Session:Computer Forensics introduction + Q&A
From 34C3_Wiki
Description | An introduction to computer forensics, how to use some tools and how to avoid being detected by some of them ;) |
---|---|
Website(s) | |
Type | Workshop |
Kids session | No |
Keyword(s) | hardware, software, network, security |
Tags | forensics |
Person organizing | User:Hunter2 |
Language | en - English |
Other sessions... |
Starts at | 2017/12/29 23:59 |
---|---|
Ends at | 2017/12/30 01:59 |
Duration | 120 minutes |
Location | Room:Lecture room 12 |
Basic computer knowledge required.
Difficulty will be adapted to the audience.
Please RSVP via Twitter: @34c3_hunter2 or mail: 7u1mepnhzj28bbn@jetable.org
Contents
Foresics
- chain of custody
- create a forensic image
- copies + original evidence
- lists of keywords and search terms
- analyze forensic images
- report
create a forensic image
Device powered off
--> forensics copy of DISKS
Device powered on
--> First: acquire RAM!
Disk encryption --> Live acquisition
No disk encryption --> Offline acquisition
Tools
Hardware: forensic dupicator
Hardware: write blokers
Alternative: FIREBrick