Learn Computer Forensics on Your Own

Expertise in examining computers and networks for evidence can not only lead to a well-paying career, it can be an exciting field to work in. Many people who work in computer forensics have received training through their employer as a law-enforcement professional or corporate sponsored training. This does not mean that someone can’t learn these skills on their own. Thanks to online training, hands-on practice, and dozens of books on the subject, anyone with an interest in computer forensics can learn the skill set needed for this job.

  1. Learn the basics. Before getting started in computer forensics, you need to have a foundation in what it entails.
  2. Download forensic software and see how it works. There are many different tools available that don’t cost anything; some of these can be found at Open Source Forensics. These solutions provide a perfect opportunity for someone to learn how to use different forensic software.
  3. Create virtual machines to use as target computers when learning the software. Virtual machine software, like VirtualBox allows you to create a virtual computing environment that you can use for testing.
  4. Locate online forensics training. Once you have a grasp of computer forensics, it is time to take your training to the next level. There are many tutorials that can be found online that will help you better learn the different forensic software. Additionally, you can look into training packages that for a price will teach specific skills and software.
  5. Read books on forensics. There are many different books written on the subject that cover software packages like EnCase, methodologies used in forensic cases, and certification study manuals.

Obtaining certification in computer forensics can show potential clients and employers that you have expertise in the field.

Check with law enforcement agencies in your area to see if you can shadow them on investigations.

Understand the chain of custody when dealing with computer evidence.

Certain states require someone who is performing a computer forensic investigation to be a licensed private investigator. Make sure you understand the laws of your state before you move forward with an investigation.

Read More

First Steps in Computer Forensics: Securing Your Network

First Steps in Computer Forensics: Securing Your NetworkNo matter how secure your infrastructure is, sooner or later you will become a victim of a computer crime. Someone may point a DDoS (Distributed Denial of Service) attack at your services, may sniff your network, or may copy/delete confidential information. You may not even realize such a thing has happened. However, in an organized and secured network, you will be notified at the first signs of an attack. Now what? Your first normal reaction would be to stop the attack with whatever means possible. However, that may not be the best response. If you don’t possess the needed knowledge yourself, it might be a good idea to leave the crime scene as it is and let a computer forensics investigator deal with it. Let’s focus on the steps that the investigator would take. You may choose to take these steps alone but you will most likely not have all the necessary support tools and systems for that.

  1. Document the system – name, date, time, purpose, hardware, software, it all matters.
  2. Collect evidence – all the information about the attack should be securely taken off the target system. This is usually done through specific software that hashes all the information. This way, the information is legitimate and can be used as formal evidence for prosecution. The evidence that is usually collected includes active network connections, processes loaded into memory, and a copy of all the information on the disk with the respective creation, modification, and access values. The collector should be confident about the security of the system used for storage and analysis of the copied evidence. Only after this step, is it beneficial to unplug or shut down the affected system. If the affected system is saving logs on a remote server, copy them as well, although they are less likely to be compromised by the attack. In Linux, programs could still be running even after their files have been deleted. You can search for such programs with the command: file /proc/[0-9]*/exe|grep “(deleted)” . If you want to make a copy of this list use: /bin/dd if=/proc/filename/exe of=filename .
  3. Recreate the timeline of the attack – once all the information is copied on a secured workstation, the timeline of the attack can be recreated from the times of creation, modification, and access of all the files. This should be done before anything else, because the other steps can change the original times of the files. The timeline will show the last executed file, the last created/deleted folder, executed scripts, etc.
  4. Deeper analysis of the affected system – using the information collected in the previous steps, a deeper analysis can be performed of the system in order to find suspicious installations, creation or deletion of folders, and the like. Forensics investigators have specific tools for this step.
  5. File information restoration – the slack or unallocated space can be investigated for parts of files that, when combined, may indicate the time of deletion of files. It can be useful for the recreation of the steps of the attacker.
  6. Search – use all the information gathered so far to search for specific names, IP addresses, and file names, that can point you to the intruder.
  7. Report – no matter if the compromised system is your company’s or another’s, it is always good to document all your findings during the investigation. If it’s done right it can even be used in court.

Don’t make the mistake of not taking computer crimes seriously! In today’s digital world, computer crimes are just as serious as any other ones. Don’t hesitate to call a specialist if you’re not sure you can handle the investigation process alone. If your organization is big enough and your budget allows it, think about creating a Computer Security Incident Response Team which will be prepared for computer crimes and will have procedures and resources in place to handle them properly.

http://blog.monitis.com/index.php/2012/05/17/first-steps-in-computer-forensics/

Syndicated stories and blog feeds, all rights reserved by the author.

Read More

Computer Forensics Needed to Pin Down GMA

Computer Forensics,GMA,PSAThe Aquino administration’s drive against corruption may need computer forensics to support the allegations against the Arroyo administration, a multinational risk consultancy said.

In a report dated Dec. 22, the Pacific Strategies and Assessments (PSA) said those involved in crimes like poll sabotage and plunder are secretive and are careful about avoiding a paper trail.

“Computer forensics might hold the key to finding the needed evidence,” said PSA managing director Scott Harrison.

“With the expanding use of computers and digital media in everyday transactions, evidence of criminal activities left in computers and other digital equipment clearly enhances court evidentiary procedures,” he added.

PSA though disclosed in the report that it is one of the companies practicing information technology (IT) forensics in the country. The company also has offices in Hong Kong, Shanghai, Beijing, Bangkok, Sydney and Milwaukee.

PSA said money laundering and convoluted business structures created to hide wrongdoing “increasingly require digital investigative techniques to prove a criminal case.”

“The majority of corruption cases in the Philippines are often hampered because much of the presented evidence is hearsay accusations of one or more people against others. Consequently languishing corruption cases are often dismissed or shelved due to a lack of concrete evidence,” Harrison said.

PSA said not one member of the Arroyos or their alleged co-conspirators in poll cheating and corruption have been convicted by the courts since President Aquino assumed office in 2010.

“The lack of investigative resources in the Philippines judicial system may prove to be a bigger impediment to President Aquino’s efforts to weed out corruption than the administration’s frustration with the Supreme Court,” the report read.

PSA said IT forensic specialists can create a mirror image of data inside a computer system and recover deleted, encrypted, or damaged files.

PSA claimed the recovery and analysis of hard disk drives, mobile phones and portable digital storage devices believed to be involved in crime are “critical digital evidence” that can boost one’s legal position in court.

Read More

McCann E-Investigations Grows its Computer Forensics Imaging Abilities

McCann E-Investigations, a Texas-based computer forensics and investigative firm grows its computer forensics abilities with the capital acquisition of condition from the art computer forensics tools because of its Houston division.

McCann E-Investigations,Computer Forensics

“We have experienced a amazing increase in our computer forensics cases whatsoever our locations.” Stated Serta Weiss, Partner at McCann E-Investigations. “Computer forensics is an extremely fluid industry. As technology gets to be more sophisticated, the pc forensics expert should have the versatility and insight to have the ability to adjust to the altering technology atmosphere.

“Having probably the most leading edge computer forensics tools guarantees that people can provide the greatest quality product to the clients” Weiss mentioned.

Gary Huestis leads the pc forensics team for Houston, Austin and Dallas. “While updates in computer forensics software and hardware tools are key, important too is our EnCase certification. “Stated Gary Huestis. EnCase may be the leading computer forensic solution and it is the standard. Gary continues to be an EnCase Licensed Examiner since 2005.

About McCann EI:

http://www.einvestigations.com

About McCann EI: McCann EI’s Texas-based digital forensics team supplies a one-stop solution for the Digitally Saved Information (ESI) investigative needs. McCann EI’s computer forensics, digital forensics, mobile forensics, and electronic discovery researchers serve lawyers, private industry, and government with similar dedication and expertise which has had clients embracing McCann for more than two-and-a-half decades.

Regardless whether your ESI is held in personal, corporate, mobile, or network drives, McCann EI’s computer forensics team has experience in electronic discovery and recuperating your digital files. Our researchers possess the experience to supply expert witness computer forensic testimony in courts across Texas. McCann EI services Companies, Lawyers, and People State-wide.

Austin Computer Forensics: 512-377-6142
Houston Computer Forensics: 832-628-4904
Dallas Computer Forensics: 214-329-9059
Lubbock Computer Forensics: 806-589-0320
Lufkin Computer Forensics: 936-585-4070
Brownsville Computer Forensics: 956-465-0849

Give us a call toll-free at 800-713-7670

Read More

Computer Forensics Salary

Computer Forensics Salary,Computer Forensics Laptop forensics wage graph has seen an incline, as cyber crime went up and also the preference for information storage went in the traditional paper books to computer unfold sheets. Computer forensic experts are fast rising, because the modern detectives of crime has moved base from real life towards the virtual world. The September 11 attack around the world commerce middle in New You are able to has additionally place the primary focus back on terrorism and cyber terrorists. Id theft, charge card fraud, and pedophiles browsing the web for prey exist several the crooks some type of computer forensic knowledgeable helps law enforcement to trap. Laptop computer forensic expert finds employment with regulation enforcement, detective companies, company companies, and private players who are inclined to laptop crimes. Laptop computer forensics job outlook for that approaching years is thought to become lucrative, as data goes digital and our dependence on the internet and computer develops.

