Knight Talks Tech

Introduction to computer forensics and investigations

This post was republished to Triathlon John at 17:51:12 17/12/2014
Introduction to computer forensics and investigations
These are my notes from the course provided by OpenLearn, they are not intended to provide guidance in a work environment and I accept no responsibility for how these are used – they are simply my notes made from studying.

Introduction

Area glamorised by television shows and movies.
Other terms also used to describe area include:

Learning outcomes

Setting the scene

Tools

Exercise 1

Summary:

A bit of practical fun

Download USBDeview and Helix using the links above.
USBDeview is an exe which can be run from its folder.
Helix is an ISO which needs to be burnt to disc.
Finding passwords

Windows File Analyzer (WFA)

Additional activity

The activities reviewed previously would allow for someone to investigate the web sites visited by the user of a computer. They could prove the likelihood of a user visiting a specific website and performing certain actions – the images viewed as one example. It is likely necessary for more advanced software to be used to provide solid evidence and also correct procedures to be followed.

Summary

Demonstrated what kind of artefacts are left behind on a user’s computer.
Provided a look at different tools that can be used to carry out an investigation although the quality of the results between the two were varied.
Outlined how an investigation should be conducted correctly in order to produce evidence which would be submissible.

Exit mobile version