• Home

  • Documents

  • Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic...
10
Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. pplying Forensic Science to Compute

Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Computers

Tags:

Embed Size (px)

Citation preview

Page 1: Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Computers

Chapter 16

©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

Applying Forensic Science to Computers

Page 2: Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Computers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.1 A selection of storage media and computerized devices.

Page 3: Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Computers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.2 Digital evidence form.

Page 4: Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Computers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.3 Digital Investigation Manager (DIM) from DFLabs used to maintain a database of evidential items and associated information.

Page 5: Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Computers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.4 Comparing bitstream copying to regular copying.

Page 6: Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Computers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.5 Additional class characteristics of EXIF file displayed using ACDSee. The date and time embedded in this file (15:53 on June 11, 2000) is inaccurate because the camera’s clock was not set to the correct time, emphasizing the importance of documenting system time when collecting any kind of computerized device.

Page 7: Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Computers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.6 Fragments of an overwritten JPEG file partially reconstituted by grafting a new header onto the file.

Page 8: Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Computers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.7 Histogram of date-time stamps (created and last modified) showing gaps during suspect’s shifts.

Page 9: Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Computers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.8 Conceptual image of 24-h clocks with MAC times for several days with a line connecting significant events on sequential days.

Page 10: Chapter 16 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Computers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.9 Forensic date and time decoder. These times are generally GMT and must be adjusted for time zones.


Forensic Network Analysis Toolsold.dfrws.org/2003/presentations/Brief-Casey.pdf · Forensic Network Analysis Tools Strengths, Weaknesses, and Future Needs Eoghan Casey |Author, Digital

Forensic Network Analysis Toolsold.dfrws.org/2003/presentations/Brief-Casey.pdf · Forensic Network Analysis Tools Strengths, Weaknesses, and Future Needs Eoghan Casey |Author, Digital

Documents
CASEY TISSUES

CASEY TISSUES

Technology
1 Seminar 4A - Effective Security Practices Eoghan Casey, Security Consultant Jack Suess, CIO, UMBC EDUCAUSE Mid-Atlantic Regional Conference - Baltimore,

1 Seminar 4A - Effective Security Practices Eoghan Casey, Security Consultant Jack Suess, CIO, UMBC EDUCAUSE Mid-Atlantic Regional Conference - Baltimore,

Documents
Mobile Device Forensics Essentials - SANS - Eoghan Casey... · Mobile Device Forensics Essentials Everything you need to know but were afraid to ask! Eoghan Casey. ... Mobile Misuse

Mobile Device Forensics Essentials - SANS - Eoghan Casey... · Mobile Device Forensics Essentials Everything you need to know but were afraid to ask! Eoghan Casey. ... Mobile Misuse

Documents
PowerPoint Introduction to Windows Mobile Forensicsforensic.sc.su.ac.th/seminar/seminari53/ppt/52312338.pdf · 1 Introduction to Windows Mobile Forensics Eoghan Casey, Michael Bann,

PowerPoint Introduction to Windows Mobile Forensicsforensic.sc.su.ac.th/seminar/seminari53/ppt/52312338.pdf · 1 Introduction to Windows Mobile Forensics Eoghan Casey, Michael Bann,

Documents
Casey Weekly

Casey Weekly

Documents
eoghan murphy Real reorm, real progress TD · Eoghan Murphy TD // 01 6183324 // // @MurphyEoghan Eoghan Murphy TD Dublinbikes continues to expand and I continue to seek ways to locate

eoghan murphy Real reorm, real progress TD · Eoghan Murphy TD // 01 6183324 // // @MurphyEoghan Eoghan Murphy TD Dublinbikes continues to expand and I continue to seek ways to locate

Documents
Key points FINAL ELSEVIER - NOT CONTENT OF PROPERTY … · ELSEVIER SAMPLE . ELSEVIER ). OF ELSEVIER Health measures . Measuring deprivation ...File Size: 570KBPage Count: 16

Key points FINAL ELSEVIER - NOT CONTENT OF PROPERTY … · ELSEVIER SAMPLE . ELSEVIER ). OF ELSEVIER Health measures . Measuring deprivation ...File Size: 570KBPage Count: 16

Documents
Casey close

Casey close

Sports
Casey O’Brien

Casey O’Brien

Documents
Medieval Casey

Medieval Casey

Education
Eoghan Furey, Kevin Curran, Paul Mc Kevitt Intelligent Systems Research Centre,

Eoghan Furey, Kevin Curran, Paul Mc Kevitt Intelligent Systems Research Centre,

Documents
Casey anthony

Casey anthony

Entertainment & Humor
Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions

Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions

Documents
Casey martinpodcast

Casey martinpodcast

Documents
Clara Casey

Clara Casey

News & Politics
Cyber Forensics Dr. John Abraham Professor Based on Eoghan Casey’s Textbook

Cyber Forensics Dr. John Abraham Professor Based on Eoghan Casey’s Textbook

Documents
Carolina casey

Carolina casey

Education
Elsevier portfolio elsevier media informatie 2013

Elsevier portfolio elsevier media informatie 2013

Documents
Dominic Casey affidavits on Casey Anthony

Dominic Casey affidavits on Casey Anthony

Documents
Pedigree Chart - Alto Casey Family Pagealtocasey.com/alto casey photo album/Alto Casey Pedigree Chart.pdf · Alto Lee CASEY Alto Lee CASEY b: May 27. 1881 in Alabama m: Mar in Aigbarna

Pedigree Chart - Alto Casey Family Pagealtocasey.com/alto casey photo album/Alto Casey Pedigree Chart.pdf · Alto Lee CASEY Alto Lee CASEY b: May 27. 1881 in Alabama m: Mar in Aigbarna

Documents
Casey Ragan

Casey Ragan

Documents
Creative Sydney's Changing Sydney - Presentation by Eoghan Lewis

Creative Sydney's Changing Sydney - Presentation by Eoghan Lewis

Entertainment & Humor
hreflang SMX München 2016 Eoghan Henn

hreflang SMX München 2016 Eoghan Henn

Marketing
Chapter 18 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of UNIX Systems

Chapter 18 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of UNIX Systems

Documents
Liverpool FC by Eoghan

Liverpool FC by Eoghan

Education
PLACES WATCH - Santa Clara County, CaliforniaAnnie E. Casey Foundation, including Casey Family Services, Casey Family Programs, the Jim Casey Youth Opportunities Initiative, the Marguerite

PLACES WATCH - Santa Clara County, CaliforniaAnnie E. Casey Foundation, including Casey Family Services, Casey Family Programs, the Jim Casey Youth Opportunities Initiative, the Marguerite

Documents
Chapter 22 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Networks

Chapter 22 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Networks

Documents
Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Documents
Harlan Carvey Eoghan Casey Technical EditorFr… · Elsevier, Inc., the author(s), and any person or fi rm involved in the writing, editing, or production (collectively “Makers”)

Harlan Carvey Eoghan Casey Technical EditorFr… · Elsevier, Inc., the author(s), and any person or fi rm involved in the writing, editing, or production (collectively “Makers”)

Documents