Skip to content
NPA Cyber Security Contents
Practical Task Overview and notes Tasks 1, 2, 3 : The Crime scene Observe crime scene (photo) and identify sources of digital evidence. Suggest possible content of forensic interest Understand need to preserve the scene examine photos of different environments, identify digital devices and possible evidence, make a record of exhibits to begin chain of custody as above but compare photos and record from original and follow up visit to crime scene and identify possible tampering. Consider how to make an accurate and reliable record of crime scene. (model building to consolidate 1 and 2) Task 4, 5, 6 : Acquisition FTK Imager, keep the records and files 4: Memory dump of live machine 5: Forensic copy of USB drive. Raw image of logical drive. Green drive 2-500MB. “Evidence”, some file deleted. 6: Speccy (machine profile) Task 7, 8 : Basic examination Manually browse suspect’s USB stick Keep a record of examination and notes of forensic interest in chronological order Obscure volume contents / files in some way (misnamed, wrong extensions etc) ReviewUse Autopsy tool or similar to perform an analysis to detect the obscuration and generate forensic record Task 10: image analysis: steganography Task 11: Autopsy analysis of USB drive from “crime scene”
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (