Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: Jamesfl
New Today: 0
New Yesterday: 2
Overall: 29378

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 IE11 and Keywords
 Disk Image
 ZERO DAY EXPLOIT
 Senior Cyber Forensic Incident Response Consultant -Cambs UK
 A question for students and newbies

Computer Forensics World Forums


Pages Served
We received
51852807
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Live Computer in a crime scene - how to record evidence
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Live Computer in a crime scene - how to record evidence

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues
View previous topic :: View next topic  
Author Message
mightywarrior
Newbie
Newbie


Joined: Feb 07, 2016
Posts: 1

PostPosted: Mon Feb 08, 2016 12:25 am    Post subject: Live Computer in a crime scene - how to record evidence Reply with quote

Hi,

I am preparing for a security cert I just thought of knowing your insights in the below scenario.
Scenario - In a incident scene if you found a computer is on, what are the steps that need to be taken to record the evidence clearly and how it needs to be taken so that you don't miss out the volatile data.

I have searched on google and i was not able to find out how the data can be extracted from a live system and also wanted to know how it is done on a real time basis.

Thanks in advance.
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Sun Feb 14, 2016 6:00 am    Post subject: Reply with quote

You provided 1/100th of the information necessary to provide any meaningful answer.
Back to top
View user's profile
SgtJackie
Newbie
Newbie


Joined: Dec 01, 2015
Posts: 19
Location: Aberdeen, Scotland

PostPosted: Fri Mar 04, 2016 8:13 pm    Post subject: Reply with quote

Is it a desktop, a laptop, is it running Windows or Linux or some other OS? Is it acting as a server? Is it connected to a network? Wirelessly or cabled? Is it locked with a password? Is there a sysadmin who can help or are they all possible suspects? Is there encryption? Every single one of these will affect how the computer is taken down. And that's before we even get into the realms of authorisation to install monitoring software or seizing and removing items of possible evidence.
Back to top
View user's profile
KrisKross
Newbie
Newbie


Joined: Apr 01, 2017
Posts: 1

PostPosted: Mon Apr 10, 2017 11:39 pm    Post subject: Reply with quote

I think this article will be interesting for you "https://www.cleverfiles.com/howto/computer-forensic.html" I think this article will be interesting for you. In reality it is not always easy to gather data without altering the system in some way (even the act of shutting a computer down in order to transport it will most likely cause changes to the data on that system) but an experienced investigator will always strive to protect the integrity of the original data whenever possible. In order to do this, many computer forensic examinations involve the making of an exact copy of all the data on a disk.


Moderator Note: Direct links are not allowed.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.