Chapter 1 Introduction to forensics The computer forensics is extracting data from storage device in scientific manner.The forensics is done in three process: collecting, analysing, and presenting. Chain of custody is important principle in forensics. It contain detailed log of evidence. Also, having knowledge in hardware, software, and network is important in computer forensics.
data recovery in forensics need to be carefully made that do not temper original state. Different file extension may cause confusion in investigation. like psd for photoshop. Also, raw graphic file may be overlooked as they don't have file extension. jpeg and tiff include metadata(exif) with first 160 bytes. In editing or viewer have list of recent files that may give extra information about int..
W5 Mon 27082018
Do workshop 5. 000001F4 - Username Administrator, Description Built-in account for administering the computer/domain, SID 500 000001F5 - Username Guest, Description Built-in account for guest access to the computer/domain, SID 501 0000003E9 - Username jfriday, Fullname jfriday, SID 1001 0000003EB - Username HomeGroupUser$, Description Built-in account for homegroup access to the computer, SID 10..
Big endian and little endian are different way of reading hex data. Workshop 4 Task 1 The text file called "suicide1.txt" was found in usb. It says "I just can't go on any longer. Someone has to help me! Sylvia". So the Joshua's girlfriend seems to have difficulty in some problem and thinking suicide. The creation time to the text file is 09/12/2005 9.48. The MD5 hash value of it is "cb3899712da..
First step in computer forensics is seize Running sheet: chain custody is the keeping the record of evidence to keep from tempering The analysis shouldn't change the evidence during process. Write background, objectives, strategies from assessment document Things to see when seize the computer: any volotile memory content, virtual machine, network device. step and strategies are different. Answe..