New directions in research have led to fundamental design changes in Wi-Fi technologies, networks, and services. These innovative advances have led to a prolific growth in wireless network computer crimes. As a result, forensic investigators are faced with future challenges associated with consumer’s hunger for high energy consumption, in addition to, issues regarding limited spectrum bandwidth. Continue reading
Memory forensics is the science of analyzing computer memory, both volatile and non-volatile that reveals a vast array of analytical points in regards to the state of which the machine was in during memory image acquisition. Memory forensics is paramount to the analyses of volatile memory of a computer system, which contains numerous artifacts that may prove to be useful during a digital forensics investigation.
6 Minutes
The proliferation of USB devices not only is an added convenience to users but also a hindrance to network and information security and as a result can be used for nefarious purposes. This is why having the ability to examine USB device history and files are critical to digital forensic investigations. This assignment will walk through the basic forensic examination process of how to examine USB drive artifacts.
This assignment was performed using Windows 10 running as a virtual machine inside of VMware Fusion 8 hypervisor on macOS Sierra as the host operating system. The first step is to wipe the hard drive clean in order to achieve uncontaminated results during our experiment. After a short search, I decided to use a freeware program called “Disk Wipe v1.7”. For the sake of time, I decided to wipe the USB drive using the one pass zero option, which basically write a pattern of zeroes across the entire drive’s files system ensuring that no remnants of any prior data remains.
Continue reading
8 Minutes
Below is the IR Script that I produced for Windows systems. The test machine was Windows 2016 Core running inside of VMware Fusion 8. I’ve included some tools for the most commonly requested information. As an incident handler, I believe it is better to use the least complicated tools possibly to get the job done, therefore, avoiding unnecessary complications that run the risk of jeopardizing an incident response investigation. Batch scripting is also within my comfort zone. Another benefit of batch scripting is that they require the least amount of time to prepare and have proven to be very reliable across multiple operating system distributions.
Continue reading
Decentralized Intelligence 