Gingiee wrote:
We are going to make a website / Interactive guide into computer forensics investigation, an introductory guide for new computer forensics students when it comes to doing things such as their first forensic investigation.
Why create a new one, why not re-use an existing one e.g. forensicswiki.org?
Gingiee wrote:
The idea came about from the challenges we faced when doing the Nist computer hacking case questions because of the limited time we have , we have decided to focus on windows computers but if we have enough time we would love to expand onto other OS's and to more advanced forensics techniques. I was just wondering what are the most common things you find have to be found when it comes to investigating such as the username, last logged on time or anything you think should be considered a basic/core technique that should be taught first.
Any other ideas or criticism welcome.
Finding these pieces of information is highly dependent on the case you're dealing with. When new to computer forensic analysis it is important to know about systems, to get a feeling for them. So yes, building a knowledge base and maybe a step-by-step walk-through of simple cases can give you a good basis.
However in long term you'll notice that doing computer forensic analysis is much more about coming up with good investigative questions than finding these pieces of information. Since as soon as you determine how you can find a piece of information, you can automate this.
Now finding new pieces of information that's the hard part.
↧