Understanding Examine file systems is imperative to access to the file system data and to rebuild the file system events. File systems comprise of five sections, namely, file system data, content data, metadata, file name, and file system application data. File system data The file system data gives details about the file system structure, like file system and file system block size, number of allocated blocks etc. 1. Content data This data has most of …
Understand Network Information for Forensic Investigation in this Sometimes when intruders gain remote access to a system, they try to find the other systems connected to the network and visible to the compromised system. To achieve this, the intruders create and execute batch files in the system and launch net view commands via SQL injection (by using a browser to send commands to the system through the web and database servers). When the users establish …
Understand Network Information for Forensic Investigation Read More »
In this article explain Other Important Information of forensic Investigation using investigator. Clipboard Contents Clipboard is a temporary storage area, where the system stores data during copy and paste operations. Most Windows applications provide this functionality through the Edit option on the menu bar, Clicking Edit reveals a drop-down menu, which contains choices, like cut, copy, and paste. The user selects text or other data, chooses copy, and then chooses Paste to insert that data …
Other Important Information of Forensic Investigation Read More »
Open Files using Command Line in this when the output obtained from psloggedon.exe commands shows the investigators that there are users logged on to the system remotely, then the investigators will also want to see what files have they opened, if any. Many times when someone accesses a system remotely, they might be looking for something specific while opening files. A user in a corporate environment could have shared available content and allowed other users to …
Windows Forensics, include the process of conducting or performing forensic investigations of systems which run on Windows operating systems, It includes analysis of incident response, recovery, and auditing of equipment used in executing any criminal activity. In order to accomplish such intricate forensic analyses, the investigators should possess extensive knowledge of the Microsoft Windows operating systems. This module will discuss about collecting volatile and non-volatile information; performing windows memory and registry analysis; cache, cookie, and …
Operating System Forensics is that the process of retrieving useful information from the OS (OS) of the pc or mobile device in question. The aim of collecting this information is to accumulate empirical evidence against the perpetrator. An OS (OS) is that the software component of a computing system that’s liable for the management and coordination of activities and therefore the sharing of the resources of the pc . The OS acts as a number …
In this article Explain different types of Anti-Forensics Tools which are using in forensic investigation. 1. Steganography Studio Source: http://stegstudio.sourceforge.net Steganography Studio is an anti-forensic tool to analyze the key steganographic algorithms. This tool implements algorithms that are configurable with a variety of filters. It implements the image analysis algorithms for the detection of hidden information. The software is developed in Java, allowing use in multiple OSs. 2. CryptaPix Source: http://www.briggsoft.com CryptaPix is an anti-forensic …
This article is based on Anti-Forensics Countermeasures & Anti-Forensics Challenges Anti-Forensics Tools: Privacy Eraser, Anti-Forensics Tools: Azazel Rootkit, Anti-Forensics Tools: QuickCrypto etc… Anti-Forensics Countermeasures Anti-Forensics Countermeasures this topic is explained in his article with the help of their tools like Privacy Eraser, Azazel Rootkit, QuickCrypto etc. Investigators can overcome the anti-forensic techniques discussed in this module through improved monitoring of systems or by fixing bugs in the current generation of computer forensic tools. Replace weak …
This article is based on Footprint and their Anti-Forensics Techniques like Memory injection and Syscall Proxying, Userland Execve Technique, Syscall proxying, Exploiting Forensics Tools Bugs,Detecting Forensic Tool Activities Memory injection and Syscall Proxying In the buffer over–flow exploit attack, the attackers use buffer overflows as entry to a remote system in order to inject and run code in the address space of a running program, thereby successfully altering the victim program’s behavior. Then, the attacker …
Anti-Forensics Techniques that Minimize Footprint Read More »
Rootkits are one of the anti-forensic techniques that attackers use to hide data, malicious files, and processes. This software is intended to hide processes that could reveal an attack from the OS itself. Rootkits allow viruses and malware to “hide in plain sight” by concealing files in ways that antivirus software might overlook them, disguising files as legitimate system files, through unlinking processes, and even hiding from detection by the OS, Rootkits themselves are not …
