Collaboration Model for Law Enforcement X-Ways Investigator (investigator version of X-Ways Forensics)

Slides:



Advertisements
Similar presentations
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Advertisements

Guide to Computer Forensics and Investigations Fourth Edition
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 8 Operating Systems and Utility Programs.
Computer & Network Forensics
X-Ways Trace Prepared By: Leen F. Arikat Supervisor: Dr. Lo’ai Tawalbeh.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.
Capturing Computer Evidence Extracting Information.
Tasks Necessary for Setting Up a Hard Disk Initializing the disk with basic or dynamic storage type Creating partitions on basic disks or volumes on dynamic.
UNIT 14 Lecturer: Ghadah Aldehim 1 Websites. Introduction 2.
Linux Operations and Administration
Chapter Three OPERATING SYSTEMS.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 6: Windows File and Print Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
®® Microsoft Windows 7 for Power Users Tutorial 5 Comparing Windows 7 File Systems.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Chapter 5 Configuring, Managing, and Troubleshooting Resource Access
Licitware a forensic software tool designed to investigate computer crimes.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Gorman, Stubbs, & CEP Inc. 1 Introduction to Operating Systems Lesson 12 Windows 2000 Server.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Digital Crime Scene Investigative Process
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Your Interactive Guide to the Digital World Discovering Computers 2012.
Managing Disks and Drives Chapter 13 powered by dj.
Guide to Computer Forensics and Investigations Fourth Edition
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
1 Chapter Overview Preparing to Upgrade Performing a Version Upgrade from Microsoft SQL Server 7.0 Performing an Online Database Upgrade from SQL Server.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Module 3 Configuring File Access and Printers on Windows ® 7 Clients.
Configuring Data Protection Chapter 12 powered by dj.
Module 5: Implementing Group Policy
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Module 3: Configuring File Access and Printers on Windows 7 Clients
MCSE Guide to Microsoft Windows Vista Professional Chapter 5 Managing File Systems.
Managing Applications, Services, Folders, and Libraries Lesson 4.
© 2010 Megabyte Systems, Inc. All rights reserved. Setting up a new Document Type for Image Indexing Create a new directory Create a new directory.
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA Search.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
Lecture 02 File and File system. Topics Describe the layout of a Linux file system Display and set paths Describe the most important files, including.
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael Jones2Digital Forensic Investigations.
Chapter 8 Forensic Duplication Spring Incident Response & Computer Forensics.
Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.
CHAPTER 2 COMPUTER SOFTWARE. LEARNING OUTCOMES At the end of this class, students should be able to:  Explain the significance of software  Define and.
11 SUPPORTING WINDOWS XP FILE AND FOLDER ACCESS Chapter 5.
Instructor: Syed Shuja Hussain Chapter 4: Operating System Basics.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Computers: Tools for an Information Age
Discovering Computers 2012: Chapter 8
Module 4: Managing Access to Resources
Introduction to Operating Systems
File Management.
Planning a Group Policy Management and Implementation Strategy
Managing Data by Using NTFS
Managing Data by Using NTFS
Computer Forensics Lab 1 INFORMATION TECHNOLOGY DEPARTMENT LEBANESE FRENCH UNIVERSITY (LFU) COURSE CODE: IT402CF 1.
File System Management
Presentation transcript:

Collaboration Model for Law Enforcement X-Ways Investigator (investigator version of X-Ways Forensics)

Overview of User Interfaces for computer specialists X-Ways Forensics normal price (competitors) Overview of User Interfaces functional range/ complexity cost X-Ways Investigator half the price for investigators specialized in areas other than IT, e.g. accounting, building laws, money laundering, corruption, child pornography, ... additional administrative precautions and further simplifications possible

X-Ways Investigator: Important Features ability to create cases, assign evidence objects (media, images with any supported file system); optionally solely open containers, and also optionally only containers classified as secure (i.e. virus-free) differently specialized investigators may examine the same containers simultaneously, in their own cases, or write- protected in the case of another investigator logical search, search in index listing files from all evidence objects simultaneously, dynamic filters, sorting files, marking/selecting files viewing files, printing documents adding files to report tables, entering comments about files, evaluating files in one’s area of expertise; report creation

Collaboration Model Preparatory work performed with X-Ways Forensics, like imaging media, verify image integrity, assemble RAID systems, search deleted partitions, ... run thorough search for deleted files, file signature check, include contents of archives and pictures embedded in documents, specially deal with encrypted files, ... roughly filter out irrelevant data, like known ignorable files based on hash, exact duplicate files, with case-specific filters, ... rought select potentially relevant files based on search hits (resulting e.g. from keywords provided by specialized investigators), based on file type filters or special hash sets of incriminating files, ... roughly copy out relevant text from large binary files such as free space, swap files, etc. if found to be relevant because of search hits create a search index with adequate settings X-Ways Forensics

Evidence File Container Preparatory work with X-Ways Forensics results in a with all potentially relevant files An evidence file container retains the following for each file: file contents, file size filename in Unicode complete original path (optionally including evidence object name) deletion state (existent, deleted, renamed, moved, ...) all original timestamps as available (creation, contents change, metadata change, last access, deletion) DOS/Windows attributes, Unix/Linux permissions/filemode compression and encryption state if applicable, classification as alternative data stream, resource, slack if applicable, classification as ficitious file (for “free space”, embedded pictures, thumbnails, partition gaps etc.) Arbitrary free-text comments for each individual file can also be passed on, e.g. the real name of a file owner, preliminary findings, ...

Collaboration Model X-Ways Forensics “containers-only version” prosecutor report X-Ways Forensics container “containers-only version” for investigators specialized in areas other than IT, e.g. accounting, building laws, money laundering, corruption, child pornography, .... X-Ways Investigator cleared of viruses protected internal network for computer specialists

Installation Options Each investigator has an individual installation and configuration. Somewhat more administrative effort. Required e.g. for child pornography investigators who need to review CDs and DVDs without preparatory work by others. Several investigators share an installation on a server, optionally with an individual configuration. The network traffic is high when searching or hashing data. Several investigators share an installation on a terminal server, optionally with an individual configuration. The network traffic is reduced to screen data. Administrators are in charge of the installations, user accounts, and the assignment of access rights to case data and container files. Computer specialists provide the investigators with containers and search indexes.

Customizable User Interface The user interface of X-Ways Investigator can be partially tailored to individual needs, i.e. further simplified, or reduced for security reasons. Prevent media from being opened directly Prevent conventional images from being opened directy Prevent containers from being opened that are not classified as secure Disable functions to create containers Prevent non-picture files from being copied to the hard disk as part off the case report Disable functions work with the hash database Disable advanced options Prevent more complex commands from being invoked

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.