Title | Backtrack for Computer Forensics |
Permission | rw-r--r-- |
Author | Unknown |
Date and Time | 22:09 |
Category | backtrack| wiki |
Share |
The fundamental ways of computer forensics:
- Preparation
- Collection
- Examination
- Analysis
- Reporting
Backtrack linux offers several possible source to become trusted digital forensic applications. Backtrack offers a lot of resources that support computer analyst to accomplish several work such as Examine drive, Analyzing drive, Recovery drive, Vulnerabilities scan, Penetration testing, and also File interogration.
Classification of digital forensic tool.
Data Acquisition.Data Acquisition is defined of software that is responsible to interrogate harddrive and get neccessary info from them.
Data Recovery and Carving.
The details Retrieval resources is placed of application that responsible to obtain remove data back again, inspecting invisible and also remove partition, as well as repairing the damaged block of filesystem. Information carving is actually taking out details (files) from undifferentiated blocks (raw data) with regards to data file identification.
Meta Data Analysis.
Meta Data Exploration is seeking invisible variable, to complete the meta details examination we want several software which could carry out exercise just like dissassembling a file (ducument/image/audio/video) and have invisible variable such as while had been data file final accessed, when had been it revised, or even simeting such as whenever had been data file may be produced and also utilizing exactly what applications it is may be produced
Network Forensic.
Network Forensic equipment isn't a lot different when match up against network security plan, cause that's have actual very same formula although most people do the reverese enginnering kinds. Network forensic tools protected this sort of jobs like make a good analysis of network visitors, captures data transmitted as part of TCP connections (flows)
Log File Analysis.
You will find the different parts of data files that could have got evidentiary value for example the day and also time of creation, modification, deletion, access, user name or identification, and file attributes. computer-created data files (log) which may be possible evidence are backup data files, log files, configuration files, printer spool files, cookies, swap files, hidden files, system files, history files, temporary files, link files, event logs.