hi and welcome to everyday digital forensics. I'm your hostess and he said, And in today's module of digital discovery, we're gonna go over digital evidence.
So what is digital evidence?
Did you Evidence includes information on computers, audio files, video recordings and video images.
This is evidence that's essential and computer and Internet crimes, but is also valuable for facial recognitions, crime scene photos and surveillance tapes.
So did your evidence. Could be anything in between Audio evidence, image evidence, computer, Internet crimes, image analysis, videos.
So did your evidence is anything that's actually digital. You have your files, you have a Web browser, history, social media, anything that is actually digital in this world.
So what is a common format for a digital image?
We have raw image your dot I am G your dot de de
your advance forensics format FF your VM ware image so you can actually perform analysis on your VM ware or your virtual box images. Encase E W, which is the extension of dot easier one.
So in today's video, you're gonna have a clear understanding of digital evidence within Windows Event logs,
Windows Registry and and our Web browser data fights
So in the event that you're performing analysis on a Windows operating machine, it's best to know that Windows holds event. Mocks
about logs are detailed records over system security application notifications that are stored within When does the West. So from anything off a user signing into the machine to any protocols is that was executed to any programs that was ran?
Any files that was downloaded? Things of that nature is stored within our one of the vet mocks. Based on the operating system, you can see that
your event logs are actually stored in different locations. Windows also offers a good for you to search and review your vet logs.
Some of logs contains date and time of the event occurred.
Your user, your computer, your events, I d. Your source and you're different type.
Your type can arrange from information. Ah, warning an error. A security audit for security failure.
Next, we have Windows Registry. So the registry is a database of stored configurations about the users, the hardware and the software on a Windows system. So this there any configuration settings from the way your screen suspected from the connection to a printer. The connection to your network. Any of the configurations for a cell for
are stored within the registry.
So even though that the registry was assigned to configure the system, it tracks a number of information about the users activities from devices it connects to, such as yours, your species,
anything you pretty much connected device is stored within the registry from software that's used, including when it was used. There's so much more information that the registry consumes stores and can do information or registry with some forensic value. Includes users in the times that they last use the system.
Some of the most recent software that they used
devices that were mountain element system
when the system connected to a specific wireless access point.
So let's say in the event that you log into a Starbucks, you log into McDonald's,
and for some reason, or some way or another, you were able to mask that you connected there on your Windows registry. It still holds that information, so if in examiners ableto pull that from your machine and
and see that connectivity of date time at the McDonald's or at the Starbucks, they can connect those two independent sources and identify their hypothesis that you were at that McDonald's or Starbucks doing that malicious activity.
You also have what and when files were access and any of searches that were done on the system.
Ah, Windows Registry has five separate hives, so these air your roof folders in your windows registry. You have your users, which just contains the information on user profiles. Your current user, which is the current user that's logged in. So Number two is just a nested of number one.
Although it's one of the main boot folders you can find the same information on to in
the registry high of one,
you have classes route would configuration information applications used to open files. So this is some of the configurations that you may have for PF bios your Microsoft Office files. If you've ever opened up chrome
and then intern explore or Internet Edge,
you'll get that pop up, and it says your chrome browser is not your default. Would you like to make it your default?
This is the registry high that it's checking this setting in. This is the root of that configuration to let the system know that this is not your default Web browser.
We also have current configurations, which is your hardware profile, the system at point of start up
and then your local machine. This is configuration information, including hardware and software sightings.
So one of the most commonly used applications indigent forensics is your Web browser.
Your Web browser holds so much data files from your cookies. You're different sessions, your bookmarks. Your Web browser History can tell so much of a user's activity. This is where a lot
off users activities actually performs. Use a Web browser to perform searches you school all the time, and that is off your Web browser.
Use your Web browser to sign into email.
You use your Web brother for Bach, posting social media news, shopping, weather conditions, gaming videos, music, banking, research anything and everything is typically done through a Web browser. This is your connection to the outside world, so ah, Web browsers. Data files is one of the most commonly used
and one of the most detailed informations about a user
during an investigation process. If you're ever performing investigation, what browser data is one of the areas that you do want to focus your attention on.
So in today's video, we talked about the types of digital forensics image.
We went over Windows event locks, talked about Windows registry at its five hives
and then went into what browser data files and the importance of it within an investigation.
So I hope you enjoyed today's video, and I'll catch the next one.