티스토리 뷰
First step in computer forensics is seize
Running sheet: chain custody is the keeping the record of evidence to keep from tempering
The analysis shouldn't change the evidence during process.
Write background, objectives, strategies from assessment document
Things to see when seize the computer: any volotile memory content, virtual machine, network device.
step and strategies are different.
Answer from lecture 06082018 2.30
Background
Clack has allegedly accessed clown images. Clack accepts being the owner of the physical device, but denies ownership of the clown content. He blames malware for the clown content on his device. The original device has been forensically wiped after a logical acquisition has been performed on the device.
Objectives
Find the clown images, if any.
Link the images of the clown with Clack.
Prove intent.
Strategies
Carve out files from the forensic image to determine if any of the files are linked to clowns.
Find personally identifiable content with Clark in relation to the clown images.
The duration of access of the clown images and the actions performed on them.
'AU Study > CSG2305 Computer Forensics' 카테고리의 다른 글
| W7 Mon 10092018 (0) | 2018.09.10 |
|---|---|
| W6 03092018 Mon (0) | 2018.09.06 |
| W5 Mon 27082018 (0) | 2018.08.27 |
| W4 Mon 20082018 (0) | 2018.08.24 |
| W3 Mon 13082018 (0) | 2018.08.15 |