Description: == Small block disk forensics and triage ==
Outline·
Disk Structure.·
Triage.·
File Signatures.·
Discriminators.·
Contraband Identification.·
Sector-based Hashing.· Conclusions.
ACPO Good Practice Guide for Computer-Based Evidence :-
No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.· In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.· An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.· The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.
Slides :- http://billatnapier.com/diskf.pdf
Tags: disk , forensic , triage ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
This video help me lot about understanding of disk forensics.
To good Keep Posting like this video.
in depth tutorial on disk forensics.