Cyber Crime and Cyber Terrorism



Download 5,67 Mb.
Pdf ko'rish
bet93/283
Sana19.05.2022
Hajmi5,67 Mb.
#604880
1   ...   89   90   91   92   93   94   95   96   ...   283
Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

86
CHAPTER 7
Seizing, imaging, and analyzing digital evidence
drives, media player, windows which have been opened saved or copied, applications 
opened in run box, Google history, recently accessed documents, and search terms 
used in search box.
LASTWRITE TIME
Every time a key is accessed, created, deleted, or modified the time is recorded. This 
is referred to as the “LastWrite” time. This allows an investigator to create a timeline 
of activity, for example, when a USB hard drive was last inserted, when a piece of 
software was installed, and so on.
HIBERFIL.SYS
Hibernation is a feature employed by modern Windows operating systems to allow the 
system to be entirely shutdown and yet maintain its last working state when powered 
back up. This is performed by copying the systems RAM into a file at the time when 
the system is put into hibernate, and restoring it from the file when the machine is 
restarted. This file is called hiberfil.sys and is located in the root of the drive, usually 
labeled C:\, and its size reflects the amount of system RAM available. As you would 
expect it is possible to extract potentially vital evidence from this file, in much the 
same way as it can be with RAM analysis. The structure of the file is not well docu-
mented at the time of writing; with only a limited number of tools which can carve 
the file. Worthy of note again however, is the volatility tool which includes a plugin, 
imagecopy, allowing 
hiberfil.sys
to be converted into a raw image. This image can 
then be analyzed using Volatility, or other tools, to find evidence, e.g., passwords, 
digital certificates, and malware.
PAGEFIL.SYS
In order to allow the operating system access to larger amounts of RAM than is 
physically available to it, a paging file is employed. When the Windows operating 

Download 5,67 Mb.

Do'stlaringiz bilan baham:
1   ...   89   90   91   92   93   94   95   96   ...   283




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish