Tips for the Great DIGFOR 417.

Want to know what my least favorite number is?

Rio Weber
Rio Weber in dfclub
May 4, 2017 · 2 min read

I never had a least favorite number before this class.

TAKE NOTES!

Restart the VM

Alwayse search b4 log off

IEF — Internet Evidence Finder

AXIOM

80% of getting a good grade is understanding MS Word. This is absolute truth.

Anything in addition to:

- Chain of Custody (for each item — With “signature”) - Hash of Image (before and after) - Time Zone - Operating System Info - File System Info - Computer Name - Partition Name - Profiles - Time Line - Your Credentials (and contact information) - User Accounts Info - VIRUS Scan (with Screen shot) - Additional Assignment

FORMAT — — — — — — — — — — — — — — — — Table of Contents 1-Introduction 2-Case Background — Reword Case Background 3-Executive Summary — w/ bullet points — Very Broad summary of files found — Why found documents were important 4. Examiner Background — Certs 5. Process 6. Evidence Considered 7. Findings — CHARTS/Tables: TimeZone, Profiles, OS Info 8. Conclusion 9. Appendix 10. Glossary (optional)

Extra… — — — — — — — — — — — — — — — — Other details: -File Metadata -Recycle Bin -Recent Documents -MRU Lists -When Profiles were created. -Location of files -File Carving

— — — — — — — — — — — — — — — — LEVELS: 1. My Documents Pictures Email Chat

2. Registry Files Prefetch index.dat files Full Timeline PRTK Password cracking

3. Shim Cache File Carving ShellBags PageFile.sys HPA DOC Malware

dfclub

Bloomsburg University Digital Forensics Club.

Rio Weber

Written by

Rio Weber

It doesn’t get better than this.

dfclub

dfclub

Bloomsburg University Digital Forensics Club.