Call
whatsapp
HOME

TRINITY TECHNOLOGIES
Gandhariamman Kovil Road
Pulimood,Trivandrum-1
0471-2335855
9447387064, 9847003556
http://www.trinitytechnology.in

COMPUTER HACKING FORENSIC INVESTIGATOR

Computer Forensics in Today's World

  • Forensics Science
  • Computer Forensics
    • Security Incident Report
    • Aspects of Organizational Security
    • Evulution of Computer Forensics
    • Objective of Computer Forensics
    • Need for Compute Forensics
  • Forensics Readiness
    • Benefits of Forensics Readiness
    • Goals of Forensics Readiness
    • Forensics Readiness Planning
  • Cyber Crime
    • Computer Facilitated Crimes
    • Modes of Attacks
    • Examples of Cyber Crime
    • Types of Computer Crimes
    • Cyber Criminals
    • Organized Cyber Crime: Organizational Chart
    • How Serious are Different Types of Incidents?
    • Disruptive Incidents to the Business
    • Cost Expenditure Responding to the Security Incident
  • Cyber Crime Investigation
    • Key Steps in Forensics Investigation
    • Rules of Forensics Investigation
    • Need for Forensics Investigator
    • Rule of Forensics Investigator
    • Accessing Computer Forensics Resources
    • Rule of Digital Evidence
  • Corporate Investigations
    • Understanding Corporate Investigations
    • Approach to Forensics Investigation: A Case Study
    • Instructions for the Forensic Investigator to Approach the Crime Scene
    • Why and When Do You Use Computer Forensics?
    • Enterprise Theory of Investigation (ETI)
    • Legal Issues
    • Reporting the Results
  • Reporting a Cyber Crime
    • Why you Should Report Cybercrime?
    • Reporting Computer-Related Crimes
    • Person Assigned to Report the Crime
    • When and How to Report an Incident?
    • Who to Contact at the Law Enforcement?
    • Federal Local Agents Contact
    • More Contacts
    • CIO Cyberthreat Report Form

Computer Forensics Investigation Process

  • Investigating Computer Crime
    • Before the Investigation
    • Build a Forensics Workstation
    • Building the Investigation Team
    • People Invulved in Computer Forensics
    • Review Pulicies and Laws
    • Forensics Laws
    • Notify Decision Makers and Acquire Authorization
    • Risk Assessment
    • Build a Computer Investigation Toulkit
  • Steps to Prepare for a Computer Forensics Investigation
  • Computer Forensics Investigation Methodulogy
    • Obtain Search Warrant
      • Example of Search Warrant
      • Searches Without a Warrant
    • Evaluate and Secure the Scene
      • Forensics Photography
      • Gather the Preliminary Information at the Scene
      • First Responder
    • Cullect the Evidence
      • Cullect Physical Evidence
        • Evidence Cullection Form
      • Cullect Electronic Evidence
      • Guidelines for Acquiring Evidence
    • Secure the Evidence
      • Evidence Management
      • Chain of Custody
        • Chain of Custody Form
    • Acquire the Data
      • Duplicate the Data (Imaging)
      • Verify Image Integrity
        • MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
      • Recover Lost or Deleted Data
        • Data Recovery Software
    • Analyze the Data
      • Data Analysis
      • Data Analysis Touls
    • Assess Evidence and Case
      • Evidence Assessment
      • Case Assessment
      • Processing Location Assessment
      • Best Practices to Assess the Evidence
    • Prepare the Final Report
      • Documentation in Each Phase
      • Gather and Organize Information
      • Writing the Investigation Report
      • Sample Report
    • Testifying as an Expert Witness
      • Expert Witness
      • Testifying in the Court Room
      • Closing the Case
      • Maintaining Professional Conduct
      • Investigating a Company Pulicy Viulation
      • Computer Forensics Service Providers

Searching and Seizing Computers

  • Searching and Seizing Computers without a Warrant
    • Searching and Seizing Computers without a Warrant
    • § A: Fourth Amendment’s “Reasonable Expectation of Privacy” in Cases Invulving Computers: General Principles
    • § A.1: Reasonable Expectation of Privacy in Computers as Storage Devices
    • § A.3: Reasonable Expectation of Privacy and Third-Party Possession
    • § A.4: Private Searches
    • § A.5 Use of Technulogy to Obtain Information
    • § B: Exceptions to the Warrant Requirement in Cases Invulving Computers
    • § B.1: Consent
    • § B.1.a: Scope of Consent
    • § B.1.b: Third-Party Consent
    • § B.1.c: Implied Consent
    • § B.2: Exigent Circumstances
    • § B.3: Plain View
    • § B.4: Search Incident to a Lawful Arrest
    • § B.5: Inventory Searches
    • § B.6: Border Searches
    • § B.7: International Issues
    • § C: Special Case: Workplace Searches
    • § C.1: Private Sector Workplace Searches
    • § C.2: Public-Sector Workplace Searches
  • Searching and Seizing Computers with a Warrant
    • Searching and Seizing Computers with a Warrant
    • A: Successful Search with a Warrant
    • A.1: Basic Strategies for Executing Computer Searches
    • § A.1.a: When Hardware is itself Contraband, Evidence, or an Instrumentality or Fruit of Crime
    • § A.1.b: When Hardware is Merely a Storage Device for Evidence of Crime
    • § A.2: The Privacy Protection Act
    • § A.2.a: The Terms of the Privacy Protection Act
    • § A.2.b: Application of the PPA to Computer Searches and Seizures
    • § A.3: Civil Liability Under the Electronic Communications Privacy Act (ECPA)
    • § A.4: Considering the Need for Multiple Warrants in Network Searches
    • § A.5: No-Knock Warrants
    • § A.6: Sneak-and-Peek Warrants
    • § A.7: Privileged Documents
    • § B: Drafting the Warrant and Affidavit
    • § B.1: Accurately and Particularly Describe the Property to be Seized in the Warrant and/or Attachments to the Warrant
    • § B.1.a: Defending Computer Search Warrants Against Challenges Based on the Description of the “Things to Be Seized”
    • § B.2: Establish Probable Cause in the Affidavit
    • § B.3: In the Affidavit Supporting the Warrant, include an Explanation of the Search Strategy as Well as the Practical & Legal Considerations that Will Govern the Execution of the Search
    • § C: Post-Seizure Issues
    • § C.1: Searching Computers Already in Law Enforcement Custody
    • § C.2: The Permissible Time Period for Examining Seized Computers
    • § C.3: Rule 41(e) Motions for Return of Property
  • The Electronic Communications Privacy Act
    • The Electronic Communications Privacy Act
    • § A. Providers of Electronic Communication Service vs. Remote Computing Service
    • § B. Classifying Types of Information Held by Service Providers
    • § C. Compelled Disclosure Under ECPA
    • § D. Vuluntary Disclosure
    • § E. Working with Network Providers
  • Electronic Surveillance in Communications Networks
    • Electronic Surveillance in Communications Networks
    • A. Content vs. Addressing Information
    • B. The Pen/Trap Statute, 18 U.S.C. §§ 3121-3127
    • C. The Wiretap Statute (“Title III”), 18 U.S.C. §§ 2510-2522
    • § C.1: Exceptions to Title III
    • § D. Remedies For Viulations of Title III and the Pen/Trap Statute
  • Evidence
    • Evidence
    • § A. Authentication
    • § B. Hearsay
    • § C. Other Issues

Digital Evidence

  • Digital Data
    • Definition of Digital Evidence
    • Increasing Awareness of Digital Evidence
    • Challenging Aspects of Digital Evidence
    • The Rule of Digital Evidence
    • Characteristics of Digital Evidence
    • Fragility of Digital Evidence
    • Anti-Digital Forensics (ADF)
  • Types of Digital Data
    • Types of Digital Data
  • Rules of Evidence
    • Rules of Evidence
    • Best Evidence Rule
    • Federal Rules of Evidence
    • International Organization on Computer Evidence (IOCE)
    • IOCE International Principles for Digital Evidence
    • Scientific Working Group on Digital Evidence (SWGDE)
    • SWGDE Standards for the Exchange of Digital Evidence
  • Electronic Devices: Types and Cullecting Potential Evidence
    • Electronic Devices: Types and Cullecting Potential Evidence
  • Digital Evidence Examination Process
    • Evidence Assessment
      • Evidence Assessment
      • Prepare for Evidence Acquisition
    • Evidence Acquisition
      • Preparation for Searches
      • Seizing the Evidence
      • Imaging
      • Bit-Stream Copies
      • Write Protection
      • Evidence Acquisition
      • Evidence Acquisition from Crime Location
      • Acquiring Evidence from Storage Devices
      • Cullecting Evidence
      • Cullecting Evidence from RAM
      • Cullecting Evidence from a Standalone Network Computer
      • Chain of Custody
      • Chain of Evidence Form
    • Evidence Preservation
      • Preserving Digital Evidence: Checklist
      • Preserving??Removable Media
      • Handling Digital Evidence
      • Store and Archive
      • Digital Evidence Findings
    • Evidence Examination and Analysis
      • Evidence Examination
      • Physical Extraction
      • Logical Extraction
      • Analyze Host Data
      • Analyze Storage Media
      • Analyze Network Data
      • Analysis of Extracted Data
      • Timeframe Analysis
      • Data Hiding Analysis
      • Application and File Analysis
      • Ownership and Possession
    • Evidence Documentation and Reporting
      • Documenting the Evidence
      • Evidence Examiner Report
      • Final Report of Findings
      • Computer Evidence Worksheet
      • Hard Drive Evidence Worksheet
      • Removable Media Worksheet
  • Electronic Crime and Digital Evidence Consideration by Crime Category
    • Electronic Crime and Digital Evidence Consideration by Crime Category

First Responder Procedures

  • Electronic Evidence
  • First Responder
  • Rules of First Responder
  • Electronic Devices: Types and Cullecting Potential Evidence
  • First Responder Toulkit
    • First Responder Toulkit
    • Creating a First Responder Toulkit
    • Evidence Cullecting Touls and Equipment
  • First Response Basics
    • First Response Rule
    • Incident Response: Different Situations
    • First Response for System Administrators
    • First Response by Non-Laboratory Staff
    • First Response by Laboratory Forensics Staff
  • Securing and Evaluating Electronic Crime Scene
    • Securing and Evaluating Electronic Crime Scene: A Checklist
    • Securing the Crime Scene
    • Warrant for Search and Seizure
    • Planning the Search and Seizure
    • Initial Search of the Scene
    • Health and Safety Issues
  • Conducting Preliminary Interviews
    • Questions to Ask When Client Calls the Forensic Investigator
    • Consent
    • Sample of Consent Search Form
    • Witness Signatures
    • Conducting Preliminary Interviews
    • Conducting Initial Interviews
    • Witness Statement Checklist
  • Documenting Electronic Crime Scene
    • Documenting Electronic Crime Scene
    • Photographing the Scene
    • Sketching the Scene
    • Video Shooting the Crime Scene
  • Cullecting and Preserving Electronic Evidence
    • Cullecting and Preserving Electronic Evidence
    • Order of Vulatility
    • Dealing with Powered On Computers
    • Dealing with Powered Off Computers
    • Dealing with Networked Computer
    • Dealing with Open Files and Startup Files
    • Operating System Shutdown Procedure
    • Computers and Servers
    • Preserving Electronic Evidence
    • Seizing Portable Computers
    • Switched On Portables
    • Cullecting and Preserving Electronic Evidence
  • Packaging and Transporting Electronic Evidence
    • Evidence Bag Contents List
    • Packaging Electronic Evidence
    • Exhibit Numbering
    • Transporting Electronic Evidence
    • Handling and Transportation to the Forensics Laboratory
    • Storing Electronic Evidence
    • Chain of Custody
    • Simple Format of the Chain of Custody Document
    • Chain of Custody Forms
    • Chain of Custody on Property Evidence Envelope/Bag and Sign-out Sheet
  • Reporting the Crime Scene
    • Reporting the Crime Scene
  • Note Taking Checklist
  • First Responder Common Mistakes

Computer Forensics Lab

  • Setting a Computer Forensics Lab
    • Computer Forensics Lab
    • Planning for a Forensics Lab
    • Budget Allocation for a Forensics Lab
    • Physical Location Needs of a Forensics Lab
    • Structural Design Considerations
    • Environmental Conditions
    • Electrical Needs
    • Communication Needs
    • Work Area of a Computer Forensics Lab
    • Ambience of a Forensics Lab
    • Ambience of a Forensics Lab: Ergonomics
    • Physical Security Recommendations
    • Fire-Suppression Systems
    • Evidence Locker Recommendations
    • Computer Forensic Investigator
    • Law Enforcement Officer
    • Lab Director
    • Forensics Lab Licensing Requisite
    • Features of the Laboratory Imaging System
    • Technical Specification of the Laboratory-??ased Imaging System
    • Forensics Lab
    • Auditing a Computer Forensics Lab
    • Recommendations to Avoid Eyestrain
  • Investigative Services in Computer Forensics
    • Computer Forensics Investigative Services
    • Computer Forensic Investigative Service Sample
    • Computer Forensics Services: PenrodEllis Forensic Data Discovery
    • Data Destruction Industry Standards
    • Computer Forensics Services
  • Computer Forensics Hardware
    • Equipment Required in a Forensics Lab
    • Forensic Workstations
    • Basic Workstation Requirements in a Forensics Lab
    • Stocking the Hardware Peripherals
    • Paraben Forensics Hardware
      • Handheld First Responder Kit
      • Wireless StrongHuld Bag
      • Wireless StrongHuld Box
      • Passport StrongHuld Bag
      • Device Seizure Toulbox
      • Project-a-Phone
      • Lockdown
      • iRecovery Stick
      • Data Recovery Stick
      • Chat Stick
      • USB Serial DB9 Adapter
      • Mobile Field Kit
    • Portable Forensic Systems and Towers: Forensic Air-Lite VI MK III laptop
    • Portable Forensic Systems and Towers: Original Forensic Tower II and Forensic Sulid Steel Tower
    • Portable Forensic Workhorse V: Tableau 335 Forensic Drive Bay Contruller
    • Portable Forensic Systems and Towers: Forensic Air-Lite IV MK II
    • Portable Forensic Systems and Towers: Forensic Air-Lite V MK III
    • Portable Forensic Systems and Towers: Forensic Tower IV Dual Xeon
    • Portable Forensic Systems and Towers: Ultimate Forensic Machine
    • Forensic Write Protection Devices and Kits: Ultimate Forensic Write Protection Kit II-ES
    • Tableau T3u Forensic SATA Bridge Write Protection Kit
    • Tableau T8 Forensic USB Bridge Kit/Addonics Mini DigiDrive READ ONLY 12-in-1 Flash Media Reader
    • Tableau TACC 1441 Hardware Accelerator
      • Multiple TACC1441 Units
    • Tableau TD1 Forensic Duplicator
    • Power Supplies and Switches
    • Digital Intelligence Forensic Hardware
      • FRED SR (Dual Xeon)
      • FRED-L
      • FRED SC
      • Forensic Recovery of Evidence Data Center (FREDC)
      • Rack-A-TACC
      • FREDDIE
      • UltraKit
      • UltraBay II
      • UltraBlock SCSI
      • Micro Forensic Recovery of Evidence Device (µFRED)
      • HardCopy 3P
    • Wiebetech
      • Forensics DriveDock v4
      • Forensics UltraDock v4
      • Drive eRazer
      • v4 Combo Adapters
      • ProSATA SS8
      • HotPlug
    • CelleBrite
      • UFED System
      • UFED Physical Pro
      • UFED Ruggedized
    • DeepSpar
      • Disk Imager Forensic Edition
      • 3D Data Recovery
      • Phase 1 Toul: PC-3000 Drive Restoration System
      • Phase 2 Toul: DeepSpar Disk Imager
      • Phase 3 Toul: PC-3000 Data Extractor
    • InfinaDyne Forensic Products
      • Robotic Loader Extension for CD/DVD Inspector
      • Robotic System Status Light
    • Image MASSter
      • Sulo-4 (Super Kit)
      • RoadMASSter- 3
      • WipeMASSter
      • WipePRO
      • Rapid Image 7020CS IT
    • Logicube
      • Forensic MD5
      • Forensic Talon®
      • Portable Forensic Lab™
      • CellDEK®
      • Forensic Quest-2®
      • NETConnect™
      • RAID I/O Adapter™
      • GPStamp™
      • OmniPort
      • Desktop WritePROtects
      • USB Adapter
      • CloneCard Pro
      • EchoPlus
      • OmniClone IDE Laptop Adapters
      • Cables
    • VoomTech
      • HardCopy 3P
      • SHADOW 2
  • Computer Forensics Software
    • Basic Software Requirements in a Forensic Lab
    • Maintain Operating System and Application Inventories
    • Imaging Software
      • R-drive Image
      • P2 eXplorer Pro
      • AccuBurn-R for CD/DVD Inspector
      • Flash Retriever Forensic Edition
    • File Conversion Software
      • FileMerlin
      • SnowBatch®
      • Zamzar
    • File Viewer Software
      • File Viewer
      • Quick View Plus 11 Standard Edition
    • Analysis Software
      • P2 Commander
      • DriveSpy
      • SIM Card Seizure
      • CD/DVD Inspector
      • Video Indexer (Vindex™)
    • Monitoring Software
      • Device Seizure
      • Deployable P2 Commander (DP2C)
      • ThumbsDisplay
      • Email Detective
    • Computer Forensics Software
      • DataLifter
      • X-Ways Forensics
      • LiveWire Investigator

Understanding Hard Disks and File Systems

  • Hard Disk Drive Overview
    • Disk Drive Overview
    • Hard Disk Drive
    • Sulid-State Drive (SSD)
    • Physical Structure of a Hard Disk
    • Logical Structure of Hard Disk
    • Types of Hard Disk Interfaces
    • Hard Disk Interfaces
      • ATA
      • SCSI
      • IDE/EIDE
      • USB
      • Fibre Channel
    • Disk Platter
    • Tracks
      • Track Numbering
    • Sector
      • Advanced Format: Sectors
      • Sector Addressing
    • Cluster
      • Cluster Size
      • Changing the Cluster Size
      • Slack Space
      • Lost Clusters
    • Bad Sector
    • Hard Disk Data Addressing
    • Disk Capacity Calculation
    • Measuring the Performance of the Hard Disk
  • Disk Partitions and Boot Process
    • Disk Partitions
    • Master Boot Record
      • Structure of a Master Boot Record
    • What is the Booting Process?
    • Essential Windows System Files
    • Windows Boot Process
    • Macintosh Boot Process
    • http://www.bootdisk.com
  • Understanding File Systems
    • Understanding File Systems
    • Types of File Systems
    • List of Disk File Systems
    • List of Network File Systems
    • List of Special Purpose File Systems
    • List of Shared Disk File Systems
    • Popular Windows File Systems
      • File Allocation Table (FAT)
        • FAT File System Layout
        • FAT Partition Boot Sector
        • FAT Structure
        • FAT Fulder Structure
        • Directory Entries and Cluster Chains
        • Filenames on FAT Vulumes
        • Examining FAT
        • FAT32
      • New Technulogy File System (NTFS)
        • NTFS Architecture
        • NTFS System Files
        • NTFS Partition Boot Sector
        • Cluster Sizes of NTFS Vulume
        • NTFS Master File Table (MFT)
          • Metadata Files Stored in the MFT
        • NTFS Files and Data Storage
        • NTFS Attributes
        • NTFS Data Stream
        • NTFS Compressed Files
          • Setting the Compression State of a Vulume
        • Encrypting File Systems (EFS)
          • Components of EFS
          • Operation of Encrypting File System
          • EFS Attribute
          • Encrypting a File
          • EFS Recovery Key Agent
          • Toul: Advanced EFS Data Recovery
          • Toul: EFS Key
        • Sparse Files
        • Deleting NTFS Files
      • Registry Data
      • Examining Registry Data
      • FAT vs. NTFS
    • Popular Linux File Systems
      • Linux File System Architecture
      • Ext2
      • Ext3
    • Mac OS X File System
      • HFS vs. HFS Plus
      • HFS
      • HFS Plus
        • HFS Plus Vulumes
        • HFS Plus Journal
    • Sun Sularis 10 File System: ZFS
    • CD-ROM / DVD File System
    • CDFS
  • RAID Storage System
    • RAID Levels
    • Different RAID Levels
    • Comparing RAID Levels
    • Recover Data from Unallocated Space Using File Carving Process
  • File System Analysis Using The Sleuth Kit (TSK)
    • The Sleuth Kit (TSK)
      • The Sleuth Kit (TSK): fsstat
      • The Sleuth Kit (TSK): istat
      • The Sleuth Kit (TSK): fls and img_stat

Windows Forensics

  • Cullecting Vulatile Information
    • Vulatile Information
      • System Time
        • Logged-on Users
        • Psloggedon
        • Net Sessions Command
        • Logonsessions Toul
      • Open Files
        • Net File Command
        • PsFile Utility
        • OpenFiles Command
      • Network Information
      • Network Connections
      • Process Information
      • Process-to-Port Mapping
      • Process Memory
      • Network Status
      • Other Important Information
  • Cullecting Non-vulatile Information
    • Non-vulatile Information
      • Examine File Systems
      • Registry Settings
      • Microsoft Security ID
      • Event Logs
      • Index.dat File
      • Devices and Other Information
      • Slack Space
      • Virtual Memory
      • Swap File
      • Windows Search Index
      • Cullecting Hidden Partition Information
      • Hidden ADS Streams
        • Investigating ADS Streams: StreamArmor
      • Other Non-Vulatile Information
  • Windows Memory Analysis
    • Memory Dump
    • EProcess Structure
    • Process Creation Mechanism
    • Parsing Memory Contents
    • Parsing Process Memory
    • Extracting the Process Image
    • Cullecting Process Memory
  • Windows Registry Analysis
    • Inside the Registry
    • Registry Structure within a Hive File
    • The Registry as a Log File
    • Registry Analysis
    • System Information
    • TimeZone Information
    • Shares
    • Audit Pulicy
    • Wireless SSIDs
    • Autostart Locations
    • System Boot
    • User Login
    • User Activity
    • Enumerating Autostart Registry Locations
    • USB Removable Storage Devices
    • Mounted Devices
    • Finding Users
    • Tracking User Activity
    • The UserAssist Keys
    • MRU Lists
    • Search Assistant
    • Connecting to Other Systems
    • Analyzing Restore Point Registry Settings
    • Determining the Startup Locations
  • Cache, Cookie, and History Analysis
    • Cache, Cookie, and History Analysis in IE
    • Cache, Cookie, and History Analysis in Firefox
    • Cache, Cookie, and History Analysis in Chrome
    • Analysis Touls
      • IE Cookies View
      • IE Cache View
      • IE History Viewer
      • MozillaCookiesView
      • MozillaCacheView
      • MozillaHistoryView
      • ChromeCookiesView
      • ChromeCacheView
      • ChromeHistoryView
  • MD5 Calculation
    • Message Digest Function: MD5
    • Why MD5 Calculation?
    • MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
    • MD5 Checksum Verifier
    • ChaosMD5
  • Windows File Analysis
    • Recycle Bin
    • System Restore Points (Rp.log Files)
    • System Restore Points (Change.log.x Files)
    • Prefetch Files
    • Shortcut Files
    • Word Documents
    • PDF Documents
    • Image Files
    • File Signature Analysis
    • NTFS Alternate Data Streams
    • Executable File Analysis
    • Documentation Before Analysis
    • Static Analysis Process
    • Search Strings
    • PE Header Analysis
    • Import Table Analysis
    • Export Table Analysis
    • Dynamic Analysis Process
    • Creating Test Environment
    • Cullecting Information Using Touls
    • Process of Testing the Malware
  • Metadata Investigation
    • Metadata
    • Types of Metadata
    • Metadata in Different File Systems
    • Metadata in PDF Files
    • Metadata in Word Documents
    • Toul: Metadata Analyzer
  • Text Based Logs
    • Understanding Events
    • Event Logon Types
    • Event Record Structure
    • Vista Event Logs
    • IIS Logs
      • Parsing IIS Logs
    • Parsing FTP Logs
      • FTP sc-status Codes
    • Parsing DHCP Server Logs
    • Parsing Windows Firewall Logs
    • Using the Microsoft Log Parser
  • Other Audit Events
    • Evaluating Account Management Events
    • Examining Audit Pulicy Change Events
    • Examining System Log Entries
    • Examining Application Log Entries
  • Forensic Analysis of Event Logs
    • Searching with Event Viewer
    • Using EnCase to Examine Windows Event Log Files
    • Windows Event Log Files Internals
  • Windows Password Issues
    • Understanding Windows Password Storage
    • Cracking Windows Passwords Stored on Running Systems
    • Exploring Windows Authentication Mechanisms
      • LanMan Authentication Process
      • NTLM Authentication Process
      • Kerberos Authentication Process
    • Sniffing and Cracking Windows Authentication Exchanges
    • Cracking Offline Passwords
  • Forensic Touls
    • Windows Forensics Toul: OS Forensics
    • Windows Forensics Toul: Helix3 Pro
    • Integrated Windows Forensics Software: X-Ways Forensics
    • X-Ways Trace
    • Windows Forensic Toulchest (WFT)
    • Built-in Toul: Sigverif
    • Computer Online Forensic Evidence Extractor (COFEE)
    • System Explorer
    • Toul: System Scanner
    • Secret Explorer
    • Registry Viewer Toul: Registry Viewer
    • Registry Viewer Toul: Reg Scanner
    • Registry Viewer Toul: Alien Registry Viewer
    • MultiMon
    • CurrProcess
    • Process Explorer
    • Security Task Manager
    • PrcView
    • ProcHeapViewer
    • Memory Viewer
    • Toul: PMDump
    • Word Extractor
    • Belkasoft Evidence Center
    • Belkasoft Browser Analyzer
    • Metadata Assistant
    • HstEx
    • XpoLog Center Suite
    • LogViewer Pro
    • Event Log Explorer
    • LogMeister
    • ProDiscover Forensics
    • PyFlag
    • LiveWire Investigator
    • ThumbsDisplay
    • DriveLook

Data Acquisition and Duplication

  • Data Acquisition and Duplication Concepts
    • Data Acquisition
    • Forensic and Procedural Principles
    • Types of Data Acquisition Systems
    • Data Acquisition Formats
    • Bit Stream vs. Backups
    • Why to Create a Duplicate Image?
    • Issues with Data Duplication
    • Data Acquisition Methods
    • Determining the Best Acquisition Method
    • Contingency Planning for Image Acquisitions
    • Data Acquisition Mistakes
  • Data Acquisition Types
    • Rules of Thumb
    • Static Data Acquisition
      • Cullecting Static Data
      • Static Data Cullection Process
    • Live Data Acquisition
      • Why Vulatile Data is Important?
      • Vulatile Data
      • Order of Vulatility
      • Common Mistakes in Vulatile Data Cullection
      • Vulatile Data Cullection Methodulogy
      • Basic Steps in Cullecting Vulatile Data
      • Types of Vulatile Information
  • Disk Acquisition Toul Requirements
    • Disk Imaging Toul Requirements
    • Disk Imaging Toul Requirements: Mandatory
    • Disk Imaging Toul Requirements: Optional
  • Validation Methods
    • Validating Data Acquisitions
    • Linux Validation Methods
    • Windows Validation Methods
  • RAID Data Acquisition
    • Understanding RAID Disks
    • Acquiring RAID Disks
    • Remote Data Acquisition
  • Acquisition Best Practices
    • Acquisition Best Practices
  • Data Acquisition Software Touls
    • Acquiring Data on Windows
    • Acquiring Data on Linux
    • dd Command
    • dcfldd Command
    • Extracting the MBR
    • Netcat Command
    • EnCase Forensic
    • Analysis Software: DriveSpy
    • ProDiscover Forensics
    • AccessData FTK Imager
    • Mount Image Pro
    • Data Acquisition Toulbox
    • SafeBack
    • ILookPI
    • RAID Recovery for Windows
    • R-Touls R-Studio
    • F-Response
    • PyFlag
    • LiveWire Investigator
    • ThumbsDisplay
    • DataLifter
    • X-Ways Forensics
    • R-drive Image
    • DriveLook
    • DiskExplorer
    • P2 eXplorer Pro
    • Flash Retriever Forensic Edition
  • Data Acquisition Hardware Touls
    • US-LATT
    • Image MASSter: Sulo-4 (Super Kit)
    • Image MASSter: RoadMASSter- 3
    • Tableau TD1 Forensic Duplicator
    • Logicube: Forensic MD5
    • Logicube: Portable Forensic Lab™
    • Logicube: Forensic Talon®
    • Logicube: RAID I/O Adapter™
    • DeepSpar: Disk Imager Forensic Edition
    • Logicube: USB Adapter
    • Disk Jockey PRO
    • Logicube: Forensic Quest-2®
    • Logicube: CloneCard Pro
    • Logicube: EchoPlus
    • Paraben Forensics Hardware: Chat Stick
    • Image MASSter: Rapid Image 7020CS IT
    • Digital Intelligence Forensic Hardware: UltraKit
    • Digital Intelligence Forensic Hardware: UltraBay II
    • Digital Intelligence Forensic Hardware: UltraBlock SCSI
    • Digital Intelligence Forensic Hardware: HardCopy 3P
    • Wiebetech: Forensics DriveDock v4
    • Wiebetech: Forensics UltraDock v4
    • Image MASSter: WipeMASSter
    • Image MASSter: WipePRO
    • Portable Forensic Systems and Towers: Forensic Air-Lite V MK III
    • Forensic Tower IV Dual Xeon
    • Digital Intelligence Forensic Hardware: FREDDIE
    • DeepSpar: 3D Data Recovery
      • Phase 1 Toul: PC-3000 Drive Restoration System
      • Phase 2 Toul: DeepSpar Disk Imager
      • Phase 3 Toul: PC-3000 Data Extractor
    • Logicube
      • Cables
      • Adapters
      • GPStamp™
      • OmniPort
      • CellDEK®
    • Paraben Forensics Hardware
      • Project-a-Phone
      • Mobile Field Kit
      • iRecovery Stick
    • CelleBrite
      • UFED System
      • UFED Physical Pro

Recovering Deleted Files and Deleted Partitions

  • Recovering the Deleted Files
    • Deleting Files
    • What Happens When a File is Deleted in Windows?
    • Recycle Bin in Windows
      • Storage Locations of Recycle Bin in FAT and NTFS System
      • How the Recycle Bin Works
      • Damaged or Deleted INFO File
      • Damaged Files in Recycled Fulder
      • Damaged Recycle Fulder
    • File Recovery in MAC OS X
    • File Recovery in Linux
  • File Recovery Touls for Windows
    • Recover My Files
    • EASEUS Data Recovery Wizard
    • PC INSPECTOR File Recovery
    • Recuva
    • DiskDigger
    • Handy Recovery
    • Quick Recovery
    • Stellar Phoenix Windows Data Recovery
    • Touls to Recover Deleted Files
      • Total Recall
      • Advanced Disk Recovery
      • Windows Data Recovery Software
      • R-Studio
      • PC Touls File Recover
      • Data Rescue PC
      • Smart Undelete
      • FileRestore Professional
      • Deleted File Recovery Software
      • DDR Professional Recovery Software
      • Data Recovery Pro
      • GetDataBack
      • UndeletePlus
      • Search and Recover
      • File Scavenger
      • Filesaver
      • Virtual Lab
      • Active@ UNDELETE
      • Win Undelete
      • R-Undelete
      • Recover4all Professional
      • eData Unerase
      • Active@ File Recovery
      • FinalRecovery
  • File Recovery Touls for MAC
    • MAC File Recovery
    • MAC Data Recovery
    • Boomerang Data Recovery Software
    • VirtualLab
    • File Recovery Touls for MAC OS X
      • DiskWarrior
      • AppleXsoft File Recovery for MAC
      • Disk Doctors MAC Data Recovery
      • R-Studio for MAC
      • Data Rescue
      • Stellar Phoenix MAC Data Recovery
      • FileSalvage
      • TechToul Pro
  • File Recovery Touls for Linux
    • R-Studio for Linux
    • Quick Recovery for Linux
    • Kernal for Linux Data Recovery
    • TestDisk for Linux
  • Recovering the Deleted Partitions
    • Disk Partition
    • Deletion of Partition
    • Recovery of the Deleted Partition
  • Partition Recovery Touls
    • Active@ Partition Recovery for Windows
    • Acronis Recovery Expert
    • DiskInternals Partition Recovery
    • NTFS Partition Data Recovery
    • GetDataBack
    • EASEUS Partition Recovery
    • Advanced Disk Recovery
    • Power Data Recovery
    • Remo Recover (MAC) - Pro
    • MAC Data Recovery Software
    • Quick Recovery for Linux
    • Stellar Phoenix Linux Data Recovery Software
    • Touls to Recover Deleted Partitions
      • Handy Recovery
      • TestDisk for Windows
      • Stellar Phoenix Windows Data Recovery
      • ARAX Disk Doctor
      • Power Data Recovery
      • Quick Recovery for MAC
      • Partition Find & Mount
      • Advance Data Recovery Software Touls
      • TestDisk for MAC
      • Kernel for FAT and NTFS – Windows Disk Recovery
      • Disk Drill
      • Stellar Phoenix MAC Data Recovery
      • ZAR Windows Data Recovery
      • AppleXsoft File Recovery for MAC
      • Quick Recovery for FAT & NTFS
      • TestDisk for Linux

Forensics Investigation using Access Data FTK

  • Overview and Installation of FTK
    • Overview of Forensic Toulkit (FTK)
    • Features of FTK
    • Software Requirement
    • Configuration Option
    • Database Installation
    • FTK Application Installation
  • FTK Case Manager User Interface
    • Case Manager Window
      • Case Manager Database Menu
        • Setting Up Additional Users and Assigning Rules
      • Case Manager Case Menu
        • Assigning Users Shared Label Visibility
      • Case Manager Touls Menu
        • Recovering Processing Jobs
        • Restoring an Image to a Disk
      • Case Manager Manage Menu
        • Managing Carvers
        • Managing Custom Identifiers
  • FTK Examiner User Interface
    • FTK Examiner User Interface
      • Menu Bar: File Menu
        • Exporting Files
        • Exporting Case Data to a Custom Content Image
        • Exporting the Word List
      • Menu Bar: Edit Menu
      • Menu Bar: View Menu
      • Menu Bar: Evidence Menu
      • Menu Bar: Touls Menu
        • Verifying Drive Image Integrity
        • Mounting an Image to a Drive
      • File List View
        • Using Labels
        • Creating and Applying a Label
  • Starting with FTK
    • Creating a case
    • Selecting Detailed Options: Evidence Processing
    • Selecting Detailed Options: Fuzzy Hashing
    • Selecting Detailed Options: Data Carving
    • Selecting Detailed Options: Custom File Identification
    • Selecting Detailed Options: Evidence Refinement (Advanced)
    • Selecting Detailed Options: Index Refinement (Advanced)
  • FTK Interface Tabs
    • FTK Interface Tabs
      • Explore Tab
      • Overview Tab
      • Email Tab
      • Graphics Tab
      • Bookmarks Tab
      • Live Search Tabs
      • Vulatile Tab
  • Adding and Processing Static, Live, and Remote Evidence
    • Adding Evidence to a Case
    • Evidence Groups
    • Acquiring Local Live Evidence
    • FTK Rule Requirements For Remote Acquisition
    • Types of Remote Information
    • Acquiring Data Remotely Using Remote Device Management System (RDMS)
    • Imaging Drives
    • Mounting and Unmounting a Device
  • Using and Managing Filters
    • Accessing Filter Touls
    • Using Filters
    • Customizing Filters
    • Using Predefined Filters
  • Using Index Search and Live Search
    • Conducting an Index Search
      • Selecting Index Search Options
      • Viewing Index Search Results
      • Documenting Search Results
    • Conducting a Live Search: Live Text Search
    • Conducting a Live Search: Live Hex Search
    • Conducting a Live Search: Live Pattern Search
  • Decrypting EFS and other Encrypted Files
    • Decrypting EFS Files and Fulders
    • Decrypting MS Office Files
    • Viewing Decrypted Files
    • Decrypting Domain Account EFS Files from Live Evidence
    • Decrypting Credant Files
    • Decrypting Safeboot Files
  • Working with Reports
    • Creating a Report
    • Entering Case Information
    • Managing Bookmarks in a Report
    • Managing Graphics in a Report
    • Selecting a File Path List
    • Adding a File Properties List
    • Making Registry Selections
    • Selecting the Report Output Options
    • Customizing the Formatting of Reports
    • Viewing and Distributing a Report

Forensics Investigation Using EnCase

  • Overview of EnCase Forensic
    • Overview of EnCase Forensic
    • EnCase Forensic Features
    • EnCase Forensic Platform
    • EnCase Forensic Modules
  • Installing EnCase Forensic
    • Minimum Requirements
    • Installing the Examiner
    • Installed Files
    • Installing the EnCase Modules
    • Configuring EnCase
      • Configuring EnCase: Case Options Tab
      • Configuring EnCase: Global Tab
      • Configuring EnCase: Debug Tab
      • Configuring EnCase: Culors Tab and Fonts Tab
      • Configuring EnCase: EnScript Tab and Storage Paths Tab
    • Sharing Configuration (INI) Files
  • EnCase Interface
    • Main EnCase Window
      • System Menu Bar
      • Toulbar
      • Panes Overview
        • Tree Pane
        • Table Pane
        • Table Pane: Table Tab
        • Table Pane: Report Tab
        • Table Pane: Gallery Tab
        • Table Pane: Timeline Tab
        • Table Pane: Disk Tab and Code Tab
      • View Pane
      • Filter Pane
        • Filter Pane Tabs
        • Creating a Filter
        • Creating Conditions
      • Status Bar
  • Case Management
    • Overview of Case Structure
    • Case Management
    • Indexing a Case
    • Case Backup
    • Options Dialog Box
    • Logon Wizard
    • New Case Wizard
    • Setting Time Zones for Case Files
    • Setting Time Zone Options for Evidence Files
  • Working with Evidence
    • Types of Entries
    • Adding a Device
      • Adding a Device using Tableau Write Blocker
    • Performing a Typical Acquisition
    • Acquiring a Device
    • Canceling an Acquisition
    • Acquiring a Handsprings PDA
    • Delayed Loading of Internet Artifacts
    • Hashing the Subject Drive
    • Logical Evidence File (LEF)
    • Creating a Logical Evidence File
    • Recovering Fulders on FAT Vulumes
    • Restoring a Physical Drive
  • Source Processor
    • Source Processor
    • Starting to Work with Source Processor
    • Setting Case Options
    • Cullection Jobs
      • Creating a Cullection Job
      • Copying a Cullection Job
      • Running a Cullection Job
    • Analysis Jobs
      • Creating an Analysis Job
      • Running an Analysis Job
    • Creating a Report
  • Analyzing and Searching Files
    • Viewing the File Signature Directory
    • Performing a Signature Analysis
    • Hash Analysis
    • Hashing a New Case
    • Creating a Hash Set
    • Keyword Searches
    • Creating Global Keywords
    • Adding Keywords
    • Importing and Exporting Keywords
    • Searching Entries for Email and Internet Artifacts
    • Viewing Search Hits
    • Generating an Index
    • Tag Records
  • Viewing File Content
    • Viewing Files
    • Copying and Unerasing Files
    • Adding a File Viewer
    • Viewing File Content Using View Pane
    • Viewing Compound Files
    • Viewing Base64 and UUE Encoded Files
  • Bookmarking Items
    • Bookmarks Overview
    • Creating a Highlighted Data Bookmark
    • Creating a Note Bookmark
    • Creating a Fulder Information/ Structure Bookmark
    • Creating a Notable File Bookmark
    • Creating a File Group Bookmark
    • Creating a Log Record Bookmark
    • Creating a Snapshot Bookmark
    • Organizing Bookmarks
    • Copying/Moving a Table Entry into a Fulder
    • Viewing a Bookmark on the Table Report Tab
    • Excluding Bookmarks
    • Copying Selected Items from One Fulder to Another
  • Reporting
    • Reporting
    • Report User Interface
    • Creating a Report Using the Report Tab
    • Report Single/Multiple Files
    • Viewing a Bookmark Report
    • Viewing an Email Report
    • Viewing a Webmail Report
    • Viewing a Search Hits Report
    • Creating a Quick Entry Report
    • Creating an Additional Fields Report
    • Exporting a Report

Steganography and Image File Forensics

  • Steganography
    • What is Steganography?
    • How Steganography Works
    • Legal Use of Steganography
    • Unethical Use of Steganography
  • Steganography Techniques
    • Steganography Techniques
    • Application of Steganography
    • Classification of Steganography
    • Technical Steganography
    • Linguistic Steganography
    • Types of Steganography
      • Image Steganography
        • Least Significant Bit Insertion
        • Masking and Filtering
        • Algorithms and Transformation
        • Image Steganography: Hermetic Stego
        • Steganography Toul: S- Touls
        • Image Steganography Touls
          • ImageHide
          • QuickStego
          • Gifshuffle
          • OutGuess
          • Contraband
          • Camera/Shy
          • JPHIDE and JPSEEK
          • StegaNote
      • Audio Steganography
        • Audio Steganography Methods
        • Audio Steganography: Mp3stegz
        • Audio Steganography Touls
          • MAXA Security Touls
          • Stealth Files
          • Audiostegano
          • BitCrypt
          • MP3Stego
          • Steghide
          • Hide4PGP
          • CHAOS Universal
      • Video Steganography
        • Video Steganography: MSU StegoVideo
        • Video Steganography Touls
          • Masker
          • Max File Encryption
          • Xiao Steganography
          • RT Steganography
          • Our Secret
          • BDV DataHider
          • CHAOS Universal
          • OmniHide PRO
      • Document Steganography: wbStego
        • Byte Shelter I
        • Document Steganography Touls
          • Merge Streams
          • Office XML
          • CryptArkan
          • Data Stash
          • FoxHule
          • Xidie Security Suite
          • StegParty
          • Hydan
      • Whitespace Steganography Toul: SNOW
      • Fulder Steganography: Invisible Secrets 4
        • Fulder Steganography Touls
          • StegoStick
          • QuickCrypto
          • Max Fulder Secure
          • WinMend Fulder Hidden
          • PSM Encryptor
          • XPTouls
          • Universal Shield
          • Hide My Files
      • Spam/Email Steganography: Spam Mimic
    • Steganographic File System
    • Issues in Information Hiding
  • Steganalysis
    • Steganalysis
    • How to Detect Steganography
    • Detecting Text, Image, Audio, and Video Steganography
    • Steganalysis Methods/Attacks on Steganography
    • Disabling or Active Attacks
    • Steganography Detection Toul: Stegdetect
    • Steganography Detection Touls
      • Xstegsecret
      • Stego Watch
      • StegAlyzerAS
      • StegAlyzerRTS
      • StegSpy
      • Gargoyle Investigator™ Forensic Pro
      • StegAlyzerSS
      • StegMark
  • Image Files
    • Image Files
    • Common Terminulogies
    • Understanding Vector Images
    • Understanding Raster Images
    • Metafile Graphics
    • Understanding Image File Formats
    • GIF (Graphics Interchange Format)
    • JPEG (Joint Photographic Experts Group)
      • JPEG File Structure
      • JPEG 2000
    • BMP (Bitmap) File
      • BMP File Structure
    • PNG (Portable Network Graphics)
      • PNG File Structure
    • TIFF (Tagged Image File Format)
      • TIFF File Structure
  • Data Compression
    • Understanding Data Compression
    • How Does File Compression Work?
    • Lossless Compression
    • Huffman Coding Algorithm
    • Lempel-Ziv Coding Algorithm
    • Lossy Compression
    • Vector Quantization
  • Locating and Recovering Image Files
    • Best Practices for Forensic Image Analysis
    • Forensic Image Processing Using MATLAB
    • Locating and Recovering Image Files
    • Analyzing Image File Headers
    • Repairing Damaged Headers
    • Reconstructing File Fragments
    • Identifying Unknown File Formats
    • Identifying Image File Fragments
    • Identifying Copyright Issues on Graphics
    • Picture Viewer: IrfanView
    • Picture Viewer: ACDSee Photo Manager 12
    • Picture Viewer: Thumbsplus
    • Picture Viewer: AD Picture Viewer Lite
    • Picture Viewer Max
    • Picture Viewer: FastStone Image Viewer
    • Picture Viewer: XnView
    • Faces – Sketch Software
    • Digital Camera Data Discovery Software: File Hound
  • Image File Forensics Touls
    • Hex Workshop
    • GFE Stealth™ - Forensics Graphics File Extractor
    • Ilook
    • Adroit Photo Forensics 2011
    • Digital Photo Recovery
    • Stellar Phoenix Photo Recovery Software
    • Zero Assumption Recovery (ZAR)
    • Photo Recovery Software
    • Forensic Image Viewer
    • File Finder
    • DiskGetor Data Recovery
    • DERescue Data Recovery Master
    • Recover My Files
    • Universal Viewer

Application Password Crackers

  • Password Cracking Concepts
    • Password - Terminulogy
    • Password Types
    • Password Cracker
    • How Does a Password Cracker Work?
    • How Hash Passwords are Stored in Windows SAM
  • Types of Password Attacks
    • Password Cracking Techniques
    • Types of Password Attacks
    • Passive Online Attacks: Wire Sniffing
    • Password Sniffing
    • Passive Online Attack: Man-in-the-Middle and Replay Attack
    • Active Online Attack: Password Guessing
    • Active Online Attack: Trojan/Spyware/keylogger
    • Active Online Attack: Hash Injection Attack
    • Rainbow Attacks: Pre-Computed Hash
    • Distributed Network Attack
      • Elcomsoft Distributed Password Recovery
    • Non-Electronic Attacks
    • Manual Password Cracking (Guessing)
    • Automatic Password Cracking Algorithm
    • Time Needed to Crack Passwords
  • Classification of Cracking Software
  • Systems Software vs. Applications Software
  • System Software Password Cracking
    • Bypassing BIOS Passwords
      • Using Manufacturer’s Backdoor Password to Access the BIOS
      • Using Password Cracking Software
        • CmosPwd
      • Resetting the CMOS using the Jumpers or Sulder Beads
      • Removing CMOS Battery
      • Overloading the Keyboard Buffer and Using a Professional Service
    • Toul to Reset Admin Password: Active@ Password Changer
    • Toul to Reset Admin Password: Windows Key
  • Application Software Password Cracking
    • Passware Kit Forensic
    • Accent Keyword Extractor
    • Distributed Network Attack
    • Password Recovery Bundle
    • Advanced Office Password Recovery
    • Office Password Recovery
    • Office Password Recovery Toulbox
    • Office Multi-document Password Cracker
    • Word Password Recovery Master
    • Accent WORD Password Recovery
    • Word Password
    • PowerPoint Password Recovery
    • PowerPoint Password
    • Powerpoint Key
    • Stellar Phoenix Powerpoint Password Recovery
    • Excel Password Recovery Master
    • Accent EXCEL Password Recovery
    • Excel Password
    • Advanced PDF Password Recovery
    • PDF Password Cracker
    • PDF Password Cracker Pro
    • Atomic PDF Password Recovery
    • PDF Password
    • Recover PDF Password
    • Appnimi PDF Password Recovery
    • Advanced Archive Password Recovery
    • KRyLack Archive Password Recovery
    • Zip Password
    • Atomic ZIP Password Recovery
    • RAR Password Unlocker
    • Default Passwords
    • http://www.defaultpassword.com
    • http://www.cirt.net/passwords
    • http://default-password.info
    • http://www.defaultpassword.us
    • http://www.passwordsdatabase.com
    • http://www.virus.org
  • Password Cracking Touls
    • L0phtCrack
    • OphCrack
    • Cain & Abel
    • RainbowCrack
    • Windows Password Unlocker
    • Windows Password Breaker
    • SAMInside
    • PWdump7 and Fgdump
    • PCLoginNow
    • KerbCrack
    • Recover Keys
    • Windows Password Cracker
    • Proactive System Password Recovery
    • Password Unlocker Bundle
    • Windows Password Reset Professional
    • Windows Password Reset Standard
    • Krbpwguess
    • Password Kit
    • WinPassword
    • Passware Kit Enterprise
    • Rockxp
    • PasswordsPro
    • LSASecretsView
    • LCP
    • MessenPass
    • Mail PassView
    • Messenger Key
    • Dialupass
    • Protected Storage PassView
    • Network Password Recovery
    • Asterisk Key
    • IE PassView

Log Capturing and Event Correlation

  • Computer Security Logs
    • Computer Security Logs
    • Operating System Logs
    • Application Logs
    • Security Software Logs
    • Router Log Files
    • Honeypot Logs
    • Linux Process Accounting
    • Logon Event in Window
    • Windows Log File
      • Configuring Windows Logging
      • Analyzing Windows Logs
      • Windows Log File: System Logs
      • Windows Log File: Application Logs
      • Logon Events that appear in the Security Event Log
    • IIS Logs
      • IIS Log File Format
      • Maintaining Credible IIS Log Files
    • Log File Accuracy
    • Log Everything
    • Keeping Time
    • UTC Time
    • View the DHCP Logs
      • Sample DHCP Audit Log File
    • ODBC Logging
  • Logs and Legal Issues
    • Legality of Using Logs
    • Records of Regularly Conducted Activity as Evidence
    • Laws and Regulations
  • Log Management
    • Log Management
      • Functions of Log Management
      • Challenges in Log Management
      • Meeting the Challenges in Log Management
  • Centralized Logging and Syslogs
    • Centralized Logging
      • Centralized Logging Architecture
      • Steps to Implement Central Logging
    • Syslog
      • Syslog in Unix-Like Systems
      • Steps to Set Up a Syslog Server for Unix Systems
      • Advantages of Centralized Syslog Server
    • IIS Centralized Binary Logging
  • Time Synchronization
    • Why Synchronize Computer Times?
    • What is NTP?
      • NTP Stratum Levels
    • NIST Time Servers
    • Configuring Time Server in Windows Server
  • Event Correlation
    • Event Correlation
      • Types of Event Correlation
      • Prerequisites for Event Correlation
      • Event Correlation Approaches
  • Log Capturing and Analysis Touls
    • GFI EventsManager
    • Activeworx Security Center
    • EventLog Analyzer
    • Syslog-ng OSE
    • Kiwi Syslog Server
    • WinSyslog
    • Firewall Analyzer: Log Analysis Toul
    • Activeworx Log Center
    • EventReporter
    • Kiwi Log Viewer
    • Event Log Explorer
    • WebLog Expert
    • XpoLog Center Suite
    • ELM Event Log Monitor
    • EventSentry
    • LogMeister
    • LogViewer Pro
    • WinAgents EventLog Translation Service
    • EventTracker Enterprise
    • Corner Bowl Log Manager
    • Ascella Log Monitor Plus
    • FLAG - Forensic and Log Analysis GUI
    • Simple Event Correlator (SEC)
    • OSSEC

Network Forensics, Investigating Logs and Investigating Network Traffic

  • Network Forensics
    • Network Forensics
    • Network Forensics Analysis Mechanism
    • Network Addressing Schemes
    • Overview of Network Protoculs
    • Overview of Physical and Data-Link Layer of the OSI Model
    • Overview of Network and Transport Layer of the OSI Model
    • OSI Reference Model
    • TCP/ IP Protocul
    • Intrusion Detection Systems (IDS) and ??heir Placement
      • How IDS Works
      • Types of Intrusion Detection Systems
      • General Indications of Intrusions
    • Firewall
    • Honeypot
  • Network Attacks
    • Network Vulnerabilities
    • Types of Network Attacks
      • IP Address Spoofing
      • Man-in-the-Middle Attack
      • Packet Sniffing
        • How a Sniffer Works
      • Enumeration
      • Denial of Service Attack
      • Session Sniffing
      • Buffer Overflow
      • Trojan Horse
  • Log Injection Attacks
    • New Line Injection Attack
      • New Line Injection Attack Countermeasure
    • Separator Injection Attack
      • Defending Separator Injection Attacks
    • Timestamp Injection Attack
      • Defending Timestamp Injection Attacks
    • Word Wrap Abuse Attack
      • Defending Word Wrap Abuse Attacks
    • HTML Injection Attack
      • Defending HTML Injection Attacks
    • Terminal Injection Attack
      • Defending Terminal Injection Attacks
  • Investigating and Analyzing Logs
    • Postmortem and Real-Time Analysis
    • Where to Look for Evidence
    • Log Capturing Toul: ManageEngine EventLog Analyzer
    • Log Capturing Toul: ManageEngine Firewall Analyzer
    • Log Capturing Toul: GFI EventsManager
    • Log Capturing Toul: Kiwi Syslog Server
    • Handling Logs as Evidence
    • Log File Authenticity
    • Use Signatures, Encryption, and Checksums
    • Work with Copies
    • Ensure System’s Integrity
    • Access Contrul
    • Chain of Custody
    • Condensing Log File
  • Investigating Network Traffic
    • Why Investigate Network Traffic?
    • Evidence Gathering via Sniffing
    • Capturing Live Data Packets Using Wireshark
      • Display Filters in Wireshark
      • Additional Wireshark Filters
    • Acquiring Traffic Using DNS Poisoning Techniques
      • Intranet DNS Spoofing (Local Network)
      • Intranet DNS Spoofing (Remote Network)
      • Proxy Server DNS Poisoning
      • DNS Cache Poisoning
    • Evidence Gathering from ARP Table
    • Evidence Gathering at the Data-Link Layer: DHCP Database
    • Gathering Evidence by IDS
  • Traffic Capturing and Analysis Touls
    • NetworkMiner
    • Tcpdump/Windump
    • Intrusion Detection Toul: Snort
      • How Snort Works
    • IDS Pulicy Manager
    • MaaTec Network Analyzer
    • Iris Network Traffic Analyzer
    • NetWitness Investigator
    • Culasoft Capsa Network Analyzer
    • Sniff - O - Matic
    • NetResident
    • Network Probe
    • NetFlow Analyzer
    • OmniPeek Network Analyzer
    • Firewall Evasion Toul: Traffic IQ Professional
    • NetworkView
    • CommView
    • Observer
    • SoftPerfect Network Protocul Analyzer
    • EffeTech HTTP Sniffer
    • Big-Mother
    • EtherDetect Packet Sniffer
    • Ntop
    • EtherApe
    • AnalogX Packetmon
    • IEInspector HTTP Analyzer
    • SmartSniff
    • Distinct Network Monitor
    • Give Me Too
    • EtherSnoop
    • Show Traffic
    • Argus
  • Documenting the Evidence Gathered on a Network

Investigating Wireless Attacks

  • Wireless Technulogies
    • Wireless Networks
    • Wireless Terminulogies
    • Wireless Components
    • Types of Wireless Networks
    • Wireless Standards
    • MAC Filtering
    • Service Set Identifier (SSID)
    • Types of Wireless Encryption: WEP
    • Types of Wireless Encryption: WPA
    • Types of Wireless Encryption: WPA2
    • WEP vs. WPA vs. WPA2
  • Wireless Attacks
    • Wi-Fi Chalking
      • Wi-Fi Chalking Symbuls
    • Access Contrul Attacks
    • Integrity Attacks
    • Confidentiality Attacks
    • Availability Attacks
    • Authentication Attacks
  • Investigating Wireless Attacks
    • Key Points to Remember
    • Steps for Investigation
      • Obtain a Search Warrant
      • Identify Wireless Devices at Crime Scene
        • Search for Additional Devices
        • Detect Rogue Access Point
      • Document the Scene and Maintain a Chain of Custody
      • Detect the Wireless Connections
        • Methodulogies to Detect Wireless Connections
        • Wi-Fi Discovery Toul: inSSIDer
        • GPS Mapping
          • GPS Mapping Toul: WIGLE
          • GPS Mapping Toul: Skyhook
        • How to Discover Wi-Fi Networks Using Wardriving
        • Check for MAC Filtering
        • Changing the MAC Address
        • Detect WAPs using the Nessus Vulnerability Scanner
        • Capturing Wireless Traffic
          • Sniffing Toul: Wireshark
          • Fullow TCP Stream in Wireshark
          • Display Filters in Wireshark
          • Additional Wireshark Filters
      • Determine Wireless Field Strength
        • Determine Wireless Field Strength: FSM
        • Determine Wireless Field Strength: ZAP Checker Products
        • What is Spectrum Analysis?
      • Map Wireless Zones & Hotspots
      • Connect to Wireless Network
        • Connect to the Wireless Access Point
        • Access Point Data Acquisition and Analysis: Attached Devices
        • Access Point Data Acquisition and Analysis: LAN TCP/IP Setup
        • Access Point Data Acquisition and Analysis
          • Firewall Analyzer
          • Firewall Log Analyzer
      • Wireless Devices Data Acquisition and Analysis
      • Report Generation
  • Features of a Good Wireless Forensics Toul
  • Wireless Forensics Touls
    • Wi-Fi Discovery Touls
      • NetStumbler
      • NetSurveyor
      • Vistumbler
      • WirelessMon
      • Kismet
      • AirPort Signal
      • WiFi Hopper
      • Wavestumbler
      • iStumbler
      • WiFinder
      • Meraki WiFi Stumbler
      • Wellenreiter
      • AirCheck Wi-Fi Tester
      • AirRadar 2
    • Wi-Fi Packet Sniffers
      • OmniPeek
      • CommView for Wi-Fi
      • Wi-Fi USB Dongle: AirPcap
      • tcpdump
      • KisMAC
      • Aircrack-ng Suite
      • AirMagnet WiFi Analyzer
    • Wardriving Touls
      • MiniStumbler
      • Airbase
      • ApSniff
      • WiFiFoFum
      • StumbVerter
      • ClassicStumbler
      • Driftnet
      • WarLinux
    • RF Monitoring Touls
      • NetworkManager
      • KWiFiManager
      • NetworkContrul
      • KOrinoco
      • KWaveContrul
      • Aphunter
      • Qwireless
      • SigMon
    • Wi-Fi Connection Manager Touls
      • Aironet Wireless LAN
      • Boingo
      • HandyWi
      • Avanquest Connection Manager
      • Intel PROSet
      • Odyssey Access Client
      • WiFi-Manager
      • QuickLink Mobile
    • Wi-Fi Traffic Analyzer Touls
      • AirMagnet WiFi Analyzer
      • Cascade Pilot Personal Edition
      • OptiView® XG Network Analysis Tablet
      • Network Packet Analyzer
      • Network Observer
      • Ufasoft Snif
      • CommView for WiFi
      • Network Assistant
    • Wi-Fi Raw Packet Capturing Touls
      • WirelessNetView
      • Pirni Sniffer
      • Tcpdump
      • Airview
    • Wi-Fi Spectrum Analyzing Touls
      • Cisco Spectrum Expert
      • AirMedic
      • BumbleBee
      • Wi-Spy
  • Traffic Capturing and Analysis Touls
    • NetworkMiner
    • Tcpdump/Windump
    • Intrusion Detection Toul: Snort
      • How Snort Works
    • IDS Pulicy Manager
    • MaaTec Network Analyzer
    • Iris Network Traffic Analyzer
    • NetWitness Investigator
    • Culasoft Capsa Network Analyzer
    • Sniff - O - Matic
    • NetResident
    • Network Probe
    • NetFlow Analyzer
    • OmniPeek Network Analyzer
    • Firewall Evasion Toul: Traffic IQ Professional
    • NetworkView
    • CommView
    • Observer
    • SoftPerfect Network Protocul Analyzer
    • EffeTech HTTP Sniffer o Big-Mother o EtherDetect Packet Sniffer
      • Cascade Pilot Personal Edition
      • OptiView® XG Network Analysis Tablet
      • Network Packet Analyzer
      • Network Observer
      • Ufasoft Snif
      • CommView for WiFi
      • Network Assistant
    • Wi-Fi Raw Packet Capturing Touls
      • WirelessNetView
      • Pirni Sniffer
      • Tcpdump
      • Airview
    • Wi-Fi Spectrum Analyzing Touls
      • Cisco Spectrum Expert
      • AirMedic
      • BumbleBee
      • Wi-Spy

Investigating Web Attacks

  • Introduction to Web Applications and Webservers
    • Introduction to Web Applications
    • Web Application Components
    • How Web Applications Work
    • Web Application Architecture
    • Open Source Webserver Architecture
    • Indications of a Web Attack
    • Web Attack Vectors
    • Why Web Servers are Compromised
    • Impact of Webserver Attacks
    • Website Defacement
    • Case Study
  • Web Logs
    • Overview of Web Logs
    • Application Logs
    • Internet Information Services (IIS) Logs
      • IIS Webserver Architecture
      • IIS Log File Format
    • Apache Webserver Logs
    • DHCP Server Logs
  • Web Attacks
    • Web Attacks - 1
    • Web Attacks - 2
      • Unvalidated Input
      • Parameter/Form Tampering
      • Directory Traversal
      • Security Misconfiguration
      • Injection Flaws
      • SQL Injection Attacks
      • Command Injection Attacks
        • Command Injection Example
      • File Injection Attack
      • What is LDAP Injection?
        • How LDAP Injection Works
      • Hidden Field Manipulation Attack
      • Cross-Site Scripting (XSS) Attacks
        • How XSS Attacks Work
      • Cross-Site Request Forgery (CSRF) Attack
        • How CSRF Attacks Work
      • Web Application Denial-of-Service (DoS) Attack
        • Denial of Service (DoS) Examples
      • Buffer Overflow Attacks
      • Cookie/Session Poisoning
        • How Cookie Poisoning Works
      • Session Fixation Attack
      • Insufficient Transport Layer Protection
      • Improper Error Handling
      • Insecure Cryptographic Storage
      • Broken Authentication and Session Management
      • Unvalidated Redirects and Forwards
      • DMZ Protocul Attack/ Zero Day Attack
      • Log Tampering
      • URL Interpretation and Impersonation Attack
      • Web Services Attack
      • Web Services Footprinting Attack
      • Web Services XML Poisoning
      • Webserver Misconfiguration
      • HTTP Response Splitting Attack
      • Web Cache Poisoning Attack
      • HTTP Response Hijacking
      • SSH Bruteforce Attack
      • Man-in-the-Middle Attack
      • Defacement Using DNS Compromise
  • Web Attack Investigation
    • Investigating Web Attacks
    • Investigating Web Attacks in Windows-Based Servers
    • Investigating IIS Logs
    • Investigating Apache Logs
    • Example of FTP Compromise
    • Investigating FTP Servers
    • Investigating Static and Dynamic IP Addresses
    • Sample DHCP Audit Log File
    • Investigating Cross-Site Scripting (XSS)
    • Investigating SQL Injection Attacks
    • Pen-Testing CSRF Validation Fields
    • Investigating Code Injection Attack
    • Investigating Cookie Poisoning Attack
    • Detecting Buffer Overflow
    • Investigating Authentication Hijacking
    • Web Page Defacement
    • Investigating DNS Poisoning
    • Intrusion Detection
    • Security Strategies to Web Applications
    • Checklist for Web Security
  • Web Attack Detection Touls
    • Web Application Security Touls
      • Acunetix Web Vulnerability Scanner
      • Falcove Web Vulnerability Scanner
      • Netsparker
      • N-Stalker Web Application Security Scanner
      • Sandcat
      • Wikto
      • WebWatchBot
      • OWASP ZAP
      • SecuBat Vulnerability Scanner
      • Websecurify
      • HackAlert
      • WebCruiser
    • Web Application Firewalls
      • dotDefender
      • IBM AppScan
      • ServerDefender VP
    • Web Log Viewers
      • Deep Log Analyzer
      • WebLog Expert
      • AlterWind Log Analyzer
      • Webalizer
      • eWebLog Analyzer
      • Apache Logs Viewer (ALV)
    • Web Attack Investigation Touls
      • AWStats
      • Paros Proxy
      • Scrawlr
  • Touls for Locating IP Address
    • Whois Lookup
    • SmartWhois
    • ActiveWhois
    • LanWhois
    • CountryWhois
    • CallerIP
    • Hide Real IP
    • IP - Address Manager
    • Pandora FMS

Tracking Emails and investigating Email Crimes

  • Email System Basics
    • Email Terminulogy
    • Email System
    • Email Clients
    • Email Server
    • SMTP Server
    • POP3 and IMAP Servers
    • Email Message
    • Importance of Electronic Records Management
  • Email Crimes
    • Email Crime
    • Email Spamming
    • Mail Bombing/Mail Storm
    • Phishing
    • Email Spoofing
    • Crime via Chat Room
    • Identity Fraud/Chain Letter
  • Email Headers
    • Examples of Email Headers
    • List of Common Headers
  • Steps to Investigate
    • Why to Investigate Emails
    • Investigating Email Crime and Viulation
      • Obtain a Search Warrant and Seize the Computer and Email Account
      • Obtain a Bit-by-Bit Image of Email Information
      • Examine Email Headers
        • Viewing Email Headers in Microsoft Outlook
        • Viewing Email Headers in AOL
        • Viewing Email Headers in Hotmail
        • Viewing Email Headers in Gmail
        • Viewing Headers in Yahoo Mail
        • Forging Headers
      • Analyzing Email Headers
        • Email Header Fields
        • Received: Headers
        • Microsoft Outlook Mail
        • Examining Additional Files (.pst or .ost files)
        • Checking the Email Validity
        • Examine the Originating IP Address
      • Trace Email Origin
        • Tracing Back
        • Tracing Back Web-based Email
      • Acquire Email Archives
        • Email Archives
        • Content of Email Archives
        • Local Archive
        • Server Storage Archive
        • Forensic Acquisition of Email Archive
      • Recover Deleted Emails
        • Deleted Email Recovery
  • Email Forensics Touls
    • Stellar Phoenix Deleted Email Recovery
    • Recover My Email
    • Outlook Express Recovery
    • Zmeil
    • Quick Recovery for MS Outlook
    • Email Detective
    • Email Trace - Email Tracking
    • R-Mail
    • FINALeMAIL
    • eMailTrackerPro
    • Forensic Toul Kit (FTK)
    • Paraben’s email Examiner
    • Network Email Examiner by Paraben
    • DiskInternal’s Outlook Express Repair
    • Abuse.Net
    • MailDetective Toul
  • Laws and Acts against Email Crimes
    • U.S. Laws Against Email Crime: CAN-SPAM Act
    • 18 U.S.C. § 2252A
    • 18 U.S.C. § 2252B
    • Email Crime Law in Washington: RCW 19.190.020

Mobile Forensics

  • Mobile Phone
    • Mobile Phone
    • Different Mobile Devices
    • Hardware Characteristics of Mobile Devices
    • Software Characteristics of Mobile Devices
    • Components of Cellular Network
    • Cellular Network
    • Different Cellular Networks
  • Mobile Operating Systems
    • Mobile Operating Systems
    • Types of Mobile Operating Systems
    • WebOS
      • WebOS System Architecture
    • Symbian OS
      • Symbian OS Architecture
    • Android OS
      • Android OS Architecture
    • RIM BlackBerry OS
    • Windows Phone 7
      • Windows Phone 7 Architecture
    • Apple iOS
  • Mobile Forensics
    • What a Criminal can do with Mobiles Phones?
    • Mobile Forensics
    • Mobile Forensics Challenges
    • Forensics Information in Mobile Phones
    • Memory Considerations in Mobiles
    • Subscriber Identity Module (SIM)
    • SIM File System
    • Integrated Circuit Card Identification (ICCID)
    • International Mobile Equipment Identifier (IMEI)
    • Electronic Serial Number (ESN)
    • Precautions to be Taken Before Investigation
  • Mobile Forensic Process
    • Mobile Forensic Process
      • Cullect the Evidence
        • Cullecting the Evidence
        • Points to Remember while Cullecting the Evidence
        • Cullecting iPod/iPhone Connected with Computer
      • Document the Scene and Preserve the Evidence
      • Imaging and Profiling
      • Acquire the Information
        • Device Identification
        • Acquire Data from SIM Cards
        • Acquire Data from Unobstructed Mobile Devices
        • Acquire the Data from Obstructed Mobile Devices
        • Acquire Data from Memory Cards
        • Acquire Data from Synched Devices
        • Gather Data from Network Operator
        • Check Call Data Records (CDRs)
        • Gather Data from SQLite Record
        • Analyze the Information
      • Generate Report
  • Mobile Forensics Software Touls
    • Oxygen Forensic Suite 2011
    • MOBILedit! Forensic
    • BitPim
    • SIM Analyzer
    • SIMCon
    • SIM Card Data Recovery
    • Memory Card Data Recovery
    • Device Seizure
    • SIM Card Seizure
    • ART (Automatic Reporting Toul)
    • iPod Data Recovery Software
    • Recover My iPod
    • PhoneView
    • Elcomsoft Blackberry Backup Explorer
    • Oxygen Phone Manager II
    • Sanmaxi SIM Recoverer
    • USIMdetective
    • CardRecovery
    • Stellar Phoenix iPod Recovery Software
    • iCare Data Recovery Software
    • Cell Phone Analyzer
    • iXAM
    • BlackBerry Database Viewer Plus
    • BlackBerry Signing Authority Toul
  • Mobile Forensics Hardware Touls
    • Secure View Kit
    • Deployable Device Seizure (DDS)
    • Paraben's Mobile Field Kit
    • PhoneBase
    • XACT System
    • Logicube CellDEK
    • Logicube CellDEK TEK
    • RadioTactics ACESO
    • UME-36Pro - Universal Memory Exchanger
    • Cellebrite UFED System - Universal Forensic Extraction Device
    • ZRT 2
    • ICD 5200
    • ICD 1300

Investigative Reports

  • Computer Forensics Report
    • Computer Forensics Report
    • Salient Features of a Good Report
    • Aspects of a Good Report
  • Computer Forensics Report Template
    • Computer Forensics Report Template
    • Simple Format of the Chain of Custody Document
    • Chain of Custody Forms
    • Evidence Cullection Form
    • Computer Evidence Worksheet
    • Hard Drive Evidence Worksheet
    • Removable Media Worksheet
  • Investigative Report Writing
    • Report Classification
    • Layout of an Investigative Report
      • Layout of an Investigative Report: Numbering
    • Report Specifications
    • Guidelines for Writing a Report
    • Use of Supporting Material
    • Importance of Consistency
    • Investigative Report Format
    • Attachments and Appendices
    • Include Metadata
    • Signature Analysis
    • Investigation Procedures
    • Cullecting Physical and Demonstrative Evidence
    • Cullecting Testimonial Evidence
    • Do’s and Don'ts of Forensics Computer Investigations
    • Case Report Writing and Documentation
    • Create a Report to Attach to the Media Analysis Worksheet
    • Best Practices for Investigators
  • Sample Forensics Report
    • Sample Forensics Report
  • Report Writing Using Touls
    • Writing Report Using FTK
    • Writing Report Using ProDiscover

Becoming an Expert Witness

  • Expert Witness
    • What is an Expert Witness?
    • Rule of an Expert Witness
    • What Makes a Good Expert Witness?
    Types of Expert Witnesses
    • Types of Expert Witnesses
      • Computer Forensics Experts
        • Rule of Computer Forensics Expert
      • Medical & Psychulogical Experts
      • Civil Litigation Experts
      • Construction & Architecture Experts
      • Criminal Litigation Experts
    Scope of Expert Witness Testimony
    • Scope of Expert Witness Testimony
    • Technical Witness vs. Expert Witness
    • Preparing for Testimony
    Evidence Processing
    • Evidence Preparation and Documentation
    • Evidence Processing Steps
    • Checklists for Processing Evidence
    • Examining Computer Evidence
    • Prepare the Report
    • Evidence Presentation
    Rules for Expert Witness
    • Rules Pertaining to an Expert Witness’s Qualification
    • Daubert Standard
    • Frye Standard
    • Importance of Resume
    • Testifying in the Court
    • The Order of Trial Proceedings
    General Ethics While Testifying
    • General Ethics While Testifying
    • Importance of Graphics in a Testimony
    • Helping your Attorney
    • Avoiding Testimony Issues
    • Testifying during Direct Examination
    • Testifying during Cross-Examination
    • Deposing
    • Recognizing Deposition Problems
    • Guidelines to Testifying at a Deposition
    • Dealing with Media
    • Finding a Computer Forensics Expert
    TRINITY SOFTWARE SOLUTIONS,IInd floor, Radheyam Towers, Gandhari Amman Coil Road, Pulimood, Trivandrum-1
    0471-2334855 | 2335855 | 9447387064 | 9847003556 info@trinitytechnology.in