In this
series of the blog, I’m going to put Windows Forensics with Sherlock Holmes. In
this series, Sherlock Holmes is going to teach you how to solve the cases in
the Digital world.
John
Watson: Hey,
Sherlock how you are going to start your first digital case?
Sherlock
Holmes: Let me
explain you the style of investigation that I follow to solve a digital case
Main Part
of Forensic investigation is Collection of Scientific evidence
·
Rule 1:
Maintain Integrity.
·
Rule 2:
Maintain the chain of custody.
·
Rule 3: Document
everything
·
Rule 4: Follow
standard practices.
Phases of
Investigation
·
Evidence
Preservation.
·
Evidence Searching.
·
Event
reconstruction.
Watson: Where you are going to do
all this, do we have proper setup?
Sherlock: Don’t worry Pal, it just requires
a simple setup
Response
kit
·
CD-ROM
and USB.
·
Hardware:
Write Blocker.
·
Linux
Distro and Windows 7.
Watson: What is the procedure to
Start a investigation ?
Sherlock:
Starting
an Investigation
·
Open a
Case file.
·
Talk to
user
·
Why did
they call you?
·
Why do
they think there is a problem?
·
What is
known about the potential victim system.
·
Document
everything.
Constable
Clark: Hey
Sherlock !! We had a case for you Sir …..
To be continued !!!
The
outcome of this blog is to understand the basic concepts of Digital Forensics.
The next blog will be on live analysis of the system.
Comments
Post a Comment