Understanding Examine file systems is imperative to access to the file system data and to rebuild the file system events. File systems comprise of five sections, namely, file system data, content data, metadata, file name, and file system application data. File system data The file system data gives details about the file system structure, like file system and file system block size, number of allocated blocks etc. 1. Content data This data has most of …
In this article explain Other Important Information of forensic Investigation using investigator. Clipboard Contents Clipboard is a temporary storage area, where the system stores data during copy and paste operations. Most Windows applications provide this functionality through the Edit option on the menu bar, Clicking Edit reveals a drop-down menu, which contains choices, like cut, copy, and paste. The user selects text or other data, chooses copy, and then chooses Paste to insert that data …
Other Important Information of Forensic Investigation Read More »
Windows Forensics, include the process of conducting or performing forensic investigations of systems which run on Windows operating systems, It includes analysis of incident response, recovery, and auditing of equipment used in executing any criminal activity. In order to accomplish such intricate forensic analyses, the investigators should possess extensive knowledge of the Microsoft Windows operating systems. This module will discuss about collecting volatile and non-volatile information; performing windows memory and registry analysis; cache, cookie, and …
Operating System Forensics is that the process of retrieving useful information from the OS (OS) of the pc or mobile device in question. The aim of collecting this information is to accumulate empirical evidence against the perpetrator. An OS (OS) is that the software component of a computing system that’s liable for the management and coordination of activities and therefore the sharing of the resources of the pc . The OS acts as a number …
In this article Explain different types of Anti-Forensics Tools which are using in forensic investigation. 1. Steganography Studio Source: http://stegstudio.sourceforge.net Steganography Studio is an anti-forensic tool to analyze the key steganographic algorithms. This tool implements algorithms that are configurable with a variety of filters. It implements the image analysis algorithms for the detection of hidden information. The software is developed in Java, allowing use in multiple OSs. 2. CryptaPix Source: http://www.briggsoft.com CryptaPix is an anti-forensic …
Rootkits are one of the anti-forensic techniques that attackers use to hide data, malicious files, and processes. This software is intended to hide processes that could reveal an attack from the OS itself. Rootkits allow viruses and malware to “hide in plain sight” by concealing files in ways that antivirus software might overlook them, disguising files as legitimate system files, through unlinking processes, and even hiding from detection by the OS, Rootkits themselves are not …
In this article Anti-Forensics Techniques has been explained with its different topic like Trail Obfuscation, Artifact Wiping, Encryption and Program Packers this techniques etc. 1. Anti-Forensics Techniques: Trail Obfuscation Anti-Forensics Techniques Trail Obfuscation is one of the anti-forensic technique that attackers use to mislead, divert, complicate, disorient, sidetrack, and/or distract the forensic examination process. The process involves different techniques and tools, such as Log cleaners Spoofing Misinformation Backbone hopping Zombie accounts Trojan commands In this …
Detecting Steganography in this article how to detect Steganography explained with it types as well as Steganography detecting files explained with the help of tools using in stegenography and data hiding in file system structures technique. Software Clues on the Computer During investigation, the investigators should first look at files, documents, software applications, and other suspicious files for clues hidden through steganography. Steganography investigators should also know about common steganographic techniques, software, tools, terminologies, and …
Recovering Deleted Partitions in this article explain how to recover delete partition and which of the tools using in it. What happens when deleting a partition? When a user deletes a partition from a hard disk drive, two things are possible: All data will be lost on that deleted partition or logical drive. In the case of a dynamic disk, deleting a partition can delete all the dynamic volumes on the disk, leaving the disk …
Understand File Recovery in Mac OS X, MAC and Linux in this article explain Mac OS X, MAC and Linux file recovery methods and tools. In Mac OS X, data deletion can be possible due to the following reasons: Emptying the Mac Trash folder Using the Shift+Del keys Corruption in a hard drive Virus or Trojan Infection Unexpected system shutdown Software or hardware malfunction Recovering deleted files in Mac OS X has three methods: 1. …
Understand File Recovery in Mac OS X, MAC and Linux Read More »
