A wireless network refers to any type of computer network that is wireless and is commonly associated with a telecommunications network whose interconnections between nodes are implemented without the use of wires. Wireless telecommunications networks are generally implemented with some type of remote information transmission system that uses electromagnetic waves such as radio waves for [...]
Network forensics is the process of identifying criminal activity and the people behind the crime. Network forensics can be defined as sniffing, recording, acquisition, and analysis of the network traffic and event logs in order to investigate a network security incident. It allows investigator to inspect network traffic and logs to identify and locate the [...]
Every device on a network generates some kind of log for each and every action carried out on the network. Capturing and analyzing the log files are important steps for investigating the security posture of the target network, as they contain information about all the system, device, and user activities that took place within the [...]
Password-protected files might be a hurdle in the investigation process, as forensic investigators need to crack the passwords to gain access to the locked files. Password crackers use two primary methods to identify correct passwords: brute-force and dictionary searches. When a password cracker uses brute-force, it runs through combinations of characters within a predetermined length [...]
The goal of steganography and image file forensics is to find images with steganographic content and detect hidden content within digital images (image files) in a forensically sound manner. Investigators need to be familiar with the name of the common steganographic software and related terminology, and with websites about steganography. Using [...]
EnCase® Forensic solution lets examiners acquire data from a wide variety of devices, unearth potential evidence with disk level forensic analysis, and craft comprehensive reports on their findings, all while maintaining the integrity of their evidence. Forensics Investigation Using EnCase Computer Forensics Exercises / Forensics [...]
Forensics investigation involves the acquisition, preservation, analysis, and presentation of computer evidence. This type of evidence is fragile in nature and can easily, (or even inadvertently), be altered, destroyed, or rendered inadmissible as evidence. Computer evidence must be properly obtained, preserved, and analyzed to be accepted as reliable and valid in a court of law. [...]
File and partition recovery allows you to recover critically important documents and other files that have been lost by accidental deletion, intentional deletion to conceal the evidence, a system crash due to a virus, a software malfunction, or even sabotage. Forensic recovery of deleted files and partitions is achieved by using recovery tools that identify [...]
Data acquisition is the process of gathering evidence or information. This can be done by using established methods to acquire data from a suspected storage media outlet to gain access to information about the crime or other incident, and potentially using that data as evidence to convict a suspect. Investigating [...]
While investigating a computer-based crime, it is important to understand hard disks and filesystems, as these are the major sources of data storage. People usually delete their tracks after committing a crime with a computer in order to avoid being traced. That is why recovering the deleted files of hard disks and analyzing filesystems is [...]
