Forensic Investigation Process - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • Investigating computer crime
    • Determining goals
      • Human resource centric
      • Administrator abuse
      • Information theft
      • Internal leaks
    • Multi goal cases
    • Black bag operation required?
  • Evaluate and secure the scene
    • State of the scene
      • How you found it and the court
    • Who reported
    • Legal requirements
  • Collect the evidence
    • What to collect
      • Physical
      • Electronic
    • System state? On or Off
    • What to look for
  • Preserve the evidence
    • Using a USB or Firewire collection device
      • USBStor
  • Acquire the data
    • Determined by goals and requirements of the investigation
  • Analyze the data
    • Firewall logs
    • IDS logs
    • System logs
    • Application logs
    • Timeframe analysis
    • Hidden data
    • Ownership of files
  • Assess evidence and case
  • Prepare the final report
    • Store and archive
    • Who is the audience
    • Examiner report
      • Multi examiner report