Computer Hacker And Forensic Investigator Training

Understand-the-Importance-of-Network-Forensics

Understand the Importance of Network Forensics

Leave a Comment / CHFI / By

Understand the Importance of Network Forensics in this this article Network Forensics is the implementation of sniffing, recording, acquisition, and analysis of network traffic and event logs to investigate a network security incident. Capturing network traffic over a network is simple in theory, but relatively complex in practice due to many inherent reasons such as the large amount of data flow and complex nature of Internet protocols. Recording network traffic involves a lot of resources. …

Understand the Importance of Network Forensics Read More »

Mac-Forensics

Mac Forensics

Leave a Comment / CHFI / By

Mac Forensics in this article Mac is short for the Macintosh operating systems developed by Apple to support its line of devices and series of personal computers, Mac is one of the most adopted systems across the globe and is also facing increase in number of attacks annually. The investigators must have knowledge of Mac, its process, policies, functions and internal storage patters used by the operating system to be able to perform forensics. This …

Mac Forensics Read More »

Understand-Metadata-Investigation

Understand Metadata Investigation

Leave a Comment / CHFI, Knowledge Base / By

Metadata Investigation in this Metadata is the information related to the data stored on the system or a device. It contains details such as type of file, time of creation and modification, location, etc. Investigators can extract metadata to find the internal details of any file or application. Understanding Metadata Metadata is structured data, which gives information about certain characteristics of electronic data, including the time and the person that created, accessed, and modified the …

Understand Metadata Investigation Read More »

Inside-the-Registry

Inside the Registry

Leave a Comment / CHFI / By

A Windows Registry contains potential information which is of evidential value and can support the forensic analysts in exploring the different aspects of forensic investigation. A forensic analysis in general is performed with a specific agenda in mind. In the forensic investigator’s perspective, it is essential to know the type and significance of information to look for, and also where to find it. Forensic investigations which involve a windows platform vigorously require a careful assessment …

Inside the Registry Read More »

Understanding-EProcess-Structure

Understanding EProcess Structure

CHFI / By

Understanding EProcess Structure in Each process on the Windows operating system is associated with an executive process or Eprocess block. It is the basic data structure that stores various attributes of the process and the pointer to the other attributes and data structures related to the process. The investigator can read this data structure. The data structure is essentially a sequence of bytes, with each sequence having a particular meaning. The size and even the …

Understanding EProcess Structure Read More »

Memory-Dump

What is Memory Dump?

Leave a Comment / CHFI, Knowledge Base / By

MemoryDump or crash dump is a storage space, where the system stores a memory backup, in case of a system failure. The system also creates a memorydump when it does not have enough memory for system operation. This backup enables users to examine the cause of the system crash and helps to know about any errors in the applications or in the operating system. In Windows systems it is also known as the blue screen …

What is Memory Dump? Read More »

Collecting-Hidden-Partition-Information

Collecting Hidden Partition Information

Leave a Comment / CHFI, Knowledge Base / By

In this article explain Collecting Hidden Partition Information and diffrent types of hard disk partition and file formates. 1. Partition Logic Partition Logic is a hard disk partitioning and data management tool. It can create, delete, erase, format, defragment, resize, copy, and move partitions and modify their attributes. It can copy entire hard disks from one to another. 2. Partition Find & Mount Partition Find & Mount implements a new concept of deleted or lost …

Collecting Hidden Partition Information Read More »

Understanding-Examine- file-systems

Understanding Examine File Systems

Leave a Comment / CHFI / By

Understanding Examine file systems is imperative to access to the file system data and to rebuild the file system events. File systems comprise of five sections, namely, file system data, content data, metadata, file name, and file system application data. File system data The file system data gives details about the file system structure, like file system and file system block size, number of allocated blocks etc. 1. Content data This data has most of …

Understanding Examine File Systems Read More »

Understand-Network-Information-for-Forensic-Investigation

Understand Network Information for Forensic Investigation

Leave a Comment / CHFI / By

Understand Network Information for Forensic Investigation in this Sometimes when intruders gain remote access to a system, they try to find the other systems connected to the network and visible to the compromised system. To achieve this, the intruders create and execute batch files in the system and launch net view commands via SQL injection (by using a browser to send commands to the system through the web and database servers). When the users establish …

Understand Network Information for Forensic Investigation Read More »