COEN 252 Computer Forensics Windows Evidence Acquisition Boot Disk.

Slides:

Advertisements

Similar presentations

The Modern Control Boot Disk. 2 What do we mean by a Modern control boot disk? In your previous lectures you learned about the original DOS control boot.

Advertisements

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.

Write Blocking CSC 485/585.

Systems Software System Software Enables the applications software to interact with the computer and Helps the computer manage its internal and external.

The Penguin Sleuth Kit By Ernest Baca

Section 3.2: Operating Systems Security

2.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 2: Installing Windows Server.

Guide to Computer Forensics and Investigations Fourth Edition

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.

Guide to Computer Forensics and Investigations Third Edition Chapter 11 Network Forensics.

2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.

Starting Out with C++: Early Objects 5/e © 2006 Pearson Education. All Rights Reserved Starting Out with C++: Early Objects 5 th Edition Chapter 1 Introduction.

Module 6: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Implementing Disk Quotas.

®® Microsoft Windows 7 for Power Users Tutorial 10 Backing Up and Restoring Files.

Developed by Klaus Knopper Linux Consultant. What is Knoppix?  Unix-like operating system  Run directly from CD or DVD  Bootable from USB flash drive.

COEN 252 Computer Forensics Forensic Duplication of Hard Drives.

COEN 252 Computer Forensics

COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J w/ T. Scocca.

Capturing Computer Evidence Extracting Information.

Guide to Computer Forensics and Investigations, Second Edition

Chapter 4: Operating Systems and File Management 1 Operating Systems and File Management Chapter 4.

RAID Acquisition Computer Forensics COEN 152/252.

Sleuthkit/Autopsy Kevin Krause.

Comandos Windows. ASSOC - Displays or modifies file extension associations.

Chapter 7 Installing and Using Windows XP Professional.

Data Deletion and Recovery. Data Deletion  What does data deletion mean in your own words?

Passwords, Encryption Forensic Tools

Alternate Version of STARTING OUT WITH C++ 4 th Edition Chapter 1 Introduction to Computers and Programming.

CSC 125 Introduction to C++ Programming Chapter 1 Introduction to Computers and Programming.

Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.

IT Essentials 1 v4.0 Chapters 4 & 5 JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

ITE 1 Chapter 5. Chapter 5 is a Large Chapter It has a great deal of useful information about operating systems. You will find this VERY helpful when.

Boot Diskettes, Bootable USB Keys and Live CDs Used when the computer can't start for some reason, as a diagnostic, repair and recovery tool. Boot diskettes.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.

CHAPTER FOUR COMPUTER SOFTWARE.

Operating Systems JEOPARDY Computer Repair GeneralConcepts OS Tasks MoreConcepts Using the OS Misc

Introduction to Interactive Media Interactive Media Tools: Software.

Securely wiping hard drives The easy way with Live Distros! By Carl Weisheit.

Chapter 3 Installing Windows XP Professional. Preparing for installation Pre-installation requirement; ◦ Hardware requirements ◦ Hardware compatibility.

COEN 250 Computer Forensics Windows Life Analysis.

Multiboot System under Windows XP – Ubuntu – Windows 7 Qiong LIN - 28 April 2012.

The Operating System ICS3M.  The operating system (OS) provides a consistent environment for other software programs to execute commands.  It gives.

COEN 250 Computer Forensics Windows Life Analysis.

& Selected Topics: Digital Forensics Part I: Computer Forensics Chapter 2 Understanding Computer Investigation Xinwen Fu.

Copyright 2003 Scott/Jones Publishing Standard Version of Starting Out with C++, 4th Edition Chapter 1 Introduction to Computers and Programming.

 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.

COEN 250 Computer Forensics Unix System Life Response.

Data recovery in 15 minutes or less UsingKnoppix.

IT Essentials 1 v3 Module 4 JEOPARDY IT Essentials 1 RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Software Installation and Copyrights Basic Computer Concepts Installation Basics  Installation Process  Copy files from distribution disks.

Microsoft Window 9X Operating System Richard Goldman © February 28, 2001.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 24 Troubleshooting and Maintenance Fundamentals.

Chapter 3 Data Acquisition Guide to Computer Forensics and Investigations Fifth Edition All slides copyright Cengage Learning with additional info from.

COEN 252 Computer Forensics Forensic Duplication of Hard Drives.

Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.

Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.

From: Jörg Bänder Damian Borth Yong Soo Deutschle.

به نام خدای مهربان زبان تخصصی دانشجویان کامپیوتر English for Computer Students درس 3 جوانمرد Ejavanmard.blogfa.com

Computers: Tools for an Information Age

DIT314 ~ Client Operating System & Administration

Discovering Computers 2012: Chapter 8

Introduction to Operating Systems

Preinstallation Tasks

Chapter 4 – Introduction to Operating System Concepts

Why Computer Security Need???

COEN 252 Computer Forensics

COEN 252: Computer Forensics

Assignment 2: Activity 2 Produce a written report to explain how software utilities can improve the performance of Computer Systems. Select 3-4 utilities.

Presentation transcript:

COEN 252 Computer Forensics Windows Evidence Acquisition Boot Disk

Use a boot disk to Copy evidence from the hard drive. But there are usually better ways. To preview a system to discover whether an incident has occurred. To use a string search to see whether the computer contains evidence.

Windows Evidence Acquisition Boot Disk Windows Boot disk should prevent files to be altered. Change command.com io.sys to prevent it from accessing system components.

Windows Evidence Acquisition Boot Disk Delete the drvspace.bin file because it attempts to open compressed volumes. Add drivers to boot disk for ethernet connection, Zip drive, etc. needed to collect the evidence. Windows boot disks cannot access NTFS drives directly.

Windows Evidence Acquisition Boot Disk Alternatively, use a Linux boot disk. Forensic and Incident Response Environment (FIRE) Forensic and Incident Response Environment (FIRE) Helix (knoppix) Knoppix STD Local Area Security Linux Penguin Sleuth Kit (knoppix) Plan-B Snarl (FreeBSD)

Evidence Gathering Write protect the evidence hard drive with Software. By intercepting INT13h accessed to the disk. Write protect the evidence hard drive with Hardware.

Tools for Life-Examination Avoid using system tools on the evidence machine. This can get you into DLL hell. Use filemon to check what files are being accessed when you run a command from your forensic CD.