Impact of Digital Forensics Training on Computer Incident Response Techniques
|
|
- Byron Little
- 8 years ago
- Views:
Transcription
1 Impact of Digital Forensics Training on Computer Incident Response Techniques Valorie J. King, PhD Collegiate Associate Professor University of Maryland University College Presentation to AFCEA June 25, 2014
2 Introduction Valorie J. King, PhD Cybersecurity / Information Assurance Program at UMUC Course Chair Cybersecurity Courses Digital Forensics Courses
3 Synopsis This scenario driven case will start with a review of the handling of an actual computer incident for a mission critical system that had a required Mean Time To Restart of five minutes. The presenter will then conduct a walk through of incident response techniques using digital forensics methods and tools for a similar but hypothetical incident. Throughout the demonstration, the presenter will highlight critical points where an incident responder s actions could adversely impact the identification, extraction, preservation, and interpretation of digital information during a computer incident response investigation.
4 The System Secure Environment / Classified Mission Real-time Operating System Custom Software w/ OS modifications Hot Swap Computers (A & B) Operator Console Disk Farm (300 MB per hard drive) High Speed Custom Processing Hardware Installed in computer back plane
5 The Incident Actually, a series of incidents having increasing frequency over a 12 month period My involvement Began approximately 6 months after first incident Onsite Support Engineer (Software) Initial tasking write SW to recover data from hard disk(s) after system crash Impossible to complete due to software architecture (register pointer to linked list overwritten by HW interrupt vector)
6 The Investigation Phase I Read Custom Software (Code & Design Documents) Analyze Memory Dump Tapes Search for evidence of causation Phase II (permission was very hard to get!) Analyze Operator and Maintenance Documentation Observe Operations from OPS Floor Phase III Implemented new Incident Response Procedures Analyze Operator Captured Register Values & PC
7 Incident Response Procedure New Incident Response Procedure Written by SW Engineer Operations resisted additional record keeping requirements Additional Information in Operator Log Reports Date/Time of HW Maintenance Date/Time of Incidents + System ID (A or B) Document Control # for Dump Tape Added later: HALT address (PC) & Register Values
8 Analysis of Incident Reports Patterns / Trends: none found UNTIL operators started recording Register Values at time of halt (obtained through front panel) Eureka Moment: Register Values including PC were static Halt location was inside memory allocated to Hardware Interrupt Driver for operator console Error causing halt: Keyboard input error
9 The Causes Operator Console ADM-3a terminal device Integrated Display & Keyboard Serial Device Incorrect Error Handling Custom Driver Software SW Engineer coded in a halt instead of ignoring the error
10 The Culprits Software Engineers Hardware Operators
11 The Outcome(s) Halt instruction replaced with return from interrupt No attribution / responsibility could be assigned (despite the coder s name being present in the comments for the HALT code). Operators unhappy at blame for food caused hardware failure. Bottom Line: Unhappy customer, Unhappy managers
12 The What If? What if the halt instruction had been deliberately placed in the code? Forensic Issues Loose configuration control on software Inconsistent recording of site info (operator logs) No chain of custody on dump tapes (evidence) No forensic training for incident responders
13 What have we learned about Incident Response? FAST FORWARD 30+ YEARS
14 We do things differently now
15 Educating Incident Responders apply rules and guidelines as they pertain to the acquisition, handling, and storage of digital artifacts establish a digital forensic workstation for the purpose of collecting and analyzing data select and apply the most appropriate methodology to extract data based on circumstances and reassemble artifacts from data fragments analyze and interpret data collected and report outcomes in accordance with incident response handling guidelines
16 Hands-on Project Scenario Key employee resigned unexpectedly (by voic ) Contract with security incident reporting clauses & requirements Resignation of key personnel is a reportable security incident
17 Hands-on Project Scenario Initial Investigation Office search turned up one USB Employee s company laptop -- missing Employee s workstation -- missing sent to IT service center earlier in the week to be wiped and reimaged due to infection by a particularly nasty rootkit Phase I: Threshold Assessment of USB Phase II: Full Assessment of files from workstation
18 Hands-On Incident Response Project Forensic Images provided to students USB from employee s office Windows 7 Workstation Files from IT Service Center s Backup/Restore (USB) User Profile (Folders & Files) Internet Explorer Cache Files (saved as text and as eml) Documents Zip Archives User Registry Files
19 Chain of Custody
20 Sample Chain of Custody
21 Forensic Tools Encase Forensic Toolkit FTK FTK Image Password Recovery Toolkit (PRTK) Registry Viewer WinHex (Specialist)
22 Forensic Tools
23 Forensic Tools
24 Basic Analysis Techniques
25 Basic Analysis Techniques Examine deleted files & folders
26 Analysis Techniques Indicator that Linux was used to delete folders & files
27 Analysis Techniques
28 Contraband Found
29 User Profile Analysis
30 Short Cut Files (System Usage)
31 Short Cut Files (System Usage)
32 Registry Analysis (System Usage)
33 Registry Entries = Attribution (?)
34 Registry Keys hold Internet Usage Information
35 Registry Keys (Internet Traces)
36 Registry = When (?)
37 Keyword Searching (WinHex)
38 Keyword Search Results
39 Deeper Analysis
40 Deeper Analysis
41 Deeper Analysis
42 Deeper Analysis
43 Exporting to Excel for Analysis
44 WHO DID WHAT TO WHOM?
45 Presumption of Innocence Attribution is difficult to prove An account login does not establish responsibility Insider Threat External Threat Data can be faked Inconsistencies are important cues / clues
46 Finding Inconsistencies Anomalies Analysis What should NOT be in the files Meta data for versions / dates that do not fit the timeline Fonts that do not belong Timeline Analysis NTFS Logical Sequence Numbers Files created on HD after last shutdown
47 SUMMARY
48 Incident Response Timelines Procedures Methods Personnel Tools
49 Bottom Line If you do not collect the forensic image at the time of the incident, you will not have reliable and trustworthy data for later analysis and determination of who did what to whom. If you do not have trained personnel with access to appropriate tools, the after-action review will not have the data necessary to make informed decisions and respond appropriately to threats. Presumption of Innocence is not optional.
Incident Response and Computer Forensics
Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident
More informationAccessData. Triage. Quick Start Guide. Published: December 2011
AccessData Triage Quick Start Guide Published: December 2011 1 Legal Information 2011 AccessData Group, LLC All rights reserved. No part of this publication may be reproduced, photocopied, stored on a
More informationDIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,
DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia
More informationDigital Forensic Techniques
Digital Forensic Techniques Namrata Choudhury, Sr. Principal Information Security Analyst, Symantec Corporation Professional Techniques T23 CRISC CGEIT CISM CISA AGENDA Computer Forensics vs. Digital Forensics
More informationDigital Forensics. Tom Pigg Executive Director Tennessee CSEC
Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze
More informationEnCase v7 Essential Training. Sherif Eldeeb https://eldeeb.net
هللامسب EnCase v7 Essential Training What s in this course Explore the most notable features of the new version. Everything you need to know about EnCase v7 to conduct basic investigations. Create Cases
More informationDigital Forensics Tutorials Acquiring an Image with FTK Imager
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
More informationPractice Exercise March 7, 2016
DIGITAL FORENSICS Practice Exercise March 7, 2016 Prepared by Leidos CyberPatriot Forensics Challenge 1 Forensics Instruction Guide Introduction The goal of this event is to learn to identify key factors
More informationRECOVERING FROM SHAMOON
Executive Summary Fidelis Threat Advisory #1007 RECOVERING FROM SHAMOON November 1, 2012 Document Status: FINAL Last Revised: 2012-11-01 The Shamoon malware has received considerable coverage in the past
More informationCOMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)
COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching
More informationFORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres
FORENSIC ANALYSIS OF USB MEDIA EVIDENCE Jesús Alexander García Luis Alejandro Franco Juan David Urrea Carlos Alfonso Torres Manuel Fernando Gutiérrez UPB 2012 Content INTRODUCTION... 3 OBJECTIVE 4 EVIDENCE
More informationChapter 11 File and Disk Maintenance
Chapter 11 File and Disk Maintenance Detecting and Repairing Disk Errors with Check Disk Physical hard drive problems wear and tear on hard disk. Minimize problem and conserve power with Power Management
More informationLecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation
Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene
More informationDetermining VHD s in Windows 7 Dustin Hurlbut
Introduction Windows 7 has the ability to create and mount virtual machines based upon launching a single file. The Virtual Hard Disk (VHD) format permits creation of virtual drives that can be used for
More informationMicrosoft Diagnostics and Recovery Toolset 7 Evaluation Guide
Microsoft Diagnostics and Recovery Toolset 7 Evaluation Guide White Paper Descriptor This document provides administrators with information and steps-by-step technique for deploying Microsoft Diagnostics
More informationTiburon Master Support Agreement Exhibit 6 Back Up Schedule & Procedures. General Notes on Backups
General Notes on Backups This document describes the procedures to backup the minimum set of files required to recover application and/or data files in the event of a hardware failure or data loss. These
More informationForensically Determining the Presence and Use of Virtual Machines in Windows 7
Forensically Determining the Presence and Use of Virtual Machines in Windows 7 Introduction Dustin Hurlbut Windows 7 has the ability to create and mount virtual machines based upon launching a single file.
More informationLegal Notices. AccessData Corp.
Legal Notices AccessData Corp. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability
More informationIBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a)
IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a) User s Reference Guide Internal IBM Use Only This document only applies to the software version listed above and information provided may not
More informationComputer Forensic Capabilities
Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,
More informationENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING
ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING MODULE A INTRODUCTION TO COMPUTER FORENSICS AND NVESTIGATIONS A1.0 Explain concepts related to computer forensics. A1.1 This module is measured
More informationProf. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece
Prof. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece University of Piraeus, Greece Department of Digital Systems System Security Laboratory founded
More informationSetting Up the EntraPass Mirror Database and Redundant Server
Setting Up the EntraPass Mirror Database and Redundant Server The purpose of this document is to help EntraPass system installers and administrators define and install the Mirror Database and Redundant
More informationCertified Digital Forensics Examiner
Cyber Security Training & Consulting Certified Digital COURSE OVERVIEW 5 Days 40 CPE Credits $3,000 Digital is the investigation and recovery of data contained in digital devices. This data is often the
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student
More informationITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT
ITU Session Four: Device Imaging And Analysis Mounir Kamal Q-CERT 2 Applying Forensic Science to Computer Systems Like a Detective, the archaeologist searches for clues in order to discover and reconstruct
More informationMSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1
MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:
More informationComputer Hacking Forensic Investigator v8
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer
More informationParaben s P2C 4.1. Release Notes
Paraben s P2C 4.1 Release Notes Welcome to Paraben s P2C 4.1! Paraben's P2C is a comprehensive digital forensic analysis tool designed to handle more data, more efficiently while keeping to Paraben's P2
More informationUser Manual. Copyright Rogev LTD
User Manual Copyright Rogev LTD Introduction Thank you for choosing FIXER1. This User's Guide is provided to you to familiar yourself with the program. You can find a complete list of all the program's
More informationJust EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012
Just EnCase Presented By Larry Russell CalCPA State Technology Committee May 18, 2012 What is e-discovery Electronically Stored Information (ESI) Discover or Monitor for Fraudulent Activity Tools used
More informationMicrosoft Vista: Serious Challenges for Digital Investigations
Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 2 nd, 2008 Microsoft Vista: Serious Challenges for Digital Investigations Darren R. Hayes and Shareq Qureshi Seidenberg School of
More informationUser Guide. Laplink Software, Inc. Laplink DiskImage 7 Professional. User Guide. UG-DiskImagePro-EN-7 (REV. 5/2013)
1 Laplink DiskImage 7 Professional Laplink Software, Inc. Customer Service/Technical Support: Web: http://www.laplink.com/contact E-mail: CustomerService@laplink.com Laplink Software, Inc. 600 108th Ave.
More informationCrash Proof - Data Loss Prevention
Crash Proof - Data Loss Prevention Software Crash Proof - Data Loss Prevention Crash Proof is data loss prevention software which once installed revives 100% data in the event of a data loss situation.
More informationA+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems
A+ Guide to Managing and Maintaining Your PC, 7e Chapter 16 Fixing Windows Problems Objectives Learn what to do when a hardware device, application, or Windows component gives a problem Learn what to do
More informationDigital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic
I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis
More informationIT Essentials v4.1 LI 11.4.5 Upgrade and configure storage devices and hard drives. IT Essentials v4.1 LI 12.1.3 Windows OS directory structures
IT Essentials v4.1 LI 11.4.5 Upgrade and configure storage devices and hard drives 2.3 Disk management tools In Windows Vista and Windows 7, use the following path: Start > Start Search > type diskmgmt.msc
More informationHotelTV. Client Software Update REV A0.10 D0255. 2014 October. Web : http://support.vestek.com.tr Mail : support@vestek.com.tr Tel : +90 212 286 01 06
D0255 HotelTV Client Software Update 2014 October 1. Revision History Date Owner Version Reason & Change 11 Oct 2011 Bora Tunçer A0.1 Initial creation 24 Jan 2012 Bora Tunçer A0.2 Adding bootloader update
More informationSurvey of the Operating Landscape Investigating Incidents in the Cloud
Survey of the Operating Landscape Investigating Incidents in the Cloud SESSION ID: CSV-T09 Paul A. Henry Security & Forensics Analyst vnet Security, LLC @phenrycissp Jacob Williams Chief Scientist CSRgroup
More informationOperating Systems Forensics
Operating Systems Forensics Section II. Basic Forensic Techniques and Tools CSF: Forensics Cyber-Security MSIDC, Spring 2015 Nuno Santos Summary! Windows boot sequence! Relevant Windows data structures!
More informationTechnical Support Bulletin 1
Technical Support Bulletin 1 Windows 2000 and Windows XP Computer Systems SUBJECT: Troubleshooting Computer Systems Scope February 22, 2006 Troubleshooting Computer System problems on Windows 2000 and
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationUSM IT Security Council Guide for Security Event Logging. Version 1.1
USM IT Security Council Guide for Security Event Logging Version 1.1 23 November 2010 1. General As outlined in the USM Security Guidelines, sections IV.3 and IV.4: IV.3. Institutions must maintain appropriate
More informationComputer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065
Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation
More informationEkran System Help File
Ekran System Help File Table of Contents About... 9 What s New... 10 System Requirements... 11 Updating Ekran to version 4.1... 13 Program Structure... 14 Getting Started... 15 Deployment Process... 15
More informationServer & Workstation Installation of Client Profiles for Windows
C ase Manag e m e n t by C l i e n t P rofiles Server & Workstation Installation of Client Profiles for Windows T E C H N O L O G Y F O R T H E B U S I N E S S O F L A W General Notes to Prepare for Installing
More informationGuide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 4 Current Computer Forensics Tools Objectives Understand how to identify needs for computer forensics tools Evaluate the requirements
More informationIncident Response and Forensics
Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer
More information25 Backup and Restoring of the Database
25 Backup and Restoring of the Database Introduction 4D includes a full database backup and restore module. This module allows backing up a database currently in use without having to exit it. Each backup
More informationGuidelines on Digital Forensic Procedures for OLAF Staff
Ref. Ares(2013)3769761-19/12/2013 Guidelines on Digital Forensic Procedures for OLAF Staff 1 January 2014 Introduction The OLAF Guidelines on Digital Forensic Procedures are internal rules which are to
More informationPractical Application How to Use a Flash Drive
Practical Application How to Use a Flash Drive Practical application How to Use a Flash Drive Page 1 of 6 About this Practical Application Prerequisite Skills To use this Application you will need be comfortable
More informationDigital Forensics, ediscovery and Electronic Evidence
Digital Forensics, ediscovery and Electronic Evidence By Digital Forensics What Is It? Forensics is the use of science and technology to investigate and establish facts in a court of law. Digital forensics
More informationAcronis Backup & Recovery 11
Acronis Backup & Recovery 11 Quick Start Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows Workstation
More informationCharter Business Desktop Security Administrator's Guide
Charter Business Desktop Security Administrator's Guide Table of Contents Chapter 1: Introduction... 4 Chapter 2: Getting Started... 5 Creating a new user... 6 Recovering and changing your password...
More informationFile System Management
Lecture 7: Storage Management File System Management Contents Non volatile memory Tape, HDD, SSD Files & File System Interface Directories & their Organization File System Implementation Disk Space Allocation
More informationInformation. Product update Recovery. Asset manager. Set console address Create recovery point. Client properties
SysReturn works from PC to control all remote Client PCs through LAN or even WAN and perform instant recovery and hard disk backup. SysReturn is a two-in-one product providing system recovery and hard
More informationVMware Mirage Web Manager Guide
Mirage 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationREMOTE BACKUP-WHY SO VITAL?
REMOTE BACKUP-WHY SO VITAL? Any time your company s data or applications become unavailable due to system failure or other disaster, this can quickly translate into lost revenue for your business. Remote
More informationThe Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices
The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations
More informationHow To Do Digital Forensics
Enterprise Risk Management Miami, FL Digital Forensics Risk Management and Information Systems Security Consulting Services January 2011 UMiami alumnus Bachelors: Information Systems and Marketing MS Computer
More informationChange Color for Export from Light Green to Orange when it Completes with Errors (31297)
ediscovery 5.3.1 Service Pack 8 Release Notes Document Date: July 6, 2015 2015 AccessData Group, Inc. All Rights Reserved Introduction This document lists the issues addressed by this release. All known
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationSecurity Intelligence Services. Cybersecurity training. www.kaspersky.com
Kaspersky Security Intelligence Services. Cybersecurity training www.kaspersky.com CYBERSECURITY TRAINING Leverage Kaspersky Lab s cybersecurity knowledge, experience and intelligence through these innovative
More informationCrashPlan PRO Enterprise Backup
CrashPlan PRO Enterprise Backup People Friendly, Enterprise Tough CrashPlan PRO is a high performance, cross-platform backup solution that provides continuous protection onsite, offsite, and online for
More informationRES ONE Automation 2015 Task Overview
RES ONE Automation 2015 Task Overview Task Overview RES ONE Automation 2015 Configuration Tasks The library Configuration contains Tasks that relate to the configuration of a computer, such as applying
More informationLand Information New Zealand (LINZ) SALT Database. Migration from original hardware to virtualised hardware: Process Documentation
Land Information New Zealand (LINZ) SALT Database Migration from original hardware to virtualised hardware: Process Documentation Contents Migration from original hardware to virtualised hardware: Process
More informationUSB 2.0 Flash Drive User Manual
USB 2.0 Flash Drive User Manual 1 INDEX Table of Contents Page 1. IMPORTANT NOTICES...3 2. PRODUCT INTRODUCTION...4 3. PRODUCT FEATURES...5 4. DRIVER INSTALLATION GUIDE...6 4.1 WINDOWS 98 / 98 SE... 6
More information1. Product Information
ORIXCLOUD BACKUP CLIENT USER MANUAL LINUX 1. Product Information Product: Orixcloud Backup Client for Linux Version: 4.1.7 1.1 System Requirements Linux (RedHat, SuSE, Debian and Debian based systems such
More informationDesktop Application Virtualization and Application Streaming: Function and Security Benefits
Desktop Application Virtualization and Application Streaming: Function and Security Benefits Tom Olzak August 2007 Current security issues caused by an increasing number of threats, application vulnerabilities,
More informationOnline Backup Solution with Disaster Recovery
Online Backup Solution with Disaster Recovery Backup Replacement - Online For Businesses looking for Consistent, Reliable and Offsite Backup, with Minimal Data loss, Generational Management and Disaster
More informationOnline Backup Client User Manual Linux
Online Backup Client User Manual Linux 1. Product Information Product: Online Backup Client for Linux Version: 4.1.7 1.1 System Requirements Operating System Linux (RedHat, SuSE, Debian and Debian based
More informationEaseUS Partition Master
Reviewer s Guide Contents Introduction... 2 Chapter 1... 3 What is EaseUS Partition Master?... 3 Versions Comparison... 4 Chapter 2... 5 Using EaseUS Partition Master... 5 Partition Manager... 5 Disk &
More informationDriver Updater Manual
Driver Updater Manual Keep your drivers up-to-date! Improve your system performance and stability by keeping your drivers updated. Automatically find, update and fix the drivers on your computer and turn
More informationPart 3 070-210. Answer: D
Part 3 QUESTION 101 You are the administrator of your company's network. A user named Tom in the Art department wants to update his Windows 2000 Professional computer so that he can view graphics at the
More informationDacorum U3A Computer Support Group. Friday 27th March 2015
Dacorum U3A Computer Support Group Archiving and Backup for Windows PC's. This will include local backup to HD, USB Memory, NAS and Cloud storage. Friday 27th March 2015 Agenda Discussion about format
More informationAcronis Backup & Recovery 10 Server for Windows. Installation Guide
Acronis Backup & Recovery 10 Server for Windows Installation Guide Table of Contents 1. Installation of Acronis Backup & Recovery 10... 3 1.1. Acronis Backup & Recovery 10 components... 3 1.1.1. Agent
More informationManaging and Monitoring Windows 7 Performance Lesson 8
Managing and Monitoring Windows 7 Performance Lesson 8 Objectives Configure Windows Updates with Windows Update Client and WSUS Monitor Windows Performance using Event Viewer, Performance Information and
More informationCYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad.
CYBER FORENSICS KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad. 11 DIGITAL EVIDENCE? Cyber crimes Digital evidence Digital evidence is any information of
More informationCOEN 152 / 252 Lab Exercise 1. Imaging, Hex Editors & File Types
COEN 152 / 252 Lab Exercise 1 Imaging, Hex Editors & File Types In this lab we will explore the concepts associated with creating a forensic image. Write-blocking will be accomplished utilizing a mounted
More informationCustomer Release Notes for Xerox Integrated Fiery Color Server for the Xerox Color C75 Press, version 1.0
Customer Release Notes for Xerox Integrated Fiery Color Server for the Xerox Color C75 Press, version 1.0 This document contains important information about this release. Be sure to provide this information
More informationAcronis True Image 2015 REVIEWERS GUIDE
Acronis True Image 2015 REVIEWERS GUIDE Table of Contents INTRODUCTION... 3 What is Acronis True Image 2015?... 3 System Requirements... 4 INSTALLATION... 5 Downloading and Installing Acronis True Image
More informationComputer Forensics. Securing and Analysing Digital Information
Computer Forensics Securing and Analysing Digital Information Aims What is a computer? Where is the evidence? Why is digital forensics important? Seizing evidence Encryption Hidden files and folders Live
More informationCERTIFIED DIGITAL FORENSICS EXAMINER
CERTIFIED DIGITAL FORENSICS EXAMINER KEY DATA Course Title: C)DFE Duration: 5 days CPE Credits: 40 Class Format Options: Instructor-led classroom Live Online Training Computer Based Training Who Should
More informationWhere is computer forensics used?
What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic
More informationMFR IT Technical Guides
MFR IT Technical Guides Windows 7 Backup and Recovery Page 1 of 33 Table of Contents 1 Glossary... 3 2 Backup Strategy... 4 3 Windows Backup Options... 5 3.1 Windows Backup... 5 3.2 Windows System Image
More informationSpyware Doctor Enterprise Technical Data Sheet
Spyware Doctor Enterprise Technical Data Sheet The Best of Breed Anti-Spyware Solution for Businesses Spyware Doctor Enterprise builds on the strength of the industry-leading and multi award-winning Spyware
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationRecoveryVault Express Client User Manual
For Linux distributions Software version 4.1.7 Version 2.0 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by
More informationMoxa Device Manager 2.0 User s Guide
First Edition, March 2009 www.moxa.com/product 2009 Moxa Inc. All rights reserved. Reproduction without permission is prohibited. Moxa Device Manager 2.0 User Guide The software described in this manual
More informationChapter 2 Array Configuration [SATA Setup Utility] This chapter explains array configurations using this array controller.
Embedded MegaRAID SATA User's Guide Areas Covered Before Reading This Manual This section explains the notes for your safety and conventions used in this manual. Chapter 1 Overview This chapter introduces
More informationPrerequisites and Configuration Guide
Prerequisites and Configuration Guide Informatica Support Console (Version 2.0) Table of Contents Chapter 1: Overview.................................................... 2 Chapter 2: Minimum System Requirements.................................
More informationAlternate Data Streams in Forensic Investigations of File Systems Backups
Alternate Data Streams in Forensic Investigations of File Systems Backups Derek Bem and Ewa Z. Huebner School of Computing and Mathematics University of Western Sydney d.bem@cit.uws.edu.au and e.huebner@cit.uws.edu.au
More informationMaking the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION
Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION MOST OF THE IMPORTANT DATA LOSS VECTORS DEPEND ON COPYING files in order to compromise
More informationesxreplicator Contents
esxreplicator Contents esxreplicator... 2 Release Notes... 2 Known Issues with this Release... 2 About esxreplicator... 4 Purpose... 4 What is meant by real-time?... 5 Can I Replicate Over a WAN Connection?...
More informationWithout a Trace: Forensic Secrets for Windows Servers. BlackHat Windows 2004. Presented by Mark Burnett and James C. Foster
Without a Trace: Forensic Secrets for Windows Servers BlackHat Windows 2004 Presented by Mark Burnett and James C. Foster Agenda Introduction Server Time Settings File Changes Tool Demo: Logz Recreating
More informationManage the Endpoints. Palo Alto Networks. Advanced Endpoint Protection Administrator s Guide Version 3.1. Copyright 2007-2015 Palo Alto Networks
Manage the Endpoints Palo Alto Networks Advanced Endpoint Protection Administrator s Guide Version 3.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara,
More informationIT Disaster Recovery Plan Template
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
More informationCHAD TILBURY. chad@forensicmethods.com. http://forensicmethods.com @chadtilbury
CHAD TILBURY chad@forensicmethods.com 0 Former: Special Agent with US Air Force Office of Special Investigations 0 Current: Incident Response and Computer Forensics Consultant 0 Over 12 years in the trenches
More information