Around The Globe ATG.WORLD

Visit our sister website :

http://www.atg.world/

This is a social network for enthusiasts just like us. No Junk! Only meaningful conversations with the people who share the same enthusiasm as us.

Around The Globe ATG.WORLD

Visit our sister website :

http://www.atg.world/

This is a social network for enthusiasts just like us. No Junk! Only meaningful conversations with the people who share the same enthusiasm as us.

Monday, August 31, 2009

Analysis of Digital Evidence

Examination
  • Start a script with time, name and date.
  • Examine the partition and directories on the hard drive.
  • Use the Hex editor to view suspect areas.
  • Search for terms related to case.
  • Retrieve deleted files.
  • Check unallocated and slack space.
  • If evidence is found specify the cylinder, head and sector.
Authenticate your recovered evidence.
  • Create an Electronic Hash of all electronic evidence.
  • MD5SUM, SHA or Tripwire.
Analyze the data without modifying it.
  • Make two backups of the original data.
  • Perform a bit by bit (bit stream) backup.
  • Create a hash of each backup prior to analysis.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)