原创力文档Forensic Investigation.ppt
Forensic Investigation Ben Hung Agenda Computer Evidence Collection using Forensic Tools People Evidence Collection through Forensic Interview Case Study Computer Evidence Collection 3 Phases Approach Phase 1: Preparation Phase 2: Data Collection Phase 3: Data Analysis Preparation Phase Data Collection Phase Tools Coroner’s Toolkit Grave robber Mactime Unrm Lazarus Mac robber (similar to grave-robber with –m option) Md5, lsof chkrootkit Data Collection Phase Run “grave-robber –v $mntpoint” on clone disk to collect initial data Will run set of tools under $TCT/lib. Run MacRobber or “grave-r
您可能关注的文档
- ERGONOMICS FOR THE 21ST CENTURY.ppt
- ERP配销期末报告.ppt
- eshopcn网上商城可重构平台开发.ppt
- Etna 2003.ppt
- EURONanochem; Chemical Control at the Nanoscale.ppt
- Evaluating Testing Methods by Delivered Reliability.ppt
- Evaluation, Assurance, Classified Systems.ppt
- Evalueserve Intellectual Property Overview.ppt
- Evidence-Based MedicineIntroduction.ppt
- EVIDENCE-BASED PRACTICES.ppt
- Forklift Safety.ppt
- Fourier theory made easy ().ppt
- France – United States Trade Relations.ppt
- Franck-Hertz Experimentlasers.ppt
- From where do we get the news.ppt
- Frustrated Lewis Pairs.ppt
- FSDefaultUser.ppt
- Fundamentals of ElectrochemistryCHEM7234CHEM 720.ppt
- Fundamentals of Finance.ppt
- Fundamentals of Plasma Simulation (I).ppt
文档评论(0)