Computing forensics: a live analysis
|
|
- Paulina Robinson
- 8 years ago
- Views:
Transcription
1 April 18th, 2005
2 1 2 3
3 Objectives Evidence acquisition Recovery and examination of suspect digital evidence (think Warrick Brown on CSI) Hardware: servers, workstations, laptops, PDAs, mobiles, cameras pagers Software: databases, , Internet cookies, bookmarks, deleted files, unallocated space Considerations Integrity: must be able to prove data has not been changed to be admissible in court Chain of command: Legal and social responsibilities: Privacy Act (2001), user agreements
4 Things that can get in the way Encryption: partitions, files, , instant-messaging communication Anonymity: overlay networks, such as Tor Volatility: memory-resident contents are lost when machine is rebooted Unsupported filesystems: many tools yet to support ReiserFS
5 Live analysis: Scenario An attack has taken place. You, the investigator have just arrived on the scene. It is expected that the attacker uses encrypted disk volumes In any case, the machine contains memory-resident information that will be lost after a power cycle. Reasoning: Integrity: changes to the suspect host MAY contaminate evidence and WILL not be admissible Volatility: critical data will be lost (or inaccessible) May not afford disruption to service May not litigate but gather info for defence
6 Forensics 101: Secure the scene 1 Photograph computer screen 2 Record current system time and note this against an accurate time source 3 Begin data acquisition in order of volatility (OOV) 1 Physical memory, open files, open network connections, swap space 2 Encrypted file systems where you do not have key to unlock 3 Temporary file systems (/tmp, /proc) 4 Record current system time (why twice?) 5 Message digests of gathered evidence Now lets look at doing this with Helix!
7 Helix: Open-Source Forensic Toolkit Knoppix-based bootable CD-ROM Features: Tools: NX server for fast remote session management Can be loaded entirely into RAM (resource permitting) for improved seek times UnionFS (or Klik) for customisations Live dumps of Linux/Windows suspected hosts Sleuthkit, Autopsy PyFLAG, macrobber md5deep, Ethereal and MUCH more URL:
8 Set up the scene for data acquisition Investigator: Suspect host (Linux or Windows): 1 Load Helix CD-ROM into drive 2 Ensure that your tools do NOT modify the disk! 3 Use IP addresses instead of hostnames (why?) 4 Used trusted CD-ROM binaries only 5 Send acquired data over encrypted network 1 Boot machine with Helix, loading it into RAM-Disk for faster seek times 2 Start electronic (Unix script ) and paper-based documentation
9 Live analysis (1) Initialise Client: export safe="/mnt/cdrom" export nc="/mnt/cdrom/ -w " $safe/bash # trusted shell export PATH=$safe # clear path Initialise Server (for each command): nc -l -p >> forensics.data.txt Files and Network Connections 1 $safe/lsof -ndr $nc # open files 2 $safe/netstat -nap $nc # network connections 3 $safe/netstat -nr $nc # routes 4 $safe/ils -o /dev/hdan $nc #deleted & open files
10 Live analysis (2) Processes 1 $safe/ps -leaf $nc # solaris: suspect processes 2 $safe/ps -auxl $nc # linux: suspect processes 3 $safe/pcat <PID> $nc # save PID memory space Users 1 $safe/who -ihl $nc # active users 2 $safe/tar cf - /proc $nc # system info
11 Live analysis (3) Swap space (already have /proc/kcore) 1 $safe/dd if=/dev/swapdev bs=2k $nc # swap space Encrypted volumes 1 $safe/dd if=/dev/hdan bs=2k $nc # exact copy Temporary partition 1 $safe/dd if=/dev/tmpdev bs=2k $nc # temp partition File access times 1 $safe/ls -alru / $nc # access times 2 $safe/ls -alrc / $nc # modification times 3 $safe/ls -alr / $nc # creation times 4 Why not message digest checksums too?
12 Automated Helix provides a script (linux-ir.sh) that: Usage: pretty much runs the above commands tools output to STDOUT, allowing easy pipe to netcat server customisable to specific requirements by script editing 1 Insert Helix into CD-ROM of live system 2 /bin/mount /mnt/cdrom 3 /mnt/cdrom/static-binaries/linux-ir.sh $nc A few of Helix s static built binaries are seg-faulting, so a video demonstration of this will have to wait for another day...
13 Improvements Rename trusted commands: eg rename /mnt/cdrom/pcat to /mnt/cdrom/t-pcat prevents running suspected host binary that may be trojaned preserves MAC times on suspected host files Use Cryptcat in place of Netcat, or pipe through des des -e -c -k pword nc # suspect host nc des -d -c -k pword dd of=out.txt # server GPG gives stronger symmetric key ciphers at a cost of speed and space
14 Other issues Requires suspected host to have a working NIC Server must start NC receiver for each client NC send request Large volumes slow to copy bit-for-bit over encrypted network More time spent in increases increases risk to modification to physical storage! Attackers using LKM rootkits Privacy: depends on the user s expectation of privacy Privacy: to comply with some legal jurisdictions or personal liberties within multi-user systems: $safe/w <UID> instead of $safe/w $safe/ps -aux <UID> instead of $safe/ps -aux
15 Secure the evidence 1 Document and label evidence 2 Transport the evidence 3 Shut down the computers Unix: (if root): sync; sync; halt (else) pull out power cable Windows: pull out power cable 4 Begin data analysis of volatile data (already acquired) 5 Begin data aquisition and analyis of non-volatile data (physical disk etc)
16 Chain of Custody
17 Dead Analysis Now it is time for in-depth after-the-fact analysis within a laboratory. Don t forget to document chain of command for potential evidence!
18 Helix setup Server-side 1 Boot up Helix, load contents into RAM (faster seek times) 2 Change passwords for root, helix (default password is blank!) 3 Start FreeNX-server: nxsetup-knoppix 4 Optionally load additional software with UnionFS or wget klik.atekon.de/client/install -O - sh Client-side Start NX-client (Unix, Mac, Windows clients available) Set desktop session type to /usr/bin/startxfce4 to preserve server resources Begin dead-analysis via your remote desktop
19 Acquisition: What is wrong here? Image cloning: 1 Master boot record dd if=/dev/hdn of=partition.hdn.mbr count=1 bs=512 2 Partitial table sfdisk -d /dev/hdn > partition.hdn.pt 3 Partition x of Disk N partimage -d -b -z1 -o -V700 save /dev/hdnx vol.hdnx.gz Restoration: 1 dd if=partition.hdn.mbr of=/dev/hdn 2 sfdisk /dev/hdn < partition.hdn.pt 3 partimage -e restore /dev/hdnx vol.hdnx.gz.000
20 Dead analysis Some popular tools Autopsy: graphical front-end to sleuthkit Sleuthkit: update to The Coroner s Toolkit (TCT) PyFLAG: log file analysis for forensics investigations plenty more... Techniques Recover deleted files from unallocated space, slack space,... Search for hidden data (steganalysis) plenty more...
21 Conclusion Briefly discussed: what Helix is, how it can be used how to perform a live analysis while maintaining integrity of data KEY POINT: Ensure forensics tools DO NOT write to suspected host hard disk Further information Know Your Enemy (2nd Ed). The Honeynet Project, 2004 Incident Response and Computer Forensics. McGraw-Hill (Chapter 6) Questions?
MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1
MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:
More informationINCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION
" - * INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION CHRIS PROSISE KEVIN MANDIA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationOpen Source and Incident Response
Open Source and Incident Response Joe Lofshult, CISSP, GCIH 1 Agenda Overview Open Source Tools FIRE Demonstration 2 Overview Incident Adverse event that threatens security in computing systems and networks.
More informationOverview of Computer Forensics
Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National
More informationDesign and Implementation of a Live-analysis Digital Forensic System
Design and Implementation of a Live-analysis Digital Forensic System Pei-Hua Yen Graduate Institute of Information and Computer Education, National Kaohsiung Normal University, Taiwan amber8520@gmail.com
More informationForensic Acquisition and Analysis of VMware Virtual Hard Disks
Forensic Acquisition and Analysis of VMware Virtual Hard Disks Manish Hirwani, Yin Pan, Bill Stackpole and Daryl Johnson Networking, Security and Systems Administration Rochester Institute of Technology
More informationDigital Forensics. Larry Daniel
Digital Forensics Larry Daniel Introduction A recent research report from The Yankee Group found that 67.6 percent of US households in 2002 contained at least one PC The investigators foresee three-quarters
More informationComputer Forensic Tools. Stefan Hager
Computer Forensic Tools Stefan Hager Overview Important policies for computer forensic tools Typical Workflow for analyzing evidence Categories of Tools Demo SS 2007 Advanced Computer Networks 2 Important
More informationBackup & Disaster Recovery Appliance User Guide
Built on the Intel Hybrid Cloud Platform Backup & Disaster Recovery Appliance User Guide Order Number: G68664-001 Rev 1.0 June 22, 2012 Contents Registering the BDR Appliance... 4 Step 1: Register the
More informationComputer Hacking Forensic Investigator v8
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer
More informationUnix/Linux Forensics 1
Unix/Linux Forensics 1 Simple Linux Commands date display the date ls list the files in the current directory more display files one screen at a time cat display the contents of a file wc displays lines,
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationLOCKSS on LINUX. CentOS6 Installation Manual 08/22/2013
LOCKSS on LINUX CentOS6 Installation Manual 08/22/2013 1 Table of Contents Overview... 3 LOCKSS Hardware... 5 Installation Checklist... 6 BIOS Settings... 9 Installation... 10 Firewall Configuration...
More informationDigital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic
I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis
More informationCapturing a Forensic Image. By Justin C. Klein Keane <jukeane@sas.upenn.edu> 12 February, 2013
Capturing a Forensic Image By Justin C. Klein Keane 12 February, 2013 Before you Begin The first step in capturing a forensic image is making an initial determination as to the
More informationFOG Guide. IPBRICK International. July 17, 2013
FOG Guide IPBRICK International July 17, 2013 1 Copyright c IPBRICK International All rights reserved. The information in this manual is subject to change without prior notice. The presented explanations,
More informationIntroduction. IMF Conference September 2008
Live Forensic Acquisition as Alternative to Traditional Forensic Processes Marthie Lessing* Basie von Solms Introduction The Internet and technology developments introduced a sharp increase in computer
More informationIncident Response and Forensics
Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer
More informationThe Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices
The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations
More informationDIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,
DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia
More informationFile Transfer Examples. Running commands on other computers and transferring files between computers
Running commands on other computers and transferring files between computers 1 1 Remote Login Login to remote computer and run programs on that computer Once logged in to remote computer, everything you
More informationLab III: Unix File Recovery Data Unit Level
New Mexico Tech Digital Forensics Fall 2006 Lab III: Unix File Recovery Data Unit Level Objectives - Review of unallocated space and extracting with dls - Interpret the file system information from the
More informationInformation Technology Audit & Forensic Techniques. CMA Amit Kumar
Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques
More informationA+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows
: Managing, Maintaining, and Troubleshooting, 5e Chapter 3 Installing Windows Objectives How to plan a Windows installation How to install Windows Vista How to install Windows XP How to install Windows
More informationLOCKSS on LINUX. Installation Manual and the OpenBSD Transition 02/17/2011
LOCKSS on LINUX Installation Manual and the OpenBSD Transition 02/17/2011 1 Table of Contents Overview... 3 LOCKSS Hardware... 5 Installation Checklist... 7 BIOS Settings... 10 Installation... 11 Firewall
More informationITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT
ITU Session Four: Device Imaging And Analysis Mounir Kamal Q-CERT 2 Applying Forensic Science to Computer Systems Like a Detective, the archaeologist searches for clues in order to discover and reconstruct
More informationDigital Forensics. Tom Pigg Executive Director Tennessee CSEC
Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze
More informationC HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR
Page: 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 Page: 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge
More informationForensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)
s Unix Definition of : Computer Coherent application of a methodical investigatory techniques to solve crime cases. Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix
More informationComputer Forensics. Securing and Analysing Digital Information
Computer Forensics Securing and Analysing Digital Information Aims What is a computer? Where is the evidence? Why is digital forensics important? Seizing evidence Encryption Hidden files and folders Live
More informationLecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation
Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene
More informationVOICE IMPROVEMENT PROCESSOR (VIP) BACKUP AND RECOVERY PROCEDURES - Draft Version 1.0
VOICE IMPROVEMENT PROCESSOR (VIP) BACKUP AND RECOVERY PROCEDURES - Draft Version 1.0 This document contains the backup and recovery procedures for the NWR CRS VIP. These procedures shall be used by all
More informationDeploying EFS: Part 2
Deploying EFS: Part 2 John Morello You can think of any Encrypting File System (EFS) deployment as having essentially two parts: the back-end design portion focusing on certificate management and recovery
More informationAcronis True Image 2015 REVIEWERS GUIDE
Acronis True Image 2015 REVIEWERS GUIDE Table of Contents INTRODUCTION... 3 What is Acronis True Image 2015?... 3 System Requirements... 4 INSTALLATION... 5 Downloading and Installing Acronis True Image
More informationAn Introduction to Incident Detection and Response Memory Forensic Analysis
An Introduction to Incident Detection and Response Memory Forensic Analysis Alexandre Dulaunoy - TLP:WHITE a@foo.be February 6, 2015 An overview to incident response Detection Analysis Containment Investigation
More informationProf. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece
Prof. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece University of Piraeus, Greece Department of Digital Systems System Security Laboratory founded
More informationRed Hat Linux 7.2 Installation Guide
Red Hat Linux 7.2 Installation Guide Ryan Spangler spanglerrp22@uww.edu http://ceut.uww.edu April 2002 Department of Business Education/ Computer and Network Administration Copyright Ryan Spangler 2002
More informationAcronis Backup & Recovery 10 Server for Windows. Installation Guide
Acronis Backup & Recovery 10 Server for Windows Installation Guide Table of Contents 1. Installation of Acronis Backup & Recovery 10... 3 1.1. Acronis Backup & Recovery 10 components... 3 1.1.1. Agent
More informationPARALLELS SERVER BARE METAL 5.0 README
PARALLELS SERVER BARE METAL 5.0 README 1999-2011 Parallels Holdings, Ltd. and its affiliates. All rights reserved. This document provides the first-priority information on the Parallels Server Bare Metal
More informationIntroduction to Operating Systems
Introduction to Operating Systems It is important that you familiarize yourself with Windows and Linux in preparation for this course. The exercises in this book assume a basic knowledge of both of these
More informationPractice Exercise March 7, 2016
DIGITAL FORENSICS Practice Exercise March 7, 2016 Prepared by Leidos CyberPatriot Forensics Challenge 1 Forensics Instruction Guide Introduction The goal of this event is to learn to identify key factors
More informationAcronis Backup & Recovery 11
Acronis Backup & Recovery 11 Update 0 Installation Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for
More informationAcronis Backup & Recovery 10 Server for Windows. Installation Guide
Acronis Backup & Recovery 10 Server for Windows Installation Guide Table of Contents 1. Installation of Acronis Backup & Recovery 10... 3 1.1. Acronis Backup & Recovery 10 components... 3 1.1.1. Agent
More informationForensics on the Windows Platform, Part Two
1 of 5 9/27/2006 3:52 PM Forensics on the Windows Platform, Part Two Jamie Morris 2003-02-11 Introduction This is the second of a two-part series of articles discussing the use of computer forensics in
More informationUnderstanding Backup and Recovery Methods
Lesson 8 Understanding Backup and Recovery Methods Learning Objectives Students will learn to: Understand Local, Online, and Automated Backup Methods Understand Backup Options Understand System Restore
More information1. Product Information
ORIXCLOUD BACKUP CLIENT USER MANUAL LINUX 1. Product Information Product: Orixcloud Backup Client for Linux Version: 4.1.7 1.1 System Requirements Linux (RedHat, SuSE, Debian and Debian based systems such
More informationManaging Remote Access
VMWARE TECHNICAL NOTE VMware ACE Managing Remote Access This technical note explains how to use VMware ACE to manage remote access through VPN to a corporate network. This document contains the following
More informationSurvey of the Operating Landscape Investigating Incidents in the Cloud
Survey of the Operating Landscape Investigating Incidents in the Cloud SESSION ID: CSV-T09 Paul A. Henry Security & Forensics Analyst vnet Security, LLC @phenrycissp Jacob Williams Chief Scientist CSRgroup
More informationOPERATING SYSTEMS Software in the Background. Chapter 2
OPERATING SYSTEMS Software in the Background Chapter 2 Objectives Describe the functions of an Operating System Explain the basics of a personal computer operating system Describe the advantages of a graphical
More informationOnline Backup Client User Manual Linux
Online Backup Client User Manual Linux 1. Product Information Product: Online Backup Client for Linux Version: 4.1.7 1.1 System Requirements Operating System Linux (RedHat, SuSE, Debian and Debian based
More informationImpact of Digital Forensics Training on Computer Incident Response Techniques
Impact of Digital Forensics Training on Computer Incident Response Techniques Valorie J. King, PhD Collegiate Associate Professor University of Maryland University College Presentation to AFCEA June 25,
More informationDigital Forensics Tutorials Acquiring an Image with FTK Imager
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
More informationSAMPLE ELECTRONIC DISCOVERY INTERROGATORIES AND REQUESTS FOR PRODUCTION
Below are SAMPLE interrogatories and requests for production that are meant to be complementary (i.e., any devices or electronic files that are identified in answer to an interrogatory or interrogatories
More informationWhitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015
Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is
More informationIncident Response and Computer Forensics
Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident
More informationRecoveryVault Express Client User Manual
For Linux distributions Software version 4.1.7 Version 2.0 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by
More informationInstalling and Configuring Windows Server 2008. Module Overview 14/05/2013. Lesson 1: Planning Windows Server 2008 Installation.
Installing and Configuring Windows Server 2008 Tom Brett Module Overview Planning Windows Server 2008 Installations Performing a Windows Server 2008 Installation Configuring Windows Server 2008 Following
More informationAcronis Backup & Recovery 11.5
Acronis Backup & Recovery 11.5 Installation Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows
More informationBest Practices: Implementing Large Scale Collections with F- Response
Best Practices: Implementing Large Scale Collections with F- Response Note: This guide assumes you have familiarity with F-Response Enterprise or Consultant Edition. For more information, please reference
More informationContents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix
Honeynet2_bookTOC.fm Page vii Monday, May 3, 2004 12:00 PM Contents Preface Foreword xix xxvii P ART I THE HONEYNET 1 Chapter 1 The Beginning 3 The Honeynet Project 3 The Information Security Environment
More informationComputer Forensics Basics, First Responder, Collection of Evidence
May 7, 2008 1 Computer Forensics Basics, First Responder, Collection of Evidence Omveer Singh Joint Director / Scientist D omveer@cert-in.org.in Indian Computer Emergency Response Team (CERT-In) Department
More informationComputer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065
Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation
More informationOnline Backup Client User Manual
For Linux distributions Software version 4.1.7 Version 2.0 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by
More informationExtending Remote Desktop for Large Installations. Distributed Package Installs
Extending Remote Desktop for Large Installations This article describes four ways Remote Desktop can be extended for large installations. The four ways are: Distributed Package Installs, List Sharing,
More informationReboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive
Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive This guide explains how to create and use a Rescue USB flash drive to reinstall and recover the ExtraHop system. When booting
More informationAmahi Instruction Manual
History of Amahi Chapter 1 Installing fedora 12 and Amahi Home Digital Assistant (HDA) Chapter 2 Your DHCP/DNS options Chapter 3 Network Troubleshooting Chapter 4 Getting Started Appendix: Advanced Hard
More informationUser Guide. Laplink Software, Inc. Laplink DiskImage 7 Professional. User Guide. UG-DiskImagePro-EN-7 (REV. 5/2013)
1 Laplink DiskImage 7 Professional Laplink Software, Inc. Customer Service/Technical Support: Web: http://www.laplink.com/contact E-mail: CustomerService@laplink.com Laplink Software, Inc. 600 108th Ave.
