a bit different. Files of interest for the investigation are configuration files and system logs. They are: /etc/passwd /etc/shadow /etc/hosts /etc/sysconfig /etc/syslog.conf Both OS place deleted files in a folder from which they can be recovered. Windows has Recycle Bin, and most Linux versions have Trash function. But Trash folder contains deleted files of the particular user! (Grundy) In Windows Computer Forensics write blocker is device that is a must during the examination of the suspect s hard drive. It allows gathering the data without writing anything on the hard drive. Linux enables to manually select to mount file system as read-only (Bunting, p. 154). This should be done carefully, because any mistake can alter the data important for investigation. So examining hard drive from Linux OS can be done without the Write Blocker. It is interesting to know that tools can be used to examine any of the OS s, regardless of the nature of the tools. Linux tool (Helix) can be used to examine Windows system.
6 Conclusion The most important thing to do is to determine the Operating System you will work on. Not only that makes the investigation easier, but guessing the OS installed, or assuming which one is, can jeopardize the investigation, and probably end your carrier as Computer Forensic Investigator. Know that any system can be on any machine. Differences that are not mentioned in the paper are in price, but research is done to find the differences and similarities in forensic approach, assuming that all tools are available or accessible. Determining the OS is important, but tools used for investigation could be based on any OS, Linux or Windows.
7 Works Cited Bunting, S. (2008) EnCase Computer Forensics The Official EnCE: EnCase Certified Examiner Study Guide. Indianapolis, IN: Wiley Publishing, Inc. Burdach, M. (2004). Forensic Analysis of a Live Linux System. Retrieved from Grundy, B. J. (2008) The Law Enforcement and Forensics Examiner s Introduction to Linux A Practitioner s Guide to Linux as a Computer Forensics Platform. Retrieved from Nelson, B., Phillips, A., Enfinger, F., & Steuart, C. (2004) Guide to Computer Forensics and Investigations. Boston, MA: Thomson Course Technology. Volonino, L., Anzaldua, R., & Godwin, J. (2007) Computer Forensics: principles and practices. Upper Saddle River, NJ: Pearson Education, Inc.
Computer Forensics Principles and Practices
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 7: Investigating Windows, Linux, and Graphics Files Objectives Conduct efficient and effective investigations of Windows
More informationMonfort College of Business Semester Course Syllabus (2015-2016)
Monfort College of Business Semester Course Syllabus (2015-2016) COURSE PREFIX/TITLE: BACS 371 Introduction to Computer Forensics Sem. Hrs. 3 Ed. Cap: 40 CATALOG DESCRIPTION: Prerequisite: BACS 300 or
More informationEnCase 7 - Basic + Intermediate Topics
EnCase 7 - Basic + Intermediate Topics Course Objectives This 4 day class is designed to familiarize the student with the many artifacts left behind on Windows based media and how to conduct a forensic
More informationDigital Forensics. Tom Pigg Executive Director Tennessee CSEC
Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze
More informationForensics on the Windows Platform, Part Two
1 of 5 9/27/2006 3:52 PM Forensics on the Windows Platform, Part Two Jamie Morris 2003-02-11 Introduction This is the second of a two-part series of articles discussing the use of computer forensics in
More informationRECOVERING FROM SHAMOON
Executive Summary Fidelis Threat Advisory #1007 RECOVERING FROM SHAMOON November 1, 2012 Document Status: FINAL Last Revised: 2012-11-01 The Shamoon malware has received considerable coverage in the past
More informationChapter 12 File Management. Roadmap
Operating Systems: Internals and Design Principles, 6/E William Stallings Chapter 12 File Management Dave Bremer Otago Polytechnic, N.Z. 2008, Prentice Hall Overview Roadmap File organisation and Access
More informationChapter 12 File Management
Operating Systems: Internals and Design Principles, 6/E William Stallings Chapter 12 File Management Dave Bremer Otago Polytechnic, N.Z. 2008, Prentice Hall Roadmap Overview File organisation and Access
More informationForensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+)
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationLinux Kernel Architecture
Linux Kernel Architecture Amir Hossein Payberah payberah@yahoo.com Contents What is Kernel? Kernel Architecture Overview User Space Kernel Space Kernel Functional Overview File System Process Management
More informationLinux Overview. The Senator Patrick Leahy Center for Digital Investigation. Champlain College. Written by: Josh Lowery
Linux Overview Written by: Josh Lowery The Senator Patrick Leahy Center for Digital Investigation Champlain College October 29, 2012 Disclaimer: This document contains information based on research that
More informationForensic Acquisition and Analysis of VMware Virtual Hard Disks
Forensic Acquisition and Analysis of VMware Virtual Hard Disks Manish Hirwani, Yin Pan, Bill Stackpole and Daryl Johnson Networking, Security and Systems Administration Rochester Institute of Technology
More informationForensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)
s Unix Definition of : Computer Coherent application of a methodical investigatory techniques to solve crime cases. Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix
More informationCourse Title: Computer Forensic Specialist: Data and Image Files
Course Title: Computer Forensic Specialist: Data and Image Files Page 1 of 9 Course Description The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute
More informationDesign and Implementation of a Live-analysis Digital Forensic System
Design and Implementation of a Live-analysis Digital Forensic System Pei-Hua Yen Graduate Institute of Information and Computer Education, National Kaohsiung Normal University, Taiwan amber8520@gmail.com
More informationIncident Response and Computer Forensics
Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident
More information2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.
Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!
More informationJust EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012
Just EnCase Presented By Larry Russell CalCPA State Technology Committee May 18, 2012 What is e-discovery Electronically Stored Information (ESI) Discover or Monitor for Fraudulent Activity Tools used
More informationHW 07: Ch 12 Investigating Windows
1 of 7 5/15/2015 2:40 AM HW 07: Ch 12 Investigating Windows Click 'check' on each question or your score will not be recorded. resources: windows special folders ntfs.com Windows cmdline ref how ntfs works
More informationMultiprogramming. IT 3123 Hardware and Software Concepts. Program Dispatching. Multiprogramming. Program Dispatching. Program Dispatching
IT 3123 Hardware and Software Concepts Operating Systems II October 26 Multiprogramming Two or more application programs in memory. Consider one CPU and more than one program. This can be generalized to
More informationCHAPTER 17: File Management
CHAPTER 17: File Management The Architecture of Computer Hardware, Systems Software & Networking: An Information Technology Approach 4th Edition, Irv Englander John Wiley and Sons 2010 PowerPoint slides
More informationFORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres
FORENSIC ANALYSIS OF USB MEDIA EVIDENCE Jesús Alexander García Luis Alejandro Franco Juan David Urrea Carlos Alfonso Torres Manuel Fernando Gutiérrez UPB 2012 Content INTRODUCTION... 3 OBJECTIVE 4 EVIDENCE
More informationOperating Systems Forensics
Operating Systems Forensics Section II. Basic Forensic Techniques and Tools CSF: Forensics Cyber-Security MSIDC, Spring 2015 Nuno Santos Summary! Windows boot sequence! Relevant Windows data structures!
More informationMSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1
MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:
More informationChapter 12 File Management
Operating Systems: Internals and Design Principles Chapter 12 File Management Eighth Edition By William Stallings Files Data collections created by users The File System is one of the most important parts
More informationCSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak
CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of computer
More informationWhat is Digital Forensics?
DEVELOPING AN UNDERGRADUATE COURSE IN DIGITAL FORENSICS Warren Harrison PSU Center for Information Assurance Portland State University Portland, Oregon 97207 warren@cs.pdx.edu What is Digital Forensics?
More informationDIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,
DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia
More informationEXPLORING LINUX KERNEL: THE EASY WAY!
EXPLORING LINUX KERNEL: THE EASY WAY! By: Ahmed Bilal Numan 1 PROBLEM Explore linux kernel TCP/IP stack Solution Try to understand relative kernel code Available text Run kernel in virtualized environment
More informationSignificance of Hash Value Generation in Digital Forensic: A Case Study
International Journal of Engineering Research and Development e-issn : 2278-067X, p-issn : 2278-800X, www.ijerd.com Volume 2, Issue 5 (July 2012), PP. 64-70 Significance of Hash Value Generation in Digital
More informationCourse Syllabus - IST 454 Computer and Cyber Forensics General Course Information
General Course Information Department IST Number 454 Title Credits 3 Description Computer and Computer and communication technologies have become the key components to support critical infrastructure services
More informationA SIMPLE EXPERIMENT WITH MICROSOFT OFFICE 2010 AND WINDOWS 7 UTILIZING DIGITAL FORENSIC METHODOLOGY
A SIMPLE EXPERIMENT WITH MICROSOFT OFFICE 2010 AND WINDOWS 7 UTILIZING DIGITAL FORENSIC METHODOLOGY Gregory H. Carlton California State Polytechnic University ghcarlton@csupomona.edu ABSTRACT Digital forensic
More informationDefining Digital Forensic Examination and Analysis Tools Using Abstraction Layers
Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Brian Carrier Research Scientist @stake Abstract This paper uses the theory of abstraction layers to describe the purpose
More informationFile Systems Management and Examples
File Systems Management and Examples Today! Efficiency, performance, recovery! Examples Next! Distributed systems Disk space management! Once decided to store a file as sequence of blocks What s the size
More informationComputer Forensic Analysis in a Virtual Environment
Computer Forensic Analysis in a Virtual Environment Derek Bem Ewa Huebner University of Western Sydney, Australia Abstract In this paper we discuss the potential role of virtual environments in the analysis
More informationTELE 301 Lecture 7: Linux/Unix file
Overview Last Lecture Scripting This Lecture Linux/Unix file system Next Lecture System installation Sources Installation and Getting Started Guide Linux System Administrators Guide Chapter 6 in Principles
More informationMobile Labs Plugin for IBM Urban Code Deploy
Mobile Labs Plugin for IBM Urban Code Deploy Thank you for deciding to use the Mobile Labs plugin to IBM Urban Code Deploy. With the plugin, you will be able to automate the processes of installing or
More informationIntroduction to Operating Systems
Introduction to Operating Systems It is important that you familiarize yourself with Windows and Linux in preparation for this course. The exercises in this book assume a basic knowledge of both of these
More informationCYBER FORENSICS (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 CYBER FORENSICS (W/LAB) Course Syllabus Course Number: CSFS-0020 OHLAP Credit: Yes OCAS Code: 8134 Course Length: 130 Hours Career Cluster: Information
More informationMicrosoft Vista: Serious Challenges for Digital Investigations
Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 2 nd, 2008 Microsoft Vista: Serious Challenges for Digital Investigations Darren R. Hayes and Shareq Qureshi Seidenberg School of
More informationIT Essentials v4.1 LI 11.4.5 Upgrade and configure storage devices and hard drives. IT Essentials v4.1 LI 12.1.3 Windows OS directory structures
IT Essentials v4.1 LI 11.4.5 Upgrade and configure storage devices and hard drives 2.3 Disk management tools In Windows Vista and Windows 7, use the following path: Start > Start Search > type diskmgmt.msc
More informationintroducing COMPUTER ANTI FORENSIC TECHNIQUES
introducing COMPUTER ANTI FORENSIC TECHNIQUES COMPUTER FORENSIC DATA RECOVERY TECHNIQUES AND SOLUTIONS WORKSHOP Executive Summary Computer Forensics, a term that precisely identifies the discipline that
More informationDetermining VHD s in Windows 7 Dustin Hurlbut
Introduction Windows 7 has the ability to create and mount virtual machines based upon launching a single file. The Virtual Hard Disk (VHD) format permits creation of virtual drives that can be used for
More informationComputer Forensics using Open Source Tools
Computer Forensics using Open Source Tools COMP 5350/6350 Digital Forensics Professor: Dr. Anthony Skjellum TA: Ananya Ravipati Presenter: Rodrigo Sardinas Overview Use case explanation Useful Linux Commands
More informationDigital Forensics Tutorials Acquiring an Image with Kali dcfldd
Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Explanation Section Disk Imaging Definition Disk images are used to transfer a hard drive s contents for various reasons. A disk image can
More informationCreate!form Folder Monitor. Technical Note April 1, 2008
Create!form Folder Monitor Technical Note April 1, 2008 2 FOLDERMONITOR Introduction Introduction FolderMonitor is a utility designed to automatically send spool files to printer queues at set schedules,
More informationFile System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1
File System Forensics FAT and NTFS 1 FAT File Systems 2 File Allocation Table (FAT) File Systems Simple and common Primary file system for DOS and Windows 9x Can be used with Windows NT, 2000, and XP New
More informationForensically Determining the Presence and Use of Virtual Machines in Windows 7
Forensically Determining the Presence and Use of Virtual Machines in Windows 7 Introduction Dustin Hurlbut Windows 7 has the ability to create and mount virtual machines based upon launching a single file.
