Introduction
Knowing where to look for the right data, finding the data including its data types and formats is the foremost important step to start computer forensic investigations. All of which can be found using the tools you already are familiar with such as Redline, EnCase, FTKi, NetworkMiner, Autopsy etc. Moreover, chapter 10, Enterprise Services can help you guide through your search. To name a few, Registry Editor Hives, Event Viewer, LANDesk, Database logs and more.
Pictures and other media can be found in a machines’ thumbnail icons. Tools like NetworkMiner (Lab 4) can also assist us in finding images and other media in a more organized manner.
Data Types
There are many types of data types than can be identified by their extensions such as .dat, .bak (backup), .bat (Batch files), .vbn (AV extensions quarantined files) you get the idea, but what is the path?
In an enterprise environment, you can also find network related devices info at various levels, such as mapped drives.
For instance, if a network log file is getting bigger, you can see the details directly at:
If you remember the scenario about the CFO case study in Chapter xx, you will have to go to the DBMS to see and extract what has happened. It may require some querying (not part of this lab), but you will find it with the support of the DBA.
Exceptions
Keep in mind that there are some exceptions you may want to consider.
Deliverables -A:
Identify the data types you would look for, why you would need them and where to find them, if possible, with their path of the following scenarios. First try Chapters 10 and 11 before doing research.
#1 and #5 are samples that we went through last week! Please take a note about what they are, how they can help us and where to find them for your Report Writing practice. ?!
This situation is involved with the application category of evidence. This data is stored inside of desktops and laptops, where how fast applications are opened depends on the storage solution such as a hard drive, solid state drive, etc. Also, opening applications also depends on the amount of RAM a system has. You would need storage devices, RAM, and a desktop to open several applications at once. You can see what applications are open through Task Manager, which shows the utilization of the desktop. Also, in Event Viewer under the Windows Logs, Application, you can find data about certain applications events as well. These events can help troubleshoot problems.
Looking at logs related to DNS will help me help identify DNS issues. Also, the command prompt and commands like ipconfig /all will show DNS and DHCP. Additionally, you can open event viewer to look at logs as well. The path is Applications and Services Logs\Microsfot\Windows\DNS-Server. This path views application logs if there are any, and I could then look at the times of each log, how many logs there are, etc. Looking at DNS related logs could help solve the issue.
IIS log files are stored by default in the %SystemDrive%\inetpub\logs\LogFiles folder of the standard Windows server. By looking at this path, the user can see different types of information about the web server about websites. You can see the status of different websites and logs that contain IP and username, service status, number of bytes received, and many more data.
In Apache, you can find access logs, error logs, and configurations to see why the configuration is out of whack. Access logs can be found at /usr/local/etc/log/http/access.log, error logs can be found at /var/log/httpd/[apache2]/error.log, and configuration can be found at /usr/local/etc/apache2/httpd.conf. Also, the usage of a grep or tail command can be used to find live Apache logs to see what errors are in the configuration.
In SQL Server Management Studio (SSMS), you can go to Object Explorer, connect to an instance of SQL Server, and expand instance, find the Management section, and Right-click SQL Server Logs, View, and choose SQL Server Log. Looking into the SQL Server logs will show what errors are occurring and could help with why the server continues to crash.
Additionally, the SQL Server error log by default is located at Program Files\Microsoft SQL Server\MSSQL \MSSQL\LOG\ERRORLOG and ERRORLOG files.
Using the above examples that we went through in class, please write your findings.
Deliverables -B:
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more
Recent Comments