Enviar pesquisa
Carregar
File000152
•
0 gostou
•
641 visualizações
Desmond Devendran
Seguir
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 30
Baixar agora
Baixar para ler offline
Recomendados
Windows Forensic 101
Windows Forensic 101
Digit Oktavianto
Latest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security Threats
B R SOFTECH PVT LTD
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Jared Greenhill
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
NowSecure
Android malware analysis
Android malware analysis
Jason Ross
USB flash drive security
USB flash drive security
jin88lin
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
Yogesh Ojha
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
Recomendados
Windows Forensic 101
Windows Forensic 101
Digit Oktavianto
Latest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security Threats
B R SOFTECH PVT LTD
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Jared Greenhill
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
NowSecure
Android malware analysis
Android malware analysis
Jason Ross
USB flash drive security
USB flash drive security
jin88lin
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
Yogesh Ojha
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
Offensive OSINT
Offensive OSINT
Christian Martorella
File000119
File000119
Desmond Devendran
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
Windows registry forensics
Windows registry forensics
Taha İslam YILMAZ
Android Hacking + Pentesting
Android Hacking + Pentesting
Sina Manavi
Pentesting iOS Applications
Pentesting iOS Applications
jasonhaddix
Security Awareness Training by Fortinet
Security Awareness Training by Fortinet
Atlantic Training, LLC.
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
abhimanyubhogwan
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
Chris Hammond-Thrasher
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Threat Modeling Everything
Threat Modeling Everything
Anne Oikarinen
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat Sheet
Juan F. Padilla
Mobile Device Security
Mobile Device Security
Nemwos
Reconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
Malware analysis
Malware analysis
Anne ndolo
MALWARE
MALWARE
Anupam Das
Module 2 Foot Printing
Module 2 Foot Printing
leminhvuong
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
CTIN
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
File000170
File000170
Desmond Devendran
File000117
File000117
Desmond Devendran
Mais conteúdo relacionado
Mais procurados
Offensive OSINT
Offensive OSINT
Christian Martorella
File000119
File000119
Desmond Devendran
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
Windows registry forensics
Windows registry forensics
Taha İslam YILMAZ
Android Hacking + Pentesting
Android Hacking + Pentesting
Sina Manavi
Pentesting iOS Applications
Pentesting iOS Applications
jasonhaddix
Security Awareness Training by Fortinet
Security Awareness Training by Fortinet
Atlantic Training, LLC.
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
abhimanyubhogwan
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
Chris Hammond-Thrasher
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Threat Modeling Everything
Threat Modeling Everything
Anne Oikarinen
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat Sheet
Juan F. Padilla
Mobile Device Security
Mobile Device Security
Nemwos
Reconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
Malware analysis
Malware analysis
Anne ndolo
MALWARE
MALWARE
Anupam Das
Module 2 Foot Printing
Module 2 Foot Printing
leminhvuong
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
CTIN
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
Mais procurados
(20)
Offensive OSINT
Offensive OSINT
File000119
File000119
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Windows registry forensics
Windows registry forensics
Android Hacking + Pentesting
Android Hacking + Pentesting
Pentesting iOS Applications
Pentesting iOS Applications
Security Awareness Training by Fortinet
Security Awareness Training by Fortinet
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Threat Modeling Everything
Threat Modeling Everything
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat Sheet
Mobile Device Security
Mobile Device Security
Reconnaissance & Scanning
Reconnaissance & Scanning
Malware analysis
Malware analysis
MALWARE
MALWARE
Module 2 Foot Printing
Module 2 Foot Printing
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
Destaque
File000170
File000170
Desmond Devendran
File000117
File000117
Desmond Devendran
File000175
File000175
Desmond Devendran
File000155
File000155
Desmond Devendran
Investigating server logs
Investigating server logs
Animesh Shaw
File000168
File000168
Desmond Devendran
File000165
File000165
Desmond Devendran
File000128
File000128
Desmond Devendran
File000164
File000164
Desmond Devendran
File000174
File000174
Desmond Devendran
File000121
File000121
Desmond Devendran
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
Desmond Devendran
File000166
File000166
Desmond Devendran
File000149
File000149
Desmond Devendran
File000163
File000163
Desmond Devendran
File000113
File000113
Desmond Devendran
File000148
File000148
Desmond Devendran
File000157
File000157
Desmond Devendran
File000171
File000171
Desmond Devendran
File000136
File000136
Desmond Devendran
Destaque
(20)
File000170
File000170
File000117
File000117
File000175
File000175
File000155
File000155
Investigating server logs
Investigating server logs
File000168
File000168
File000165
File000165
File000128
File000128
File000164
File000164
File000174
File000174
File000121
File000121
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
File000166
File000166
File000149
File000149
File000163
File000163
File000113
File000113
File000148
File000148
File000157
File000157
File000171
File000171
File000136
File000136
Semelhante a File000152
File000129
File000129
Desmond Devendran
File000150
File000150
Desmond Devendran
File000173
File000173
Desmond Devendran
File000127
File000127
Desmond Devendran
Analysis of digital evidence
Analysis of digital evidence
rakesh mishra
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
Vi Tính Hoàng Nam
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
Vi Tính Hoàng Nam
2. rats (trojans) (cyber awareness series)
2. rats (trojans) (cyber awareness series)
Isaac Feliciano
Intro to digital forensic imaging
Intro to digital forensic imaging
Detectalix
File000118
File000118
Desmond Devendran
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devices
Vi Tính Hoàng Nam
Css- 2nd quarter.pptx
Css- 2nd quarter.pptx
MaryGraceHeredero3
Device drivers by prabu m
Device drivers by prabu m
Prabu Mariyappan
Quarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptx
KurtGardy
Power Point Lesson 03
Power Point Lesson 03
Nasir Jumani
basicitknowledge-101119022655-phpapp02.ppt
basicitknowledge-101119022655-phpapp02.ppt
PawachMetharattanara
Basic IT knowledge
Basic IT knowledge
Techsailor
Quarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptx
KurtGardy
Lesson 01 introduction to computer
Lesson 01 introduction to computer
Rodz Tech
Cyber forensics
Cyber forensics
pranjal dutta
Semelhante a File000152
(20)
File000129
File000129
File000150
File000150
File000173
File000173
File000127
File000127
Analysis of digital evidence
Analysis of digital evidence
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
2. rats (trojans) (cyber awareness series)
2. rats (trojans) (cyber awareness series)
Intro to digital forensic imaging
Intro to digital forensic imaging
File000118
File000118
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devices
Css- 2nd quarter.pptx
Css- 2nd quarter.pptx
Device drivers by prabu m
Device drivers by prabu m
Quarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptx
Power Point Lesson 03
Power Point Lesson 03
basicitknowledge-101119022655-phpapp02.ppt
basicitknowledge-101119022655-phpapp02.ppt
Basic IT knowledge
Basic IT knowledge
Quarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptx
Lesson 01 introduction to computer
Lesson 01 introduction to computer
Cyber forensics
Cyber forensics
Mais de Desmond Devendran
Siam key-facts
Siam key-facts
Desmond Devendran
Siam foundation-process-guides
Siam foundation-process-guides
Desmond Devendran
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
Desmond Devendran
Enterprise service-management-essentials
Enterprise service-management-essentials
Desmond Devendran
Service Integration and Management
Service Integration and Management
Desmond Devendran
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
Desmond Devendran
CHFI 1
CHFI 1
Desmond Devendran
File000176
File000176
Desmond Devendran
File000172
File000172
Desmond Devendran
File000169
File000169
Desmond Devendran
File000167
File000167
Desmond Devendran
File000162
File000162
Desmond Devendran
File000161
File000161
Desmond Devendran
File000160
File000160
Desmond Devendran
File000159
File000159
Desmond Devendran
File000158
File000158
Desmond Devendran
File000156
File000156
Desmond Devendran
File000154
File000154
Desmond Devendran
Mais de Desmond Devendran
(18)
Siam key-facts
Siam key-facts
Siam foundation-process-guides
Siam foundation-process-guides
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
Enterprise service-management-essentials
Enterprise service-management-essentials
Service Integration and Management
Service Integration and Management
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
CHFI 1
CHFI 1
File000176
File000176
File000172
File000172
File000169
File000169
File000167
File000167
File000162
File000162
File000161
File000161
File000160
File000160
File000159
File000159
File000158
File000158
File000156
File000156
File000154
File000154
Último
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
gurkirankumar98700
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Último
(20)
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
File000152
1.
Module XXXIX –
USB Forensics
2.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Taiwan on High Alert After Military Leak Source: http://www.iol.co.za/
3.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Boeing Worker’s Data Case Goes to Jury Source: http://seattletimes.nwsource.com/
4.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Universal Serial Bus (USB) • USB Flash Drive • Misuse of USB • USB Forensic • USB Forensic Investigation • Forensic Tools This module will familiarize you with:
5.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Universal Serial Bus (USB) USB Forensic USB Flash Drive Misuse of USB USB Forensic Investigation Forensic Tools
6.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Universal Serial Bus (USB) USB is the serial bus standard to interface devices to a host computer It allows many peripherals to be connected to a host computer using a single standardized interface socket It is generally used to connect computer peripherals such as mouse, keyboards, PDAs, gamepads and joysticks, scanners, digital cameras, printers, personal media players, and flash drives
7.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Flash Drive USB flash drive is the portable and rewritable data storage device integrated with a USB interface It is supported by modern operating systems such as Windows, Mac OS X, Linux, and other Unix-like systems The speed of USB 2.0 is to read up to 30 MB/s and write at about 15 MB/s • Male type-A USB connector • USB mass storage controller — implements the USB host controller • NAND flash memory chip • Crystal oscillator — produces the device's main 12 MHz clock signal and controls the device's data output through a phase-locked loop There are four parts of a flash drive:
8.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot: USB Flash Drive
9.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Misuse of USB • It is a crime in which critical information of the company may be leaked using USB flash drive Data Theft: • USB devices can be used to propagate and install malicious program such virus, Trojan, spyware, and rootkits which can damage information and other computer resources Installing malicious program:
10.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Forensics • Find the date and time of the data theft • Know the person who has installed the malicious program • Collect the data stored in USB • Collect the information about the data leaked from the computer • Trace the criminals who has done the crime using USB flash drive It helps the forensic investigators to: USB forensics is the technique of recovering and analyzing digital evidence from a USB flash drive and affected computer in a forensically sound manner
11.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Forensic Investigation Secure and evaluate the scene Document the scene Image the computer and USB device Acquire the data Examine the computer Analyze the USB Generate reports
12.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Secure and Evaluate the Scene Ensure that only the authorized person handles the scene Handle USB evidence properly to maintain physical evidence such as fingerprints Interview the owner of the USB, ask for any security code or password to gain access to the contents in USB Do not allow the suspects to handle the USB and the computer Search surrounding area and rooms, other than where a device is found
13.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Document the Scene and Devices Document the state of each device and computer that is synchronized with it Record the location and condition of USB, computers, storage media, and other digital devices Refer the non-electronics evidence such as invoices, manuals, and packaging material which may provide the information about USB capabilities and unlocking code Document the date and time of the evidence collected Photograph the crime scene including USB, cables, cradles, power connectors, and computer Avoid touching the USB while photographing Maintain a chain of custody
14.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Image the Computer and USB Device Prepare the bit-by-bit copy of memory, configuration of the affected computer using the tool like Safe Back Create the image of USB flash drive using the USB Image Tool 1.31 Use the hashing techniques such as MD5 to check the integrity of the imaged data
15.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire the Data Collect all the data from the USB image and computer devices • Bad data Pro • Data Doctor Recovery You can use these recovery tools to recover the deleted files:
16.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check Open USB Ports Option 1: Go to Device Manager Open Port Closed Port In Registry Editor, locate and then click the following registry key: • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUsbStor In the details pane, double-click Start In the Value data box, 3 denotes enabled USB and other values indicates disabled USB Option 2:
17.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Examine Registry of Computer: USBTOR Footprints or artifacts are created in registry when a USB device is connected to the Windows system Plug and Play (PnP) Manager queries the device descriptor in the firmware for information about the device After the identification, registry key will be created beneath the following key: •HKEY_LOCAL_MACHINESystemCurrentControlSetEnumUSBSTOR Sub key beneath this key look like: •Disk&Ven_###&Prod_###&Rev_###
18.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Examine Registry of Computer: DeviceClasses Navigate to the following key: •HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDevice Classes The value iSerialNumber is a unique instance identifier for the device It is similar to the MAC address of a network interface card ParentIdPrefix value can be used to correlate additional information from within the Registry ParentIdPrefix determines the time when the USB device was last connected to the Windows system
19.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Examine Registry of Computer: MountedDevice Path to the MountedDevice is: •HKEY_LOCAL_MACHINESystemMountedDevice MountedDevices key stores information about the various devices and volumes mounted to the NTFS file system Use the ParentIdPrefix value found within the unique instance ID key to map the entry from USBSTOR to the MountedDevices
20.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Generate Reports Note the name of the investigator List of evidence gathered Documents of the evidence and other supporting items List of tools used for investigation Devices and set up used in the examination Brief description of the examination steps Details about the finding: • Information about the USB data • Computer related evidence • Data and image analysis Conclusion of the investigation
21.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Forensic Tools: Bad Copy Pro http://www.jufsoft.com/ Bad Copy Pro recovers the deleted files, formatted drive, or data loss due to damage, media error, and bad sectors of the USB flash drive It is a safe data recovery software that performs read-only operations on the USB flash drive and saves the recovered files
22.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Data Doctor Recovery http://www.datadoctor.in/ Data Doctor Recovery supports major USB device manufacturer’s Super flash, Kingston, Samsung, Transcend, Sony, and other latest series The software is easy and simple to use providing user friendly interface Features: • Recovers lost files including jpg, jpeg, gif, bmp, mpeg, and other stored records • Supports USB drive including pen drives, Zip drive, SD card, PC card, Flash memory etc. • Scans and transports data to the safe location according to the preloaded file structure • Recovers damaged data from any software Virus attack
23.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Data Doctor Recovery: Screenshot
24.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Image Tool http://www.alexpage.de/ USB Image Tool is the freeware which can create images of USB memory sticks • Creates image files of USB drives • Restores images of USB drives • Compressed image file format • Shows USB device information • Manages favorite USB images Feature of USB Image Tool:
25.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Image Tool: Screenshot
26.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USBDeview http://www.nirsoft.net/ USBDeview is a small utility that lists all USB devices that are currently connected to your PC or have been connected to it in the past Along with the device’s name and description, it displays the serial number, date the device was added and last connected, VendorID, and other information It can also be used to gather USB devices from a remote computer via command line
27.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USBDeview: Screenshot
28.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary USB is the serial bus standard to interface devices to a host computer USB flash drive is the portable and rewritable data storage device integrated with a USB interface USB forensics is the technique of recovering and analyzing digital evidence from a USB flash drive and affected computer under forensically sound conditions Footprints or artifacts are created in registry when a USB device is connected to the Windows system USB CopyNotify is a software utility that notifies when a USB Stick is being used on any of the PCs on the network
29.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
30.
EC-Council Copyright © by
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Baixar agora