±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36317
New Yesterday: 0 Visitors: 131

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

disk analysis

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

north
Member
 

disk analysis

Post Posted: Apr 05, 18 16:33

I just joined this forum. I have to do an analysis of a computer that has been hacked. I use FTK and EnCase. I got the disk image. How do I find the traces of hacker attacks. What are your suggestions? Thank you  
 
  

Kenobyte
Member
 

Re: disk analysis

Post Posted: Apr 05, 18 16:44

Is this for a practical exam or exercise? What information have you been given about what transpired to believe they were hacked and the computer needs analysis? Did you follow best practices when imaging like utilizing a write blocker?  
 
  

Igor_Michailov
Senior Member
 

Re: disk analysis

Post Posted: Apr 05, 18 16:47

I use FTK and EnCase.


Are you a student?
_________________
Computer, Cell Phone & Chip-Off Forensics

linkedin.com/in/igormikhaylovcf 
 
  

north
Member
 

Re: disk analysis

Post Posted: Apr 05, 18 17:43

The user login in to the online game account. After a while, the error message is receiving. the game connection is disconnection. the wireless network connection is disconnection.  
 
  

Randy_Randerson
Member
 

Re: disk analysis

Post Posted: Apr 05, 18 17:54

Based on what you just provided, sounds like you're just dropping from WiFi. What is the error message?  
 
  

north
Member
 

Re: disk analysis

Post Posted: Apr 05, 18 18:48

- Igor_Michailov
I use FTK and EnCase.


Are you a student?


Digital Forensics Investigator.  
 
  

jaclaz
Senior Member
 

Re: disk analysis

Post Posted: Apr 05, 18 19:17

- north
The user login in to the online game account. After a while, the error message is receiving. the game connection is disconnection. the wireless network connection is disconnection.

Which EXACT Operating System?
Which EXACT online game?
Which EXACT browser (if any)?
Which EXACT error message?
Coming EXACTLY from WHAT? (OS, game, browser, connection/router)

In any case the first thing you should do is a FULL timeline of the system, i.e. put *everything* that left *any* trace in logs, system files, filesystem, etc. in a date/time ordered table.
*something* must have happened before the computer showed the behaviour you vaguely summed up, or *something* must have triggered this behaviour.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 

Page 1 of 2
Page 1, 2  Next