Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Size: px
Start display at page:

Download "Digital Forensics. Tom Pigg Executive Director Tennessee CSEC"

Transcription

1 Digital Forensics Tom Pigg Executive Director Tennessee CSEC

2 Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze /investigates data that can be retrieved from a computer s hard disk or other storage media Yields information about how a perpetrator or an attacker gained access to a network

3 Definitions Data recovery Recovering information that was deleted by mistake or lost during a power surge or server crash Uses computer forensics techniques to retrieve information that was lost Recover data that was intentionally deleted

4 Computer Investigations Computer investigations and forensics falls into two distinct categories Public investigations Private or corporate investigations Public investigations Involve government agencies responsible for criminal investigations and prosecution Organizations must observe legal guidelines

5 Computer Investigations Private or corporate investigations Deal with private companies, Aren t governed directly by criminal law Governed by internal policies that define expected employee behavior and conduct in the workplace Investigations are usually conducted in civil cases

6 Digital Forensics Role of digital forensics professionals is to gather evidence to prove that a suspect committed a crime or violated a company policy

7 Investigation Plan Prepare a forensics workstation Obtain the evidence Make a forensic copy of the evidence Return the evidence to a secure container Process the copied evidence with computer forensics tools

8 A workstation Digital Forensics Lab A write-blocker device Setup Computer forensics acquisition tool Computer forensics analysis tool Target drive to receive the source or suspect disk data

9 Acquiring the Image First rule of Digital forensics Preserve the original evidence Conduct your analysis only on a copy of the data

10 Analyzing the Image Recover data from: Deleted files File fragments Complete files Slack Unpartitioned Space Voids between partitions Deleted files linger on the disk until new data is saved on the same physical location

11 Analyzing the Image Search for keywords of interest in the case Export the data important to the case Generate a report of your activities

12 Validating Data Most critical aspect of computer forensics Requires using a hashing algorithms Validation techniques CRC-32, MD5, and SHA-1 to SHA-512

13 Hash Algorithms Cyclic Redundancy Check (CRC) Mathematical algorithm that determines whether a file s contents have changed Not considered a forensic hashing algorithm Message Digest 5 (MD5) Mathematical formula that translates a file into a hexadecimal code value, or a hash value If a bit or byte in the file changes, it alters the digital hash

14 Hash Algorithms Three rules for forensic hashes: You can t predict the hash value of a file or device No two hash values can be the same If anything changes in the file or device, the hash value must change

15 Understanding File Systems File system gives OS a road map to data on a disk Type of file system an OS uses determines how data is stored on the disk When you need to access a suspect s computer to acquire or inspect data you should be familiar with the computer s platform

16 Understanding File Systems In Microsoft file structures, sectors are grouped to form clusters Storage allocation units of one or more sectors Clusters are typically 512, 1024, 2048, 4096, or more bytes each Hidden partitions or voids are large unused gaps between partitions on a disk Partition gap is unused space between partitions

17 Understanding File Systems Microsoft OSs allocate disk space for files by clusters, which can results in drive slack Unused space in a cluster between the end of an active file and the end of the cluster Can examine a partition s physical level with a disk editor: Norton DiskEdit, WinHex, or Hex Workshop

18 Compression NTFS provides compression Under NTFS, files, folders, or entire volumes can be compressed Most computer forensics tools can uncompress and analyze compressed Windows data

19 Encryption Encrypting File System (EFS) Implements a public key and private key method of encrypting files, folders, or disk volumes When EFS is used a recovery certificate is generated and sent to the local Windows administrator account except for MS Server 2008 Users can apply EFS to files stored on their local workstations or a remote server

20 Registry Registry A database that stores hardware and software configuration information, network connections, user preferences, and setup information For investigative purposes, the Registry can contain valuable evidence To view the registry you can use Regedit/Regedt32 or a forensics registry viewer

21 Virtual Machines Virtual machine Allows you to create a representation of another computer on an existing physical computer Many of the new digital forensics software will recognize VMs

22 Digital Forensics Tools EnCase FTK ProDiscover Helix Autopsy SleuthKit

23 Contact Information Dr. Thomas L. Pigg Professor of Computer Information Systems Jackson State Community College 2046 N. Parkway Jackson, TN (731) Ext. 201

Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition Guide to Computer Forensics and Investigations, Second Edition Chapter 4 Current Computer Forensics Tools Objectives Understand how to identify needs for computer forensics tools Evaluate the requirements

More information

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd. Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!

More information

Incident Response and Computer Forensics

Incident Response and Computer Forensics Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident

More information

Developing Computer Forensics Solutions for Terabyte Investigations

Developing Computer Forensics Solutions for Terabyte Investigations Developing Computer Forensics Solutions for Terabyte Investigations Eric Thompson Corporation Orem, Utah USA www.accessdata.com Overview Computer Forensic Definition, Objectives and Policies History of

More information

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Digital Forensics: The aftermath of hacking attacks AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Topics Digital Forensics: Brief introduction Case Studies Case I:

More information

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING MODULE A INTRODUCTION TO COMPUTER FORENSICS AND NVESTIGATIONS A1.0 Explain concepts related to computer forensics. A1.1 This module is measured

More information

Course Title: Computer Forensic Specialist: Data and Image Files

Course Title: Computer Forensic Specialist: Data and Image Files Course Title: Computer Forensic Specialist: Data and Image Files Page 1 of 9 Course Description The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute

More information

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Digital Forensics Tutorials Acquiring an Image with FTK Imager Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,

More information

EC-Council Ethical Hacking and Countermeasures

EC-Council Ethical Hacking and Countermeasures EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

CYBER FORENSICS (W/LAB) Course Syllabus

CYBER FORENSICS (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 CYBER FORENSICS (W/LAB) Course Syllabus Course Number: CSFS-0020 OHLAP Credit: Yes OCAS Code: 8134 Course Length: 130 Hours Career Cluster: Information

More information

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation

More information

CTC 328: Computer Forensics

CTC 328: Computer Forensics FALL 2010 CSUDH COMPUTER SCIENCE DEPARTMENT CTC 328: Computer Forensics Instructor: Adam Kaplan, Ph.D. E-Mail: akaplan@csudh.edu Office: NSM E-117 WWW (Blackboard Site): http://toro.csudh.edu Class Meetings:

More information

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching

More information

Digital Forensics. Module 4 CS 996

Digital Forensics. Module 4 CS 996 Digital Forensics Module 4 CS 996 Hard Drive Forensics Acquisition Bit for bit copy Write protect the evidence media EnCase for DOS Safeback (NTI: www.forensics-intl.com) Analysis EnCase FTK (www.accessdata.com)

More information

winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR

winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR Supervised by : Dr. Lo'ai Tawalbeh New York Institute of Technology (NYIT)-Jordan X-Ways Software Technology AG is a stock corporation

More information

AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS

AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS K.K. Arthur 1 H.S. Venter 2 Information and Computer Security Architectures (ICSA) Research Group University of Pretoria Pretoria Department of Computer Science

More information

COEN 152 / 252 Lab Exercise 1. Imaging, Hex Editors & File Types

COEN 152 / 252 Lab Exercise 1. Imaging, Hex Editors & File Types COEN 152 / 252 Lab Exercise 1 Imaging, Hex Editors & File Types In this lab we will explore the concepts associated with creating a forensic image. Write-blocking will be accomplished utilizing a mounted

More information

Digital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics

Digital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics Digital Forensics Lecture 3 Hard Disk Drive (HDD) Media Forensics Current, Relevant Topics defendants should not use disk-cleaning utilities to wipe portions of their hard drives before turning them over

More information

Forensic Acquisition and Analysis of VMware Virtual Hard Disks

Forensic Acquisition and Analysis of VMware Virtual Hard Disks Forensic Acquisition and Analysis of VMware Virtual Hard Disks Manish Hirwani, Yin Pan, Bill Stackpole and Daryl Johnson Networking, Security and Systems Administration Rochester Institute of Technology

More information

ACE STUDY GUIDE. 3. Which Imager pane shows information specific to file systems such as HFS+, NTFS, and Ext2? - Properties Pane

ACE STUDY GUIDE. 3. Which Imager pane shows information specific to file systems such as HFS+, NTFS, and Ext2? - Properties Pane ACE STUDY GUIDE *Note* All of the actual exam questions are in multiple choice format. This Study Guide is designed to cover all of the material on the exam, 1. FTK Imager supports the encryption of forensic

More information

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević, DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia

More information

Where is computer forensics used?

Where is computer forensics used? What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic

More information

Comparing and Contrasting Windows and Linux Forensics. Zlatko Jovanovic. International Academy of Design and Technology

Comparing and Contrasting Windows and Linux Forensics. Zlatko Jovanovic. International Academy of Design and Technology Comparing and Contrasting Windows and Linux Forensics Zlatko Jovanovic International Academy of Design and Technology Abstract Windows and Linux are the most common operating systems used on personal computers.

More information

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT ITU Session Four: Device Imaging And Analysis Mounir Kamal Q-CERT 2 Applying Forensic Science to Computer Systems Like a Detective, the archaeologist searches for clues in order to discover and reconstruct

More information

Technical Procedure for Evidence Search

Technical Procedure for Evidence Search Technical Procedure for Evidence Search 1.0 Purpose - The purpose of this procedure is to provide a systematic means of searching digital evidence in order to find data sought by the search authorization.

More information

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations

More information

COWLEY COLLEGE & Area Vocational Technical School

COWLEY COLLEGE & Area Vocational Technical School COWLEY COLLEGE & Area Vocational Technical School COURSE PROCEDURE FOR Student Level: This course is open to students on the college level in either the freshman or sophomore year. Prerequisites: Basic

More information

Cloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu

Cloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu Cloud Forensics Written & Researched by: Maegan Katz & Ryan Montelbano 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu November 4, 2013 Disclaimer: This document

More information

Lab III: Unix File Recovery Data Unit Level

Lab III: Unix File Recovery Data Unit Level New Mexico Tech Digital Forensics Fall 2006 Lab III: Unix File Recovery Data Unit Level Objectives - Review of unallocated space and extracting with dls - Interpret the file system information from the

More information

Impact of Digital Forensics Training on Computer Incident Response Techniques

Impact of Digital Forensics Training on Computer Incident Response Techniques Impact of Digital Forensics Training on Computer Incident Response Techniques Valorie J. King, PhD Collegiate Associate Professor University of Maryland University College Presentation to AFCEA June 25,

More information

CCE Certification Competencies

CCE Certification Competencies CCE Certification Competencies May 10, 2012 Page 1 The Certified Computer Examiner (CCE) has evolved into one of the most desired certifications in the computer forensics industry. The certification is

More information

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4

More information

Significance of Hash Value Generation in Digital Forensic: A Case Study

Significance of Hash Value Generation in Digital Forensic: A Case Study International Journal of Engineering Research and Development e-issn : 2278-067X, p-issn : 2278-800X, www.ijerd.com Volume 2, Issue 5 (July 2012), PP. 64-70 Significance of Hash Value Generation in Digital

More information

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1 File System Forensics FAT and NTFS 1 FAT File Systems 2 File Allocation Table (FAT) File Systems Simple and common Primary file system for DOS and Windows 9x Can be used with Windows NT, 2000, and XP New

More information

Computer Hacking Forensic Investigator v8

Computer Hacking Forensic Investigator v8 CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer

More information

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR Page: 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 Page: 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge

More information

Determining VHD s in Windows 7 Dustin Hurlbut

Determining VHD s in Windows 7 Dustin Hurlbut Introduction Windows 7 has the ability to create and mount virtual machines based upon launching a single file. The Virtual Hard Disk (VHD) format permits creation of virtual drives that can be used for

More information

State of the art of Digital Forensic Techniques

State of the art of Digital Forensic Techniques State of the art of Digital Forensic Techniques Enos K. Mabuto 1, H. S Venter 2 Department of Computer Science University of Pretoria, Pretoria, 0002, South Africa Tel: +27 12 420 3654 Email: nasbutos@yahoo.co.uk

More information

Forensically Determining the Presence and Use of Virtual Machines in Windows 7

Forensically Determining the Presence and Use of Virtual Machines in Windows 7 Forensically Determining the Presence and Use of Virtual Machines in Windows 7 Introduction Dustin Hurlbut Windows 7 has the ability to create and mount virtual machines based upon launching a single file.

More information

New Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer

New Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer New Technologies File System (NTFS) Priscilla Oppenheimer NTFS Default file system for Windows NT, 2000, XP, and Windows Server 2003 No published spec from Microsoft that describes the on-disk layout Good

More information

Design and Implementation of Digital Forensics Labs:

Design and Implementation of Digital Forensics Labs: Design and Implementation of Digital Forensics Labs: A Case Study for Teaching Digital Forensics to Undergraduate Students Hongmei Chi, Christy Chatmon, Edward Jones, and Deidre Evans Computer and Information

More information

Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition Guide to Computer Forensics and Investigations, Second Edition Chapter 9 Data Acquisition Objectives Determine the best acquisition method Plan data-recovery contingencies Use MS-DOS acquisition tools

More information

FORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres

FORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres FORENSIC ANALYSIS OF USB MEDIA EVIDENCE Jesús Alexander García Luis Alejandro Franco Juan David Urrea Carlos Alfonso Torres Manuel Fernando Gutiérrez UPB 2012 Content INTRODUCTION... 3 OBJECTIVE 4 EVIDENCE

More information

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Brian Carrier Research Scientist @stake Abstract This paper uses the theory of abstraction layers to describe the purpose

More information

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge skills in computer

More information

What s new in 6.1. Veeam Backup & Replication

What s new in 6.1. Veeam Backup & Replication Veeam Backup & Replication What s new in 6.1 Veeam Backup & Replication now protects more than 4 million VMs in more than 40,000 organizations around the world. And although Veeam has a huge lead over

More information

Microsoft Vista: Serious Challenges for Digital Investigations

Microsoft Vista: Serious Challenges for Digital Investigations Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 2 nd, 2008 Microsoft Vista: Serious Challenges for Digital Investigations Darren R. Hayes and Shareq Qureshi Seidenberg School of

More information

Virtualization Forensics: Acquisition and analysis of a clustered VMware ESXi servers

Virtualization Forensics: Acquisition and analysis of a clustered VMware ESXi servers Virtualization Forensics: Acquisition and analysis of a clustered VMware ESXi servers Dennis Cortjens dennis.cortjens@os3.nl PLAN 28th of February, 2014 Contents 1 Information 1 1.1 Introduction............................................

More information

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis

More information

Forensics on the Windows Platform, Part Two

Forensics on the Windows Platform, Part Two 1 of 5 9/27/2006 3:52 PM Forensics on the Windows Platform, Part Two Jamie Morris 2003-02-11 Introduction This is the second of a two-part series of articles discussing the use of computer forensics in

More information

Maintaining a Microsoft Windows Server 2003 Environment

Maintaining a Microsoft Windows Server 2003 Environment Maintaining a Microsoft Windows Server 2003 Environment Course number: 2275C Course lenght: 3 days Course Outline Module 1: Preparing to Administer a Server This module explains how to administer a server.

More information

Computer Forensics. Securing and Analysing Digital Information

Computer Forensics. Securing and Analysing Digital Information Computer Forensics Securing and Analysing Digital Information Aims What is a computer? Where is the evidence? Why is digital forensics important? Seizing evidence Encryption Hidden files and folders Live

More information

Legal Notices. AccessData Corp.

Legal Notices. AccessData Corp. Legal Notices AccessData Corp. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability

More information

Practice Exercise March 7, 2016

Practice Exercise March 7, 2016 DIGITAL FORENSICS Practice Exercise March 7, 2016 Prepared by Leidos CyberPatriot Forensics Challenge 1 Forensics Instruction Guide Introduction The goal of this event is to learn to identify key factors

More information

Design and Implementation of a Live-analysis Digital Forensic System

Design and Implementation of a Live-analysis Digital Forensic System Design and Implementation of a Live-analysis Digital Forensic System Pei-Hua Yen Graduate Institute of Information and Computer Education, National Kaohsiung Normal University, Taiwan amber8520@gmail.com

More information

Computer Forensic Capabilities

Computer Forensic Capabilities Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,

More information

VANGUARD ONLINE BACKUP

VANGUARD ONLINE BACKUP VANGUARD ONLINE BACKUP Product Description Vanguard Online Backup is a world class solution that automates off-site and on-site backups. The application combines an easy to use interface with powerful

More information

COMPREHENSIVE STUDY OF DIGITAL FORENSICS

COMPREHENSIVE STUDY OF DIGITAL FORENSICS COMPREHENSIVE STUDY OF DIGITAL FORENSICS Jatinder kaur, Gurpal Singh SMCA, Thapar University, Patiala-147004, India jyoti929@gmail.com, gurpalsingh123@gmail.com Abstract This paper presenting the review

More information

PREREQUISITE(S): CTS 1131, CTS 1133 and CTS 1120

PREREQUISITE(S): CTS 1131, CTS 1133 and CTS 1120 Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CAP 2140 COURSE TITLE: Data Forensics I PREREQUISITE(S): CTS 1131, CTS 1133 and CTS 1120 COREQUISITE(S):

More information

VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED.

VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED. VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *If you are using

More information

Presentation on Black Hat Europe 2003 Conference. Security Analysis of Microsoft Encrypting File System (EFS) http://www.elcomsoft.

Presentation on Black Hat Europe 2003 Conference. Security Analysis of Microsoft Encrypting File System (EFS) http://www.elcomsoft. Presentation on Black Hat Europe 2003 Conference Security Analysis of Microsoft Encrypting File System (EFS) Microsoft Encrypting File System Encrypting File File System System (EFS) (EFS) is is a a new

More information

Fall. Forensic Examination of Encrypted Systems Matthew Postinger COSC 374

Fall. Forensic Examination of Encrypted Systems Matthew Postinger COSC 374 Fall 2011 Forensic Examination of Encrypted Systems Matthew Postinger COSC 374 Table of Contents Abstract... 3 File System Encryption... 3 Windows EFS... 3 Apple FileVault... 4 Full Disk Encryption...

More information

STELLAR PHOENIX for Novell NetWare Data Recovery Software User Manual

STELLAR PHOENIX for Novell NetWare Data Recovery Software User Manual STELLAR PHOENIX for Novell NetWare Data Recovery Software User Manual Copyright 2001 by Stellar Information Systems Ltd. All Rights Reserved The information contained in this documentation is subject to

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

Computer Forensics as an Integral Component of the Information Security Enterprise

Computer Forensics as an Integral Component of the Information Security Enterprise Computer Forensics as an Integral Component of the Information Security Enterprise By John Patzakis 10/28/03 I. EXECUTIVE SUMMARY In addition to fending off network intrusions and denial of service attacks,

More information

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012 Discovery of Electronically Stored Information ECBA conference Tallinn October 2012 Jan Balatka, Deloitte Czech Republic, Analytic & Forensic Technology unit Agenda Introduction ediscovery investigation

More information

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services Digital Forensics & e-discovery Services U.S. Security Associates Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities

More information

Yiwo Tech Development Co., Ltd. EaseUS Todo Backup. Reliable Backup & Recovery Solution. EaseUS Todo Backup Solution Guide. All Rights Reserved Page 1

Yiwo Tech Development Co., Ltd. EaseUS Todo Backup. Reliable Backup & Recovery Solution. EaseUS Todo Backup Solution Guide. All Rights Reserved Page 1 EaseUS Todo Backup Reliable Backup & Recovery Solution EaseUS Todo Backup Solution Guide. All Rights Reserved Page 1 Part 1 Overview EaseUS Todo Backup Solution Guide. All Rights Reserved Page 2 Introduction

More information

HDD in Water. 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu

HDD in Water. 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu HDD in Water 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu Written by Andrew Murdock and Hanah Leo Researched by Andrew Murdock and Hanah Leo 10/23/2013

More information

Microsoft Diagnostics and Recovery Toolset 7 Evaluation Guide

Microsoft Diagnostics and Recovery Toolset 7 Evaluation Guide Microsoft Diagnostics and Recovery Toolset 7 Evaluation Guide White Paper Descriptor This document provides administrators with information and steps-by-step technique for deploying Microsoft Diagnostics

More information

The Virtual Digital Forensics Lab: Expanding Law Enforcement Capabilities

The Virtual Digital Forensics Lab: Expanding Law Enforcement Capabilities Briefing Paper The Virtual Digital Forensics Lab: Expanding Law Enforcement Capabilities Sean A. Ensz University of Oklahoma 200 Felgar Street, Norman, Oklahoma 73019 405.325.3954 Office 405.325.1633 Fax

More information

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services Digital Forensics & e-discovery Services Andrews International Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities

More information

MS 50292: Administering and Maintaining Windows 7

MS 50292: Administering and Maintaining Windows 7 MS 50292: Administering and Maintaining Windows 7 Description: This five-day instructor-led course provides students with the knowledge and skills to successfully administer, maintain, and troubleshoot

More information

User Manual. Published: 12-Mar-15 at 09:36:51

User Manual. Published: 12-Mar-15 at 09:36:51 User Manual Published: 12-Mar-15 at 09:36:51 Chapter Contents Published: 12-Mar-15 at 09:36:48 Chapter 1 - Introduction... 11 1.1 Introducing Forensic Explorer... 12 1.2 Supported file formats... 12 1.3

More information

Advanced Methods and Techniques

Advanced Methods and Techniques 2013 CTIN Digital Forensics Conference Advanced Methods and Techniques Brett Shavers 2013 CTIN Digital Forensics Conference The XWF Book Not done yet Eric Zimmerman (FBI) is the coauthor Jimmy Weg is the

More information

Digital Evidence Search Kit

Digital Evidence Search Kit Digital Evidence Search Kit K.P. Chow, C.F. Chong, K.Y. Lai, L.C.K. Hui, K. H. Pun, W.W. Tsang, H.W. Chan Center for Information Security and Cryptography Department of Computer Science The University

More information

Live System Forensics

Live System Forensics Live System Forensics By: Tim Fernalld & Colby Lahaie Patrick Leahy Center for Digital Investigation Champlain College 2/22/12 Contents Contents... 1 1 Introduction... 2 1.1 Research Statement... 2 1.2

More information

EnCase 7 - Basic + Intermediate Topics

EnCase 7 - Basic + Intermediate Topics EnCase 7 - Basic + Intermediate Topics Course Objectives This 4 day class is designed to familiarize the student with the many artifacts left behind on Windows based media and how to conduct a forensic

More information

Lab 7. Answer. Figure 1

Lab 7. Answer. Figure 1 Lab 7 1. For each of the first 8 Ethernet frames, specify the source of the frame (client or server), determine the number of SSL records that are included in the frame, and list the SSL record types that

More information

Can Computer Investigations Survive Windows XP?

Can Computer Investigations Survive Windows XP? Can Computer Investigations Survive? An Examination of Microsoft and its Effect on Computer Forensics December 2001 by Kimberly Stone and Richard Keightley 2001 Guidance Software All Rights Reserved Executive

More information

National District Attorneys Association National Center for Prosecution of Child Abuse. Computer Forensics for Prosecutors

National District Attorneys Association National Center for Prosecution of Child Abuse. Computer Forensics for Prosecutors National District Attorneys Association National Center for Prosecution of Child Abuse Computer Forensics for Prosecutors February 18-19, 2013 Portland, Oregon Detective Michael Smith Computer Crimes &

More information

Minnesota State Community and Technical College Detroit Lakes Campus

Minnesota State Community and Technical College Detroit Lakes Campus Computer Network Security Minnesota State Community and Technical College Detroit Lakes Campus Overview Philosophy Note on 2 year Colleges Certifications Program Courses CCDC Program Numbers Faculty Future

More information

How To Get A Computer Hacking Program

How To Get A Computer Hacking Program CHFI v8(computer Hacking Forensics Investigator) Course Description & Overview Overview CHFIv8 Course Description EC-Council releases the brand new Version 8 of the Computer Hacking Forensics Investigator

More information

A STUDY OF FORENSIC IMAGING IN THE ABSENCE OF WRITE-BLOCKERS

A STUDY OF FORENSIC IMAGING IN THE ABSENCE OF WRITE-BLOCKERS A Study of Forensic Imaging in the Absence of JDFSL V9N3 This work is licensed under a Creative Commons Attribution 4.0 International License. A STUDY OF FORENSIC IMAGING IN THE ABSENCE OF WRITE-BLOCKERS

More information

Out of Harms Reach -A Whitepaper on Online Backup

Out of Harms Reach -A Whitepaper on Online Backup Out of Harms Reach -A Whitepaper on Online Backup Introduction: The world is an unpredictable place, one day your data is there, but the second day they aren t, due to viruses, system crash, and human

More information

Introduction to Computer Forensics ITP 499 (3 Units)

Introduction to Computer Forensics ITP 499 (3 Units) Introduction to Computer Forensics ITP 499 (3 Units) Description In 2007, the FBI reported that over 200 major companies reported a loss of over 60 million dollars due to computer crime. Computers are

More information

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Information Technology Audit & Forensic Techniques. CMA Amit Kumar Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques

More information

Incident Response and Forensics

Incident Response and Forensics Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer

More information

TARRANT COUNTY PURCHASING DEPARTMENT

TARRANT COUNTY PURCHASING DEPARTMENT JACK BEACHAM, C.P.M., A.P.P. PURCHASING AGENT TARRANT COUNTY PURCHASING DEPARTMENT AUGUST 4, 2010 RFP NO. 2010-103 ROB COX, C.P.M., A.P.P. ASSISTANT PURCHASING AGENT RFP FOR DIGITAL ASSET MANAGEMENT SYSTEM

More information

Web-Based Data Backup Solutions

Web-Based Data Backup Solutions "IMAGINE LOSING ALL YOUR IMPORTANT FILES, IS NOT OF WHAT FILES YOU LOSS BUT THE LOSS IN TIME, MONEY AND EFFORT YOU ARE INVESTED IN" The fact Based on statistics gathered from various sources: 1. 6% of

More information

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1 MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:

More information

NIST CFTT: Testing Disk Imaging Tools

NIST CFTT: Testing Disk Imaging Tools NIST CFTT: Testing Disk Imaging Tools James R. Lyle, Ph.D. Computer Scientist National Institute of Standards and Technology 1. Introduction There is a critical need in the law enforcement community to

More information

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12 Course Page - Page 1 of 12 Windows 7 Enterprise Desktop Support Technician M-50331 Length: 5 days Price: $2,795.00 Course Description This five-day instructor-led course provides students with the knowledge

More information

An overview of IT Security Forensics

An overview of IT Security Forensics An overview of IT Security Forensics Manu Malek, Ph.D. Stevens Institute of Technology mmalek@ieee.org www.cs.stevens.edu/~mmalek April 2008 IEEE Calif. 1 Outline Growing Threats/Attacks Need for Security

More information

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix Definition of : Computer Coherent application of a methodical investigatory techniques to solve crime cases. Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix

More information

Maintaining a Microsoft Windows Server 2003 Environment

Maintaining a Microsoft Windows Server 2003 Environment Maintaining a Microsoft Windows Server 2003 Environment Key Data Course #: 2275C Number of Days: 3 Format: Instructor-Led Certification Exams: None Certification Track: Exam 70-290: Managing and Maintaining

More information

Enterprise Backup Overview Protecting Your Most Important Asset

Enterprise Backup Overview Protecting Your Most Important Asset Enterprise Backup Overview Protecting Your Most Important Asset For more information, please contact: Email: sales@canadianwebhosting.com Phone: 888-821-7888 Canadian Web Hosting (www.canadianwebhosting.com)

More information