< All Computer Hacking and Forensics Notes

YoussefM | Computer and Hacking Forensics | Module 2 - Investigative Process

By: YoussefM | Related Course: Computer Hacking and Forensics | Published: October 19, 2017 | Modified: October 19, 2017
Join Cybrary

NotepadInvestigative Process

Investigative Process
For Module 2, the Investigative Process, we take a close look at the current laws that are in place that dictate what computer forensics professionals investigates and help us abide by as companies, employees & individuals, to accomplish as IT professionals and to determine as security/forensic professionals.
The course nicely articulates the lifecycle involved at the investigative stage that fall within the forensic lifecycle. For example, every stage in the process from the Preparation Process that initiates the investigative actions to reporting where we end up in court and how “change of custody” comes into play.
We round out this section of the module with a detailed discussion on information dissemination both within and external to the company and what happens in both instances in terms of information control.


NotepadInvestigative Process md5calc Lab

Investigative Process md5calc Lab
In this second section of the Investigative Process section, we navigate to the web, find and demonstrate the various ways in which you can download the md5calc utility and then it demonstrate its use, purpose, benefits.
md5calc is a very easy basic file to do for Hashing files. You’ll observe how to launch the utility, Hash a file and what you learn from that process.
Transcript


NotepadInvestigative Process md5sum Lab

Investigative Process md5sum Lab
For the md5Sum Lab, we observe where to navigate and download, the md5Sum utility. md5Sum is an integrity algorithm utility from eTree, you can download it from the etree.org site which is the most trustworthy resource for the instructor.
You’ll observe a run of the utility and a sample integrity check of a basic text file searching thru Google, then again with a modification to the file name, then again with the file itself is changed back. This tool determines the state of integrity of a given file, whereas that state is defined at changed, modified, or altered.


NotepadInvestigative Process PC Inspector File Recovery Lab

Investigative Process PC Inspector File Recovery Lab
This lab demonstrates the PC Inspector File Recovery utility. You’ll learn how and where to find the utility and then configure it for use.
The PC Inspector File Recovery is a very easy and thorough utility to inspect logical drives in order to inspect all the drives that have previously lived on that drive in the past. This is an excellent tool for determining what system, data and even temp files have been on the targeted drive in question, that have appeared to have been deleted or are otherwise no longer available to be viewed/access and you can do so virtually right away.


NotepadInvestigative Process RecoverMyFiles Lab

nvestigative Process RecoverMyFiles Lab
This lab demonstrates, GetData’s data recovery tool RecoverMyFiles, a utility developed by Advanced Data. This tool is excellent for attempting to recover data from an entire hard disc drive or if you need to recover files from a specific file directory.
This demonstration of the RecoverMyFiles tool shows you several options for configuring the tool, as well as to use to determine the output based upon the type of search and recovery investigation you need to conduct.
You’ll even see how the tool provides added information on specific types of file, such as XML vs. a regular text file which may not have hidden information to reveal. RecoverMyFiles is an excellent introduction and starter tool to use when learning how to conduct a data file recovery investigation.


NotepadInvestigative Process Total Recall Data Recovery Software Lab

Investigative Process Total Recall Data Recovery Software Lab
As with the previous labs, the lab demonstrates the Total Recall Data Recovery Software utility which is a freeware tool. You can search and find this utility on the web and then configure it for use.
The Total Recall Data Recovery Software is a file-focused recovery utility that looks at the entire drive and provides all types of basic information on the drive, including partition and other partition information, file sizes, does file to-folder matching, system type.
Then you select the desired partitions and it runs an analysis building a virtual file list. The demonstration stresses the importance of watching this and other new programs you run for the first time to comprehend how it works, and then you see the intricacies and highlights of how the analysis is conducted and how you can use old hard drives to learn more intimately how the tool works. This is an excellent Forensics 101 beginner’s cours


< All Computer Hacking and Forensics Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel