1. Trang chủ
  2. » Công Nghệ Thông Tin

Tài liệu Chapter 20 – Forensics ppt

23 273 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Cấu trúc

  • Security+ All-In-One Edition Chapter 20 – Forensics

  • Slide 2

  • Forensics

  • Forensics and Laws

  • Random Thought

  • Standards for Evidence

  • Types of Evidence

  • Slide 8

  • 3 rules of evidence

  • Evidence Collection

  • Slide 11

  • Slide 12

  • Tripwire screen shot

  • Slide 14

  • Evidence Protection

  • Transporting evidence

  • Storing Evidence

  • Chain of Custody

  • Conducting the investigation

  • File Deletion Terms

  • Slack Space

  • Chapter 20 – Review Questions

  • Slide 23

Nội dung

Security+ All-In-One Edition Chapter 20 Forensics Brian E. Brzezicki [...]... Hackers can hide data in the slack space to avoid detection Chapter 20 Review Questions Q What is the concept of best evidence Q When you want to do forensics on a computer, you should make a copy of the hard drive What type of copy should you make? Q What is the MINIMUM number of copies you should make of the original hard drive Chapter 20 Review Questions Q Put these step of analysis in the correct... evidence should be maintained • There should be a witness to verify evidence collection Evidence Protection • You must protect the evidence physically from damage and tampering Protect from heat/cold Vibration Magnetic fields If a device can receive electronic signals Shield the device Transporting evidence • Log all times someone removes evidence • Be careful when transporting Storing Evidence... Terms When a user deletes a file, it’s not actually removed (unless using a highly secure OS) Some important terms relating to this are • Free space the space a file takes up that is still available after deletion (before something else uses it) • Slack space When file space is allocated, it is done in fixed sized blocks A file will not actually use all this space The unused area of a file even when... the tools on the computer in question, you should use a clean forensics station” to analyze the hard drives (why?) • You should always record the checksums of all the files on the computer before analysis (do example) See related next slide (tripwire) (more) Tripwire screen shot Evidence Collection • Evidence should be marked when collected Investigator, case number, date, time, location, description... Provide controls against tampering while in storage Conducting the investigation • • • • • • • • Have a formal procedure before hand! Have a professional do the analysis Take pictures before hand Use a forensics station or a live CD for analysis (what is a live CD?) Image the hard drives multiple times with a bit level method, work only on a copy Label hard drive and store in anti-static bag Before doing . Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki

Ngày đăng: 17/02/2014, 08:20

Xem thêm

TỪ KHÓA LIÊN QUAN

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN

w