Tuesday, September 27, 2022

DIGITAL FORENSICS:CORPORATE INVESTIGATIONS WITH BELKASOFT

DIGITAL FORENSICS:CORPORATE INVESTIGATIONS WITH BELKASOFT

DIGITAL FORENSICS:CORPORATE INVESTIGATIONS WITH BELKASOFT

free on-demand course Corporate Investigations with Belkasoft: Training Course

This course is designed for those who aim to harden the security of their business networks and learn how to enable quick incident response procedures to a variety of data breaches.  

Another potential audience for this course is CIRT/incident response team members, whose role is to take care of the company’s internal investigations, including employee misconduct, trade secrets theft and so on. Corporate eDiscovery and cyber compliance specialists will also find this course useful. 

ฟรีหลักสูตรอบรมตรวจพิสูจน์พยานหลักฐานทางดิจิทัลในเครือข่ายธุรกิจ  

หลักสูตรนี้ออกแบบมาสำหรับผู้ที่ต้องการเพิ่มความปลอดภัยให้กับเครือข่ายธุรกิจและเรียนรู้วิธีเปิดใช้งานขั้นตอนการตอบสนองต่อเหตุการณ์อย่างรวดเร็วต่อการละเมิดข้อมูลที่หลากหลาย และ  สมาชิกในทีมรับมือเหตุฉุกเฉิน CIRT ซึ่งมีหน้าที่ดูแลการสืบสวนภายในของบริษัท รวมถึงการประพฤติมิชอบของพนักงาน การขโมยความลับทางการค้า และอื่นๆ ผู้เชี่ยวชาญด้าน eDiscovery ขององค์กรและการปฏิบัติตามข้อบังคับทางไซเบอร์จะพบว่าหลักสูตรนี้มีประโยชน์เช่นกัน

a data source (E01 image)
1.  Download the image (7 GB) using one of these links:
Unpack the archive file
Archive password: vr3KapmZ1tI42H7qARF0

What was the last wireless connection on the system?

the last wireless connection on the system


What was the last wireless connection on the system

What time zone is set on the suspect machine? Has it been changed recently?

DIGITAL FORENSICS:CORPORATE INVESTIGATIONS WITH BELKASOFT


:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones

:Easter Island Standard Time, not changed recently
DIGITAL FORENSICS:CORPORATE INVESTIGATIONS WITH BELKASOFT

You believe that SDelete was used to hide evidence in the training case. Where could you see the traces of its potential execution? Select all that apply.
DIGITAL FORENSICS:CORPORATE INVESTIGATIONS

Prefetch files

Prefetch files

ActivitiesCache.db (Windows 10 Timeline) 

Location of Windows 10 Timeline Database



Location of Windows 10 Timeline Database


C:\Users\<profile>\AppData\Local\ConnectedDevicesPlatform\L.<profile>\ActivitiesCache.db

WxTCmd is a parser for the new Windows 10 Timeline feature database.



What information could be obtained from Jumplists?
What information could be obtained from Jumplists

You are going to first look in Anit.ghosh’s Recent folder. This is located in the following path for versions 7-10 of Windows:
This folder contains the user’s link files. A link file, or LNK, is a Windows shortcut that points back to an original file. A link file is generally created when a file is first opened. Link files are important during analysis, because they show where files were located, when they were opened, and they contain date and time stamps associated with the file. If you look at Windows Explorer and go to the Recent folder, you can see your own link files.

autopsy forensic tool jumplist
Back in Autopsy, look at the link file called PHOTOS.7z.lnk and click on the Results view. Autopsy will show you the path of where PHOTOS.7z was stored when it was opened. 

Highlight Jump Lists in AutomaticDestinations, Right-Click and Select Extract File(s)


Click Load in Jumplist Explorer. Navigate to your export folder that contains the jump list files. Highlight and select each jump list file and click Open


Find a source code package downloaded from git.pm.internal. What is the SHA256 hash of the archive file?
Find a source code package downloaded from git.pm.internal.

Which file was downloaded from a browser after the user connected to the wireless network: “Network 4”?
DIGITAL FORENSICS:CORPORATE INVESTIGATIONS

DIGITAL FORENSICS:CORPORATE INVESTIGATIONS

DIGITAL FORENSICS:CORPORATE INVESTIGATIONS

You have a hashset database and need to check which files were present on the suspect machine. Which of the following files were detected during hashset analysis?

Hashset analysis?

hashset analysis

Advanced Live RAM analysis with Belkasoft


 Thank you for completing the Belkasoft Training Course.
FREE ON-DEMAND СOURSE CORPORATE INVESTIGATIONS WITH BELKASOFT

 

หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น


* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

#WindowsForensic #ComputerForensics #dfir #forensics #digitalforensics #computerforensic #investigation #cybercrime #fraud

No comments:

Post a Comment