Digital Forensics
What is it
Collecting, examining, analysing, and reporting
digital/electronic evidence.
Hidden data
To view: Exiftool
Hex editors
Computer program that allows for
manipulation of fundamental binary
code
Reverse Engineering
Examining and fixing corrupt files
Collecting Evidence
Hashes
Screenshots
Network traffic
TCP/UDP
UDP: User datagram protocal
Common: video chatting, Onlinegaming
Fast
Data is sent without connection
TCP: Transmission control protocol
To setup a connect a handshake is preformed
2 or more computers communicating
Wireshark, tcpdumb
Bit by Bit image of drive
Capture system Images
Capture RAM
Wireshark
Recorded traffic in pcap files
protocol analyser/ network packet
Packet
Contains data & other important info : Directed IP address
Unit of data transfer over a network
Steganography
Concealing data withing other data
ASCII
Allows computer to transfer data easily
Most computers use ASCII for text
Code for representing 128 English character **Numbers**
Sources to examine
Deleted files
Metadata
Memory Images
Applications
Networks
Hardware & OS
Storage
Volatility
Memory most to least
Hard-drive
Files written to disk
Data stored in RAM
CPU cache/registers
