Hello all,
I am a third year student studying Forensic Computing. I am working on a final year project based on Penetration testing, and the analysing of packets over the network when a system has been exploited. I attempt to analyse the compromised system using Digital Forensics (EnCase). As part of my project, I must create a technical plan, and to add a better understanding of the project area, I must create a requirements elicitation; I feel getting this information from the Forensic Computing community would be a huge benefit. If it isn’t any trouble at all, I have prepared some questions below. It would be much appreciated if you could help me. I need new ideas.
Anyone out there in the Penetration Testing/Network Forensics field, please help me.
1. As an investigator, what real world problems would you be faced with, or deal with commonly?
2. What is the end result for a digital investigator?
3. What are the challenges that must be faced by a digital investigator?
4. How complex can a problem lead to?
5. What is the scope of an attacker?
a. What does an attacker want to achieve?
b. What tools would an attacker use?
6. Which form of evidence recovery would you follow when extracting data based on Penetration testing and/or Network Forensics logical or physical?
a. What is the best practice in acquiring evidence?
Thanks everyone.
Your questions are too broad to have any hope of getting an sensible answer. It would take several books to fully answer your questions. It comes across like you are trying to get someone else to do the entire project for you.
I would think you'll have a better change of getting useful answers by first doing your own research, then start asking specific more precise questions.