Computer Hacking and Forensics Notes

By: cwolfe | Related Course: Computer Hacking and Forensics
Join Cybrary

Introduction (Click to View Notes)

Forensics is the aggregate... like SEIM for Logs.modern forensics --history (origin to present)-investigative process-searches and seizures -digital evidence-how to be a first responder-building a lab: mobile labs, etc~file systems~windows~data acqu [view]

Module 9 – Data Acquisition (Click to View Notes)

uptime is a unix CMD. It provides timestamp info and how many users. if you do man uptime then it provides further info.  [view]

Module 10 – Recovering and Deleting Files (Click to View Notes)

Have to pay for the tool in order to get your files back after finding them.  [view]

Module 11 – Access Data (Click to View Notes)

layers 6 and 7 from OSI model are in use here. intrope will tell you what type of file it is even if it doesn't list it.  [view]

Module 14 – Application Password Checkers (Click to View Notes)

Very popular program for both forensic and Ethical Hacking community. used to generate a report about the incident. Easy to use program that helps to get access to a file.  [view]

Module 15 –Log Capturing and Event Correlation (Click to View Notes)

Provides a graph option to make comparison to baseline easy. provides a search option in the log file via keyword. Creates reports.... looking for low hanging fruit. provides FISMA compliance reports as well. As well as PCI compliance report. HIPP [view]

Module 1 - Modern Forensics (Click to View Notes)

Evolution:Finger prints is 1822 - 1911blood groupings, 1887 - 1954moves forward with the study of fire arms and documents. in 1984 is when computer analysis and response starts. Most attacks focus on internal and external. Using the "physical" to fi [view]

Module 2 - Investigative Process (Click to View Notes)

MD5sum -easy tool to use. Google md5sum ... is what Leo uses. copy it to root of hard drive. open cmd to use utility. will also need a file for the program. Leo used a .txt file. C:\>notepad password.txtC:\>md5sum password.txt{ins [view]

Module 3 - Searching and Seizing (Click to View Notes)

Overview of Searching and Seizingbe familiar with 4th amendment = against illegal searches and seizures. - Patriot ActHave to define what's in scope and what's out of scope.implied exigent circumstances: the implied urgency of a situation vs. urgent [view]

Module 4 – Digital Evidence (Click to View Notes)

Digital Evidence: something that is digital that will be used in courtTypes --anti-digital forensics/evidence_ex. - zeroize data-volatile vs. nonvolatile, transient data, fragile, temporary, archive data, back up, and active data. Federal rules of E [view]

Module 5 – First Responder (Click to View Notes)

Hex Workshopused to edit files and look at hexdecdo a complete install. Looks a bit like EnCase in appearance.Can leave open: structure window, results window, status bar, data inspector, expression calculator, and data visualization can have a pref [view]

Module 6 – Computer Forensics Labs (Click to View Notes)

Paraben P2 ExplorerA freeware version. This is a device seizure application/software. Looks at all mounted programs and applications. Doing multi forensic investigations with multi drives. Does offer the MD5 hash value.  [view]

Module 7 – Hard Disks and File Systems (Click to View Notes)

takes things out of the list that deletes/cleans up what they want. can be used to hide tracks. focuses on windows programs list.go to control panel for the program list.  [view]

Module 8 – Windows Forensics (Click to View Notes)

disable phishing and malware protection in order to downloadthis is a shareware program. Can buy two source and destination directories. this is only a file comparison tool. nothing more or less.  [view]

Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?