Digital Forensics

Uploaded by

Aashirwad Verma

0% found this document useful (0 votes)

1 views7 pages

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

0% found this document useful (0 votes)

1 views7 pages

Digital Forensics

Uploaded by

Aashirwad Verma

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

Jump to Page

You are on page 1of 7

Search inside document

DIGITAL FORENSICS Aashirwad Verma 2K22CSUN01220

CSTI-4

Q1: Using Volatility, analyze the memory dump of a compromised system and describe the process
you would follow to identify malicious processes, suspicious network connections, and any
injected code or rootkits present in the memory image by these commands:

1. Imageinfo

2. Pslist

3. Psscan
4. Pstree

5. Psxview
6. Cmdscan

7. Consoles

8. Procdump

Q2) Imagine you have data of a compromised system, and you suspect that important data
was stored in files that were deleted by the attacker. Using a file carving tool describe the
steps you would take to recover these deleted files from the memory dump. Also, discuss
the potential limitations or challenges you might encounter during the file carving process
and how you would address them to maximize data recovery success.
1. L0_Audio.dd
2

2. L0_Archive.dd
4

3. L0_Graphic.dd
3
4. L1_Video.dd

5. L2_Documents.dd
The potential challenges encounter during the file carving process:-
• Unknown File Sizes: If the precise size of a file is unknown, you may need to calculate it from
different header
fields.

• File Fragmentation: Recovering fragmented files may be challenging, especially for larger files
that are split into
smaller clusters due to filesystem fragmentation
• File Format Variability: Not all file types have well-known headers and footers, which may
require using
maximum file size options for carving
• Lack of Metadata: If there is no filesystem metadata available, data carving becomes the only
way to recover
files, which can be more complex and less successful
To maximize data recovery success, we can:-
• Use multiple file carving tools to cover a wider range of file types and increase the chances of
recovery
• Understand the filesystem structure and fragmentation to better predict the success of
recovering larger files
• Regularly update and fine-tune the file carving tool's configuration to improve its ability to
identify and extract
deleted files

Chapter 8 - File Management
Document100 pages
Chapter 8 - File Management
杨丽璇
100% (2)
Smart Data Backup Management System
Document51 pages
Smart Data Backup Management System
Binoj V Janardhanan
No ratings yet
Digital Forensics
Document4 pages
Digital Forensics
Aashirwad Verma
No ratings yet
Digital Forensics: Computer Forensics
Document26 pages
Digital Forensics: Computer Forensics
baby app
No ratings yet
Study Guide Study Guide: Managing and Maintaining A Microsoft Windows Server 2003 Environment
Document39 pages
Study Guide Study Guide: Managing and Maintaining A Microsoft Windows Server 2003 Environment
Danno N
No ratings yet
File System Forensics: Dr. N.B. Venkateswarlu
Document42 pages
File System Forensics: Dr. N.B. Venkateswarlu
venkat_ritch
No ratings yet
CF Lecture 08 - Anti Forensics Techniques Part 1
Document16 pages
CF Lecture 08 - Anti Forensics Techniques Part 1
Faisal Shahzad
No ratings yet
Windows Forensics: Instructor: LT Dan Finnegan Spring 2010
Document49 pages
Windows Forensics: Instructor: LT Dan Finnegan Spring 2010
kalymistirl
No ratings yet
Understanding UNIX / Linux File System: What Is A File?
Document9 pages
Understanding UNIX / Linux File System: What Is A File?
Abhinav Madheshiya
No ratings yet
SAN Question Bank With Solution
Document13 pages
SAN Question Bank With Solution
blyashu561
No ratings yet
BIT 316 Database Administration - Mmust
Document22 pages
BIT 316 Database Administration - Mmust
gregory orique
No ratings yet
Marking of Computer Skills 2
Document15 pages
Marking of Computer Skills 2
tuyambaze jean claude
No ratings yet
1.1 Organizational Profile
Document31 pages
1.1 Organizational Profile
Amir Amirthalingam
No ratings yet
DBCAS Session 1
Document13 pages
DBCAS Session 1
taneeshharsi
No ratings yet
Bilal Unit V Pe Csy R 21
Document32 pages
Bilal Unit V Pe Csy R 21
pandureddyreddy2
No ratings yet
Q25.What Do You Mean by Validating Forensic Data? Explain Validating With Hexadecimal Editors? (ch-9.SL-9, 10)
Document15 pages
Q25.What Do You Mean by Validating Forensic Data? Explain Validating With Hexadecimal Editors? (ch-9.SL-9, 10)
Billal Hossain
100% (1)
CIS288 Security Design in A Windows 2003 Environment: CIS288 Securing Network Resources
Document11 pages
CIS288 Security Design in A Windows 2003 Environment: CIS288 Securing Network Resources
ghar_dash
No ratings yet
Ch. 4 ... Part - 5
Document13 pages
Ch. 4 ... Part - 5
V
No ratings yet
Digital Forensics Coursework
Document4 pages
Digital Forensics Coursework
sykehanscypha
No ratings yet
CF Unit 3
Document151 pages
CF Unit 3
saket bntu
No ratings yet
Ca CH-4 Note 1
Document8 pages
Ca CH-4 Note 1
Satya Prakash
No ratings yet
W2L2 - File Processing
Document18 pages
W2L2 - File Processing
Miguel Carlo Guillermo
No ratings yet
LPI102 - Network Administration: Lesson 3 - Managing Partitions and File Systems
Document19 pages
LPI102 - Network Administration: Lesson 3 - Managing Partitions and File Systems
sự nghiệp phát triển
No ratings yet
Lec7 Analysis
Document30 pages
Lec7 Analysis
Qomindawo
No ratings yet
Chapter 1 Paper I Operating System
Document39 pages
Chapter 1 Paper I Operating System
Gayatri Kale
No ratings yet
File Systems
Document39 pages
File Systems
Rama Shankar
No ratings yet
Unit 1
Document35 pages
Unit 1
ss
No ratings yet
Varadin Final
Document8 pages
Varadin Final
Doutor
No ratings yet
LO - 2 - Data Capture and Memory Forensics
Document51 pages
LO - 2 - Data Capture and Memory Forensics
israa
No ratings yet
Ch. 2 ... Part - 4
Document15 pages
Ch. 2 ... Part - 4
V
No ratings yet
Emc Data Domain
Document13 pages
Emc Data Domain
venkat
No ratings yet
OSY CT1 Qbans
Document28 pages
OSY CT1 Qbans
tester
No ratings yet
39 - Physical Memory Forensics
Document53 pages
39 - Physical Memory Forensics
smithm007
No ratings yet
Name: Grade/Score: Year/ Section/ Row #: Date
Document1 page
Name: Grade/Score: Year/ Section/ Row #: Date
Louella Jane Racho Martinez
No ratings yet
MS SQL Database Recovery
Document18 pages
MS SQL Database Recovery
Norris Paiement
No ratings yet
Akuisisi Data: Forensic Computer
Document76 pages
Akuisisi Data: Forensic Computer
Darma
No ratings yet
Comp F
Document15 pages
Comp F
Ng Han Xian
No ratings yet
Data Formats
Document89 pages
Data Formats
Rachit Anand
No ratings yet
Chapter 7 & 8 File Systems: Computer Department SPIT, Piludara
Document80 pages
Chapter 7 & 8 File Systems: Computer Department SPIT, Piludara
jigneshbalol29
No ratings yet
Understanding Operating Systems Sixth Edition: File Management
Document118 pages
Understanding Operating Systems Sixth Edition: File Management
phil
No ratings yet
Lec 7 File System & Disk Management
Document22 pages
Lec 7 File System & Disk Management
Beero'z Beauty Products
No ratings yet
3rd Lecture-Theoretical
Document22 pages
3rd Lecture-Theoretical
Omid cell
No ratings yet
SCI4201 Lecture 4 - Data Acquistion
Document46 pages
SCI4201 Lecture 4 - Data Acquistion
onele mabhena
No ratings yet
Operating System
Document6 pages
Operating System
234307240038
No ratings yet
Chapter 6 File System
Document9 pages
Chapter 6 File System
Daya Ram Budhathoki
No ratings yet
Windows Forensics
Document68 pages
Windows Forensics
Amira
No ratings yet
DiskTracker User Manual
Document57 pages
DiskTracker User Manual
Seymore Skinner
No ratings yet
Helix Version 3
Document14 pages
Helix Version 3
Divik Shrivastava
No ratings yet
Lec3 18-3-2024
Document52 pages
Lec3 18-3-2024
dr.ashehata2013
No ratings yet
Operating System File 5 & 6
Document8 pages
Operating System File 5 & 6
Prabhav Gupta
No ratings yet
Computer Data Processing Systems
Document7 pages
Computer Data Processing Systems
David Oba Olayiwola
No ratings yet
Data Acquisition
Document29 pages
Data Acquisition
يُ يَ
No ratings yet
CS8492 - DBMS - 1
Document131 pages
CS8492 - DBMS - 1
Antony Selvi
No ratings yet
CF Practicals PDF
Document117 pages
CF Practicals PDF
Nikhil Amodkar
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
Document58 pages
Guide To Computer Forensics and Investigations Fourth Edition
Mr J Briso Beclay Bell IT
No ratings yet
CHAPTER-5 Presentation
Document23 pages
CHAPTER-5 Presentation
Shumet Woldie
No ratings yet
Data Carving
Document10 pages
Data Carving
aakash25mahajan
No ratings yet
Lec 3 Digial Forensic
Document19 pages
Lec 3 Digial Forensic
princess.mirna2003
No ratings yet
Lesson3 Os Structure
Document11 pages
Lesson3 Os Structure
Kim Austria Tubio
No ratings yet
Best Free Open Source Data Recovery Apps for Mac OS English Edition
From Everand
Best Free Open Source Data Recovery Apps for Mac OS English Edition
Cyber Jannah Sakura
No ratings yet
Simple AWS Reading Lists
Document11 pages
Simple AWS Reading Lists
Aashirwad Verma
No ratings yet
Ai PPT Aayusharpit
Document10 pages
Ai PPT Aayusharpit
Aashirwad Verma
No ratings yet
Aashirwad CTF
Document4 pages
Aashirwad CTF
Aashirwad Verma
No ratings yet
Digital Forensics
Document4 pages
Digital Forensics
Aashirwad Verma
No ratings yet