files

Linux-Forensics

Linux Forensics

Leave a Comment / CHFI, Knowledge Base / By

Linux forensics refers to performing forensic investigation on a Linux operated device. To do so, the investigators should have a good understanding on the techniques required to conduct live analysis; to collect volatile and non-volatile data, along with knowledge of various shell commands and the information they can retrieve. The investigators should also be aware of the Linux log files, their storage and location in the directory, as they are the most important sources of information …

Linux Forensics Read More »

Inside-the-Registry

Inside the Registry

Leave a Comment / CHFI / By

A Windows Registry contains potential information which is of evidential value and can support the forensic analysts in exploring the different aspects of forensic investigation. A forensic analysis in general is performed with a specific agenda in mind. In the forensic investigator’s perspective, it is essential to know the type and significance of information to look for, and also where to find it. Forensic investigations which involve a windows platform vigorously require a careful assessment …

Inside the Registry Read More »

Memory-Dump

What is Memory Dump?

Leave a Comment / CHFI, Knowledge Base / By

MemoryDump or crash dump is a storage space, where the system stores a memory backup, in case of a system failure. The system also creates a memorydump when it does not have enough memory for system operation. This backup enables users to examine the cause of the system crash and helps to know about any errors in the applications or in the operating system. In Windows systems it is also known as the blue screen …

What is Memory Dump? Read More »

Collecting-Hidden-Partition-Information

Collecting Hidden Partition Information

Leave a Comment / CHFI, Knowledge Base / By

In this article explain Collecting Hidden Partition Information and diffrent types of hard disk partition and file formates. 1. Partition Logic Partition Logic is a hard disk partitioning and data management tool. It can create, delete, erase, format, defragment, resize, copy, and move partitions and modify their attributes. It can copy entire hard disks from one to another. 2. Partition Find & Mount Partition Find & Mount implements a new concept of deleted or lost …

Collecting Hidden Partition Information Read More »

Understanding-Examine- file-systems

Understanding Examine File Systems

Leave a Comment / CHFI / By

Understanding Examine file systems is imperative to access to the file system data and to rebuild the file system events. File systems comprise of five sections, namely, file system data, content data, metadata, file name, and file system application data. File system data The file system data gives details about the file system structure, like file system and file system block size, number of allocated blocks etc. 1. Content data This data has most of …

Understanding Examine File Systems Read More »

Understand-Network-Information-for-Forensic-Investigation

Understand Network Information for Forensic Investigation

Leave a Comment / CHFI / By

Understand Network Information for Forensic Investigation in this Sometimes when intruders gain remote access to a system, they try to find the other systems connected to the network and visible to the compromised system. To achieve this, the intruders create and execute batch files in the system and launch net view commands via SQL injection (by using a browser to send commands to the system through the web and database servers). When the users establish …

Understand Network Information for Forensic Investigation Read More »

Other-Important-Information-of-forensic-Investigation

Other Important Information of Forensic Investigation

Leave a Comment / CHFI, Knowledge Base / By

In this article explain Other Important Information of forensic Investigation using investigator. Clipboard Contents Clipboard is a temporary storage area, where the system stores data during copy and paste operations. Most Windows applications provide this functionality through the Edit option on the menu bar, Clicking Edit reveals a drop-down menu, which contains choices, like cut, copy, and paste. The user selects text or other data, chooses copy, and then chooses Paste to insert that data …

Other Important Information of Forensic Investigation Read More »

How-to-Open-Files-using-Command -Line

How to Open Files using Command Line

Leave a Comment / CHFI, Knowledge Base / By

Open Files using Command Line in this when the output obtained from psloggedon.exe commands shows the investigators that there are users logged on to the system remotely, then the investigators will also want to see what files have they opened, if any. Many times when someone accesses a system remotely, they might be looking for something specific while opening files. A user in a corporate environment could have shared available content and allowed other users to …

How to Open Files using Command Line Read More »

Anti-Forensics-Tools

Anti-Forensics Tools

Leave a Comment / CHFI / By

In this article Explain different types of Anti-Forensics Tools which are using in forensic investigation. 1. Steganography Studio Source: http://stegstudio.sourceforge.net Steganography Studio is an anti-forensic tool to analyze the key steganographic algorithms. This tool implements algorithms that are configurable with a variety of filters. It implements the image analysis algorithms for the detection of hidden information. The software is developed in Java, allowing use in multiple OSs. 2. CryptaPix Source: http://www.briggsoft.com CryptaPix is an anti-forensic …

Anti-Forensics Tools Read More »