SlideShare a Scribd company logo

Computer Forensics Analysis and Validation.ppt

Download as PPT, PDF
M
mcjaya2024

CN

1 of 59
Download to read offline
Computer Forensics Analysis and Validation
Objectives • Determine what data to analyze in a computer forensics investigation • Explain tools used to validate data • Explain common data-hiding techniques • Describe methods of performing a remote acquisition
Determining What Data to Collect and Analyze
Determining What Data to Collect and Analyze • Examining and analyzing digital evidence depends on: – Nature of the case – Amount of data to process – Search warrants(an official written statement) and court orders – Company policies • Scope creep – Investigation expands beyond the original description
Approaching Computer Forensics Cases • Some basic principles apply to almost all computer forensics cases – The approach you take depends largely on the specific type of case you’re investigating • Basic steps for all computer forensics investigations – For target drives, use only recently wiped media that have been reformatted and inspected for computer viruses
Approaching Computer Forensics Cases (continued) • Basic steps for all computer forensics investigations (continued) – Inventory the hardware on the suspect’s computer and note the condition of the computer when seized – Remove the original drive from the computer • Check date and time values in the system’s CMOS – Record how you acquired data from the suspect drive – Process the data methodically and logically
Approaching Computer Forensics Cases (continued) • Basic steps for all computer forensics investigations (continued) – List all folders and files on the image or drive – If possible, examine the contents of all data files in all folders • Starting at the root directory of the volume partition – For all password-protected files that might be related to the investigation • Make your best effort to recover file contents
Approaching Computer Forensics Cases (continued) • Basic steps for all computer forensics investigations (continued) – Identify the function of every executable (binary or .exe) file that doesn’t match known hash values – Maintain control of all evidence and findings, and document everything as you progress through your examination
Refining and Modifying the Investigation Plan • Considerations – Determine the scope of the investigation – Determine what the case requires – Whether you should collect all information – What to do in case of scope creep • The key is to start with a plan but remain flexible in the face of new evidence
Using AccessData Forensic Toolkit to Analyze Data • Supported file systems: FAT12/16/32, NTFS, Ext2fs, and Ext3fs • FTK can analyze data from several sources, including image files from other vendors • FTK produces a case log file(record of events) • Searching for keywords – Indexed search - allows for fast searching based on keywords. FTK automatically indexes your evidence while the case is being processed. – Live search-This is a time consuming process involving an item- by-item comparison with the search term. • Supports options and advanced searching techniques, such as stemming(finds variations on endings, like: applies, applied, apply. applied applying in a search for apply applies)
Indexed Search
Index search options
Live search
Using AccessData Forensic Toolkit to Analyze Data (continued) • Analyzes compressed files • You can generate reports – Using bookmarks(can do quick access)
Using AccessData Forensic Toolkit to Analyze Data (continued)
Validating Forensic Data
validation and verification • Validation is the process of checking whether the specification captures the customer's needs, while verification is the process of checking that the software meets the specification. • Validation uses methods like black box (functional) testing, gray box testing, and white box (structural) testing etc. Verification is to check whether the soft Verification: Are we building the product right? Validation: Are we building the right product?
According to the Capability Maturity Model(CMM) Capability Maturity Model • Software Validation: The process of evaluating software during or at the end of the development process to determine whether it satisfies specified requirements. • Software Verification: The process of evaluating software to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase.
Validating Forensic Data • One of the most critical aspects of computer forensics • Ensuring the integrity of data you collect is essential for presenting evidence in court. • Most computer forensic tools provide automated hashing of image files • Computer forensics tools have some limitations in performing hashing(process of converting a given key into another value)
• Hashing is the process of converting a given key into another value. A hash function is used to generate the new value according to a mathematical algorithm. The result of a hash function is known as a hash value or simply, a hash.
Validating with Hexadecimal Editors • Advanced hexadecimal editors offer many features not available in computer forensics tools – Such as hashing specific files or sectors • Hex Workshop provides several hashing algorithms – Such as MD5 and SHA-1 • Hex Workshop also generates the hash value of selected data sets in a file or sector
Validating with Hexadecimal Editors (continued)
Validating with Hexadecimal Editors (continued)
Validating with Hexadecimal Editors (continued)
Validating with Hexadecimal Editors (continued) • Using hash values to discriminate data – AccessData has a separate database, the Known File Filter (KFF) • Filters known program files from view, such as MSWord.exe, and identifies known illegal files, such as child pornography – KFF compares known file hash values to files on your evidence drive or image files Periodically – AccessData updates these known file hash values and posts an updated KFF
Validating with Computer Forensics Programs • Commercial computer forensics programs have built-in validation features • ProDiscover’s .eve(EmbeddedVectorEditor) files contain metadata that includes the hash value – Validation is done automatically • Raw format image files (.dd extension) don’t contain metadata – So you must validate raw format image files manually to ensure the integrity of data Note: .eve files are general application for drawing vector diagrams
Addressing Data-hiding Techniques
Addressing Data-hiding Techniques • File manipulation – Filenames and extensions – Hidden property • Disk manipulation – Hidden partitions – Bad clusters • Encryption – Bit shifting – Steganography
Hiding Partitions • We can create a partition and then hide it using a disk editor. • We can get access to hidden partitions using tools such as: – Gdisk(Ghost’s disk) – PartitionMagic – System Commander – LILO(Linux Loader)
Hiding Partitions (continued)
Hiding Partitions (continued)
Marking Bad Clusters • Common with FAT systems • Place sensitive information on free space • Use a disk editor to mark space as a bad cluster • To mark a good cluster as bad using Norton Disk Edit – Type B in the FAT entry corresponding to that cluster
Bit-shifting • Old technique • Shift bit patterns to alter byte values of data • Make files look like binary executable code • Tool – Hex Workshop
Bit-shifting (continued)
Bit-shifting (continued)
Bit-shifting (continued)
Using Steganography to Hide Data • Greek for “hidden writing” • Steganography tools were created to protect copyrighted material – By inserting digital watermarks into a file • Suspect can hide information on image or text document files – Most steganography programs can insert only small amounts of data into a file • Very hard to spot without prior knowledge • Tools: S-Tools, DPEnvelope, jpgx, and tte
Examining Encrypted Files • Prevent unauthorized access – Employ a password or passphrase • Recovering data is difficult without password – Key escrow • Designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure – Cracking password • Expert and powerful computers – Persuade suspect to reveal password
Recovering Passwords • Techniques – Dictionary attack(A dictionary attack is a method of breaking into a password- protected computer or server by systematically entering every word in a dictionary as a password.) – Brute-force attack (cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered. ) – Password guessing based on suspect’s profile(Password guessing is an online technique that involves attempting to authenticate a particular user to the system. ) • Tools – AccessData PRTK – Advanced Password Recovery Software Toolkit – John the Ripper Note: Password cracking refers to an offline technique in which the attacker has gained access to the password hashes or database
Recovering Passwords (continued) • Using AccessData tools with passworded and encrypted files – AccessData offers a tool called Password Recovery Toolkit (PRTK) • Can create possible password lists from many sources – Can create your own custom dictionary based on facts in the case – Can create a suspect profile and use biographical information to generate likely passwords
Word List • FTK finds all stings in the data and makes a Word List from them
Recovering Passwords (continued)
Recovering Passwords (continued)
Recovering Passwords (continued) • Using AccessData tools with passworded and encrypted files (continued) – FTK can identify known encrypted files and those that seem to be encrypted • And export them – You can then import these files into PRTK and attempt to crack them
Computer Forensics Analysis and Validation.ppt
Recovering Passwords (continued)
Performing Remote Acquisitions
Performing Remote Acquisitions • Remote acquisitions are handy when you need to image the drive of a computer far away from your location – Or when you don’t want a suspect to be aware of an ongoing investigation
Remote Acquisitions with Runtime Software • Runtime Software offers the following shareware programs for remote acquisitions: – DiskExplorer for FAT – DiskExplorer for NTFS – HDHOST • Preparing DiskExplorer and HDHOST for remote acquisitions – Requires the Runtime Software, a portable media device (USB thumb drive or floppy disk), and two networked computers
Remote Acquisitions with Runtime Software (continued) • Making a remote connection with DiskExplorer – Requires running HDHOST on a suspect’s computer – To establish a connection with HDHOST, the suspect’s computer must be: • Connected to the network • Powered on • Logged on to any user account with permission to run noninstalled applications – HDHOST can’t be run surreptitiously
Computer Forensics Analysis and Validation.ppt
Remote Acquisitions with Runtime Software (continued)
Remote Acquisitions with Runtime Software (continued)
Remote Acquisitions with Runtime Software (continued)
Remote Acquisitions with Runtime Software (continued)
Remote Acquisitions with Runtime Software (continued)
Remote Acquisitions with Runtime Software (continued)
Remote Acquisitions with Runtime Software (continued) • Making a remote acquisition with DiskExplorer – After you have established a connection with DiskExplorer from the acquisition workstation • You can navigate through the suspect computer’s files and folders or copy data – The Runtime tools don’t generate a hash for acquisitions
Remote Acquisitions with Runtime Software (continued)
Ad

