Join Sandra Toner for an in-depth discussion in this video Differentiating between postmortem and live forensics, part of Learning Computer Security Investigation and Response.
- In this video, we'll examine two distinct methods…of digital forensic analysis,…the postmortem and the live analysis.…There are some misconceptions about collection.…One of the fundamental misconceptions…is that pure forensics is the same as physical forensics.…Another misconception is that we always collect everything…at the physical crime scene.…In a physical forensics environment,…we commonly photograph the forensic crime scene…and take reasonable precautions…to ensure the evidence has not been disturbed.…
Let's start off by talking about a postmortem.…Traditionally, computer forensics experts…agreed that shutting down the computer system…in order to preserve evidence…and eliminate the potential of changing information…was the best practice prior to examining.…Postmortem computer forensics…is basically performing a data autopsy on a dead system.…In this case, "dead,"…meaning that that computer's been powered down,…not that the computer's broken.…The focus here is on data recovery…and analysis of stored information…
Author
Sandra Toner
Released
12/16/2015This course covers the basics of computer forensics and cyber crime investigation. Author Sandra Toner provides an overview of forensic science, and discusses best practices in the field and the frameworks professionals use to conduct investigations. Then, after showing how to set up a simple lab, Sandra describes how to respond to a cyber incident without disturbing the crime scene. She dives deep into evidence collection and recovery, explaining the differences between collecting evidence from Windows, Mac, and Linux machines. The course wraps up with a look at some of the more commonly used computer forensics software tools.
- Applying science to digital investigations
- Understanding forensic frameworks
- Defining cyber crime: harassment, hacking, and identity theft
- Setting up a forensic lab
- Responding to cyber incidents
- Collecting and recovering evidence
- Examining networks for evidence
- Applying forensics to Windows, Mac, and Linux
- Working with forensics tools
Skill Level Beginner
Duration
Views
-
Introduction
-
Welcome33s
-
-
1. Understanding Forensic Science
-
Identifying digital evidence2m 20s
-
2. Defining Cyber Crime
-
Classifying cyber crime1m 52s
-
Defining identity theft3m 35s
-
Examining cyber harassment4m 28s
-
-
3. Setting Up a Forensic Lab
-
Building a knowledgebase2m 43s
-
Working with evidence1m 28s
-
Equipping the lab1m 23s
-
Selecting forensic software2m 50s
-
-
4. Responding to a Cyber Incident
-
Discovering an incident2m 59s
-
Preserving evidence2m 9s
-
Reporting cyber incidents4m 28s
-
-
5. Collecting Evidence
-
Following protocol2m 25s
-
Storing evidence2m 28s
-
Imaging evidence1m 59s
-
-
6. Recovering Evidence
-
Finding hidden data4m 44s
-
Resurrecting data2m 36s
-
Working with damaged media2m 39s
-
Viewing browser history2m 11s
-
-
7. Network-Based Evidence
-
Checking out firewall logs1m 17s
-
Detecting network intrusion2m 10s
-
Examining router evidence1m 42s
-
-
8. Windows Forensics
-
Finding Windows directories1m 54s
-
9. Macintosh Forensics
-
Applying forensics to a Mac3m 17s
-
Checking out Mac logs2m 2s
-
Finding Mac directories1m 40s
-
-
10. Linux Forensics
-
Checking out Linux log files3m 40s
-
Finding Linux directories2m 28s
-
11. Forensic Tools
-
Conclusion
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Differentiating between postmortem and live forensics