±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 36228
New Yesterday: 5 Visitors: 190

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Case studies - what would you find useful?

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3  Next 
  

keydet89
Senior Member
 

Re: Case studies - what would you find useful?

Post Posted: Feb 07, 12 17:22

- mmingos
...we would like some help on what it would be considered suspicious to further research in such case.


In order to address this question, it really depends on the operating system in question. For example, on Windows systems, I would look to see what viewer applications are installed and used on the system, and check the most-recently-used (MRU) locations for those applications...the locations depend upon the version of Windows.

- mmingos
Also what terms we should be looking for in order to find such material. What sites we should be looking for ?


When I've addressed these situations, I haven't done so via this avenue. Not being a sworn/badged officer, I most often look to MRU locations, and pass file names and locations to the investigator.

I don't think that looking for specific sites or keywords is really the solution, but it does appear to be what's taught to most investigators. IMHO, the preferable approach is to start by looking at what images/movies the user was viewing, and work from there...  
 
  

keydet89
Senior Member
 

Re: Case studies - what would you find useful?

Post Posted: Feb 07, 12 20:32

I've provided case studies via my blog and books, so I guess what I'm most interested in is, if those haven't been sufficient, could those who are asking for case studies provide examples? I'm seeing a lot of requests for case studies, but at the same time I'm not seeing anyone (particularly those *asking* for case studies) providing any. I think it would be helpful to understand what it is folks are looking for...  
 
  

keydet89
Senior Member
 

Re: Case studies - what would you find useful?

Post Posted: Feb 08, 12 19:18

 
  

JLJR
Newbie
 

Re: Case studies - what would you find useful?

Post Posted: Feb 09, 12 03:14

If anyone could provide a good case study on investigating social networks that would be great.
For example investigating someone that is suspected of causing online harassment/abuse/stalking etc by using facebook and other sites to cause harm to their victim.

Even a basic step by step guideline type would be very useful.  
 
  

keydet89
Senior Member
 

Re: Case studies - what would you find useful?

Post Posted: Feb 09, 12 18:23

If you were asked to analyze the system of someone suspected of "cyberbullying" or stalking, I would think that the approach would be something like:

1. Get as much information as you can about the activities...user accounts, screen names, etc., of both the suspect and the target. Also look for specific unique words or phrases the suspect may have used. You can also use these to perform Google searches to look for any other possible accounts or screen names.

2. Determine which browser(s) were used, and retrieve and analyze the history and cache.

3. Perform an examination of unallocated space, the pagefile, or any hibernation files to look for indication of activity. This is where EnCase's Search Preview capability is very useful...I've written my own versions of this using Perl, as the technique itself is valuable.

4. Look for indications of smart phone backup files on the system as a secondary source of data.

HTH  
 
  

jhup
Senior Member
 

Re: Case studies - what would you find useful?

Post Posted: Feb 09, 12 23:32

In general, I like to learn work flow, methodology, and thought pattern, not necessarily the nitty gritty of the technical details.

What step must be done prior to an other step?
Why go down one path of analysis, but ignore or abandon an other?
What tools were used with a problem?

I am not really interested in reading about the basics of how to image, chain of custody, write blocking, carving, etc. the banal, the push-button, the "you should know this already" material.

- jamie
Following on from an earlier discussion, I'd like to revisit the idea of "case studies".

What would people find useful in a case study, e.g. what subject areas would we like to see covered, what level of expertise, what format should it take etc.?

If I can gain a better understanding of what people are looking for I may be able to facilitate something in future.

Please let me know your thoughts, thank you.

Jamie
 
 
  

keydet89
Senior Member
 

Re: Case studies - what would you find useful?

Post Posted: Feb 10, 12 01:27

jhup,

Do you have an example you can share, or refer to?  
 

Page 2 of 3
Page Previous  1, 2, 3  Next