Forensic notes from the trenches!

Tips for newbie forensicators!

Accuracy :

Forensics is lot about accuracy! Reaching accurate results can play an important role in what that you and the case would accomplish!

Few tips to enhance your accuracy!

1.Try not to type in values for results ,copy-paste values, one digit off can skew the entire results.

2.Triple check your findings, is everything correct, sources/values and other data?

Artifacts! Artifacts! Artifacts!

1.IIS server has different artifacts, Windows device has different artifacts, Docker containers has different artifacts

How many artifacts and their location to remember?

It comes with experience, knowledge, training and research! You will not remember all the artifacts but the number of what you remember will keep on increasing!

Having a game plan, a blueprint an idea of what you want to collect when you cannot collect everything or what to look for when you have the evidence can definitely give bountiful results while doing the actual acquisition!

Be Complete while acquiring!

If you a trying to collect 5 files but are able to collect only three , the other two files can influence the results!

Verify the acquired evidence from the original through hashes, through size , which can again bring in accuracy and precision!

Time zone :

Ensure all the evidence sources are in the same time zone and you know which time zone they are in. UTC can be a baseline for all your evidence sources, which ever time zone you choose, ensure uniformity through out all evidence sources.

We also have a training for Encase available.

Windows Forensics books:

Leave a Reply

Your email address will not be published. Required fields are marked *