CCSA# 13

Fundamentals of cyber forensics

Disclaimer:

Usage of these information/Data/Tools/Techniques for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. The Computer Joker/Instructor/Owner assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purpose. The Computer Joker/Instructor do not support/promote hacking. For more details, head to our t&c page.

cyberforensics

Computer forensics (also known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.

system log-analysis

Log analysis is the process of reviewing, interpreting and understand computer-generated records called logs.

Logs are generated by a range of programmable technologies, including networking devices, operating systems, applications, and more.

A log consists of a series of messages in time-sequence that describe activities going on within a system. Log files may be streamed to a log collector through an active network, or they may be stored in files for later review.

Either way, log analysis is the delicate art of reviewing and interpreting these messages to gain insight into the inner workings of the system.

system log-analysis use-cases

To comply with internal security policies and outside regulations and audits

To understand and respond to data breaches and other security incidents

To troubleshoot systems, computers, or networks

To understand the behaviours of your users

To conduct forensics in the event of an investigation

web log analysis

Web log analysis software (also called a web log analyzer) is a kind of web analytics software that parses a server log file from a web server, and based on the values contained in the log file, derives indicators about when, how, and by whom a web server is visited.

Reports are usually generated immediately, but data extracted from the log files can alternatively be stored in a database, allowing various reports to be generated on demand.

web log analysis - meaningful data

Number of visits and number of unique visitors

Visit duration and last visits

Authenticated users, and last authenticated visits

Days of week and rush hours

Domains/countries of host's visitors.

Hosts list, Number of page views, Most viewed, entry, and exit pages, File types, OS used, Browsers used, Robots used, HTTP referrer, Search engines, key phrases and keywords used to find the analyzed web site, HTTP errors.

Some of the log analyzers also report on who is on the site, conversion tracking, visit time and page navigation.

data recovery

Data recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way.

The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices.

Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).

why data recovery?

An operating system failure,

Malfunction of a storage device,

Logical failure of storage devices,

Accidental damage,

Deletion,

Investigation purposes, etc. 

data recovery - tools

That's all for this module!

Click below to get to the Next Module - DOS, DDOS & botnet

“Talk is cheap, show me the code”

-LINUS TORVALDS <Creator of Linux kernel>

Disclaimer:

Usage of these information/Data/Tools/Techniques for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. The Computer Joker/Instructor/Owner assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purpose. The Computer Joker/owner/Instructor do not support/promote hacking. For more details, head to our t&c page.

want a training?

Please contact us by filling the form on the right side for:

--> Live One to One Training

--> Course materials (pdf, tools & videos)

--> For any queries/feedback & suggestions.

Social
Contact

hi@thecomputerjoker.com

© copyrighted 2021. All Rights Reserved.