290 likes | 670 Views
Missing person’s Investigation Reporting. By: Steven Burnham Network Forensics. Introduction. First arrival at the crime seen Physical and documental evidence Deciding on which computer to use Communication links Technology Forensic software to be used Going to court.
E N D
Missing person’s Investigation Reporting By: Steven Burnham Network Forensics
Introduction • First arrival at the crime seen • Physical and documental evidence • Deciding on which computer to use • Communication links • Technology Forensic software to be used • Going to court
First arrival to the crime scene • Observe the crime scene • Document the scene • Do a site survey
Collecting the Evidence • Extracting information
Communication Links • Decide if this computer is on a network • Scan for WAP • Determine whether other computers will need to be examined • Observe the network connections
Cataloging the physical evidence • Move through the scene carefully • Proper authorization • Choose your starting point • Choose a reference • Be detailed
Creating an Image of the hard drive • Forensics utilities • Forensics Toolkit • AccessData
Look for notes • Password • Encryption key or pass code • Uniform Resource Locator (URL) • IP address • E-mail address
Look for notes, cont • Telephone number • Name • Address • Filename • Upload/Download/Working directory
Hard-copy/documentary documents • Things you can hold and touch • Any document • Notes • Reports • Drawings
Analyzing the system • Convincing the judge or jury • Take a snapshot before and after • Hash values • Utilities to calculate the hash values
Forensic Tools • Is it safe for your investigation • Prove the legitimacy of the tool • Commercial tools
Forensic Toolkit • Examples of FTK being used to solve a case • Court accepted digital investigation tool
Encase • Pros of Encase • MD5 Footer • Bit by bit image • EnCase platforms
Integrity of your evidence • Integrity of the hardware • Protecting the hardware • Collection handling procedures • Precautions in your investigation
Message Digest Algorithm 5 • What is MD5 • What is MD5 used for • Pros/Cons
Cyclic Redundancy Check • What is CRC • What is CRC good for • Pros/Cons
InstantMessaging • Yahoo Messenger • ICQ • Gtalk
Conclusion • Types of evidence • First arrival at the crime scene • Evidence in the judges eyes • Encase • FTK
References • Computer Forensics JumpStart • What all this MD5 hash stuff actually means • Cyclic Redundancy Checking