Session:Computer Forensics introduction + Q&A
From 34C3_Wiki
| Description | An introduction to computer forensics, how to use some tools and how to avoid being detected by some of them ;) |
|---|---|
| Website(s) | |
| Type | Workshop |
| Kids session | No |
| Keyword(s) | hardware, software, network, security |
| Tags | forensics |
| Person organizing | User:Hunter2 |
| Language | en - English |
| Other sessions... | |
| Starts at | 2017/12/29 23:59 |
|---|---|
| Ends at | 2017/12/30 01:59 |
| Duration | 120 minutes |
| Location | Room:Lecture room 12 |
Basic computer knowledge required.
Difficulty will be adapted to the audience.
Please RSVP via Twitter: @34c3_hunter2 or mail: 7u1mepnhzj28bbn@jetable.org
Contents
Foresics
- chain of custody
- create a forensic image
- copies + original evidence
- lists of keywords and search terms
- analyze forensic images
- report
create a forensic image
Device powered off
--> forensics copy of DISKS
Device powered on
--> First: acquire RAM!
Disk encryption --> Live acquisition
No disk encryption --> Offline acquisition
Tools
Hardware: forensic dupicator
Hardware: write blokers
Alternative: FIREBrick
