Computer Forensics Definitions
“A methodical series of techniques and procedures for gathering evidence,from computing equipment and various storage devices and digital media,that can be presented in a court of law a coherent and meaningful format ” -Dr. H.B. Wolfe
“The preservation,identification,extraction and documentation of computer evidence, to include the rules of evidence,legal processes,integrity of evidence,factual reporting of the information found,and providing of expert opinion in a court of law or other legal and/or administrative proceeding as what was found.” -CSI
–Forensics Computing is the since of capturing,processing and investigating data from computers using a methodology whereby any evidence discovered is acceptable in a Court of Law.–
Lab 01 :
This is a small introductory lab since this is lab 01
scenario: attacker has hidden his secret documents some where and we need find the right document but there isn’t such document inside the attacker’s PC,after looking into all files, forensics investigator found nothing except a zip file which can not open
the zip file can be download in bellow link
https://drive.google.com/open?id=0B2JD-02AVeGfeFVtTnZZM2ViZmc
Archive file seems be corrupted let’s look into meta data of the file. using hex editor
Meta Data directly shows it’s a pdf ,then let’s change the extension and see,
This is small lab which didn’t involve much Technics and tools in the forensic domain but this a scenario where any one can be miss lead the investigation