CHFI v3 Module 04 First Responder Procedures.pdf
(
2317 KB
)
Pobierz
Computer Hacking
Forensic Investigator
Module XXVII
First Responder Procedures
Scenario
In a hot summer afternoon, Bob switched on his computer to see his company’s
web page and t k
b
d to know h
how th b i
the business i going on. T hi surprise, h f
is i
To his
i he found
d
that the web page is defaced. So, he immediately made a call to his friend,
George and explained him about the problem.
George connected the system to the web server i
G
d h
h
b
i.e., Windows 2000 server,
i d
booted it into the Windows and checked the files that are corrupted. After
checking, he shut down the server and unplugged the hard disk, kept the
evidence in a briefcase, which is then kept in a luggage cabin at rear side of a car.
briefcase
car
He plugged the hard disk into his computer and used Antivirus software for
checking the hard disk. He identified some virus in the hard disk.
EC-Council
Copyright © by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Objective
This module will familiarize you with the following:
Understanding Electronic Evidence
Forensic Process
Electronic Devices: Types and Collecting Potential
l
d ll
l
Evidence
Evidence Collecting Tools and Equipment
g
q p
First Responder Procedures
First Response for System Administrators
First Response by Non-laboratory Staff
First Response by Laboratory Forensic Staff
Findings of Forensic Examination by Crime Category
EC-Council
Copyright © by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow
Understanding
Electronic Evidence
First Responder Procedures
The Forensic process
p
First Response for System
Administrators
Ad i i t t
Electronic devices: Types and
Collecting potential evidence
First Response by Non-Laboratory
p
y
y
Staff
Evidence collecting tools and
g
equipment
First Response by Laboratory
p
y
y
Forensic Staff
Forensic examination by
crime category
EC-Council
Copyright © by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Electronic Evidence
“Electronic evidence is
information and data of
investigative value that is stored
on or transmitted by an electronic
device”
Properties of Electronic evidence:
• It is hidden, such as fingerprint evidence
or DNA evidence
• It can be broken, altered, damaged or
g
destroyed by improper handling
• It can expire within a pre-set time
EC-Council
Copyright © by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Plik z chomika:
qfx
Inne pliki z tego folderu:
CHFI v3 Module 02 Law and Computer Forensics.pdf
(2867 KB)
CHFI v3 Module 03 Computer Investigation Process.pdf
(3529 KB)
CHFI v3 Module 04 First Responder Procedures.pdf
(2317 KB)
CHFI v3 Module 05 CSIRT.pdf
(2815 KB)
CHFI v3 Module 01 Computer Forensics in Todays World.pdf
(1418 KB)
Inne foldery tego chomika:
Advanced Cisco Study Using GNS3 Videos
Advanced Juniper Networks Routing in the Enterprise Detailed Lab Guide
Billing with Stripe (kefirm)
Blackhat & Defcon 2009 Conf CDs Present Jul 2009
Bootsrap - Tutsplus - Bootstrap 3.0 Essentials
Zgłoś jeśli
naruszono regulamin