Stack Overflow
Stack Overflow

Questions tagged [computer-forensics]

Examining digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.

Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.

Read more at the Wikipedia article Computer forensics.

177 questions
-1
votes
2 answers

How to Image OS X's Memory

so I am taking a Computer Forensics class (also hoping to go into Computer Forensics, so the practice helps). In my class we have to do a research project. I am doing it on Kali specifically with RAM Forensics and Web Browser Forensics. I am…
EndlessHyjack
  • 27
  • 1
-1
votes
1 answer

possible corruption of SQLite db file

SQLite database .db file shows record exists when I open it in an ascii text editor. But there are 0 records when I open in sqlite browser or using client driver. Table definition is still there. If I run pragma integrity_check, result is ok.…
Tuvshinbayar Davaa
  • 19
  • 1
  • 7
-1
votes
1 answer

Taking a bit-by-bit image of an Android Filesystem

Is it possible to take a perfect copy of the android file system. Note I am not talking about the SD card here, as that is removable and traditional techniques can be used. I am talking about the Android file system itself, which would have to be…
Jake Evans
  • 860
  • 4
  • 13
  • 30
-1
votes
1 answer

volatility and java

I'm new to both forensics and java. I just learnt java and I find it quite useful. Recently, I am learning how to integrate commands into the java coding. Is this possible? I am currently using volatility (CLI) software. I am trying to create a GUI…
Linify
  • 187
  • 3
  • 12
-1
votes
1 answer

logically reduce USB size (computer forensics)

I have a 4 GB Kingston USB flash drive. For Computer Forensic experiments it is recommended to have smaller USB e.g. 256MB. Is there any way possible for me to make my USB 256MB provided it was manufactured 4GB. So FTK or ProDiscover only view it as…
user2838227 aka UmarFarooq MSP
  • 11
  • 3
-1
votes
2 answers

Morris Internet Worm - anyone knows how did they manage to stop it?

yes, this is a homework-type question but could you please help me out? In a very short presentation on the topic of Morris Internet Worm I am supposed to list the steps taken to stop the worm from spreading. My pp slides are now approaching the…
Peter Perháč
  • 19,614
  • 21
  • 116
  • 148
-1
votes
2 answers

Forensic Incident Response, How-To Guide/Process

I'm searching for a really good source and/or book on how one responds to a computer intrusion. I've come across many books that touch on the subject, illustrating tools and techniques to acquire forensic artifacts, but I'm searching for a how-to…
Charles
  • 29
  • 2
  • 5
-2
votes
2 answers

How to know who and when files and folders have been deleted in CentOS?

Some files and folders have been deleted on a web server, How to know how delete them and when? I checked the Raw Access logs but I couldn't find some thing could help. thanks
Aymen
  • 73
  • 1
  • 2
  • 12
-2
votes
3 answers

Forensic analysis - process log

I am performing Forensic analysis on Host based evidence - examining partitions of a hard drive of a server. I am interested in finding the processes all the "users" ran before the system died/rebooted. As this isn't live analysis I can't use ps or…
user2174771
  • 7
  • 3
-2
votes
1 answer

Understanding Windows application footprint

Just wondering if anyone could point me in the right direction for documentations that specifies what a Window application's file footprint is? More specifically, I am looking for a documentation that specifies what registry files (and which hive)…
Mike
  • 653
  • 10
  • 22
-3
votes
1 answer

What is an IETLD file?

What is an IETLD file? sir i found this in my browser history while investigating my computer system.is it effective in digital computer forensics. examples:1. Location: ietld:hotel.lk Number of hits: 1 Cached file size: 0 2.Location: ietld:gob.ni…
israr ahmad
  • 1
-4
votes
2 answers

Reconstruct HTTP Webpage from libpcap python script

I am trying to reconstruct a webpage from a libpcap file from a python script. I have all the packets so the goal I guess is to have a libpcap file as input and you find all the necessary packets and somehow have a webpage file as output with all…
will
  • 115
  • 1
  • 6
1 2 3
11
12