Ads 468x60px

Featured Posts

18 March 2019

A basic computer forensics

There are people who think forensics is a small part of Security. That’s right, but this small part is very big. Usually, there are two kind of computer forensic investigator. The guy who acquires the digital evidences and manage the laboratory, and the specialist who analyses digital evidences. The role of this last one is very important because he must have deep knowledge about the technology which is going to be analysed. For instance, if a video game console has to be analysed, the case will need a video game console specialist. Therefore, computer forensics need lots of specialist with deep knowledge in specific fields.

This post is not going to be about a difficult and specific computer forensic analysis but about an easy one. You will be able to watch in the next video how to look for encrypted files as well as virtual machines volumes. In addition, we’ll recover deleted files and we'll check file extensions to look for alterations. We’ll also analyse the disk partition and the file system with the aim of knowing what operating system and applications were running in the digital evidence. What’s more, system and security events will be analysed to look for interesting facts as well.

This has been a basic computer forensics where we have used six tools. AccessData FTK Imager for mounting digital evidences. Passware Encryption Analyzer to look for encrypted files. Autospy, which is a digital forensics platform that I really love, to look for virtual machines volumes, files, mail accounts, etc. Active Disk Editor for analysing the disk partition and the file system. Windows Registry Recovery to know applications installed, operating system version, IP address, etc. The last tool I’ve used is Event Log Explorer for searching windows event logs.

Do you think it’s difficult? Keep learning and keep studying!!

11 March 2019

Forensic - Data recovery and metadata analysis

My first step into Forensics was 9 years ago when I was studying a master’s degree about System Administrator with Open Source Operating Systems. This master’s degree had a subject about Forensics. Later on, I’ve taken training and I’ve tried challenges about Forensics such as the CyberSecurity Challenge in the ForoCIBER 2018. Today, I’m writing about data recovery and metadata analysis because I’ve recorded a video, which will be the next laboratory, for my students of the Forensics Training Course at FEVAL in Extremadura.

Edmond Locard

We can watch in the next video how to recover data and analyse metadata of a memory stick where there were 10 pictures but only three of them are interesting. First, we verify the SHA hash to check image hasn’t been modified. Secondly, we have to mount the image in read-only for keeping image safe. Once image is mounted, we can work with it. We analyse the file system. We can also recover data. Finally, we can even know where pictures were taken and what camera took the pictures. I think this is an easy and interesting laboratory for beginners.

There are lots of Digital Forensics Tools. You can watch some of them in the video. There are also lots of information on the Internet to deep down in Forensics. What’s more, there are certification such as the Computer Hacking Forensic Investigator (CHFI), which could be the starting point to Forensics. Therefore, you just have to want learning and looking for the time for training.

Keep learning and keep studying my friends!
Related Posts Plugin for WordPress, Blogger...

Entradas populares