[…] single newline -terminated, hexadecimal, 32 -character, lowercase ID. When decoded from hexadecimal, this corresponds to a 16 -byte/128 -bit value. This ID may not be all zeros. Malware may use this value to seed encryption keys.) User Group L ists /etc/group (/etc/group - contains the previous version of this file) Users with Admin Privileges […]
Read More[…] files or those that could make any changes or alter the local workstation . A virtual machine can serve to protect the host system from any potential malware or inadvertent system changes that can affect other casework. 7.1.5 Chain of C ustody a) The chain of custody is the chronological documentation of the movement, […]
Read More[…] f. Extract Internet history 2. Conduct Searches a. Conduct keyword/text string and/or regular expression searches b. Use hash databases to include or exclude known data c. Detect malware programs or artifacts d. Detect evidence of system compromise e. Detect counter/anti -forensic programs or artifacts 3. Identification and Analysis a. Image restoration (see Module 12) […]
Read More