More informationUNIX Computer Forensics
Honeynet2_book.fm Page 347 Thursday, April 29, 2004 11:09 AM 12 UNIX Computer Forensics Brian Carrier In the last chapter, we discussed the basics of computer forensics. In this chapter, we discuss the
More informationAcronis Backup & Recovery 10 Workstation. Installation Guide
Acronis Backup & Recovery 10 Workstation Installation Guide Table of Contents 1. Installation of Acronis Backup & Recovery 10... 3 1.1. Acronis Backup & Recovery 10 components... 3 1.1.1. Agent for Windows...
More informationThe BackTrack Successor
SCENARIOS Kali Linux The BackTrack Successor On March 13, Kali, a complete rebuild of BackTrack Linux, has been released. It has been constructed on Debian and is FHS (Filesystem Hierarchy Standard) complaint.
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationCloud Backup Express
Cloud Backup Express Table of Contents Installation and Configuration Workflow for RFCBx... 3 Cloud Management Console Installation Guide for Windows... 4 1: Run the Installer... 4 2: Choose Your Language...
More informationLinux Disaster Recovery best practices with rear
Relax and Recover Linux Disaster Recovery best practices with rear Gratien D'haese IT3 Consultants Who am I Independent Unix System Engineer since 1996 Unix user since 1986 Linux user since 1991 Open Source
More informationIntroduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics
Introduction to Network Security Comptia Security+ Exam Domain 5 Computer Forensics Computer Forensics Forensics relates to the application of scientific knowledge and method to legal problems Investigating
More informationAcronis Backup & Recovery 11.5 Quick Start Guide
Acronis Backup & Recovery 11.5 Quick Start Guide Applies to the following editions: Advanced Server for Windows Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server
More informationBare Metal Backup And Restore
Bare Metal Backup And Restore A TundraWare Inc. Technical Note Author: Tim Daneliuk (tundra@tundraware.com) Version: $Id: baremetal.rst,v 1.124 2014/08/26 13:15:28 tundra Exp $ Précis Many commercial and
More informationHow to enable Disk Encryption on a laptop
How to enable Disk Encryption on a laptop Skills and pre-requisites Intermediate IT skills required. You need to: have access to, and know how to change settings in the BIOS be confident that your data
More informationInstalling a Second Operating System
Installing a Second Operating System Click a link below to view one of the following sections: Overview Key Terms and Information Operating Systems and File Systems Managing Multiple Operating Systems
More informationWhere is computer forensics used?
What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic
More informationPlanning for an Amanda Disaster Recovery System
Planning for an Amanda Disaster Recovery System Bernd Harmsen bjh@datasysteme.de www.datasysteme.de 22nd April 2003 Contents 1 Introduction 1 1.1 Why we need a specialized Amanda Disaster Recovery System?..............
More informationHands-On Microsoft Windows Server 2008. Chapter 12 Managing System Reliability and Availability
Hands-On Microsoft Windows Server 2008 Chapter 12 Managing System Reliability and Availability Objectives Understand general problem-solving strategies Resolve boot problems Use and configure Event Viewer
More informationC HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR
1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge skills in computer
More informationKeystone 600N5 SERVER and STAND-ALONE INSTALLATION INSTRUCTIONS
The following instructions are required for installation of Best Access System s Keystone 600N5 (KS600N) network key control software for the server side. Please see the system requirements on the Keystone
More informationAcronis Backup & Recovery 11
Acronis Backup & Recovery 11 Quick Start Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows Workstation
More informationClick to view Web Link, click Chapter 8, Click Web Link from left navigation, then click BIOS below Chapter 8 p. 395 Fig. 8-4.
