This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.
Posted: Sat Feb 06, 2010 9:26 am Post subject: So if i want to get an edge?
Hello everyone, i am currently studying Computer forensic science at university, while i am only in my first year i am very keen to expand my knowlege within my subject.
We have been given a test case to follow and while i am sure i have enough evidence, a good enough report and a decent log file theres a problem........its not enough for me because quite frankly it isn't to the standard i want it to be at (near to perfection).
So my question's to the experts out there is as follows:
1) When using Encase what is the more common best practices to follow, i.e. are there procedures, searches etc that you generally carry out by means of habit?
2) When creating a log for actions taken upon an image what should i include?
3) While we have been given Encase and while i very much enjoy using the tool i feel there are most likely other tools out there that will enhance the investigative process in order to provide a more accuracte and detailed end report; can any of you reccomend some tools or techniques (books to) that may help me with this.
4) besides this site are there any other sites i should join or be reading/keeping up to date with in order to keep tabs on the computer forensic world.
The image we have been given to investigate is the hunter case that seems to come with the demo for Encase so it is not a massive image by any means however i figure its best to pick up these skills, tools and techniques from the start so any help would be most appreciated.
Joined: Jan 01, 2007 Posts: 651 Location: Midwest, USA
Posted: Sat Feb 06, 2010 12:27 pm Post subject:
If you are only using EnCase you are using a good general purpose tool, but perhaps not the best tool for every case.
Some questions:
-How are you investigating the Registry?
-How are you examining Internet remnants?
-How are you creating reports?
When people ask about books I always recommend Brian Carrier's File System book and the books by Harlan Carvey (and all the cool little tools he creates and writes about).
There are any number of sites, but I am not going to disrespect the owners of this site by recommending them here.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Search
Usergroups
Profile
Log in to check your private messages
Log in