More informationWhere is computer forensics used?
What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic
More informationCONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS
Chapter 22 CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS April Tanner and David Dampier Abstract Research in digital forensics has yet to focus on modeling case domain information involved in investigations.
More informationBackTrack Hard Drive Installation
BackTrack Hard Drive Installation BackTrack Development Team jabra [at] remote-exploit [dot] org Installing Backtrack to a USB Stick or Hard Drive 1 Table of Contents BackTrack Hard Drive Installation...3
More informationCDFE Certified Digital Forensics Examiner (CFED Replacement)
Course: CDFE Certified Digital Forensics Examiner (CFED Replacement) Description: Price: $3,450.00 Category: Popular Courses Duration: 5 days Schedule: Request Dates Outline: COURSE OVERVIEW Computer Forensics
More informationCan Computer Investigations Survive Windows XP?
Can Computer Investigations Survive? An Examination of Microsoft and its Effect on Computer Forensics December 2001 by Kimberly Stone and Richard Keightley 2001 Guidance Software All Rights Reserved Executive
More informationWindows 7: Current Events in the World of Windows Forensics
Windows 7: Current Events in the World of Windows Forensics Troy Larson Senior Forensic Program Manager Network Security, Microsoft Corp. Where Are We Now? Vista & Windows 2008 BitLocker. Format-Wipes
More informationTechnology in Action. Alan Evans Kendall Martin Mary Anne Poatsy. Eleventh Edition. Copyright 2015 Pearson Education, Inc.
Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Eleventh Edition Technology in Action Chapter 4 System Software: The Operating System, Utility Programs, and File Management. Chapter Topics
More informationOperating Systems. Design and Implementation. Andrew S. Tanenbaum Melanie Rieback Arno Bakker. Vrije Universiteit Amsterdam
Operating Systems Design and Implementation Andrew S. Tanenbaum Melanie Rieback Arno Bakker Vrije Universiteit Amsterdam Operating Systems - Winter 2012 Outline Introduction What is an OS? Concepts Processes
More informationOutline. Operating Systems Design and Implementation. Chap 1 - Overview. What is an OS? 28/10/2014. Introduction
Operating Systems Design and Implementation Andrew S. Tanenbaum Melanie Rieback Arno Bakker Outline Introduction What is an OS? Concepts Processes and Threads Memory Management File Systems Vrije Universiteit
More informationHTTP-FUSE PS3 Linux: an internet boot framework with kboot
HTTP-FUSE PS3 Linux: an internet boot framework with kboot http://openlab.jp/oscirclar/ Kuniyasu Suzaki and Toshiki Yagi National Institute of Advanced Industrial Science and Technology Embedded Linux
More informationEnCase v7 Essential Training. Sherif Eldeeb https://eldeeb.net
هللامسب EnCase v7 Essential Training What s in this course Explore the most notable features of the new version. Everything you need to know about EnCase v7 to conduct basic investigations. Create Cases
More informationDigital Forensics Tutorials Acquiring an Image with FTK Imager
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
More informationCRM Knowledge Base. Contents
Contents Overview:... 2 The Article Record:... 3 Searching for Articles... 3 Quick Search... 3 Article Groups... 5 Using Favorites... 5 Adding New Articles... 6 Maintaining Articles... 8 Groups... 9 Keywords...
More informationNew Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer
New Technologies File System (NTFS) Priscilla Oppenheimer NTFS Default file system for Windows NT, 2000, XP, and Windows Server 2003 No published spec from Microsoft that describes the on-disk layout Good
More informationUser Manual for Data Backups
User Manual for Data Backups 1 Accepted formats are: EXT3, EXT4, NTFS, FAT32 and HFS+ (Mac OS). Recommended format: EXT3 and EXT4 Mac OS formatted disks will work only on workstations 4 and 7. Keep in
More informationNetBackup Backup, Archive, and Restore Getting Started Guide
NetBackup Backup, Archive, and Restore Getting Started Guide UNIX, Windows, and Linux Release 6.5 Veritas NetBackup Backup, Archive, and Restore Getting Started Guide Copyright 2007 Symantec Corporation.
More informationUsing Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer. By:
Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer By: Senior Special Agent Ernest Baca United States Customs Service Office of Investigations Resident Agent in
More informationVERITAS NetBackup 6.0
VERITAS NetBackup 6.0 Backup, Archive, and Restore Getting Started Guide for UNIX, Windows, and Linux N15278C September 2005 Disclaimer The information contained in this publication is subject to change
More informationIN this paper we examine the application of the virtual
SMALL SCALE DIGITAL DEVICE FORENSICS JOURNAL, VOL. 1, NO. 1, JUNE 2007 1 Analysis of USB Flash Drives in a Virtual Environment Derek Bem and Ewa Huebner Abstract This paper is a continuation of our previous
More informationComputer Forensics as an Integral Component of the Information Security Enterprise
Computer Forensics as an Integral Component of the Information Security Enterprise By John Patzakis 10/28/03 I. EXECUTIVE SUMMARY In addition to fending off network intrusions and denial of service attacks,
More informationSymantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5
Symantec NetBackup Backup, Archive, and Restore Getting Started Guide Release 7.5 Symantec NetBackup Backup, Archive, and Restore Getting Started Guide The software described in this book is furnished
More informationComputer Forensic Capabilities
Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,
More informationDirect Storage Access Using NetApp SnapDrive. Installation & Administration Guide
Direct Storage Access Using NetApp SnapDrive Installation & Administration Guide SnapDrive overview... 3 What SnapDrive does... 3 What SnapDrive does not do... 3 Recommendations for using SnapDrive...
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationCreating and Managing Shared Folders
Creating and Managing Shared Folders Microsoft threw all sorts of new services, features, and functions into Windows 2000 Server, but at the heart of it all was still the requirement to be a good file
More informationXFS File System and File Recovery Tools
XFS File System and File Recovery Tools Sekie Amanuel Majore 1, Changhoon Lee 2 and Taeshik Shon 3 1,3 Department of Computer Engineering, Ajou University Woncheon-doing, Yeongton-gu, Suwon, Korea {amanu97,
More informationNetworking Lab - Vista Public Network Sharing
Networking Lab - Vista Public Network Sharing After completing the lab activity, you will be able to: Explain the differences between Windows XP and Windows Vista network sharing. Explain the purpose of
More informationVIVIDESK Desktops can be accessed with a Macintosh Computer by one of two methods:
VIVIDESK Desktops can be accessed with a Macintosh Computer by one of two methods: 1. If you have Macintosh OS version IX, then VIVIDESK is best viewed using Windows emulation software. 2. If you have
More informationCOMPUTER FORENSIC Ibrahim Khoury, Eralda Caushaj
COMPUTER FORENSIC Ibrahim Khoury, Eralda Caushaj ABSTRACT The process of using scientific knowledge to collect, analyze and present digital evidence to court is identified as Computer Forensic. To be able
More informationThree Linux Security Basics
Jeff Drake 1 Three Linux Security Basics The desktop has been dominated by the Microsoft s Window s platform for many years. The server room, although not as much so, has been equally affected by Microsoft
More informationBackup Exec 2010: Archiving Options
Backup Exec 2010: Archiving Options White Paper: Backup Exec 2010: Archiving Options Backup Exec 2010: Archiving Options Contents Introduction............................................................................................
More informationCOURSE OUTLINE TEMPLATE (Computer Forensics CFR 712S)
Faculty Name Mr. Isaac Nhamu Name of Department COMPUTER SCIENCE COURSE OUTLINE TEMPLATE (Computer Forensics CFR 712S) STATEMENT ABOUT ACADEMIC HONESTY AND INTEGRITY All staff and students of the Namibia
More information1/5/2013. Technology in Action
0 1 2 3 4 5 6 Technology in Action Chapter 5 Using System Software: The Operating System, Utility Programs, and File Management Chapter Topics System software basics Types of operating systems What the
More information1! Registry. Windows System Artifacts. Understanding the Windows Registry. Organization of the Windows Registry. Windows Registry Viewer
1! Registry Understanding the Windows Registry! A database that stores hardware and software configuration information, network connections, user preferences, and setup information Windows System Artifacts
More informationDigital Forensic Techniques
Digital Forensic Techniques Namrata Choudhury, Sr. Principal Information Security Analyst, Symantec Corporation Professional Techniques T23 CRISC CGEIT CISM CISA AGENDA Computer Forensics vs. Digital Forensics
More informationChapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014
Chapter Contents Operating Systems and File Management Section A: Operating System Basics Section B: Today s Operating Systems Section C: File Basics Section D: File Management Section E: Backup Security
More informationDigital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic
I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis
More informationLive View. A New View On Forensic Imaging. Matthiew Morin Champlain College
Live View A New View On Forensic Imaging Matthiew Morin Champlain College Morin 1 Executive Summary The main purpose of this paper is to provide an analysis of the forensic imaging tool known as Live View.
More informationAnalysis of Evidence in Cloud Storage Client Applications on the Windows Platform
Int'l Conf. Security and Management SAM'15 3 Analysis of Evidence in Cloud Storage Client Applications on the Windows Platform R. Malik 1, N. Shashidhar 1, and L. Chen 2 1 Department of Computer Science,
More informationLinux in Law Enforcement
Linux in Law Enforcement It's all about CONTROL Barry J. Grundy CALUG MEETING JUNE 2008 !! Disclaimer!! This presentation is not sponsored by any organization of the US Government I am here representing
More information2.6.1 Creating an Acronis account... 11 2.6.2 Subscription to Acronis Cloud... 11. 3 Creating bootable rescue media... 12
USER'S GUIDE Table of contents 1 Introduction...3 1.1 What is Acronis True Image 2015?... 3 1.2 New in this version... 3 1.3 System requirements... 4 1.4 Install, update or remove Acronis True Image 2015...
More informationRecovering Data from Windows Systems by Using Linux
Recovering Data from Windows Systems by Using Linux Published by the Open Source Software Lab at Microsoft. November 2007. Special thanks to Chris Travers, Contributing Author to the Open Source Software
More informationUnix/Linux Forensics 1
Unix/Linux Forensics 1 Simple Linux Commands date display the date ls list the files in the current directory more display files one screen at a time cat display the contents of a file wc displays lines,
More informationFile-system Intrusion Detection by preserving MAC DTS: A Loadable Kernel Module based approach for LINUX Kernel 2.6.x
File-system Intrusion Detection by preserving MAC DTS: A Loadable Kernel Module based approach for LINUX Kernel 2.6.x Suvrojit Das +91-9734294105 suvrojit.das@gmail.com Arijit Chattopadhayay +91-9474910685
More informationA Survey on Mobile Forensic for Android Smartphones
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 2, Ver. 1 (Mar Apr. 2015), PP 15-19 www.iosrjournals.org A Survey on Mobile Forensic for Android Smartphones
More informationDomain Controller Failover When Using Active Directory
Domain Controller Failover When Using Active Directory Domain Controller Failover When Using Active Directory published January 2002 NSI and Double-Take are registered trademarks of Network Specialists,
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationManaging Macintosh OS-X with Novell ZCM 11.2 Lecture
Managing Macintosh OS-X with Novell ZCM 11.2 Lecture ZEN15 Novell Training Services ATT LIVE 2012 LAS VEGAS www.novell.com Legal Notices Novell, Inc., makes no representations or warranties with respect
More informationThe BackTrack Successor
SCENARIOS Kali Linux The BackTrack Successor On March 13, Kali, a complete rebuild of BackTrack Linux, has been released. It has been constructed on Debian and is FHS (Filesystem Hierarchy Standard) complaint.
More informationA Practical Approach for Evidence Gathering in Windows Environment
A Practical Approach for Evidence Gathering in Windows Environment Kaveesh Dashora Department of Computer Science & Engineering Maulana Azad National Institute of Technology Bhopal, India Deepak Singh
More information