Recommended

Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation
Jyothishmathi Institute of Technology and Science Karimnagar
 
computer forensicsPPT4-SESI4-20220406071621.ppt
computer forensicsPPT4-SESI4-20220406071621.pptcomputer forensicsPPT4-SESI4-20220406071621.ppt
computer forensicsPPT4-SESI4-20220406071621.ppt
Bimo Septyo Prabowo
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
Guide to computer forensics and investigation.ppt
Guide to computer forensics and investigation.pptGuide to computer forensics and investigation.ppt
Guide to computer forensics and investigation.ppt
MaluOffice
 
Module 3 continuation of computer forensic
Module 3 continuation of computer forensicModule 3 continuation of computer forensic
Module 3 continuation of computer forensic
ssuserec53e73
 
data acquisition in computer forensics and
data acquisition in computer forensics anddata acquisition in computer forensics and
data acquisition in computer forensics and
ssuserec53e73
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
Sudeshna Basak
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Guide to Computer Forensics'.pdf
Guide to Computer Forensics'.pdfGuide to Computer Forensics'.pdf
Guide to Computer Forensics'.pdf
LaceyTatum1
 
Forensics of a Windows Systems
Forensics of a Windows SystemsForensics of a Windows Systems
Forensics of a Windows Systems
Conferencias FIST
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
Online
 
Monitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisMonitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance Analysis
Brendan Gregg
 
Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file system
Alchemist095
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
Online
 
20-security.ppt
20-security.ppt20-security.ppt
20-security.ppt
ajajkhan16
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
Conferencias FIST
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collection
Fakrul Alam
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
contactatkmdp
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
Sreekanth Narendran
 
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Kiran Gajbhiye
 
CF.ppt
CF.pptCF.ppt
CF.ppt
KhusThakkar
 
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
Muzzammil Wani
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libin
libinp
 
Ch 04 Data Acquisition for Digital Forensics.ppt
Ch 04 Data Acquisition for Digital Forensics.pptCh 04 Data Acquisition for Digital Forensics.ppt
Ch 04 Data Acquisition for Digital Forensics.ppt
whbwi21Basri
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
Sam Bowne
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Nicholas Davis
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
 
cyber forensics Email Investigations.ppt
cyber forensics Email Investigations.pptcyber forensics Email Investigations.ppt
cyber forensics Email Investigations.ppt
mcjaya2024
 
Cell Phone and Mobile Devices Forensics.ppt
Cell Phone and Mobile Devices Forensics.pptCell Phone and Mobile Devices Forensics.ppt
Cell Phone and Mobile Devices Forensics.ppt
mcjaya2024
 
Ad

More Related Content

Similar to Computer Forensics Analysis and Validation.ppt (20)

Guide to Computer Forensics'.pdf
Guide to Computer Forensics'.pdfGuide to Computer Forensics'.pdf
Guide to Computer Forensics'.pdf
LaceyTatum1
 
Forensics of a Windows Systems
Forensics of a Windows SystemsForensics of a Windows Systems
Forensics of a Windows Systems
Conferencias FIST
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
Online
 
Monitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisMonitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance Analysis
Brendan Gregg
 
Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file system
Alchemist095
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
Online
 
20-security.ppt
20-security.ppt20-security.ppt
20-security.ppt
ajajkhan16
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
Conferencias FIST
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collection
Fakrul Alam
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
contactatkmdp
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
Sreekanth Narendran
 
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Kiran Gajbhiye
 
CF.ppt
CF.pptCF.ppt
CF.ppt
KhusThakkar
 
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
Muzzammil Wani
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libin
libinp
 
Ch 04 Data Acquisition for Digital Forensics.ppt
Ch 04 Data Acquisition for Digital Forensics.pptCh 04 Data Acquisition for Digital Forensics.ppt
Ch 04 Data Acquisition for Digital Forensics.ppt
whbwi21Basri
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
Sam Bowne
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Nicholas Davis
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
 
Guide to Computer Forensics'.pdf
Guide to Computer Forensics'.pdfGuide to Computer Forensics'.pdf
Guide to Computer Forensics'.pdf
LaceyTatum1
 
Forensics of a Windows Systems
Forensics of a Windows SystemsForensics of a Windows Systems
Forensics of a Windows Systems
Conferencias FIST
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
Online
 
Monitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisMonitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance Analysis
Brendan Gregg
 
Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file system
Alchemist095
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
Online
 
20-security.ppt
20-security.ppt20-security.ppt
20-security.ppt
ajajkhan16
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
Conferencias FIST
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collection
Fakrul Alam
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
contactatkmdp
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
Sreekanth Narendran
 
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Kiran Gajbhiye
 
CF.ppt
CF.pptCF.ppt
CF.ppt
KhusThakkar
 
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
Muzzammil Wani
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libin
libinp
 
Ch 04 Data Acquisition for Digital Forensics.ppt
Ch 04 Data Acquisition for Digital Forensics.pptCh 04 Data Acquisition for Digital Forensics.ppt
Ch 04 Data Acquisition for Digital Forensics.ppt
whbwi21Basri
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
Sam Bowne
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Nicholas Davis
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
 

More from mcjaya2024 (20)

cyber forensics Email Investigations.ppt
cyber forensics Email Investigations.pptcyber forensics Email Investigations.ppt
cyber forensics Email Investigations.ppt
mcjaya2024
 
Cell Phone and Mobile Devices Forensics.ppt
Cell Phone and Mobile Devices Forensics.pptCell Phone and Mobile Devices Forensics.ppt
Cell Phone and Mobile Devices Forensics.ppt
mcjaya2024
 
cyber forensics Footprinting and Scanning.ppt
cyber forensics Footprinting and Scanning.pptcyber forensics Footprinting and Scanning.ppt
cyber forensics Footprinting and Scanning.ppt
mcjaya2024
 
cyber forensics-enum,sniffing,malware threat.ppt
cyber forensics-enum,sniffing,malware threat.pptcyber forensics-enum,sniffing,malware threat.ppt
cyber forensics-enum,sniffing,malware threat.ppt
mcjaya2024
 
Classless Interdomain Data Routing CIDR.ppt
Classless Interdomain Data Routing CIDR.pptClassless Interdomain Data Routing CIDR.ppt
Classless Interdomain Data Routing CIDR.ppt
mcjaya2024
 
Computer Network in Network software.ppt
Computer Network in Network software.pptComputer Network in Network software.ppt
Computer Network in Network software.ppt
mcjaya2024
 
web program-Extended MARKUP Language XML.ppt
web program-Extended MARKUP Language XML.pptweb program-Extended MARKUP Language XML.ppt
web program-Extended MARKUP Language XML.ppt
mcjaya2024
 
