Kategorie: Wszystkie - forensics - metadata - volatility

przez CAITLYN KNIGHTS 3 lat temu

308

Digital Forensics

Digital Forensics

Digital Forensics

What is it

Collecting, examining, analysing, and reporting digital/electronic evidence.
Hidden data
To view: Exiftool

Hex editors

Computer program that allows for manipulation of fundamental binary code
Reverse Engineering
Examining and fixing corrupt files

Collecting Evidence

Hashes
Screenshots
Network traffic
TCP/UDP

UDP: User datagram protocal

Common: video chatting, Onlinegaming

Fast

Data is sent without connection

TCP: Transmission control protocol

To setup a connect a handshake is preformed

2 or more computers communicating

Wireshark, tcpdumb

Bit by Bit image of drive
Capture system Images
Capture RAM

Wireshark

Recorded traffic in pcap files
protocol analyser/ network packet
Packet

Contains data & other important info : Directed IP address

Unit of data transfer over a network

Steganography

Concealing data withing other data

ASCII

Allows computer to transfer data easily
Most computers use ASCII for text
Code for representing 128 English character **Numbers**

Sources to examine

Deleted files
Metadata
Memory Images
Applications
Networks
Hardware & OS
Storage

Volatility

Memory most to least
Hard-drive
Files written to disk
Data stored in RAM
CPU cache/registers