Presentation is loading. Please wait.

Presentation is loading. Please wait.

Responder Field Edition & Pro

Published byCatherine Porter Modified over 6 years ago

Similar presentations

Presentation on theme: "Responder Field Edition & Pro"— Presentation transcript:

1 Responder Field Edition & Pro
Memory Forensics A How To Guide For Responder Field Edition & Pro Prepare For Investigation Search & Analyze Report Findings

2 Preparation Forensic Analysis Where To Start
Begin by creating a list of search terms that are relevant to your investigation. Prioritize the terms based on importance. Goal: Search for artifacts relevant to your investigation Where To Start Create a list of things you know that are involved in the investigation: Names of people Office applications Domain names Encryption chat Project names addresses Filenames Phone numbers Websites Credit card numbers This list can be used to automate locating items in memory:

3 Approach For Investigating A Particular Application
Forensic Analysis Preparation (cont.) Considerations Try to find objects and artifacts that can tell you: Who has logged into the computer? When did things happen? What processes are running? What applications are installed? What file types of files are found? What are the capabilities of the installed programs? Approach For Investigating A Particular Application Know all you can: e.g., Skype: Google: “Skype” What is it? How is it used? Why is the suspect using it? Is there volatile data in memory that might not be available by performing disk based forensics?

4 Investigating Webmail
Forensic Analysis Investigating Webmail Web Browser Artifacts -Web sites visited -Files downloaded -Memory offsets WebMail Search Terms -Locate addresses: @gmail.com @hotmail.com @yahoo.com @hushmail.com Attachment &passwd= &login=

5 Skype Memory Artifacts
Forensic Analysis Investigating Skype Skype Memory Artifacts Verify Skype is running via the “Process” list: Inspect the “Open Files” list Sort by name Locate Skype Identify the Windows username and the Skype username: C:\Documents and Settings\username\Application Data\Skype\skype username.

6 Locate Unencrypted Chat
Forensic Analysis Investigating Skype Locate Unencrypted Chat Skype uses the # and $ sign to denote chat conversations. Search for the Skype username with a # and or $ sign preceding the name. Make sure to search for ASCII and Unicode strings. Make sure to search for ASCII and Unicode strings: Example chat snippet:

Download ppt "Responder Field Edition & Pro"

Similar presentations

Legal Meetings: Extended Instructions on Movica and Screencast.

Legal Meetings: Extended Instructions on Movica and Screencast.
Extended DISC Online System User Instruction: How to Run a Team Analysis.

Extended DISC Online System User Instruction: How to Run a Team Analysis.
Joe Riggins HBGary Sr. Director of Incidence Response

Joe Riggins HBGary Sr. Director of Incidence Response
Presented by Office of Distance Education of Learning Technologies.

Presented by Office of Distance Education of Learning Technologies.
(Email) Basics Apr 2011 Public Computer Center Moore Memorial Library | Greene, NY.

( ) Basics Apr 2011 Public Computer Center Moore Memorial Library | Greene, NY.
10 Ways Technology Can Increase Sales What is Sales About? Awareness Interest Desire Action.

10 Ways Technology Can Increase Sales What is Sales About? Awareness Interest Desire Action.
Search Engines. Allows a user to find information residing on remote computers; Searching differs from browsing in that the user is not required to provide.

Search Engines. Allows a user to find information residing on remote computers; Searching differs from browsing in that the user is not required to provide.
Paying your MCCFA Dues via our new Website Go to our new website: (you may need to clear your browser cache)http://www.mccfa.org.

Paying your MCCFA Dues via our new Website Go to our new website: (you may need to clear your browser cache)
Microsoft Office 2013 ®® Appendix A Introduction to Cloud Computing.

Microsoft Office 2013 ®® Appendix A Introduction to Cloud Computing.
New School Websites Teacher Pages. Visit the SCUSD Website for videos tutorials: www.scusd.edu/website-training-teachers For more information.

New School Websites Teacher Pages. Visit the SCUSD Website for videos tutorials: For more information.
ADVANCED CONCEPTS IN GOOGLE CALENDAR Advanced Session By Information Technology Services itservices.uncc.edu.

ADVANCED CONCEPTS IN GOOGLE CALENDAR Advanced Session By Information Technology Services itservices.uncc.edu.
Engaged with you. KeyBoarding Pro Deluxe ONLINE Getting Registered COURSE NAME.

Engaged with you. KeyBoarding Pro Deluxe ONLINE Getting Registered COURSE NAME.
What is RefWorks A web-based bibliographic citation manager It allows you to collect, save and organize bibliographic citations to journal articles, books,

What is RefWorks A web-based bibliographic citation manager It allows you to collect, save and organize bibliographic citations to journal articles, books,
Office 2013 From the START menu, select Microsoft Word. You should be prompted to log into your school Microsoft 365 account.

Office 2013 From the START menu, select Microsoft Word. You should be prompted to log into your school Microsoft 365 account.
JMU Outlook, Messenger, and Skydrive An easier way to upload and store files to share.

JMU Outlook, Messenger, and Skydrive An easier way to upload and store files to share.
Microsoft Office Communicator A General Introduction.

Microsoft Office Communicator A General Introduction.
Lesson 4: The Internet and Outlook. Learning Objectives After studying this lesson, you will be able to:  Use the Search box with Internet Explorer 

Lesson 4: The Internet and Outlook. Learning Objectives After studying this lesson, you will be able to:  Use the Search box with Internet Explorer 
Plan My Move & MilitaryINSTALLATIONS May, 2008 Relocation Personnel Roles and Responsibilities MC&FP.

Plan My Move & MilitaryINSTALLATIONS May, 2008 Relocation Personnel Roles and Responsibilities MC&FP.
WHY?. Accessing Google Drive Online Besides accessing Drive from your computer, you can access it online in Google Apps. Click the GOOGLE APP icon, then.

WHY?. Accessing Google Drive Online Besides accessing Drive from your computer, you can access it online in Google Apps. Click the GOOGLE APP icon, then.
Tutorials: How to Refer. Welcome This tutorial will take you through the steps to invite your friends and family to take advantage of cash back shopping.

Tutorials: How to Refer. Welcome This tutorial will take you through the steps to invite your friends and family to take advantage of cash back shopping.

Similar presentations

Ads by Google