Chapter 8 Objectives Chapter 8 Operating Systems and Utility Programs Identify the the types types of of system software Summarize the the startup process on on a a personal computer Describe the the functions
More informationWhat is Digital Forensics?
DEVELOPING AN UNDERGRADUATE COURSE IN DIGITAL FORENSICS Warren Harrison PSU Center for Information Assurance Portland State University Portland, Oregon 97207 warren@cs.pdx.edu What is Digital Forensics?
More informationUSER GUIDE. Diagnostic Web Server FW ver. 5.1.54. BrightSign, LLC. 16780 Lark Ave., Suite B Los Gatos, CA 95032 408-852-9263 www.brightsign.
USER GUIDE Diagnostic Web Server FW ver. 5.1.54 BrightSign, LLC. 16780 Lark Ave., Suite B Los Gatos, CA 95032 408-852-9263 www.brightsign.biz 1 TABLE OF CONTENTS Introduction 1 Setup 2 Setting up the DWS
More informationIntroduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014
Introduction to Data Forensics Jeff Flaig, Security Consultant January 15, 2014 WHAT IS COMPUTER FORENSICS Computer forensics is the process of methodically examining computer media (hard disks, diskettes,
More informationKevin Cardwell. Toolkits: All-in-One Approach to Security
Kevin Cardwell Kevin Cardwell spent 22 years in the U.S. Navy, starting off in Sound Navigation and Ranging (SONAR). He began programming in 1987. He was fortunate enough to get on the Testing Team and
More informationGetting Physical with the Digital Investigation Process
Getting Physical with the Digital Investigation Process Brian Carrier Eugene H. Spafford Center for Education and Research in Information Assurance and Security CERIAS Purdue University Abstract In this
More informationRed Hat Certifications: Red Hat Certified System Administrator (RHCSA)
Red Hat Certifications: Red Hat Certified System Administrator (RHCSA) Overview Red Hat is pleased to announce a new addition to its line of performance-based certifications Red Hat Certified System Administrator
More informationENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING
ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING MODULE A INTRODUCTION TO COMPUTER FORENSICS AND NVESTIGATIONS A1.0 Explain concepts related to computer forensics. A1.1 This module is measured
More informationPaul McFedries. Home Server 2011 LEASHE. Third Edition. 800 East 96th Street, Indianapolis, Indiana 46240 USA
Paul McFedries Microsoft Windows9 Home Server 2011 LEASHE Third Edition 800 East 96th Street, Indianapolis, Indiana 46240 USA Table of Contents Introduction 1 Part I Unleashing Windows Home Server Configuration
More informationTen Deadly Sins of Computer Forensics
Ten Deadly Sins of Computer Forensics Cyber criminals take advantage of the anonymity of the Internet to escape punishment. Computer Forensics has emerged as a new discipline to counter cyber crime. This
More informationDigital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC
Digital Forensics: The aftermath of hacking attacks AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Topics Digital Forensics: Brief introduction Case Studies Case I:
More informationOnline Backup Client User Manual
For Mac OS X Software version 4.1.7 Version 2.2 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by other means.
More information4013779 Rev C. DBDS Backup and Restore Procedures For System Release 2.2 Through 4.3
4013779 Rev C DBDS Backup and Restore Procedures For System Release 2.2 Through 4.3 Please Read Important Please read this entire guide. If this guide provides installation or operation instructions,
More informationChapter 8 Types of Utility Programs and Operating Systems. Discovering Computers 2012. Your Interactive Guide to the Digital World
Chapter 8 Types of Utility Programs and Operating Systems Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define system software and identify the two types of
More information