Web programming-Introduction to JSP.pptx
Web programming-Introduction to JSP.pptxWeb programming-Introduction to JSP.pptx
Web programming-Introduction to JSP.pptx
mcjaya2024
 
web program -Life cycle of a servlet.ppt
web program -Life cycle of a servlet.pptweb program -Life cycle of a servlet.ppt
web program -Life cycle of a servlet.ppt
mcjaya2024
 
web programmimg- concpt in JAVABEANS.ppt
web programmimg- concpt in JAVABEANS.pptweb programmimg- concpt in JAVABEANS.ppt
web programmimg- concpt in JAVABEANS.ppt
mcjaya2024
 
web program-Inheritance,pack&except in Java.ppt
web program-Inheritance,pack&except in Java.pptweb program-Inheritance,pack&except in Java.ppt
web program-Inheritance,pack&except in Java.ppt
mcjaya2024
 
123 JAVA CLASSES, OBJECTS AND METHODS.ppt
123 JAVA CLASSES, OBJECTS AND METHODS.ppt123 JAVA CLASSES, OBJECTS AND METHODS.ppt
123 JAVA CLASSES, OBJECTS AND METHODS.ppt
mcjaya2024
 
web programming-Multithreading concept in Java.ppt
web programming-Multithreading concept in Java.pptweb programming-Multithreading concept in Java.ppt
web programming-Multithreading concept in Java.ppt
mcjaya2024
 
Processing Crime and Incident Scenes.ppt
Processing Crime and Incident Scenes.pptProcessing Crime and Incident Scenes.ppt
Processing Crime and Incident Scenes.ppt
mcjaya2024
 
Working with Windows and DOS Systems (1).ppt
Working with Windows and DOS Systems (1).pptWorking with Windows and DOS Systems (1).ppt
Working with Windows and DOS Systems (1).ppt
mcjaya2024
 
enterprise resource plnning ERP vendors.pdf
enterprise resource plnning ERP vendors.pdfenterprise resource plnning ERP vendors.pdf
enterprise resource plnning ERP vendors.pdf
mcjaya2024
 
ERP and elctronic commerce online12.ppt
ERP and elctronic commerce online12.pptERP and elctronic commerce online12.ppt
ERP and elctronic commerce online12.ppt
mcjaya2024
 
Enterprise resourse planning ERPlife cycle.ppt
Enterprise resourse planning ERPlife cycle.pptEnterprise resourse planning ERPlife cycle.ppt
Enterprise resourse planning ERPlife cycle.ppt
mcjaya2024
 
Project Management Issues in ERP IS 6006.ppt
Project Management Issues in ERP IS 6006.pptProject Management Issues in ERP IS 6006.ppt
Project Management Issues in ERP IS 6006.ppt
mcjaya2024
 
mySAP_Supply_Chain_Management_Solution_Map.pdf
mySAP_Supply_Chain_Management_Solution_Map.pdfmySAP_Supply_Chain_Management_Solution_Map.pdf
mySAP_Supply_Chain_Management_Solution_Map.pdf
mcjaya2024
 
cyber forensics Email Investigations.ppt
cyber forensics Email Investigations.pptcyber forensics Email Investigations.ppt
cyber forensics Email Investigations.ppt
mcjaya2024
 
Cell Phone and Mobile Devices Forensics.ppt
Cell Phone and Mobile Devices Forensics.pptCell Phone and Mobile Devices Forensics.ppt
Cell Phone and Mobile Devices Forensics.ppt
mcjaya2024
 
cyber forensics Footprinting and Scanning.ppt
cyber forensics Footprinting and Scanning.pptcyber forensics Footprinting and Scanning.ppt
cyber forensics Footprinting and Scanning.ppt
mcjaya2024
 
cyber forensics-enum,sniffing,malware threat.ppt
cyber forensics-enum,sniffing,malware threat.pptcyber forensics-enum,sniffing,malware threat.ppt
cyber forensics-enum,sniffing,malware threat.ppt
mcjaya2024
 
Classless Interdomain Data Routing CIDR.ppt
Classless Interdomain Data Routing CIDR.pptClassless Interdomain Data Routing CIDR.ppt
Classless Interdomain Data Routing CIDR.ppt
mcjaya2024
 
Computer Network in Network software.ppt
Computer Network in Network software.pptComputer Network in Network software.ppt
Computer Network in Network software.ppt
mcjaya2024
 
web program-Extended MARKUP Language XML.ppt
web program-Extended MARKUP Language XML.pptweb program-Extended MARKUP Language XML.ppt
web program-Extended MARKUP Language XML.ppt
mcjaya2024
 
Web programming-Introduction to JSP.pptx
Web programming-Introduction to JSP.pptxWeb programming-Introduction to JSP.pptx
Web programming-Introduction to JSP.pptx
mcjaya2024
 
web program -Life cycle of a servlet.ppt
web program -Life cycle of a servlet.pptweb program -Life cycle of a servlet.ppt
web program -Life cycle of a servlet.ppt
mcjaya2024
 
web programmimg- concpt in JAVABEANS.ppt
web programmimg- concpt in JAVABEANS.pptweb programmimg- concpt in JAVABEANS.ppt
web programmimg- concpt in JAVABEANS.ppt
mcjaya2024
 
web program-Inheritance,pack&except in Java.ppt
web program-Inheritance,pack&except in Java.pptweb program-Inheritance,pack&except in Java.ppt
web program-Inheritance,pack&except in Java.ppt
mcjaya2024
 
