±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 36296
New Yesterday: 6 Visitors: 156

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Case studies - what would you find useful?

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3 
  

jhup
Senior Member
 

Re: Case studies - what would you find useful?

Post Posted: Feb 10, 12 22:32

Hmmm. I am corporate FI so all my work is tied to my firm, therefore all the cases are intertwined with the quirkiness of this specific corporate culture...

I maybe able to talk about scenarios where i got stuck, and how root cause analysis prompted security to implement something to prevent the same scenario in the future . . . ?  
 
  

keydet89
Senior Member
 

Re: Case studies - what would you find useful?

Post Posted: Feb 10, 12 23:38

- jhup
Hmmm. I am corporate FI so all my work is tied to my firm, therefore all the cases are intertwined with the quirkiness of this specific corporate culture...


While I understand your position, I think that is also the reason why there aren't more "case studies" available...not only can some folks not provide them for reasons similar to the above, but others may not provide them b/c doing so would be feeding into a black hole.  
 
  

jhup
Senior Member
 

Re: Case studies - what would you find useful?

Post Posted: Feb 13, 12 08:50

I think most of the time we post useful responses, they are "black hole" scenarios.

Yet, we still do.

Even for Jesus only one out of ten returned to be thankful.  
 
  

keydet89
Senior Member
 

Re: Case studies - what would you find useful?

Post Posted: Feb 15, 12 16:56

JLJR,

I was wondering if you'd had a chance to look at the below...I had posted it in response to your request, "If anyone could provide a good case study on investigating social networks that would be great. "

Thoughts?

- keydet89
If you were asked to analyze the system of someone suspected of "cyberbullying" or stalking, I would think that the approach would be something like:

1. Get as much information as you can about the activities...user accounts, screen names, etc., of both the suspect and the target. Also look for specific unique words or phrases the suspect may have used. You can also use these to perform Google searches to look for any other possible accounts or screen names.

2. Determine which browser(s) were used, and retrieve and analyze the history and cache.

3. Perform an examination of unallocated space, the pagefile, or any hibernation files to look for indication of activity. This is where EnCase's Search Preview capability is very useful...I've written my own versions of this using Perl, as the technique itself is valuable.

4. Look for indications of smart phone backup files on the system as a secondary source of data.

HTH
 
 
  

JLJR
Newbie
 

Re: Case studies - what would you find useful?

Post Posted: Feb 16, 12 00:26

keydet89,

Yes I did and it was just what I was looking for so thanks alot for that.
Tried looking online but there doesn't seem to be much info available out there about forensics and social networks, or when I found some it wasn't very detailed, so your reply was much appreciated.
Thanks again  
 
  

keydet89
Senior Member
 

Re: Case studies - what would you find useful?

Post Posted: Feb 16, 12 22:29

I posted a short case study to the Win4n6 Yahoo group last night, and wanted to share this excellent case study written by Andrew Case:
dfsforensics.blogspot....leted.html  
 

Page 3 of 3
Page Previous  1, 2, 3