Cyber Crime and Cyber Terrorism



Download 5,67 Mb.
Pdf ko'rish
bet74/283
Sana19.05.2022
Hajmi5,67 Mb.
#604880
1   ...   70   71   72   73   74   75   76   77   ...   283
Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

1. 
An index search
: the tool used may be able to index all data, essentially 
recording every word present, so that it can be searched. This type of search is 
comprehensive as it does not generally care about the compression used, such 
as in PDF’s or ZIP’s, where a real-time search would not be able to identify 
all relevant keywords. Whilst this search is generally very slow to setup, once 
completed all results are almost instantaneous (Windows performs a similar 
action on your local computer).
2. A real-time search
: a keyword can be created and run at any point in an 
investigation—the search can take some time to complete. Typically a real-time 
search is unable to search files that are compressed or in unusual formats, unless 
they are first uncompressed.
Regular expressions (regexp) can be utilized to make a more specific keyword 
search. Regexp is a way of defining a search pattern that utilizes wildcards and spe-
cial characters to offer more flexibility and power than a simple keyword search. 
If 
1234-1234
was provided as a serial number of a device, but it was not known 
if it included a hyphen; if it could be replaced by another special character; or 
if it existed at all then multiple search terms would need to be created (also see 
Chapter 7).
Rather than attempt to write every possible search term a simple regexp search 
could be created that covered this: for example 
1234[.]?1234
.
The expression states that the characters in the brackets can be found zero or one 
time (this is denoted with a 
?
). Within the bracket is a . (dot), this is a regexp charac-
ter that denotes anything can be between the two numbers. It is good practice to test 
a regexp before launching it on a case, as it is a more complex string than a simple 
keyword search it can take more time to complete.
CORE EVIDENCE
It is impossible to detail the core evidence available on the various operating and file 
systems available within a single chapter; however there are several core evidential 
areas that are typically applicable in a high-tech investigation:
• 
File Slack
: the way that files are stored on a device means that there is a 
significant amount of storage space that is unused but is allocated to a file. 
This is referred to as file slack and is simply the space between the end of a 
file and the space it was allocated on a device. This slack space can contain 


Download 5,67 Mb.

Do'stlaringiz bilan baham:
1   ...   70   71   72   73   74   75   76   77   ...   283



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish