Impact of Digital Forensics Training on Computer Incident Response Techniques

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Impact of Digital Forensics Training on Computer Incident Response Techniques"

Transcription

1 Impact of Digital Forensics Training on Computer Incident Response Techniques Valorie J. King, PhD Collegiate Associate Professor University of Maryland University College Presentation to AFCEA June 25, 2014

2 Introduction Valorie J. King, PhD Cybersecurity / Information Assurance Program at UMUC Course Chair Cybersecurity Courses Digital Forensics Courses

3 Synopsis This scenario driven case will start with a review of the handling of an actual computer incident for a mission critical system that had a required Mean Time To Restart of five minutes. The presenter will then conduct a walk through of incident response techniques using digital forensics methods and tools for a similar but hypothetical incident. Throughout the demonstration, the presenter will highlight critical points where an incident responder s actions could adversely impact the identification, extraction, preservation, and interpretation of digital information during a computer incident response investigation.

4 The System Secure Environment / Classified Mission Real-time Operating System Custom Software w/ OS modifications Hot Swap Computers (A & B) Operator Console Disk Farm (300 MB per hard drive) High Speed Custom Processing Hardware Installed in computer back plane

5 The Incident Actually, a series of incidents having increasing frequency over a 12 month period My involvement Began approximately 6 months after first incident Onsite Support Engineer (Software) Initial tasking write SW to recover data from hard disk(s) after system crash Impossible to complete due to software architecture (register pointer to linked list overwritten by HW interrupt vector)

6 The Investigation Phase I Read Custom Software (Code & Design Documents) Analyze Memory Dump Tapes Search for evidence of causation Phase II (permission was very hard to get!) Analyze Operator and Maintenance Documentation Observe Operations from OPS Floor Phase III Implemented new Incident Response Procedures Analyze Operator Captured Register Values & PC

7 Incident Response Procedure New Incident Response Procedure Written by SW Engineer Operations resisted additional record keeping requirements Additional Information in Operator Log Reports Date/Time of HW Maintenance Date/Time of Incidents + System ID (A or B) Document Control # for Dump Tape Added later: HALT address (PC) & Register Values

8 Analysis of Incident Reports Patterns / Trends: none found UNTIL operators started recording Register Values at time of halt (obtained through front panel) Eureka Moment: Register Values including PC were static Halt location was inside memory allocated to Hardware Interrupt Driver for operator console Error causing halt: Keyboard input error

9 The Causes Operator Console ADM-3a terminal device Integrated Display & Keyboard Serial Device Incorrect Error Handling Custom Driver Software SW Engineer coded in a halt instead of ignoring the error

10 The Culprits Software Engineers Hardware Operators

11 The Outcome(s) Halt instruction replaced with return from interrupt No attribution / responsibility could be assigned (despite the coder s name being present in the comments for the HALT code). Operators unhappy at blame for food caused hardware failure. Bottom Line: Unhappy customer, Unhappy managers

12 The What If? What if the halt instruction had been deliberately placed in the code? Forensic Issues Loose configuration control on software Inconsistent recording of site info (operator logs) No chain of custody on dump tapes (evidence) No forensic training for incident responders

13 What have we learned about Incident Response? FAST FORWARD 30+ YEARS

14 We do things differently now

15 Educating Incident Responders apply rules and guidelines as they pertain to the acquisition, handling, and storage of digital artifacts establish a digital forensic workstation for the purpose of collecting and analyzing data select and apply the most appropriate methodology to extract data based on circumstances and reassemble artifacts from data fragments analyze and interpret data collected and report outcomes in accordance with incident response handling guidelines

16 Hands-on Project Scenario Key employee resigned unexpectedly (by voic ) Contract with security incident reporting clauses & requirements Resignation of key personnel is a reportable security incident

17 Hands-on Project Scenario Initial Investigation Office search turned up one USB Employee s company laptop -- missing Employee s workstation -- missing sent to IT service center earlier in the week to be wiped and reimaged due to infection by a particularly nasty rootkit Phase I: Threshold Assessment of USB Phase II: Full Assessment of files from workstation

18 Hands-On Incident Response Project Forensic Images provided to students USB from employee s office Windows 7 Workstation Files from IT Service Center s Backup/Restore (USB) User Profile (Folders & Files) Internet Explorer Cache Files (saved as text and as eml) Documents Zip Archives User Registry Files

19 Chain of Custody

20 Sample Chain of Custody

21 Forensic Tools Encase Forensic Toolkit FTK FTK Image Password Recovery Toolkit (PRTK) Registry Viewer WinHex (Specialist)

22 Forensic Tools

23 Forensic Tools

24 Basic Analysis Techniques

25 Basic Analysis Techniques Examine deleted files & folders

26 Analysis Techniques Indicator that Linux was used to delete folders & files

27 Analysis Techniques

28 Contraband Found

29 User Profile Analysis

30 Short Cut Files (System Usage)

31 Short Cut Files (System Usage)

32 Registry Analysis (System Usage)

33 Registry Entries = Attribution (?)

34 Registry Keys hold Internet Usage Information

35 Registry Keys (Internet Traces)

36 Registry = When (?)

37 Keyword Searching (WinHex)

38 Keyword Search Results

39 Deeper Analysis

40 Deeper Analysis

41 Deeper Analysis

42 Deeper Analysis

43 Exporting to Excel for Analysis

44 WHO DID WHAT TO WHOM?

45 Presumption of Innocence Attribution is difficult to prove An account login does not establish responsibility Insider Threat External Threat Data can be faked Inconsistencies are important cues / clues

46 Finding Inconsistencies Anomalies Analysis What should NOT be in the files Meta data for versions / dates that do not fit the timeline Fonts that do not belong Timeline Analysis NTFS Logical Sequence Numbers Files created on HD after last shutdown

47 SUMMARY

48 Incident Response Timelines Procedures Methods Personnel Tools

49 Bottom Line If you do not collect the forensic image at the time of the incident, you will not have reliable and trustworthy data for later analysis and determination of who did what to whom. If you do not have trained personnel with access to appropriate tools, the after-action review will not have the data necessary to make informed decisions and respond appropriately to threats. Presumption of Innocence is not optional.

Incident Response and Computer Forensics

Incident Response and Computer Forensics Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident

More information

AccessData. Triage. Quick Start Guide. Published: December 2011

AccessData. Triage. Quick Start Guide. Published: December 2011 AccessData Triage Quick Start Guide Published: December 2011 1 Legal Information 2011 AccessData Group, LLC All rights reserved. No part of this publication may be reproduced, photocopied, stored on a

More information

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze

More information

Digital Forensic Techniques

Digital Forensic Techniques Digital Forensic Techniques Namrata Choudhury, Sr. Principal Information Security Analyst, Symantec Corporation Professional Techniques T23 CRISC CGEIT CISM CISA AGENDA Computer Forensics vs. Digital Forensics

More information

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević, DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia

More information

RECOVERING FROM SHAMOON

RECOVERING FROM SHAMOON Executive Summary Fidelis Threat Advisory #1007 RECOVERING FROM SHAMOON November 1, 2012 Document Status: FINAL Last Revised: 2012-11-01 The Shamoon malware has received considerable coverage in the past

More information

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Digital Forensics Tutorials Acquiring an Image with FTK Imager Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,

More information

EnCase v7 Essential Training. Sherif Eldeeb https://eldeeb.net

EnCase v7 Essential Training. Sherif Eldeeb https://eldeeb.net هللامسب EnCase v7 Essential Training What s in this course Explore the most notable features of the new version. Everything you need to know about EnCase v7 to conduct basic investigations. Create Cases

More information

Determining VHD s in Windows 7 Dustin Hurlbut

Determining VHD s in Windows 7 Dustin Hurlbut Introduction Windows 7 has the ability to create and mount virtual machines based upon launching a single file. The Virtual Hard Disk (VHD) format permits creation of virtual drives that can be used for

More information

Setting Up the EntraPass Mirror Database and Redundant Server

Setting Up the EntraPass Mirror Database and Redundant Server Setting Up the EntraPass Mirror Database and Redundant Server The purpose of this document is to help EntraPass system installers and administrators define and install the Mirror Database and Redundant

More information

Legal Notices. AccessData Corp.

Legal Notices. AccessData Corp. Legal Notices AccessData Corp. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability

More information

Practice Exercise March 7, 2016

Practice Exercise March 7, 2016 DIGITAL FORENSICS Practice Exercise March 7, 2016 Prepared by Leidos CyberPatriot Forensics Challenge 1 Forensics Instruction Guide Introduction The goal of this event is to learn to identify key factors

More information

Forensically Determining the Presence and Use of Virtual Machines in Windows 7

Forensically Determining the Presence and Use of Virtual Machines in Windows 7 Forensically Determining the Presence and Use of Virtual Machines in Windows 7 Introduction Dustin Hurlbut Windows 7 has the ability to create and mount virtual machines based upon launching a single file.

More information

IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a)

IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a) IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a) User s Reference Guide Internal IBM Use Only This document only applies to the software version listed above and information provided may not

More information

Microsoft Diagnostics and Recovery Toolset 7 Evaluation Guide

Microsoft Diagnostics and Recovery Toolset 7 Evaluation Guide Microsoft Diagnostics and Recovery Toolset 7 Evaluation Guide White Paper Descriptor This document provides administrators with information and steps-by-step technique for deploying Microsoft Diagnostics

More information

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene

More information

Prof. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece

Prof. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece Prof. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece University of Piraeus, Greece Department of Digital Systems System Security Laboratory founded

More information

FORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres

FORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres FORENSIC ANALYSIS OF USB MEDIA EVIDENCE Jesús Alexander García Luis Alejandro Franco Juan David Urrea Carlos Alfonso Torres Manuel Fernando Gutiérrez UPB 2012 Content INTRODUCTION... 3 OBJECTIVE 4 EVIDENCE

More information

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING MODULE A INTRODUCTION TO COMPUTER FORENSICS AND NVESTIGATIONS A1.0 Explain concepts related to computer forensics. A1.1 This module is measured

More information

Crash Proof - Data Loss Prevention

Crash Proof - Data Loss Prevention Crash Proof - Data Loss Prevention Software Crash Proof - Data Loss Prevention Crash Proof is data loss prevention software which once installed revives 100% data in the event of a data loss situation.

More information

Digital Forensics Tutorials Viewing Image Contents in Windows

Digital Forensics Tutorials Viewing Image Contents in Windows Digital Forensics Tutorials Viewing Image Contents in Windows Explanation Section About Disk Analysis Once the proper steps have been taken to secure and verify the disk image, the actual contents of the

More information

Microsoft Vista: Serious Challenges for Digital Investigations

Microsoft Vista: Serious Challenges for Digital Investigations Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 2 nd, 2008 Microsoft Vista: Serious Challenges for Digital Investigations Darren R. Hayes and Shareq Qureshi Seidenberg School of

More information

IT Essentials v4.1 LI 11.4.5 Upgrade and configure storage devices and hard drives. IT Essentials v4.1 LI 12.1.3 Windows OS directory structures

IT Essentials v4.1 LI 11.4.5 Upgrade and configure storage devices and hard drives. IT Essentials v4.1 LI 12.1.3 Windows OS directory structures IT Essentials v4.1 LI 11.4.5 Upgrade and configure storage devices and hard drives 2.3 Disk management tools In Windows Vista and Windows 7, use the following path: Start > Start Search > type diskmgmt.msc

More information

TABLE OF CONTENTS CHAPTER TITLE PAGE

TABLE OF CONTENTS CHAPTER TITLE PAGE vii TABLE OF CONTENTS CHAPTER TITLE PAGE DECLARATION DEDICATION ACKNOWLEDGEMENTS ABSTRACT ABSTRAK TABLE OF CONTENTS LIST OF TABLES LIST OF FIGURES LIST OF ABBREVIATIONS ii iii iv v vi vii x xi xiv 1 PROJECT

More information

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching

More information

TPM. (Trusted Platform Module) Installation Guide V3.3.0. for Windows Vista

TPM. (Trusted Platform Module) Installation Guide V3.3.0. for Windows Vista TPM (Trusted Platform Module) Installation Guide V3.3.0 for Windows Vista Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM...

More information

Chapter 11 File and Disk Maintenance

Chapter 11 File and Disk Maintenance Chapter 11 File and Disk Maintenance Detecting and Repairing Disk Errors with Check Disk Physical hard drive problems wear and tear on hard disk. Minimize problem and conserve power with Power Management

More information

Information. Product update Recovery. Asset manager. Set console address Create recovery point. Client properties

Information. Product update Recovery. Asset manager. Set console address Create recovery point. Client properties SysReturn works from PC to control all remote Client PCs through LAN or even WAN and perform instant recovery and hard disk backup. SysReturn is a two-in-one product providing system recovery and hard

More information

Paraben s P2C 4.1. Release Notes

Paraben s P2C 4.1. Release Notes Paraben s P2C 4.1 Release Notes Welcome to Paraben s P2C 4.1! Paraben's P2C is a comprehensive digital forensic analysis tool designed to handle more data, more efficiently while keeping to Paraben's P2

More information

User Manual. Copyright Rogev LTD

User Manual. Copyright Rogev LTD User Manual Copyright Rogev LTD Introduction Thank you for choosing FIXER1. This User's Guide is provided to you to familiar yourself with the program. You can find a complete list of all the program's

More information

Digital Forensics Fundamentals

Digital Forensics Fundamentals Digital Forensics Fundamentals 1 P a g e Table of Contents 1. Overview of Digital Forensics... 3 2. Evaluation of Digital forensic tools... 5 2.1 Encase Digital forensic tool... 5 2.1.1 Benefits with Encase

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Cyber Security Training & Consulting Certified Digital COURSE OVERVIEW 5 Days 40 CPE Credits $3,000 Digital is the investigation and recovery of data contained in digital devices. This data is often the

More information

User Guide. Laplink Software, Inc. Laplink DiskImage 7 Professional. User Guide. UG-DiskImagePro-EN-7 (REV. 5/2013)

User Guide. Laplink Software, Inc. Laplink DiskImage 7 Professional. User Guide. UG-DiskImagePro-EN-7 (REV. 5/2013) 1 Laplink DiskImage 7 Professional Laplink Software, Inc. Customer Service/Technical Support: Web: http://www.laplink.com/contact E-mail: CustomerService@laplink.com Laplink Software, Inc. 600 108th Ave.

More information

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1 MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:

More information

Managing and Monitoring Windows 7 Performance Lesson 8

Managing and Monitoring Windows 7 Performance Lesson 8 Managing and Monitoring Windows 7 Performance Lesson 8 Objectives Configure Windows Updates with Windows Update Client and WSUS Monitor Windows Performance using Event Viewer, Performance Information and

More information

Enterprise Risk Management

Enterprise Risk Management Enterprise Risk Management Miami, FL Digital Forensics Risk Management and Information Systems Security Consulting Services January 2011 UMiami alumnus Bachelors: Information Systems and Marketing MS Computer

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student

More information

Computer Hacking Forensic Investigator v8

Computer Hacking Forensic Investigator v8 CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer

More information

Tiburon Master Support Agreement Exhibit 6 Back Up Schedule & Procedures. General Notes on Backups

Tiburon Master Support Agreement Exhibit 6 Back Up Schedule & Procedures. General Notes on Backups General Notes on Backups This document describes the procedures to backup the minimum set of files required to recover application and/or data files in the event of a hardware failure or data loss. These

More information

File System Management

File System Management Lecture 7: Storage Management File System Management Contents Non volatile memory Tape, HDD, SSD Files & File System Interface Directories & their Organization File System Implementation Disk Space Allocation

More information

Acronis Backup & Recovery 11

Acronis Backup & Recovery 11 Acronis Backup & Recovery 11 Quick Start Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows Workstation

More information

Change Color for Export from Light Green to Orange when it Completes with Errors (31297)

Change Color for Export from Light Green to Orange when it Completes with Errors (31297) ediscovery 5.3.1 Service Pack 8 Release Notes Document Date: July 6, 2015 2015 AccessData Group, Inc. All Rights Reserved Introduction This document lists the issues addressed by this release. All known

More information

VMware Mirage Web Manager Guide

VMware Mirage Web Manager Guide Mirage 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

Computer Forensic Capabilities

Computer Forensic Capabilities Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,

More information

Operating Systems Forensics

Operating Systems Forensics Operating Systems Forensics Section II. Basic Forensic Techniques and Tools CSF: Forensics Cyber-Security MSIDC, Spring 2015 Nuno Santos Summary! Windows boot sequence! Relevant Windows data structures!

More information

Charter Business Desktop Security Administrator's Guide

Charter Business Desktop Security Administrator's Guide Charter Business Desktop Security Administrator's Guide Table of Contents Chapter 1: Introduction... 4 Chapter 2: Getting Started... 5 Creating a new user... 6 Recovering and changing your password...

More information

Server & Workstation Installation of Client Profiles for Windows

Server & Workstation Installation of Client Profiles for Windows C ase Manag e m e n t by C l i e n t P rofiles Server & Workstation Installation of Client Profiles for Windows T E C H N O L O G Y F O R T H E B U S I N E S S O F L A W General Notes to Prepare for Installing

More information

Prerequisites and Configuration Guide

Prerequisites and Configuration Guide Prerequisites and Configuration Guide Informatica Support Console (Version 2.0) Table of Contents Chapter 1: Overview.................................................... 2 Chapter 2: Minimum System Requirements.................................

More information

Workflow Templates Library

Workflow Templates Library Workflow s Library Table of Contents Intro... 2 Active Directory... 3 Application... 5 Cisco... 7 Database... 8 Excel Automation... 9 Files and Folders... 10 FTP Tasks... 13 Incident Management... 14 Security

More information

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT ITU Session Four: Device Imaging And Analysis Mounir Kamal Q-CERT 2 Applying Forensic Science to Computer Systems Like a Detective, the archaeologist searches for clues in order to discover and reconstruct

More information

Driver Updater Manual

Driver Updater Manual Driver Updater Manual Keep your drivers up-to-date! Improve your system performance and stability by keeping your drivers updated. Automatically find, update and fix the drivers on your computer and turn

More information

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012 Just EnCase Presented By Larry Russell CalCPA State Technology Committee May 18, 2012 What is e-discovery Electronically Stored Information (ESI) Discover or Monitor for Fraudulent Activity Tools used

More information

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations

More information

NetWrix Server Configuration Monitor

NetWrix Server Configuration Monitor NetWrix Server Configuration Monitor Version 2.2 Quick Start Guide Contents NetWrix Server Configuration Monitor Quick Start Guide 1. INTRODUCTION... 3 1.1 KEY FEATURES... 3 1.2 LICENSING... 4 1.3 HOW

More information

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems A+ Guide to Managing and Maintaining Your PC, 7e Chapter 16 Fixing Windows Problems Objectives Learn what to do when a hardware device, application, or Windows component gives a problem Learn what to do

More information

Moxa Device Manager 2.0 User s Guide

Moxa Device Manager 2.0 User s Guide First Edition, March 2009 www.moxa.com/product 2009 Moxa Inc. All rights reserved. Reproduction without permission is prohibited. Moxa Device Manager 2.0 User Guide The software described in this manual

More information

HotelTV. Client Software Update REV A0.10 D0255. 2014 October. Web : http://support.vestek.com.tr Mail : support@vestek.com.tr Tel : +90 212 286 01 06

HotelTV. Client Software Update REV A0.10 D0255. 2014 October. Web : http://support.vestek.com.tr Mail : support@vestek.com.tr Tel : +90 212 286 01 06 D0255 HotelTV Client Software Update 2014 October 1. Revision History Date Owner Version Reason & Change 11 Oct 2011 Bora Tunçer A0.1 Initial creation 24 Jan 2012 Bora Tunçer A0.2 Adding bootloader update

More information

CORE K-Nect Web Portal

CORE K-Nect Web Portal CORE K-Nect Web Portal Training October 2015 KIOSK Information Systems www.kiosk.com October 2015 Table of Contents Table of Contents 1 Getting Started 2 Logging In 2 Your Account Settings 3 My Profile

More information

MFR IT Technical Guides

MFR IT Technical Guides MFR IT Technical Guides Windows 7 Backup and Recovery Page 1 of 33 Table of Contents 1 Glossary... 3 2 Backup Strategy... 4 3 Windows Backup Options... 5 3.1 Windows Backup... 5 3.2 Windows System Image

More information

Acronis True Image 2015 REVIEWERS GUIDE

Acronis True Image 2015 REVIEWERS GUIDE Acronis True Image 2015 REVIEWERS GUIDE Table of Contents INTRODUCTION... 3 What is Acronis True Image 2015?... 3 System Requirements... 4 INSTALLATION... 5 Downloading and Installing Acronis True Image

More information

Hands-On How-To Computer Forensics Training

Hands-On How-To Computer Forensics Training j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE

More information

Customer Release Notes for Xerox Integrated Fiery Color Server for the Xerox Color C75 Press, version 1.0

Customer Release Notes for Xerox Integrated Fiery Color Server for the Xerox Color C75 Press, version 1.0 Customer Release Notes for Xerox Integrated Fiery Color Server for the Xerox Color C75 Press, version 1.0 This document contains important information about this release. Be sure to provide this information

More information

User Guide for VMware Adapter for SAP LVM VERSION 1.2

User Guide for VMware Adapter for SAP LVM VERSION 1.2 User Guide for VMware Adapter for SAP LVM VERSION 1.2 Table of Contents Introduction to VMware Adapter for SAP LVM... 3 Product Description... 3 Executive Summary... 3 Target Audience... 3 Prerequisites...

More information

COEN 152 / 252 Lab Exercise 1. Imaging, Hex Editors & File Types

COEN 152 / 252 Lab Exercise 1. Imaging, Hex Editors & File Types COEN 152 / 252 Lab Exercise 1 Imaging, Hex Editors & File Types In this lab we will explore the concepts associated with creating a forensic image. Write-blocking will be accomplished utilizing a mounted

More information

TPM. (Trusted Platform Module) Installation Guide V2.1

TPM. (Trusted Platform Module) Installation Guide V2.1 TPM (Trusted Platform Module) Installation Guide V2.1 Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM... 6 2.2 Installing

More information

Land Information New Zealand (LINZ) SALT Database. Migration from original hardware to virtualised hardware: Process Documentation

Land Information New Zealand (LINZ) SALT Database. Migration from original hardware to virtualised hardware: Process Documentation Land Information New Zealand (LINZ) SALT Database Migration from original hardware to virtualised hardware: Process Documentation Contents Migration from original hardware to virtualised hardware: Process

More information

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Technical Support Bulletin 1

Technical Support Bulletin 1 Technical Support Bulletin 1 Windows 2000 and Windows XP Computer Systems SUBJECT: Troubleshooting Computer Systems Scope February 22, 2006 Troubleshooting Computer System problems on Windows 2000 and

More information

Course overview. CompTIA A+ Certification (Exam 220 902) Official Study Guide (G188eng verdraft)

Course overview. CompTIA A+ Certification (Exam 220 902) Official Study Guide (G188eng verdraft) Overview This 5-day course is intended for those wishing to qualify with. A+ is a foundation-level certification designed for IT professionals with around 1 year's experience whose job role is focused

More information

Shutting down / Rebooting Small Business Server 2003 Version 1.00

Shutting down / Rebooting Small Business Server 2003 Version 1.00 Shutting down / Rebooting Small Business Server 2003 Version 1.00 Need to Know TM It may be necessary at some stage of the life of Small Business Server 2003 that it be shutdown or rebooted. In many cases

More information

USM IT Security Council Guide for Security Event Logging. Version 1.1

USM IT Security Council Guide for Security Event Logging. Version 1.1 USM IT Security Council Guide for Security Event Logging Version 1.1 23 November 2010 1. General As outlined in the USM Security Guidelines, sections IV.3 and IV.4: IV.3. Institutions must maintain appropriate

More information

Incident Response and Forensics

Incident Response and Forensics Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer

More information

BillQuick Agent 2010 Getting Started Guide

BillQuick Agent 2010 Getting Started Guide Time Billing and Project Management Software Built With Your Industry Knowledge BillQuick Agent 2010 Getting Started Guide BQE Software, Inc. 2601 Airport Drive Suite 380 Torrance CA 90505 Support: (310)

More information

Survey of the Operating Landscape Investigating Incidents in the Cloud

Survey of the Operating Landscape Investigating Incidents in the Cloud Survey of the Operating Landscape Investigating Incidents in the Cloud SESSION ID: CSV-T09 Paul A. Henry Security & Forensics Analyst vnet Security, LLC @phenrycissp Jacob Williams Chief Scientist CSRgroup

More information

Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition Guide to Computer Forensics and Investigations, Second Edition Chapter 4 Current Computer Forensics Tools Objectives Understand how to identify needs for computer forensics tools Evaluate the requirements

More information

Where is computer forensics used?

Where is computer forensics used? What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic

More information

Ekran System Help File

Ekran System Help File Ekran System Help File Table of Contents About... 9 What s New... 10 System Requirements... 11 Updating Ekran to version 4.1... 13 Program Structure... 14 Getting Started... 15 Deployment Process... 15

More information

Acronis Backup & Recovery 10 Server for Windows. Installation Guide

Acronis Backup & Recovery 10 Server for Windows. Installation Guide Acronis Backup & Recovery 10 Server for Windows Installation Guide Table of Contents 1. Installation of Acronis Backup & Recovery 10... 3 1.1. Acronis Backup & Recovery 10 components... 3 1.1.1. Agent

More information

CrashPlan PRO Enterprise Backup

CrashPlan PRO Enterprise Backup CrashPlan PRO Enterprise Backup People Friendly, Enterprise Tough CrashPlan PRO is a high performance, cross-platform backup solution that provides continuous protection onsite, offsite, and online for

More information

Manage the Endpoints. Palo Alto Networks. Advanced Endpoint Protection Administrator s Guide Version 3.1. Copyright 2007-2015 Palo Alto Networks

Manage the Endpoints. Palo Alto Networks. Advanced Endpoint Protection Administrator s Guide Version 3.1. Copyright 2007-2015 Palo Alto Networks Manage the Endpoints Palo Alto Networks Advanced Endpoint Protection Administrator s Guide Version 3.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara,

More information

Guidelines on Digital Forensic Procedures for OLAF Staff

Guidelines on Digital Forensic Procedures for OLAF Staff Ref. Ares(2013)3769761-19/12/2013 Guidelines on Digital Forensic Procedures for OLAF Staff 1 January 2014 Introduction The OLAF Guidelines on Digital Forensic Procedures are internal rules which are to

More information

Advanced Diploma In Hardware, Networking & Server Configuration

Advanced Diploma In Hardware, Networking & Server Configuration Advanced Diploma In Hardware, Networking & Server Configuration Who should do this course? This course is meant for those persons who have a dream of getting job based on Computer Hardware, Networking

More information

VMware vsphere 5 Quick Start Guide

VMware vsphere 5 Quick Start Guide VMware vsphere 5 Quick Start Guide This document is created to provide some basic information about VMware, and allow you, the customer, to determine when and how to engage us for support or other needs

More information

COURCE TITLE DURATION CompTIA A+ Certification 40 H.

COURCE TITLE DURATION CompTIA A+ Certification 40 H. COURCE TITLE DURATION CompTIA A+ Certification 40 H. Overview: The target student is anyone with basic computer user skills who is interested in: obtaining a job as an IT professional or PC technician.

More information

Beckhoff onboard SATA-RAID

Beckhoff onboard SATA-RAID Installation and operating instructions for Beckhoff onboard SATA-RAID Version: 1.3 Date: 2009-07-24 Table of contents Table of contents 1. 2. 3. 4. 5. 6. 7. General notes 2 Notes on the documentation

More information

RDM+ Remote Desktop for Android. Getting Started Guide

RDM+ Remote Desktop for Android. Getting Started Guide RDM+ Remote Desktop for Android Getting Started Guide RDM+ (Remote Desktop for Mobiles) is a remote control tool that offers you the ability to connect to your desktop or laptop computer from Android device

More information

Part 3 070-210. Answer: D

Part 3 070-210. Answer: D Part 3 QUESTION 101 You are the administrator of your company's network. A user named Tom in the Art department wants to update his Windows 2000 Professional computer so that he can view graphics at the

More information

Configuring Your Gateman File Server

Configuring Your Gateman File Server Configuring Your Gateman File Server Your Gateman system includes a File Server that can be used to provide authenticated access to Windows, MAC and Linux machines via the LAN and also provides a Web Browser

More information

RecoveryVault Express Client User Manual

RecoveryVault Express Client User Manual For Linux distributions Software version 4.1.7 Version 2.0 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by

More information

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER Notes: STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER 1. These instructions focus on installation on Windows Terminal Server (WTS), but are applicable

More information

Chapter 2 Array Configuration [SATA Setup Utility] This chapter explains array configurations using this array controller.

Chapter 2 Array Configuration [SATA Setup Utility] This chapter explains array configurations using this array controller. Embedded MegaRAID SATA User's Guide Areas Covered Before Reading This Manual This section explains the notes for your safety and conventions used in this manual. Chapter 1 Overview This chapter introduces

More information

Spyware Doctor Enterprise Technical Data Sheet

Spyware Doctor Enterprise Technical Data Sheet Spyware Doctor Enterprise Technical Data Sheet The Best of Breed Anti-Spyware Solution for Businesses Spyware Doctor Enterprise builds on the strength of the industry-leading and multi award-winning Spyware

More information

HotelTV1. Client Software Update REV A0.6 D0202. 2014 October. Web : http://support.vestek.com.tr Mail : support@vestek.com.tr Tel : +90 212 286 01 06

HotelTV1. Client Software Update REV A0.6 D0202. 2014 October. Web : http://support.vestek.com.tr Mail : support@vestek.com.tr Tel : +90 212 286 01 06 D0202 HotelTV1 Client Software Update 2014 October 1. Revision History Date Owner Version Reason & Change 11 Oct 2011 Bora Tunçer A0.1 Initial creation 24 Jan 2012 Bora Tunçer A0.2 Adding bootloader update

More information

USB 2.0 Flash Drive User Manual

USB 2.0 Flash Drive User Manual USB 2.0 Flash Drive User Manual 1 INDEX Table of Contents Page 1. IMPORTANT NOTICES...3 2. PRODUCT INTRODUCTION...4 3. PRODUCT FEATURES...5 4. DRIVER INSTALLATION GUIDE...6 4.1 WINDOWS 98 / 98 SE... 6

More information

Alternate Data Streams in Forensic Investigations of File Systems Backups

Alternate Data Streams in Forensic Investigations of File Systems Backups Alternate Data Streams in Forensic Investigations of File Systems Backups Derek Bem and Ewa Z. Huebner School of Computing and Mathematics University of Western Sydney d.bem@cit.uws.edu.au and e.huebner@cit.uws.edu.au

More information

EaseUS Partition Master

EaseUS Partition Master Reviewer s Guide Contents Introduction... 2 Chapter 1... 3 What is EaseUS Partition Master?... 3 Versions Comparison... 4 Chapter 2... 5 Using EaseUS Partition Master... 5 Partition Manager... 5 Disk &

More information

Transferring AIS to a different computer

Transferring AIS to a different computer Transferring AIS to a different computer AIS can easily be transferred from one computer to another. There are several different scenarios for transferring AIS to another computer. Since AIS is designed

More information

SQL SERVER Anti-Forensics. Cesar Cerrudo

SQL SERVER Anti-Forensics. Cesar Cerrudo SQL SERVER Anti-Forensics Cesar Cerrudo Introduction Sophisticated attacks requires leaving as few evidence as possible Anti-Forensics techniques help to make forensics investigations difficult Anti-Forensics

More information