Data

Understand-Log-Capturing-and-Analysis-Tools

Understand Log Capturing and Analysis Tools

Leave a Comment / CHFI / By

Understand Log Capturing and Analysis Tools in this article explain different types of log capturing tools and analysis tools which are used in forensic investigation. Log Capturing and Analysis Tools Features: Analysis of log data, including SNMP traps, Windows event logs, W3C logs, text-based logs, Syslog, SQL Servers, and Oracle audit logs Provides specific reports for some of the major compliance acts as well as other standard reports Filter-enabled charts provide access to the important …

Understand Log Capturing and Analysis Tools Read More »

Centralized-Logging

What is Centralized Logging?

Leave a Comment / CHFI / By

Centralized Logging is defined as a gathering of the computer system logs for a group of systems in a centralized location. All network logs are stored on a centralized server or computer, which helps administrators perform easy backup and retrieval. It allows the administrator to check logs on each system on a regular basis. It is used to efficiently monitor computer system logs with the frequency required to detect security violations and unusual activity. Centralized …

What is Centralized Logging? Read More »

Understand-Log-File-Accuracy

Understand Log File Accuracy

Leave a Comment / CHFI / By

Understand Log File Accuracy in this during forensic investigation, log files provide a valuable source of evidence. Since these log files act as evidence in court, investigators should ensure that the files are accurate. Without following certain guidelines while collecting and preserving the log files, they will not be acceptable as valid evidence in the court. Therefore, investigators should follow the above mentioned steps to maintain the log file accuracy. Log Everything Configure the web …

Understand Log File Accuracy Read More »

Summarize-the-Event-Correlation

Summarize the Event Correlation

Leave a Comment / CHFI, Knowledge Base / By

Summarize the Event Correlation in this article Event correlation is a technique used to assign a new meaning for relating a set of events that occur in a fixed amount of time. This event correlation technique identifies a few events that are important among the large number of events. During the process of event correlation, some new events may occur and delete some existing events from the event stream. In general, the investigators can perform …

Summarize the Event Correlation Read More »

Understand-Laws-and-Regulations

Understand Laws and Regulations

Leave a Comment / CHFI, Knowledge Base / By

Understand Laws and Regulations in this there are many laws that affect digital forensics investigation; for example, some jurisdictions have passed laws that require the investigator to be either a law enforcement officer or a licensed private investigator to extract the evidence. Of course, that does not prevent a forensic investigator from working with information someone else extracted or extracting evidence if the information owner gave his or her permission. It is important to be …

Understand Laws and Regulations Read More »

Understand-the-Importance-of-Network-Forensics

Understand the Importance of Network Forensics

Leave a Comment / CHFI / By

Understand the Importance of Network Forensics in this this article Network Forensics is the implementation of sniffing, recording, acquisition, and analysis of network traffic and event logs to investigate a network security incident. Capturing network traffic over a network is simple in theory, but relatively complex in practice due to many inherent reasons such as the large amount of data flow and complex nature of Internet protocols. Recording network traffic involves a lot of resources. …

Understand the Importance of Network Forensics Read More »

Mac-Forensics

Mac Forensics

Leave a Comment / CHFI / By

Mac Forensics in this article Mac is short for the Macintosh operating systems developed by Apple to support its line of devices and series of personal computers, Mac is one of the most adopted systems across the globe and is also facing increase in number of attacks annually. The investigators must have knowledge of Mac, its process, policies, functions and internal storage patters used by the operating system to be able to perform forensics. This …

Mac Forensics Read More »

Understand-Metadata-Investigation

Understand Metadata Investigation

Leave a Comment / CHFI, Knowledge Base / By

Metadata Investigation in this Metadata is the information related to the data stored on the system or a device. It contains details such as type of file, time of creation and modification, location, etc. Investigators can extract metadata to find the internal details of any file or application. Understanding Metadata Metadata is structured data, which gives information about certain characteristics of electronic data, including the time and the person that created, accessed, and modified the …

Understand Metadata Investigation Read More »

Inside-the-Registry

Inside the Registry

Leave a Comment / CHFI / By

A Windows Registry contains potential information which is of evidential value and can support the forensic analysts in exploring the different aspects of forensic investigation. A forensic analysis in general is performed with a specific agenda in mind. In the forensic investigator’s perspective, it is essential to know the type and significance of information to look for, and also where to find it. Forensic investigations which involve a windows platform vigorously require a careful assessment …

Inside the Registry Read More »

Collecting-Hidden-Partition-Information

Collecting Hidden Partition Information

Leave a Comment / CHFI, Knowledge Base / By

In this article explain Collecting Hidden Partition Information and diffrent types of hard disk partition and file formates. 1. Partition Logic Partition Logic is a hard disk partitioning and data management tool. It can create, delete, erase, format, defragment, resize, copy, and move partitions and modify their attributes. It can copy entire hard disks from one to another. 2. Partition Find & Mount Partition Find & Mount implements a new concept of deleted or lost …

Collecting Hidden Partition Information Read More »