Laptop Forensics Job Description
The pc forensic analyst uses refined software and hardware program instruments to analyze cyber crime, laptop hacking and also to decrypt understanding which could help in advancing a situation. The analyst utilizes various methods to obtain data on suspects like IP tackle tracing and packet sniffing at. In IP handle tracing a trace is completed to look for out information online company after which get information on the suspect. This technique is broadly accustomed to trace lower pedophiles who use computer systems to lure kids. Nowadays, the conventional ransom notice or risk notes happen to be changed by e-mails. The analyst tracks email ripoffs using the e-mail header which benefits source Ip, server data and data around the time and date of email generation. Laptop computer forensic analyst likewise helps decrypt data that’s on storage machine just like a Compact disc, DVD, hard disk or USB. Digital media is fast proving itself to be the brand new way of bandwith and devices like desktop computer systems, laptop systems, Private Digital Assistants (Smartphones), and cell phones really are a couple of from the tools that the analyst needs to undergo to find the information they need. The strategy of packet sniffing at can be used to collect useful info from systems, like electronic mail ids, passwords and private information. To get the job done, pc experts use instruments like hex editors the industry software program that allows these to control the binary data and be sure community security. Different tools they use are decryptors, disk analyzers, packet sniffers, and DNS tools. The experts make use of all the various tools available along with technical understand how, to sniff out digital clues. Pc experts need to trace lower cyber-terrorist, who trigger a menace inside the lives of remarkable people, corporates and pose a menace to network security.

Laptop Forensics Wage Vary
The area of pc forensics is comparatively new and people focusing on this filed didn’t have particular qualification apart from intensive understanding about personal computers and Internet crimes. Nowadays, you will find forensic science schools who offer diploma and certificates programs in computer forensics and understanding techniques security. Some schools even provide on-line diploma packages which may be quite useful in acquiring an excellent laptop forensics salary. The most popular wage for laptop forensic jobs is between USD 47,000 to USD 80,000. Police force and legal companies are proving itself to be top companies of laptop forensic experts and also the salaries provided are furthermore at componen with a few non-public organizations who supply jobs to individuals with fundamental cyber forensics and methods understand how. Legislation enforcement average salaries are between USD 50,000 to USD 75,000 and legal services pay round USD fifty four,000 to USD 70 five,000. Wage ranges for jobs in urban centers new You are able to and La happen to be considered to be as excessive as USD 90,000 to USD a hundred,000. Detective companies will also be good companies because they appear to provide everywhere between USD forty-five,000 to USD 80,000 with respect to the expertise and qualifications from the computer forensic analyst.

Computer forensics salary largely will rely on the business as well as your physical location. And like other IT jobs this subject promises a lucrative future, too.

Read More

Computer Forensics: Hard Disk and Operating Systems

Computer Forensics Computer Forensics: Hard Disk and Operating Systems (Ec-Council Press Series : Computer Forensics) by EC-Council

The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks. Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating potential legal evidence. In full, this and the other four books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker’s path through a client system. The series and accompanying labs help prepare the security student or professional to profile an intruder’s footprint and gather all necessary information and evidence to support prosecution in a court of law. Hard Disks, File and Operating Systems provides a basic understanding of file systems, hard disks and digital media devices. Boot processes, Windows and Linux Forensics and application of password crackers are all discussed.

Read More

Computer Forensics For Dummies

Computer Forensics For Dummies Uncover a digital trail of e-evidence by using the helpful, easy-to-understand information in Computer Forensics For Dummies! Professional and armchair investigators alike can learn the basics of computer forensics, from digging out electronic evidence to solving the case. You won’t need a computer science degree to master e-discovery. Find and filter data in mobile devices, e-mail, and other Web-based technologies.

You’ll learn all about e-mail and Web-based forensics, mobile forensics, passwords and encryption, and other e-evidence found through VoIP, voicemail, legacy mainframes, and databases. You’ll discover how to use the latest forensic software, tools, and equipment to find the answers that you’re looking for in record time. When you understand how data is stored, encrypted, and recovered, you’ll be able to protect your personal privacy as well. By the time you finish reading this book, you’ll know how to:

  • Prepare for and conduct computer forensics investigations
  • Find and filter data
  • Protect personal privacy
  • Transfer evidence without contaminating it
  • Anticipate legal loopholes and opponents’ methods
  • Handle passwords and encrypted data
  • Work with the courts and win the case

Plus, Computer Forensics for Dummies includes lists of things that everyone interested in computer forensics should know, do, and build. Discover how to get qualified for a career in computer forensics, what to do to be a great investigator and expert witness, and how to build a forensics lab or toolkit.

Read More

File System Forensic Analysis

file system forensic analysis This is an advanced cookbook and reference guide for digital forensic practitioners. File System Forensic Analysis focuses on the file system and disk. The file system of a computer is where most files are stored and where most evidence is found; it also the most technically challenging part of forensic analysis. This book offers an overview and detailed knowledge of the file system and disc layout. The overview will allow an investigator to more easily find evidence, recover deleted data, and validate his tools. The cookbook section will show how to use the many open source tools for analysis, many of which Brian Carrier has developed himself.

Coverage includes:

  • Preserving the digital crime scene and duplicating hard disks for “dead analysis”
  • Identifying hidden data on a disk’s Host Protected Area (HPA)
  • Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more
  • Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques
  • Analyzing the contents of multiple disk volumes, such as RAID and disk spanning
  • Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques
  • Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more
  • Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools

When it comes to file system analysis, no other book offers this much detail or expertise. Whether you’re a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.

Read More

The Purpose Of Computer Forensics

Computer Forensics Computer forensics is the branch of forensic science that examines evidence stored digitally on a hard drive or other data storage medium.

History

Computer forensics can be traced back to the beginning of the 1990s when computers began to be integrated into our daily existence. DIBS USA was one of the first computer forensics companies to emerge.

Function

Computer forensics is about the preservation and extraction of data. Data is often found in server logs or on suspects’ hard drives. Since every move on a computer leaves a footprint, forensic experts have to find out how to tie that footprint to a case.

Misconceptions

Computer forensics doesn’t involve a lot of high-level hacking or computer security knowledge since most of the data that investigators would be looking for is in logs. The hardest part is going through each of those logs that can contain thousands of entries per second.

Types

There are various types of computer forensics that look to fulfill different purposes. Network analysis shows data traffic while another branch could involve retrieving data off a scorched laptop hard drive.

Effects

Computer forensic technology has led a lot of criminals to use encryption technology. Since military-grade encryption is legal for use in the United States, many people encrypt their files with algorithms that are impossible for forensic experts to crack.

Read More

Incident Response and Computer Forensics (Second Edition)

Incident Response and Computer Forensics (Second Edition) Incident Response and Computer Forensics, Second Edition by Chris Prosise, Kevin Mandia, Matt Pepe.

  • Paperback: 507 pages
  • Publisher: McGraw-Hill/Osborne; 2 edition (July 17, 2003)
  • Language: English
  • ISBN-10: 007222696X
  • ISBN-13: 978-0072226966
  • Product Dimensions: 9.1 x 7.3 x 1.2 inches
  • Shipping Weight: 2 pounds
  • Popular: 4.5 out of 5 stars

Description:

A strong system of defenses will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Incident Response aims to teach you how to determine when an attack has occurred or is underway–they’re often hard to spot–and show you what to do about it. Authors Kevin Mandia and Chris Prosise favor a tools- and procedures-centric approach to the subject, thereby distinguishing this book from others that catalog particular attacks and methods for dealing with each one. The approach is more generic, and therefore better suited to dealing with newly emerging attack techniques.

Anti-attack procedures are presented with the goal of identifying, apprehending, and successfully prosecuting attackers. The advice on carefully preserving volatile information, such as the list of processes active at the time of an attack, is easy to follow. The book is quick to endorse tools, the functionalities of which are described so as to inspire creative applications. Information on bad-guy behavior is top quality as well, giving readers knowledge of how to interpret logs and other observed phenomena. Mandia and Prosise don’t–and can’t–offer a foolproof guide to catching crackers in the act, but they do offer a great “best practices” guide to active surveillance. –David Wall

Topics covered: Monitoring computer systems for evidence of malicious activity, and reacting to such activity when it’s detected. With coverage of Windows and Unix systems as well as non-platform-specific resources like Web services and routers, the book covers the fundamentals of incident response, processes for gathering evidence of an attack, and tools for making forensic work easier. –This text refers to an alternate Paperback edition.

Price:

List Price: $52.99 Price: $33.38 You Save: $19.61

Read More