Computer Forensics. Securing and Analysing Digital Information

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Computer Forensics. Securing and Analysing Digital Information"

Transcription

1 Computer Forensics Securing and Analysing Digital Information

2 Aims What is a computer? Where is the evidence? Why is digital forensics important? Seizing evidence Encryption Hidden files and folders Live acquisitions Dead box acquisitions Forensic image, processing analysis and results Forensic tools how they work File Structure, metadata, exif data Bookmarks and reports Lab costs

3 What is a computer? Laptops Desktops Tablets Phones Storage Date Arial 14pt

4 Where is the evidence? Properties Internet Cloud People Corporate Networks Companies International Jurisdictions

5 Why is digital forensics important? What can we recover? Word Pictures Excel PowerPoint Adobe PDF Location data Time and date Illegal content Associates Internet Contacts Calendar

6 Seizing evidence Switched on? Call an expert! Switched off? Bag it!

7 Encryption Encryption may prevent data recovery Specialist techniques and training is required Specialist software and hardware is required If the computer is switched on, call an expert Where is the password? This is why live acquisition is important!

8 Freedom of Information Act Protective Marking Title: Publication Scheme Y/N: Summary: Branch / OCU: Date created: Review date: Version: Author: Keyspace Demonstration

9 Hidden Files and Folders Hidden files are difficult to find Specialist software is required If the computer is switched on, call an expert What software is being used? This is why live acquisition is important!

10 Freedom of Information Act Protective Marking Title: Publication Scheme Y/N: Summary: Branch / OCU: Date created: Review date: Version: Author: Hidden Picture Demonstration

11 Live Acquisition Why not turn it off and bag it? Allows us to recover volatile data RAM (Random Access Memory) Triage the evidence Programs Which can contain How? Specialist forensic tools Hidden Files Decryption Passwords Evidence Recent activity

12 Live Acquisition Specialist Forensic Tools

13 Freedom of Information Act Protective Marking Title: Publication Scheme Y/N: Summary: Branch / OCU: Date created: Review date: Version: Author: EnCase Portable Demonstration

14 Deadbox Acquisition Switched off? Bag it! What do we do with it? Create forensic Image Computer may have special boot mode Image using forensic imagers How? Image using forensic software What if you can t remove Remove the Hard drive

15 Deadbox Acquisition Forensic Imagers Provides a bridge between media Provides write protection for the evidence

16 Freedom of Information Act Protective Marking Title: Publication Scheme Y/N: Summary: Branch / OCU: Date created: Review date: Version: Author: Memory Card Acquisition Demonstration

17 Forensic Image What is a forensic image? Protected data container Given a unique identifier (Hash) Consists off: File Name Text File Case Info Notes Data Blocks Hash Hash important for exhibit continuity Image file types.eo1.e01. L01.Lx01.Ex01.AD1

18 EnCase Examiner Processing Analysis and Results Forensic Tools

19 Forensic Tool Kit (FTK) Processing Analysis and Results Forensic Tools

20 Processing Analysis and Results Internet Evidence Finder (IEF) Forensic Tools

21 Forensic Tools How they work Examining file structures All file types have a formal data structure Information inside the file File Identifiers Headers Footers

22 Forensic Tools How they work Examining the Master File Table Record of all the files stored on a drive Size File Name File Type Location Created Accessed Modified Deleted

23 Freedom of Information Act Protective Marking Title: Publication Scheme Y/N: Summary: Branch / OCU: Date created: Review date: Version: Author: FTK Memory Card Demonstration

24 Metadata and Exif Data What do we get? Information within a Picture file Camera, Make, Model GPS Location Dates Times Author

25 Freedom of Information Act Protective Marking Title: Publication Scheme Y/N: Summary: Branch / OCU: Date created: Review date: Version: Author: Exif Data Demonstration

26 Processing Analysis and Results Bookmark and Reports Highlights Files Add Comments Attach files Export to Reports

27 Lab Costs Staff Equipment Versus Contractors Training

28 Summary What is a computer? Where is the evidence? Why is digital forensics important? Seizing evidence Encryption Hidden files and folders Live acquisitions Dead box acquisitions Forensic image, processing analysis and results Forensic tools how they work File Structure, metadata, exif data Bookmarks and reports Lab costs

29 Freedom of Information Act Protective Marking Title: Publication Scheme Y/N: Summary: Branch / OCU: Date created: Review date: Version: Author:

EC-Council Ethical Hacking and Countermeasures

EC-Council Ethical Hacking and Countermeasures EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

EnCase 7 - Basic + Intermediate Topics

EnCase 7 - Basic + Intermediate Topics EnCase 7 - Basic + Intermediate Topics Course Objectives This 4 day class is designed to familiarize the student with the many artifacts left behind on Windows based media and how to conduct a forensic

More information

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012 Just EnCase Presented By Larry Russell CalCPA State Technology Committee May 18, 2012 What is e-discovery Electronically Stored Information (ESI) Discover or Monitor for Fraudulent Activity Tools used

More information

ACE STUDY GUIDE. 3. Which Imager pane shows information specific to file systems such as HFS+, NTFS, and Ext2? - Properties Pane

ACE STUDY GUIDE. 3. Which Imager pane shows information specific to file systems such as HFS+, NTFS, and Ext2? - Properties Pane ACE STUDY GUIDE *Note* All of the actual exam questions are in multiple choice format. This Study Guide is designed to cover all of the material on the exam, 1. FTK Imager supports the encryption of forensic

More information

Fall. Forensic Examination of Encrypted Systems Matthew Postinger COSC 374

Fall. Forensic Examination of Encrypted Systems Matthew Postinger COSC 374 Fall 2011 Forensic Examination of Encrypted Systems Matthew Postinger COSC 374 Table of Contents Abstract... 3 File System Encryption... 3 Windows EFS... 3 Apple FileVault... 4 Full Disk Encryption...

More information

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Digital Forensics Tutorials Acquiring an Image with FTK Imager Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,

More information

Paraben s Device Seizure 6.5 Release Notes

Paraben s Device Seizure 6.5 Release Notes Paraben s Device Seizure 6.5 Release Notes 1 Paraben Corporation Welcome to Paraben s Device Seizure! Device Seizure is designed to allow investigators to acquire the data contained on mobile phones, smartphones,

More information

Computer Hacking Forensic Investigator v8

Computer Hacking Forensic Investigator v8 CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer

More information

Digital Forensics Fundamentals

Digital Forensics Fundamentals Digital Forensics Fundamentals 1 P a g e Table of Contents 1. Overview of Digital Forensics... 3 2. Evaluation of Digital forensic tools... 5 2.1 Encase Digital forensic tool... 5 2.1.1 Benefits with Encase

More information

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012 Discovery of Electronically Stored Information ECBA conference Tallinn October 2012 Jan Balatka, Deloitte Czech Republic, Analytic & Forensic Technology unit Agenda Introduction ediscovery investigation

More information

CLOUD STORAGE FORENSICS MATTIA EPIFANI SANS EUROPEAN DIGITAL FORENSICS SUMMIT PRAGUE, 7 OCTOBER 2013

CLOUD STORAGE FORENSICS MATTIA EPIFANI SANS EUROPEAN DIGITAL FORENSICS SUMMIT PRAGUE, 7 OCTOBER 2013 CLOUD STORAGE FORENSICS MATTIA EPIFANI SANS EUROPEAN DIGITAL FORENSICS SUMMIT PRAGUE, 7 OCTOBER 2013 SUMMARY Cloud Storage services Testing environment and methodology Forensics artifacts left by Cloud

More information

Secure Storage. Lost Laptops

Secure Storage. Lost Laptops Secure Storage 1 Lost Laptops Lost and stolen laptops are a common occurrence Estimated occurrences in US airports every week: 12,000 Average cost of a lost laptop for a corporation is $50K Costs include

More information

Digital Forensic Techniques

Digital Forensic Techniques Digital Forensic Techniques Namrata Choudhury, Sr. Principal Information Security Analyst, Symantec Corporation Professional Techniques T23 CRISC CGEIT CISM CISA AGENDA Computer Forensics vs. Digital Forensics

More information

Course Title: Computer Forensic Specialist: Data and Image Files

Course Title: Computer Forensic Specialist: Data and Image Files Course Title: Computer Forensic Specialist: Data and Image Files Page 1 of 9 Course Description The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute

More information

Overview of Computer Forensics

Overview of Computer Forensics Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National

More information

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation

More information

Incident Response and Computer Forensics

Incident Response and Computer Forensics Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident

More information

Computer Forensic Capabilities

Computer Forensic Capabilities Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,

More information

EnCase Forensic Product Overview

EnCase Forensic Product Overview GUIDANCE SOFTWARE EnCase Forensic EnCase Forensic Product Overview The Standard in Digital Investigations GUIDANCE SOFTWARE EnCase Forensic EnCase Forensic Version 7 The mission of Guidance Software has

More information

Advanced Methods and Techniques

Advanced Methods and Techniques 2013 CTIN Digital Forensics Conference Advanced Methods and Techniques Brett Shavers 2013 CTIN Digital Forensics Conference The XWF Book Not done yet Eric Zimmerman (FBI) is the coauthor Jimmy Weg is the

More information

Retrieving Internet chat history with the same ease as a squirrel cracks nuts

Retrieving Internet chat history with the same ease as a squirrel cracks nuts Retrieving Internet chat history with the same ease as a squirrel Yuri Gubanov CEO, Belkasoft http://belkasoft.com SANS Forensic Summit September 21, 2011 London, Great Britain What is Instant Messenger!

More information

Paraben JTAG Analysis Tool 1.0. Release Notes

Paraben JTAG Analysis Tool 1.0. Release Notes Paraben JTAG Analysis Tool 1.0 Release Notes Welcome to Paraben JTAG Analysis Tool 1.0! Paraben s JTAG Analysis Tool is a sophisticated digital forensic tool designed to examine a rich variety of data

More information

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection GUIDANCE SOFTWARE EnCase Portable EnCase Portable Extend Your Forensic Reach with Powerful Triage & Data Collection GUIDANCE SOFTWARE EnCase Portable EnCase Portable Triage and Collect with EnCase Portable

More information

CYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad.

CYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad. CYBER FORENSICS KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad. 11 DIGITAL EVIDENCE? Cyber crimes Digital evidence Digital evidence is any information of

More information

Technical Procedure for Evidence Search

Technical Procedure for Evidence Search Technical Procedure for Evidence Search 1.0 Purpose - The purpose of this procedure is to provide a systematic means of searching digital evidence in order to find data sought by the search authorization.

More information

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze

More information

Presentation Title Presentation Subtitle. The Unique Alternative to the Big Four

Presentation Title Presentation Subtitle. The Unique Alternative to the Big Four Presentation Title Presentation Subtitle The Unique Alternative to the Big Four Speaker Biography Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Senior Manager, Crowe Horwath LLP Forensic Technology Services Leader

More information

Developing Computer Forensics Solutions for Terabyte Investigations

Developing Computer Forensics Solutions for Terabyte Investigations Developing Computer Forensics Solutions for Terabyte Investigations Eric Thompson Corporation Orem, Utah USA www.accessdata.com Overview Computer Forensic Definition, Objectives and Policies History of

More information

Recovering Digital Evidence in a Cloud Computing Paradigm. Jad Saliba Founder and CTO

Recovering Digital Evidence in a Cloud Computing Paradigm. Jad Saliba Founder and CTO Recovering Digital Evidence in a Cloud Computing Paradigm Jad Saliba Founder and CTO Background Teenage geek - IT/Software industry Police officer for 7 years Worked in Tech Crimes Unit Started JADsoftware

More information

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd. Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!

More information

Mobile memory dumps, MSAB and MPE+ Data collection Information recovery Analysis and interpretation of results

Mobile memory dumps, MSAB and MPE+ Data collection Information recovery Analysis and interpretation of results Mobile memory dumps, MSAB and MPE+ Data collection Information recovery Analysis and interpretation of results Physical Extraction Physical extraction involves either Removing chips from circuit board

More information

Mac Marshal: A Tool for Mac OS X Operating System and Application Forensics

Mac Marshal: A Tool for Mac OS X Operating System and Application Forensics Mac Marshal: A Tool for Mac OS X Operating System and Application Forensics Rob Joyce, Judson Powers, Frank Adelstein A Subsidiary of Architecture Technology Corporation Digital Forensic Research Workshop

More information

MAC/OSX - How to Encrypt Data using TrueCrypt. v.05201011

MAC/OSX - How to Encrypt Data using TrueCrypt. v.05201011 MAC/OSX - How to Encrypt Data using TrueCrypt v.05201011 This chapter contains step-by-step instructions on how to create, mount, and use a TrueCrypt volume. We strongly recommend that you read the entire

More information

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching

More information

Computer and Phone Forensics WHY DO WE CARE ABOUT FORENSICS? INITIAL RESPONSE 1/24/2013

Computer and Phone Forensics WHY DO WE CARE ABOUT FORENSICS? INITIAL RESPONSE 1/24/2013 Computer and Phone Forensics Califorensics i Don Vilfer, JD, ACE 916-789-1602 Don@Califorensics.com www.califorensics.com WHY DO WE CARE ABOUT FORENSICS? Lawyers and Investigators need to be equipped to

More information

Forensic Toolkit. Sales and Promotional Summary ACCESSDATA, ON YOUR RADAR

Forensic Toolkit. Sales and Promotional Summary ACCESSDATA, ON YOUR RADAR Forensic Toolkit Sales and Promotional Summary ACCESSDATA, ON YOUR RADAR What is AccessData s Forensic Toolkit? Also known as FTK, this application enables you to perform complete and thorough computer

More information

Digital Evidence and Computer Forensics

Digital Evidence and Computer Forensics Digital Evidence and Computer Forensics Don Mason Associate Director Copyright 2012 National Center for Justice and the Rule of Law All Rights Reserved Objectives After this session, you will be able to:

More information

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Digital Forensics: The aftermath of hacking attacks AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Topics Digital Forensics: Brief introduction Case Studies Case I:

More information

CNIT 121: Computer Forensics. 8 Forensic Duplication

CNIT 121: Computer Forensics. 8 Forensic Duplication CNIT 121: Computer Forensics 8 Forensic Duplication Types of Duplication Simple duplication Copy selected data; file, folder, partition... Forensic duplication Every bit on the source is retained Including

More information

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1 MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:

More information

Handling Encrypted Evidence & Password Recovery. Nataly Koukoushkina June 2010 CCFC 2010, Workshop

Handling Encrypted Evidence & Password Recovery. Nataly Koukoushkina June 2010 CCFC 2010, Workshop Handling Encrypted Evidence & Password Recovery Nataly Koukoushkina June 2010 CCFC 2010, Workshop Passware In business for 12 years Offices in USA and Russia Products included in Certified Computer Examiner

More information

Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition Guide to Computer Forensics and Investigations, Second Edition Chapter 9 Data Acquisition Objectives Determine the best acquisition method Plan data-recovery contingencies Use MS-DOS acquisition tools

More information

Computing forensics: a live analysis

Computing forensics: a live analysis April 18th, 2005 1 2 3 Objectives Evidence acquisition Recovery and examination of suspect digital evidence (think Warrick Brown on CSI) Hardware: servers, workstations, laptops, PDAs, mobiles, cameras

More information

Richard A. Peacock 410.346.7288 (Office) 443.398.5246 (Cell) rich@realforensicanalysis.com

Richard A. Peacock 410.346.7288 (Office) 443.398.5246 (Cell) rich@realforensicanalysis.com Richard A. Peacock 410.346.7288 (Office) 443.398.5246 (Cell) rich@realforensicanalysis.com EnCase Certified Examiner (EnCE) Access Data Certified Examiner (ACE) Access Data Mobile Phone Certified Examiner

More information

Ricoh Legal. Live Data Acquisition: The New Default Standard for Capturing ESI?

Ricoh Legal. Live Data Acquisition: The New Default Standard for Capturing ESI? Ricoh Legal Live Data Acquisition: The New Default Standard for Capturing ESI? By David Greetham, National Director of Forensics, Legal Enterprise Solutions Live computer forensic imaging, which is performed

More information

Scientific Working Group on Digital Evidence

Scientific Working Group on Digital Evidence Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification by e-mail before or contemporaneous to the introduction of this document, or

More information

The SuperImage application can achieves in one read pass over from the Suspect hard disk drive: (SIF-0018) Features:

The SuperImage application can achieves in one read pass over from the Suspect hard disk drive: (SIF-0018) Features: SuperImager 8 Forensic Field Unit i7 Edition Complete Computer Forensic Mobile Unit 4 SAS, 6 USB3.0 Ports, Touchscreen Color LCD Display (Internal SSD 256GB) (SIF-0018) The SuperImager 8 field unit is

More information

Digital Forensics. Module 4 CS 996

Digital Forensics. Module 4 CS 996 Digital Forensics Module 4 CS 996 Hard Drive Forensics Acquisition Bit for bit copy Write protect the evidence media EnCase for DOS Safeback (NTI: www.forensics-intl.com) Analysis EnCase FTK (www.accessdata.com)

More information

Carry it Easy. User Guide

Carry it Easy. User Guide Carry it Easy User Guide User Manual Version 3.2 2004-2010 CoSoSys Ltd. Carry it Easy User Manual Table of Contents Table of Contents... I 1. Introduction... 1 2. System Requirements... 1 3. Installation...

More information

SOLVING VIOLENT CRIMES WITH A UNIFIED WORKFLOW

SOLVING VIOLENT CRIMES WITH A UNIFIED WORKFLOW Use Case SOLVING VIOLENT CRIMES WITH A UNIFIED WORKFLOW In a Violent Home Invasion Investigation, the UFED Series Seamlessly Unifies Workflows from Field to Lab A series of violent home invasions has everyone

More information

What is Digital Forensics?

What is Digital Forensics? DEVELOPING AN UNDERGRADUATE COURSE IN DIGITAL FORENSICS Warren Harrison PSU Center for Information Assurance Portland State University Portland, Oregon 97207 warren@cs.pdx.edu What is Digital Forensics?

More information

Toward a new tool to extract the Evidence from a Memory Card of Mobile phones

Toward a new tool to extract the Evidence from a Memory Card of Mobile phones Toward a new tool to extract the Evidence from a Memory Card of Mobile phones Rob Witteman, Arjen Meijer Politie Rotterdam, Team Digitale Opsporing Doelwater 5, 3011 AH Rotterdam The Netherlands {rob.witteman,

More information

10 Ways to Not Get Caught Hacking On Your Mac

10 Ways to Not Get Caught Hacking On Your Mac 10 Ways to Not Get Caught Hacking On Your Mac Three18 is a Comprehensive Technology Solutions Provider Apple Certified Partner Microsoft Gold Partner Symantec Security Solutions Partner Novell and RedHat

More information

Metadata in Microsoft Office and in PDF Documents Types, Export, Display and Removal

Metadata in Microsoft Office and in PDF Documents Types, Export, Display and Removal White Paper Metadata in Microsoft Office and in PDF Documents Types, Export, Display and Removal Copyright 2002-2009 soft Xpansion GmbH & Co. KG White Paper Metadata in PDF Files 1 Contents Term Definitions

More information

PowerPoint 2010 to Office 365 for business

PowerPoint 2010 to Office 365 for business PowerPoint 2010 to Office 365 for business Make the switch Microsoft PowerPoint 2013 looks different from previous versions, so here s a brief overview of new features and important changes. Find what

More information

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT ITU Session Four: Device Imaging And Analysis Mounir Kamal Q-CERT 2 Applying Forensic Science to Computer Systems Like a Detective, the archaeologist searches for clues in order to discover and reconstruct

More information

Chapter 7 Securing Information Systems

Chapter 7 Securing Information Systems 1 Chapter 7 Securing Information Systems LEARNING TRACK 3: COMPUTER FORENSICS For thirty years, a serial murderer known as the BTK killer (standing for bind, torture, and kill) remained at large in Wichita,

More information

Hands-On How-To Computer Forensics Training

Hands-On How-To Computer Forensics Training j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE

More information

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING MODULE A INTRODUCTION TO COMPUTER FORENSICS AND NVESTIGATIONS A1.0 Explain concepts related to computer forensics. A1.1 This module is measured

More information

Media Device Encryption

Media Device Encryption Media Device Encryption The age of portable media has brought us a plethora of mobile media devices that allow information to be easily transported from place to place. Though portable media devices like

More information

A Review of Advancements in Code Breaking and Password Recovery Technology

A Review of Advancements in Code Breaking and Password Recovery Technology A Review of Advancements in Code Breaking and Password Recovery Technology Code Breaking and Digital Forensics FBI Supervisory Special Agent Chris Beeson Laboratory Director Silicon Valley Regional Computer

More information

Cloud Signature Creator: An Application to Establish Cloud-Computing Application Artifacts

Cloud Signature Creator: An Application to Establish Cloud-Computing Application Artifacts University of Rhode Island DigitalCommons@URI Open Access Master's Theses 2015 Cloud Signature Creator: An Application to Establish Cloud-Computing Application Artifacts Gerald W. Gent University of Rhode

More information

Full Drive Encryption Security Problem Definition - Encryption Engine

Full Drive Encryption Security Problem Definition - Encryption Engine 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles

More information

Using Computer Forensics in your Investigations

Using Computer Forensics in your Investigations Deloitte Financial Advisory Services LLP Using Computer Forensics in your Investigations Presented to: ISACA Los Angeles Chapter Dave Nardoni January 12 th, 2010 Agenda Introduction Analytic & Forensic

More information

Digital Forensics Tutorials Viewing Image Contents in Windows

Digital Forensics Tutorials Viewing Image Contents in Windows Digital Forensics Tutorials Viewing Image Contents in Windows Explanation Section About Disk Analysis Once the proper steps have been taken to secure and verify the disk image, the actual contents of the

More information

EnCase Portable Demo P A G E 0

EnCase Portable Demo P A G E 0 EnCase Portable Demo P A G E 0 EnCase Portable Easy to Use Collection Solution Brent Botta Director of ediscovery Solution Agenda P A G E 2 EnCase Portable Solution What is it? Business Issues to Utilize

More information

10 steps to better secure your Mac laptop from physical data theft

10 steps to better secure your Mac laptop from physical data theft 10 steps to better secure your Mac laptop from physical data theft Executive summary: This paper describes changes Mac users can make to improve the physical security of their laptops, discussing the context

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Worksheet - Document management and Cloud Services on the ipad

Worksheet - Document management and Cloud Services on the ipad Worksheet - Document management and Cloud Services on the ipad This worksheet requires installation of the following ipad apps: Adobe Reader, Google Drive, Chrome, Windows Skydrive, Dropbox and Goodreader.

More information

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević, DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia

More information

Impact of Digital Forensics Training on Computer Incident Response Techniques

Impact of Digital Forensics Training on Computer Incident Response Techniques Impact of Digital Forensics Training on Computer Incident Response Techniques Valorie J. King, PhD Collegiate Associate Professor University of Maryland University College Presentation to AFCEA June 25,

More information

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2. Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions

More information

PTK Forensics. Dario Forte, Founder and Ceo DFLabs. The Sleuth Kit and Open Source Digital Forensics Conference

PTK Forensics. Dario Forte, Founder and Ceo DFLabs. The Sleuth Kit and Open Source Digital Forensics Conference PTK Forensics Dario Forte, Founder and Ceo DFLabs The Sleuth Kit and Open Source Digital Forensics Conference What PTK is about PTK forensics is a computer forensic framework based on command line tools

More information

Windows Forensics Vista

Windows Forensics Vista Windows Forensics Vista Forensic Toolkit, FTK Imager and Registry Viewer Advanced Three-day Instructor-led Workshop T his advanced workshop provides the knowledge and skills necessary to analyze Microsoft

More information

Digital Forensics. Dr. Vic Fay-Wolfe Department of Computer Science University of Rhode Island

Digital Forensics. Dr. Vic Fay-Wolfe Department of Computer Science University of Rhode Island Digital Forensics Dr. Vic Fay-Wolfe Department of Computer Science University of Rhode Island Topics What is Digital Forensics? Cases Digital Forensics Practice Algorithms and Computer Sci Digital Forensics

More information

EnCase Endpoint Investigator Fundamentals 5/25/2016

EnCase Endpoint Investigator Fundamentals 5/25/2016 EnCase Endpoint Investigator Fundamentals Guidance Software 1 About Us Tony Balzanto Tony Balzanto is an instructor in the Orlando, FL office of Guidance Software s Professional Development and Training

More information

SIMPLIFYING THE COMPLEXITY OF MOBILE DATA FORENSICS

SIMPLIFYING THE COMPLEXITY OF MOBILE DATA FORENSICS SIMPLIFYING THE COMPLEXITY OF MOBILE DATA FORENSICS Extract the Insights that Focus Investigations CELLEBRITE UFED PRO SERIES THE DATA SOURCES THAT MATTER MOST 95% MOBILE DEVICE ITSELF 59% THIRD-PARTY

More information

Research on Digital Forensics Based on Private Cloud Computing

Research on Digital Forensics Based on Private Cloud Computing Research on Digital Forensics Based on Private Cloud Computing Gang Zeng Police Information Technology Department, Liaoning Police Academy, Liaoning, China ABSTRACT With development of network, massive

More information

THUMBS DB FILES FORENSIC ISSUES

THUMBS DB FILES FORENSIC ISSUES THUMBS DB FILES FORENSIC ISSUES Dustin Hurlbut Thumbs.db Definition A thumbnail view is commonly known to be a miniature picture that represents a larger graphic. Thumbnails are used in FTK and FTK Imager

More information

Time Stamp. Instruction Booklet

Time Stamp. Instruction Booklet Time Stamp Instruction Booklet Time Stamp Introductions Time stamp is a useful solution for backing up and restoring system, it backs up the entire computer system to the Backup Zone. Time Stamp is used

More information

Introducing a New Era in Digital Forensic Investigations BUILDING AN EFFECTIVE, EFFICIENT FORENSICS SOLUTION

Introducing a New Era in Digital Forensic Investigations BUILDING AN EFFECTIVE, EFFICIENT FORENSICS SOLUTION Introducing a New Era in Digital Forensic Investigations Investigators today need much more than a disparate bag of tools to get the job done. Case loads and case complexity are increasing at an explosive

More information

Computer Forensic Tools. Stefan Hager

Computer Forensic Tools. Stefan Hager Computer Forensic Tools Stefan Hager Overview Important policies for computer forensic tools Typical Workflow for analyzing evidence Categories of Tools Demo SS 2007 Advanced Computer Networks 2 Important

More information

Cloudifile: Frequently Asked Questions

Cloudifile: Frequently Asked Questions Cloudifile: Frequently Asked Questions 1 Contents Cloudifile Compatibility... 3 Cloudifile Installation... 4 Cloudifile Account Registration... 5 Working with Cloudifile... 6 Cloudifile Functionality...

More information

Network Enabled Digital Forensics. Presented by: Ben Kingston, EnCE, MCSE, A+ FDR Forensic Data Recovery Inc.

Network Enabled Digital Forensics. Presented by: Ben Kingston, EnCE, MCSE, A+ FDR Forensic Data Recovery Inc. Network Enabled Digital Forensics Presented by: Ben Kingston, EnCE, MCSE, A+ FDR Forensic Data Recovery Inc. About the Presenter Founding member of FDR in 2001 Responsible for the implementation of FDR

More information

EnCase v7 Essential Training. Sherif Eldeeb https://eldeeb.net

EnCase v7 Essential Training. Sherif Eldeeb https://eldeeb.net هللامسب EnCase v7 Essential Training What s in this course Explore the most notable features of the new version. Everything you need to know about EnCase v7 to conduct basic investigations. Create Cases

More information

Unit A451: Computer systems and programming. Section 3: Software 1 Intro to software

Unit A451: Computer systems and programming. Section 3: Software 1 Intro to software Unit A451: Computer systems and programming Section 3: Software 1 Intro to software Section Objectives Candidates should be able to: (a) Understand the basic functions of an operating system (b) Explain

More information

AccessData. Triage. Quick Start Guide. Published: December 2011

AccessData. Triage. Quick Start Guide. Published: December 2011 AccessData Triage Quick Start Guide Published: December 2011 1 Legal Information 2011 AccessData Group, LLC All rights reserved. No part of this publication may be reproduced, photocopied, stored on a

More information

Restoring a Windows 8.1 system from complete HDD failure - drivesnapshot

Restoring a Windows 8.1 system from complete HDD failure - drivesnapshot Restoring a Windows 8.1 system from complete HDD failure - drivesnapshot Drivesnapshot is available at http://www.drivesnapshot.de/ http://www.drivesnapshot.de/en/down.htm is the download page. If you

More information

How to create a portable encrypted USB Key using TrueCrypt

How to create a portable encrypted USB Key using TrueCrypt How to create a portable encrypted USB Key using TrueCrypt INTRODUCTION TrueCrypt Traveler Mode provides secure encryption for programs/files on portable devices such as USB Memory keys. It uses strong

More information

OXYGEN FORENSICS OXYGEN FORENSIC KIT

OXYGEN FORENSICS OXYGEN FORENSIC KIT OXYGEN FORENSICS OXYGEN FORENSIC KIT Oxygen Forensic Kit the complete out-of-the-box solution Oxygen Forensic Kit is the Complete Solution! The tool you need to quickly start collecting and analyzing mobile

More information

Live System Forensics

Live System Forensics Live System Forensics By: Tim Fernalld & Colby Lahaie Patrick Leahy Center for Digital Investigation Champlain College 2/22/12 Contents Contents... 1 1 Introduction... 2 1.1 Research Statement... 2 1.2

More information

Windows 8 Hacks O'REILLY* Preston Gralla. Beijing. Cambridge Famham. Koln Sebastopol Tokyo

Windows 8 Hacks O'REILLY* Preston Gralla. Beijing. Cambridge Famham. Koln Sebastopol Tokyo Windows 8 Hacks Preston Gralla Beijing Cambridge Famham O'REILLY* Koln Sebastopol Tokyo Table of Contents Preface vii 1. Setup and Startup Hacks 1 Hack 01. Disable Windows 8's Lock Screen 1 Hack 02. Hack

More information

Table of Contents. Introduction to MSAB Training Department... 01. Training Services Overview... 02. XRY Certification training...

Table of Contents. Introduction to MSAB Training Department... 01. Training Services Overview... 02. XRY Certification training... Training Courses Table of Contents Introduction to MSAB Training Department... 01 Training Services Overview... 02 XRY Certification training... 03 XRY Intermediate training... 04 Advanced Acquisition

More information

Of the programs offered by IACIS, the Basic Computer Forensic Examiner (BCFE) Training Program is at the forefront.

Of the programs offered by IACIS, the Basic Computer Forensic Examiner (BCFE) Training Program is at the forefront. BCFE 2015 BASIC Certified Examiner Training Program Program Description and Syllabus Contents A. Program Overview B. Prerequisites C. Automated Tools, Hardware, and Software D. Required Equipment and Supplies

More information

Practical Methods for Dealing with Full Disk Encryption. Jesse Kornblum

Practical Methods for Dealing with Full Disk Encryption. Jesse Kornblum C Y B E R S E C T O R Practical Methods for Dealing with Full Disk Encryption Jesse Kornblum Outline Introduction Types of Targets Finding Keys Tool Marks Example - BitLocker BitLocker Weakness Conclusion

More information

Paraben s DS 7.x. Comprehensive Mobile Device Support

Paraben s DS 7.x. Comprehensive Mobile Device Support Paraben s DS 7.x Comprehensive Mobile Device Support Paraben s DS 7.x is designed to acquire devices both logically and physically all within a single tool and single case. DS has support for not only

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

A Short Introduction to Digital and File System Forensics

A Short Introduction to Digital and File System Forensics Antonio Barili Lab Dept. of Industrial and Information Engineering University of Pavia (Italy) antonio.barili@unipv.it Every contact leaves a trace Culprit Scene Victim Edmond Locard (1877-1966) 2015 -

More information

Course Descriptions for Focused Learning Classes

Course Descriptions for Focused Learning Classes Course Descriptions for Focused Learning Classes Excel Word PowerPoint Access Outlook Adobe Visio Publisher FrontPage Dreamweaver EXCEL Classes Excel Pivot Tables 2 hours Understanding Pivot Tables Examining

More information

https://agency.governmentjobs.com/dakota/job_bulletin.cfm?jobid=1017820

https://agency.governmentjobs.com/dakota/job_bulletin.cfm?jobid=1017820 Page 1 of 5 DAKOTA COUNTY Employee Relations Administration Center, 1590 Highway 55 Hastings, MN 55033-2372 651.438.4435 http://www.dakotacounty.us INVITES APPLICATIONS FOR THE POSITION OF: Electronic

More information