1 / 20

Missing person’s Investigation Reporting

Missing person’s Investigation Reporting. By: Steven Burnham Network Forensics. Introduction. First arrival at the crime seen Physical and documental evidence Deciding on which computer to use Communication links Technology Forensic software to be used Going to court.

levia
Download Presentation

Missing person’s Investigation Reporting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Missing person’s Investigation Reporting By: Steven Burnham Network Forensics

  2. Introduction • First arrival at the crime seen • Physical and documental evidence • Deciding on which computer to use • Communication links • Technology Forensic software to be used • Going to court

  3. First arrival to the crime scene • Observe the crime scene • Document the scene • Do a site survey

  4. Collecting the Evidence • Extracting information

  5. Communication Links • Decide if this computer is on a network • Scan for WAP • Determine whether other computers will need to be examined • Observe the network connections

  6. Cataloging the physical evidence • Move through the scene carefully • Proper authorization • Choose your starting point • Choose a reference • Be detailed

  7. Creating an Image of the hard drive • Forensics utilities • Forensics Toolkit • AccessData

  8. Look for notes • Password • Encryption key or pass code • Uniform Resource Locator (URL) • IP address • E-mail address

  9. Look for notes, cont • Telephone number • Name • Address • Filename • Upload/Download/Working directory

  10. Hard-copy/documentary documents • Things you can hold and touch • Any document • Notes • Reports • Drawings

  11. Analyzing the system • Convincing the judge or jury • Take a snapshot before and after • Hash values • Utilities to calculate the hash values

  12. Forensic Tools • Is it safe for your investigation • Prove the legitimacy of the tool • Commercial tools

  13. Forensic Toolkit • Examples of FTK being used to solve a case • Court accepted digital investigation tool

  14. Encase • Pros of Encase • MD5 Footer • Bit by bit image • EnCase platforms

  15. Integrity of your evidence • Integrity of the hardware • Protecting the hardware • Collection handling procedures • Precautions in your investigation

  16. Message Digest Algorithm 5 • What is MD5 • What is MD5 used for • Pros/Cons

  17. Cyclic Redundancy Check • What is CRC • What is CRC good for • Pros/Cons

  18. InstantMessaging • Yahoo Messenger • ICQ • Gtalk

  19. Conclusion • Types of evidence • First arrival at the crime scene • Evidence in the judges eyes • Encase • FTK

  20. References • Computer Forensics JumpStart • What all this MD5 hash stuff actually means • Cyclic Redundancy Checking

More Related