investigators

Understand-IIS-Web-Server-Architecture-in-Forensic-Investigation

Understand IIS Web Server Architecture in Forensic Investigation

Leave a Comment / CHFI / By

Understand IIS Web Server Architecture in Forensic Investigation in this article Internet Information Server ON, a Microsoft-developed application, is a Visual Basic code application that lives on a Web server and responds to requests from the browser. It supports HTTP, HTTPS, FTP, FITS, SMTP, and NNTP. An IIS application uses HTML to present its user interface and uses compiled Visual Basic code to process the requests and respond to events in the browser. IIS for …

Understand IIS Web Server Architecture in Forensic Investigation Read More »

Understand-Web-Applications-Architecture-in-Forensic-Investigation

Understand Web Applications Architecture in Forensic Investigation

Leave a Comment / CHFI, Knowledge Base / By

Understand Web Applications Architecture in Forensic Investigation in this all web applications are executed via a support client, i.e. a web browser. Web applications use a group of client-side scripts, such as HTML, JavaScript, etc., which presents the information, and the server-side scripts, such as ASP, PHP, etc., which handles the hardware tasks such as storing and gathering of the required data, are used by the web application for its execution. In the web application …

Understand Web Applications Architecture in Forensic Investigation Read More »

Sample DHCP Audit Log File

Leave a Comment / CHFI, Knowledge Base / By

Sample DHCP Audit Log File in this DHCP server during a network allocates IP address to a computer during its begin. Therefore, the DHCP server logs contain information regarding the systems that were assigned specific IP addresses by the server, at any given instance. Investigators can examine these logs during forensic examinations. Now DHCP administrators can easily access this data using the built-in logging mechanisms. The DHCP activity log are often read during a text-based …

Sample DHCP Audit Log File Read More »

Analyzing-Firewall-Logs

Analyzing Firewall Logs

Leave a Comment / CHFI, Knowledge Base / By

Analyzing Firewall Logs provides insight in to the security threats and traffic behavior. In depth analysis of the firewall security logs provides critical network intelligence about attempts to breach security and attacks like virus, trojan, denial of service, etc. From the Network Objects tree, double-click the Security Management Server or Domain Log Server. The General Properties window opens. In the Management tab, select Logging & Status. From the navigation tree, click Logs.  is a simple and free online …

Analyzing Firewall Logs Read More »

Summarize-the-Event-Correlation

Summarize the Event Correlation

Leave a Comment / CHFI, Knowledge Base / By

Summarize the Event Correlation in this article Event correlation is a technique used to assign a new meaning for relating a set of events that occur in a fixed amount of time. This event correlation technique identifies a few events that are important among the large number of events. During the process of event correlation, some new events may occur and delete some existing events from the event stream. In general, the investigators can perform …

Summarize the Event Correlation Read More »

Linux-Forensics

Linux Forensics

Leave a Comment / CHFI, Knowledge Base / By

Linux forensics refers to performing forensic investigation on a Linux operated device. To do so, the investigators should have a good understanding on the techniques required to conduct live analysis; to collect volatile and non-volatile data, along with knowledge of various shell commands and the information they can retrieve. The investigators should also be aware of the Linux log files, their storage and location in the directory, as they are the most important sources of information …

Linux Forensics Read More »

Other-Important-Information-of-forensic-Investigation

Other Important Information of Forensic Investigation

Leave a Comment / CHFI, Knowledge Base / By

In this article explain Other Important Information of forensic Investigation using investigator. Clipboard Contents Clipboard is a temporary storage area, where the system stores data during copy and paste operations. Most Windows applications provide this functionality through the Edit option on the menu bar, Clicking Edit reveals a drop-down menu, which contains choices, like cut, copy, and paste. The user selects text or other data, chooses copy, and then chooses Paste to insert that data …

Other Important Information of Forensic Investigation Read More »

How-to-Open-Files-using-Command -Line

How to Open Files using Command Line

Leave a Comment / CHFI, Knowledge Base / By

Open Files using Command Line in this when the output obtained from psloggedon.exe commands shows the investigators that there are users logged on to the system remotely, then the investigators will also want to see what files have they opened, if any. Many times when someone accesses a system remotely, they might be looking for something specific while opening files. A user in a corporate environment could have shared available content and allowed other users to …

How to Open Files using Command Line Read More »

Introduction-of-Windows-Forensics

Introduction of Windows Forensics

Leave a Comment / CHFI / By

Windows Forensics, include the process of conducting or performing forensic investigations of systems which run on Windows operating systems, It includes analysis of incident response, recovery, and auditing of equipment used in executing any criminal activity. In order to accomplish such intricate forensic analyses, the investigators should possess extensive knowledge of the Microsoft Windows operating systems. This module will discuss about collecting volatile and non-volatile information; performing windows memory and registry analysis; cache, cookie, and …

Introduction of Windows Forensics Read More »

Introduction-to-Operating-System-Forensics

Introduction to Operating System Forensics

Leave a Comment / CHFI, Knowledge Base / By

Operating System Forensics is that the process of retrieving useful information from the OS (OS) of the pc or mobile device in question. The aim of collecting this information is to accumulate empirical evidence against the perpetrator. An OS (OS) is that the software component of a computing system that’s liable for the management and coordination of activities and therefore the sharing of the resources of the pc . The OS acts as a number …

Introduction to Operating System Forensics Read More »