123 JAVA CLASSES, OBJECTS AND METHODS.ppt
123 JAVA CLASSES, OBJECTS AND METHODS.ppt123 JAVA CLASSES, OBJECTS AND METHODS.ppt
123 JAVA CLASSES, OBJECTS AND METHODS.ppt
mcjaya2024
 
web programming-Multithreading concept in Java.ppt
web programming-Multithreading concept in Java.pptweb programming-Multithreading concept in Java.ppt
web programming-Multithreading concept in Java.ppt
mcjaya2024
 
Processing Crime and Incident Scenes.ppt
Processing Crime and Incident Scenes.pptProcessing Crime and Incident Scenes.ppt
Processing Crime and Incident Scenes.ppt
mcjaya2024
 
Working with Windows and DOS Systems (1).ppt
Working with Windows and DOS Systems (1).pptWorking with Windows and DOS Systems (1).ppt
Working with Windows and DOS Systems (1).ppt
mcjaya2024
 
enterprise resource plnning ERP vendors.pdf
enterprise resource plnning ERP vendors.pdfenterprise resource plnning ERP vendors.pdf
enterprise resource plnning ERP vendors.pdf
mcjaya2024
 
ERP and elctronic commerce online12.ppt
ERP and elctronic commerce online12.pptERP and elctronic commerce online12.ppt
ERP and elctronic commerce online12.ppt
mcjaya2024
 
Enterprise resourse planning ERPlife cycle.ppt
Enterprise resourse planning ERPlife cycle.pptEnterprise resourse planning ERPlife cycle.ppt
Enterprise resourse planning ERPlife cycle.ppt
mcjaya2024
 
Project Management Issues in ERP IS 6006.ppt
Project Management Issues in ERP IS 6006.pptProject Management Issues in ERP IS 6006.ppt
Project Management Issues in ERP IS 6006.ppt
mcjaya2024
 
mySAP_Supply_Chain_Management_Solution_Map.pdf
mySAP_Supply_Chain_Management_Solution_Map.pdfmySAP_Supply_Chain_Management_Solution_Map.pdf
mySAP_Supply_Chain_Management_Solution_Map.pdf
mcjaya2024
 
Ad

Recently uploaded (20)

libbys peer assesment.docx..............
libbys peer assesment.docx..............libbys peer assesment.docx..............
libbys peer assesment.docx..............
19lburrell
 
Module 1: Foundations of Research
Module 1: Foundations of ResearchModule 1: Foundations of Research
Module 1: Foundations of Research
drroxannekemp
 
Myopathies (muscle disorders) for undergraduate
Myopathies (muscle disorders) for undergraduateMyopathies (muscle disorders) for undergraduate
Myopathies (muscle disorders) for undergraduate
Mohamed Rizk Khodair
 
Search Matching Applicants in Odoo 18 - Odoo Slides
Search Matching Applicants in Odoo 18 - Odoo SlidesSearch Matching Applicants in Odoo 18 - Odoo Slides
Search Matching Applicants in Odoo 18 - Odoo Slides
Celine George
 
Look Up, Look Down: Spotting Local History Everywhere
Look Up, Look Down: Spotting Local History EverywhereLook Up, Look Down: Spotting Local History Everywhere
Look Up, Look Down: Spotting Local History Everywhere
History of Stoke Newington
 
How To Maximize Sales Performance using Odoo 18 Diverse views in sales module
How To Maximize Sales Performance using Odoo 18 Diverse views in sales moduleHow To Maximize Sales Performance using Odoo 18 Diverse views in sales module
How To Maximize Sales Performance using Odoo 18 Diverse views in sales module
Celine George
 
Chemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptxChemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptx
Mayuri Chavan
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon DolabaniHistory Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
fruinkamel7m
 
Final Evaluation.docx...........................
Final Evaluation.docx...........................Final Evaluation.docx...........................
Final Evaluation.docx...........................
l1bbyburrell
 
PUBH1000 Slides - Module 11: Governance for Health
PUBH1000 Slides - Module 11: Governance for HealthPUBH1000 Slides - Module 11: Governance for Health
PUBH1000 Slides - Module 11: Governance for Health
JonathanHallett4
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 9 THEO ĐƠN VỊ BÀI HỌC - GLOBAL SUCCESS - CẢ NĂM (TỪ...
BÀI TẬP BỔ TRỢ TIẾNG ANH 9 THEO ĐƠN VỊ BÀI HỌC - GLOBAL SUCCESS - CẢ NĂM (TỪ...BÀI TẬP BỔ TRỢ TIẾNG ANH 9 THEO ĐƠN VỊ BÀI HỌC - GLOBAL SUCCESS - CẢ NĂM (TỪ...
BÀI TẬP BỔ TRỢ TIẾNG ANH 9 THEO ĐƠN VỊ BÀI HỌC - GLOBAL SUCCESS - CẢ NĂM (TỪ...
Nguyen Thanh Tu Collection
 
2025 The Senior Landscape and SET plan preparations.pptx
2025 The Senior Landscape and SET plan preparations.pptx2025 The Senior Landscape and SET plan preparations.pptx
2025 The Senior Landscape and SET plan preparations.pptx
mansk2
 
How to Add Button in Chatter in Odoo 18 - Odoo Slides
How to Add Button in Chatter in Odoo 18 - Odoo SlidesHow to Add Button in Chatter in Odoo 18 - Odoo Slides
How to Add Button in Chatter in Odoo 18 - Odoo Slides
Celine George
 
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Leonel Morgado
 
How to Manage Amounts in Local Currency in Odoo 18 Purchase
How to Manage Amounts in Local Currency in Odoo 18 PurchaseHow to Manage Amounts in Local Currency in Odoo 18 Purchase
How to Manage Amounts in Local Currency in Odoo 18 Purchase
Celine George
 
Botany Assignment Help Guide - Academic Excellence
Botany Assignment Help Guide - Academic ExcellenceBotany Assignment Help Guide - Academic Excellence
Botany Assignment Help Guide - Academic Excellence
online college homework help
 
The role of wall art in interior designing
The role of wall art in interior designingThe role of wall art in interior designing
The role of wall art in interior designing
meghaark2110
 
Mental Health Assessment in 5th semester bsc. nursing and also used in 2nd ye...
Mental Health Assessment in 5th semester bsc. nursing and also used in 2nd ye...Mental Health Assessment in 5th semester bsc. nursing and also used in 2nd ye...
Mental Health Assessment in 5th semester bsc. nursing and also used in 2nd ye...
parmarjuli1412
 
How to Manage Manual Reordering Rule in Odoo 18 Inventory
How to Manage Manual Reordering Rule in Odoo 18 InventoryHow to Manage Manual Reordering Rule in Odoo 18 Inventory
How to Manage Manual Reordering Rule in Odoo 18 Inventory
Celine George
 
libbys peer assesment.docx..............
libbys peer assesment.docx..............libbys peer assesment.docx..............
libbys peer assesment.docx..............
19lburrell
 
Module 1: Foundations of Research
Module 1: Foundations of ResearchModule 1: Foundations of Research
Module 1: Foundations of Research
drroxannekemp
 
Myopathies (muscle disorders) for undergraduate
Myopathies (muscle disorders) for undergraduateMyopathies (muscle disorders) for undergraduate
Myopathies (muscle disorders) for undergraduate
Mohamed Rizk Khodair
 
Search Matching Applicants in Odoo 18 - Odoo Slides
Search Matching Applicants in Odoo 18 - Odoo SlidesSearch Matching Applicants in Odoo 18 - Odoo Slides
Search Matching Applicants in Odoo 18 - Odoo Slides
Celine George
 
Look Up, Look Down: Spotting Local History Everywhere
Look Up, Look Down: Spotting Local History EverywhereLook Up, Look Down: Spotting Local History Everywhere
Look Up, Look Down: Spotting Local History Everywhere
History of Stoke Newington
 
How To Maximize Sales Performance using Odoo 18 Diverse views in sales module
How To Maximize Sales Performance using Odoo 18 Diverse views in sales moduleHow To Maximize Sales Performance using Odoo 18 Diverse views in sales module
How To Maximize Sales Performance using Odoo 18 Diverse views in sales module
Celine George
 
Chemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptxChemotherapy of Malignancy -Anticancer.pptx
Chemotherapy of Malignancy -Anticancer.pptx
Mayuri Chavan
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-14-2025 .pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon DolabaniHistory Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
History Of The Monastery Of Mor Gabriel Philoxenos Yuhanon Dolabani
fruinkamel7m
 
Final Evaluation.docx...........................
Final Evaluation.docx...........................Final Evaluation.docx...........................
Final Evaluation.docx...........................
l1bbyburrell
 
PUBH1000 Slides - Module 11: Governance for Health
PUBH1000 Slides - Module 11: Governance for HealthPUBH1000 Slides - Module 11: Governance for Health
PUBH1000 Slides - Module 11: Governance for Health
JonathanHallett4
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 9 THEO ĐƠN VỊ BÀI HỌC - GLOBAL SUCCESS - CẢ NĂM (TỪ...
BÀI TẬP BỔ TRỢ TIẾNG ANH 9 THEO ĐƠN VỊ BÀI HỌC - GLOBAL SUCCESS - CẢ NĂM (TỪ...BÀI TẬP BỔ TRỢ TIẾNG ANH 9 THEO ĐƠN VỊ BÀI HỌC - GLOBAL SUCCESS - CẢ NĂM (TỪ...
BÀI TẬP BỔ TRỢ TIẾNG ANH 9 THEO ĐƠN VỊ BÀI HỌC - GLOBAL SUCCESS - CẢ NĂM (TỪ...
Nguyen Thanh Tu Collection
 
2025 The Senior Landscape and SET plan preparations.pptx
2025 The Senior Landscape and SET plan preparations.pptx2025 The Senior Landscape and SET plan preparations.pptx
2025 The Senior Landscape and SET plan preparations.pptx
mansk2
 
How to Add Button in Chatter in Odoo 18 - Odoo Slides
How to Add Button in Chatter in Odoo 18 - Odoo SlidesHow to Add Button in Chatter in Odoo 18 - Odoo Slides
How to Add Button in Chatter in Odoo 18 - Odoo Slides
Celine George
 
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Redesigning Education as a Cognitive Ecosystem: Practical Insights into Emerg...
Leonel Morgado
 
How to Manage Amounts in Local Currency in Odoo 18 Purchase
How to Manage Amounts in Local Currency in Odoo 18 PurchaseHow to Manage Amounts in Local Currency in Odoo 18 Purchase
How to Manage Amounts in Local Currency in Odoo 18 Purchase
Celine George
 
Botany Assignment Help Guide - Academic Excellence
Botany Assignment Help Guide - Academic ExcellenceBotany Assignment Help Guide - Academic Excellence
Botany Assignment Help Guide - Academic Excellence
online college homework help
 
The role of wall art in interior designing
The role of wall art in interior designingThe role of wall art in interior designing
The role of wall art in interior designing
meghaark2110
 
Mental Health Assessment in 5th semester bsc. nursing and also used in 2nd ye...
Mental Health Assessment in 5th semester bsc. nursing and also used in 2nd ye...Mental Health Assessment in 5th semester bsc. nursing and also used in 2nd ye...
Mental Health Assessment in 5th semester bsc. nursing and also used in 2nd ye...
parmarjuli1412
 
How to Manage Manual Reordering Rule in Odoo 18 Inventory
How to Manage Manual Reordering Rule in Odoo 18 InventoryHow to Manage Manual Reordering Rule in Odoo 18 Inventory
How to Manage Manual Reordering Rule in Odoo 18 Inventory
Celine George
 
