Posted: Thu Jan 15, 2009 8:47 am Post subject: Newbie question!
I'm just starting my journey into the world of computer forensics and have been asked a question i have no idea what the answer is! Sorry if this is in the wrong place on the forum and really sorry for my newbieness!
It concerns data saved to a flash usb memory stick, specifically jpeg images that have most probably been downloaded from the internet.
Is there anyway of identifying where they have been downloaded from or who has actually downloaded them?
Was really not sure what to say so any advice would be appreciated!
Joined: Jan 13, 2009 Posts: 14 Location: Los Angeles, CA
Posted: Thu Jan 15, 2009 9:29 am Post subject:
The short answer is yes
The long answer is if you're a newbie, you've got your work cut out for you, but here's what you do (in very brief summary[assumming windows]):
The files have date stamps, a hash value and possible exif info.
The USB device will be linked to the computer in the registry (see Harlan Carvey's book for more info)
Internet history is in the registry, temp files, profile, etc.
You need to link all of this data together.
It should take a pro about 2 - 4 hours, all day for someone with some experience, a few days for a newbie.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum