All pages tagged with evidence
Computer Forensics: Introduction to Incident Response and Investigation of Windows NT/2000
The purpose of this paper is to be an introduction to computer forensics. Computer forensics is a newly emerged and developing field which can be described as the study of ...
Document added on June 6, 2011Forgetting to Lock the Back Door: A Break-in Analysis on a Red Hat Linux 6.2 Machine
This document is intended to highlight the steps taken in ascertaining the level of damage done in a network break-in (or hack attack) on our system, and the steps taken ...
Written by: Gary Belshaw and added on May 3, 2011Investigating an Internal Case of Internet Abuse
I was recently required to investigate an incident of Internet abuse that led to the discovery that one of our own administrators was a security risk. Though this investigation was ...
Written by: Mal Wright and added on March 9, 2011Nailing the Intruder
This paper is an attempt to link the various aspects of evidence relating to computer crime, the sources of such evidence and some tips on how to identify systems compromised ...
Written by: Vinay Narayan Disley and added on May 14, 2011The Coroners Toolkit - In depth
In this paper I will describe evidence gathering on a Unix system using "The Coroners Toolkit" version 1.09 hereafter referred to as TCT. TCT can be downloaded freely from porcupine.org/forensics/tct.html. ...
Written by: Clarke L. Jeffris and added on Jan. 2, 2011Windows Responders Guide
In this paper, we will discuss what are the issues one needs to consider during the initial response stage. There are critical evidence that need to be protected and gathered ...
Written by: Tan Koon Yaw and added on March 6, 2011Setting up a Linux Log Server to enhance System Security
If a break-in occurs and you want to track the cracker down, the system administrator will first check the log files for evidence of a break-in, so she must be ...
Written by: Chl0ie and added on Feb. 1, 2011Electronic Data Retention Policy
Imagine this scenario. During a routine staff meeting, a coworker from the legal department alerts your team to the fact that a sexual harassment case has recently been filed against ...
Document added on June 3, 2011Footprints in the Sand: Fingerprinting Exploits in System and Application Log Files
This paper will focus on the identification of the footprints that exploits leave on system logfiles and what they mean, as well as the most common traces that some recent ...
Document added on Jan. 7, 2011Digital Media Forensics
The area of digital media forensics is not just the art of finding deleted or hidden data; it is also the understanding of the underlying technologies behind the various tools ...
Document added on Feb. 9, 2011