Ad

Computer Forensics Analysis and Validation.ppt

  • 2. Objectives • Determine what data to analyze in a computer forensics investigation • Explain tools used to validate data • Explain common data-hiding techniques • Describe methods of performing a remote acquisition
  • 3. Determining What Data to Collect and Analyze
  • 4. Determining What Data to Collect and Analyze • Examining and analyzing digital evidence depends on: – Nature of the case – Amount of data to process – Search warrants(an official written statement) and court orders – Company policies • Scope creep – Investigation expands beyond the original description
  • 5. Approaching Computer Forensics Cases • Some basic principles apply to almost all computer forensics cases – The approach you take depends largely on the specific type of case you’re investigating • Basic steps for all computer forensics investigations – For target drives, use only recently wiped media that have been reformatted and inspected for computer viruses
  • 6. Approaching Computer Forensics Cases (continued) • Basic steps for all computer forensics investigations (continued) – Inventory the hardware on the suspect’s computer and note the condition of the computer when seized – Remove the original drive from the computer • Check date and time values in the system’s CMOS – Record how you acquired data from the suspect drive – Process the data methodically and logically
  • 7. Approaching Computer Forensics Cases (continued) • Basic steps for all computer forensics investigations (continued) – List all folders and files on the image or drive – If possible, examine the contents of all data files in all folders • Starting at the root directory of the volume partition – For all password-protected files that might be related to the investigation • Make your best effort to recover file contents
  • 8. Approaching Computer Forensics Cases (continued) • Basic steps for all computer forensics investigations (continued) – Identify the function of every executable (binary or .exe) file that doesn’t match known hash values – Maintain control of all evidence and findings, and document everything as you progress through your examination
  • 9. Refining and Modifying the Investigation Plan • Considerations – Determine the scope of the investigation – Determine what the case requires – Whether you should collect all information – What to do in case of scope creep • The key is to start with a plan but remain flexible in the face of new evidence
  • 10. Using AccessData Forensic Toolkit to Analyze Data • Supported file systems: FAT12/16/32, NTFS, Ext2fs, and Ext3fs • FTK can analyze data from several sources, including image files from other vendors • FTK produces a case log file(record of events) • Searching for keywords – Indexed search - allows for fast searching based on keywords. FTK automatically indexes your evidence while the case is being processed. – Live search-This is a time consuming process involving an item- by-item comparison with the search term. • Supports options and advanced searching techniques, such as stemming(finds variations on endings, like: applies, applied, apply. applied applying in a search for apply applies)
  • 14. Using AccessData Forensic Toolkit to Analyze Data (continued) • Analyzes compressed files • You can generate reports – Using bookmarks(can do quick access)
  • 15. Using AccessData Forensic Toolkit to Analyze Data (continued)
  • 17. validation and verification • Validation is the process of checking whether the specification captures the customer's needs, while verification is the process of checking that the software meets the specification. • Validation uses methods like black box (functional) testing, gray box testing, and white box (structural) testing etc. Verification is to check whether the soft Verification: Are we building the product right? Validation: Are we building the right product?
  • 18. According to the Capability Maturity Model(CMM) Capability Maturity Model • Software Validation: The process of evaluating software during or at the end of the development process to determine whether it satisfies specified requirements. • Software Verification: The process of evaluating software to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase.
  • 19. Validating Forensic Data • One of the most critical aspects of computer forensics • Ensuring the integrity of data you collect is essential for presenting evidence in court. • Most computer forensic tools provide automated hashing of image files • Computer forensics tools have some limitations in performing hashing(process of converting a given key into another value)
  • 20. • Hashing is the process of converting a given key into another value. A hash function is used to generate the new value according to a mathematical algorithm. The result of a hash function is known as a hash value or simply, a hash.
  • 21. Validating with Hexadecimal Editors • Advanced hexadecimal editors offer many features not available in computer forensics tools – Such as hashing specific files or sectors • Hex Workshop provides several hashing algorithms – Such as MD5 and SHA-1 • Hex Workshop also generates the hash value of selected data sets in a file or sector
  • 22. Validating with Hexadecimal Editors (continued)
  • 23. Validating with Hexadecimal Editors (continued)
  • 24. Validating with Hexadecimal Editors (continued)
  • 25. Validating with Hexadecimal Editors (continued) • Using hash values to discriminate data – AccessData has a separate database, the Known File Filter (KFF) • Filters known program files from view, such as MSWord.exe, and identifies known illegal files, such as child pornography – KFF compares known file hash values to files on your evidence drive or image files Periodically – AccessData updates these known file hash values and posts an updated KFF
  • 26. Validating with Computer Forensics Programs • Commercial computer forensics programs have built-in validation features • ProDiscover’s .eve(EmbeddedVectorEditor) files contain metadata that includes the hash value – Validation is done automatically • Raw format image files (.dd extension) don’t contain metadata – So you must validate raw format image files manually to ensure the integrity of data Note: .eve files are general application for drawing vector diagrams
  • 28. Addressing Data-hiding Techniques • File manipulation – Filenames and extensions – Hidden property • Disk manipulation – Hidden partitions – Bad clusters • Encryption – Bit shifting – Steganography
  • 29. Hiding Partitions • We can create a partition and then hide it using a disk editor. • We can get access to hidden partitions using tools such as: – Gdisk(Ghost’s disk) – PartitionMagic – System Commander – LILO(Linux Loader)
  • 32. Marking Bad Clusters • Common with FAT systems • Place sensitive information on free space • Use a disk editor to mark space as a bad cluster • To mark a good cluster as bad using Norton Disk Edit – Type B in the FAT entry corresponding to that cluster
  • 33. Bit-shifting • Old technique • Shift bit patterns to alter byte values of data • Make files look like binary executable code • Tool – Hex Workshop
  • 37. Using Steganography to Hide Data • Greek for “hidden writing” • Steganography tools were created to protect copyrighted material – By inserting digital watermarks into a file • Suspect can hide information on image or text document files – Most steganography programs can insert only small amounts of data into a file • Very hard to spot without prior knowledge • Tools: S-Tools, DPEnvelope, jpgx, and tte
  • 38. Examining Encrypted Files • Prevent unauthorized access – Employ a password or passphrase • Recovering data is difficult without password – Key escrow • Designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure – Cracking password • Expert and powerful computers – Persuade suspect to reveal password
  • 39. Recovering Passwords • Techniques – Dictionary attack(A dictionary attack is a method of breaking into a password- protected computer or server by systematically entering every word in a dictionary as a password.) – Brute-force attack (cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered. ) – Password guessing based on suspect’s profile(Password guessing is an online technique that involves attempting to authenticate a particular user to the system. ) • Tools – AccessData PRTK – Advanced Password Recovery Software Toolkit – John the Ripper Note: Password cracking refers to an offline technique in which the attacker has gained access to the password hashes or database
  • 40. Recovering Passwords (continued) • Using AccessData tools with passworded and encrypted files – AccessData offers a tool called Password Recovery Toolkit (PRTK) • Can create possible password lists from many sources – Can create your own custom dictionary based on facts in the case – Can create a suspect profile and use biographical information to generate likely passwords
  • 41. Word List • FTK finds all stings in the data and makes a Word List from them
  • 44. Recovering Passwords (continued) • Using AccessData tools with passworded and encrypted files (continued) – FTK can identify known encrypted files and those that seem to be encrypted • And export them – You can then import these files into PRTK and attempt to crack them
  • 48. Performing Remote Acquisitions • Remote acquisitions are handy when you need to image the drive of a computer far away from your location – Or when you don’t want a suspect to be aware of an ongoing investigation
  • 49. Remote Acquisitions with Runtime Software • Runtime Software offers the following shareware programs for remote acquisitions: – DiskExplorer for FAT – DiskExplorer for NTFS – HDHOST • Preparing DiskExplorer and HDHOST for remote acquisitions – Requires the Runtime Software, a portable media device (USB thumb drive or floppy disk), and two networked computers
  • 50. Remote Acquisitions with Runtime Software (continued) • Making a remote connection with DiskExplorer – Requires running HDHOST on a suspect’s computer – To establish a connection with HDHOST, the suspect’s computer must be: • Connected to the network • Powered on • Logged on to any user account with permission to run noninstalled applications – HDHOST can’t be run surreptitiously
  • 52. Remote Acquisitions with Runtime Software (continued)
  • 53. Remote Acquisitions with Runtime Software (continued)
  • 54. Remote Acquisitions with Runtime Software (continued)
  • 55. Remote Acquisitions with Runtime Software (continued)
  • 56. Remote Acquisitions with Runtime Software (continued)
  • 57. Remote Acquisitions with Runtime Software (continued)
  • 58. Remote Acquisitions with Runtime Software (continued) • Making a remote acquisition with DiskExplorer – After you have established a connection with DiskExplorer from the acquisition workstation • You can navigate through the suspect computer’s files and folders or copy data – The Runtime tools don’t generate a hash for acquisitions
  • 59. Remote Acquisitions with Runtime Software (continued)
  翻译: