DFIR

Data Carving

September 22, 2023

This is a technique used in digital forensics to reconstruct the stored data without using the assistance of the operating system.

What are the Four Major Types of Data Collection for Forensic Analysis?

September 22, 2023

At the highest level, the decision is between choosing a fast and efficient method that may not capture all material or spending the time and effort to create a complete record by capturing all information, including much that may never be needed. It’s a trade-off between speed and thoroughness.

Using KAPE in Forensic Analysis

September 22, 2023

KAPE is designed to analyze the storage and working hardware of computers running Windows, MacOS or many versions of Linux. It can run from a thumb drive and also access virtual machines.

Timeline Analysis for Incident Response

August 4, 2023

When a forensics team is called to investigate, one of the most important techniques they can deploy is to create a timeline of the events. The breach is often the result of several different failures or weaknesses and the timeline allows investigators to gather all of the evidence in a single chart. Collecting all of the details in one coherent data structure can improve analysis. While some breaches have obvious causes, some can only be understood after all of the failures can be analyzed together. Timelines make it easier to understand causality and the relationships between the many moving parts of a modern enterprise stack.

What is a Digital Signature Policy?

August 4, 2023

Many applications use digital signatures to certify that someone approves...

What is a Password Policy?

August 4, 2023

One of the simplest ways for an enterprise to maintain a secure perimeter is to ensure that the users choose passwords that can’t be easily guessed by any attacker. The best way to do this is to ensure that the passwords are chosen from a large enough collection of possible passwords. In other words, to guarantee that the passwords have enough entropy.

What is a Remote Access Policy?

August 4, 2023

Many businesses want to allow people to log in from outside their premises. Perhaps the sales team wants to access their files from the road. Perhaps some of the developers want to fix problems late at night. After the pandemic, many believe that working remotely is an important part of their company culture.

What is a Security Awareness and Training Policy?

August 4, 2023

Many employees aren’t conscious of the dangers that threaten the modern enterprise computing environment. They don’t understand all of the possible threats that may lead to fraud, blackmail, extortion or worse. A good policy for training new employees and retraining existing employees can reduce the dangers dramatically.

What is data exfiltration and how can it be traced?

August 4, 2023

Good digital forensics techniques can trace data ex filtration by finding clues buried inside log files, network traffic records, and other sources deep inside the operating system.

Volatile data

August 4, 2023

Data that is stored in memory and is lost when the computer is turned off.

Non-volatile data

August 4, 2023

Data that is stored on a hard drive or other permanent storage device.

Virus

August 4, 2023

A type of malware that can replicate itself and spread to other computers.