Notes on Computer Forensics

这是 上 RIT 推出的网络安全系列课程中 CYBER502x Computer Forensics 的课程笔记。

Unit 1: Computer Forensics Fundamentals

Working with Evidence:

  • Acquire the evidence
  • Anthenticate the evidence
  • Analyze the evidence
  • Present the evidence

Acquire volatile data

Network Interface

  • Windows:
    ipconfig /all > myWindowsNetworkSettings.txt
  • Linux
    ifconfig -a > myUnixNetworkSettings

Bit stream coppy

  • CP copy, TA, cpio, dump restore only copy file content, stopping at the end of file marker.

  • The bit stream copy will copy every bit on the drive, including deleted data. Both dd and the FTK imagers are well-known forensic imaging tools.


本例中,使用 FTK Imager 来实现对 USB 内容的镜像拷贝(bit stream copy).

显示 Gitment 评论