±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36317
New Yesterday: 0 Visitors: 129

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

disk analysis

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

north
Member
 

Re: disk analysis

Post Posted: Apr 05, 18 19:20

- north
- Igor_Michailov
I use FTK and EnCase.


Are you a student?


Digital Forensics Investigator.

How can we detect unauthorized access to a computer from the Internet.  
 
  

north
Member
 

Re: disk analysis

Post Posted: Apr 05, 18 19:29

- jaclaz
- north
The user login in to the online game account. After a while, the error message is receiving. the game connection is disconnection. the wireless network connection is disconnection.

Which EXACT Operating System?
Which EXACT online game?
Which EXACT browser (if any)?
Which EXACT error message?
Coming EXACTLY from WHAT? (OS, game, browser, connection/router)

In any case the first thing you should do is a FULL timeline of the system, i.e. put *everything* that left *any* trace in logs, system files, filesystem, etc. in a date/time ordered table.
*something* must have happened before the computer showed the behaviour you vaguely summed up, or *something* must have triggered this behaviour.

jaclaz

Thanks for your support.  
 
  

jaclaz
Senior Member
 

Re: disk analysis

Post Posted: Apr 06, 18 06:39

- north

How can we detect unauthorized access to a computer from the Internet.

Usually you put an IP camera and recorder pointed to the Internet access door.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

TinyBrain
Senior Member
 

Re: disk analysis

Post Posted: Apr 06, 18 20:10

What is your real goal?

Find the IP of the hackers?

Allocation in CyberSec is a lost battleground. If you would be a pentester or reverse engineer for malware I could help you. We do this for the purpose of cryptoanalysis.

Your tool should be IDA Pro or Radare2.  
 
  

UnallocatedClusters
Senior Member
 

Re: disk analysis

Post Posted: Apr 06, 18 21:14

I do not perform malware analysis in my practice, but I did see this application: cuckoosandbox.org/

Basically the idea, as I understand it, is to run a virtualized copy of the "compromised" computer in a "sandbox" so that you can then determine if the "compromised" computer is phoning home, which specific Windows process is being used to phone home, etc.

Some ideas:

Create a virtualized copy of the "compromised" computer and then run a variety of antivirus and Malware detection software against the virtualized computer. In theory, for example, MalwareBytes could identify malicious files/programs on the compromised computer, which could then be further analyzed.

So in regards to your question, "How can we detect unauthorized access to a computer from the Internet.", I believe a better question is "how can we identified malware/root kits on a given computer".  
 
  

plashcary
Newbie
 

Re: disk analysis

Post Posted: Apr 13, 18 09:22

You can see and find that what you said on the site to download

www.keychain.co.kr/keysapce

It is automatic analysis software about windows artifacts such as system, internet, document metadata, cloud, filesystem metadata, account information, eventlog and document indexing.

all of things sort by timeline  
 

Page 2 of 2
Page Previous  1, 2