Security Basics mailing list archives

forensics procedure for PC analysis

From: John O Laoi <brianolaoi () gmail com>
Date: Mon, 27 Apr 2009 11:31:17 +0100

Hello,
Does anyone have pointers to a full recommended procedure on
preserving PC data for forensic analysis?
I'm thinking about things like getting a full backup (using dd),
preserving the disks, graceful shutdown or not, etc.

My employer has asked me to look into drafting a policy to address
this, in situations where say illicit material has been lodged to
disk.

John

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------

Current thread:

forensics procedure for PC analysis John O Laoi (May 01)
- Re: forensics procedure for PC analysis Richard Thomas (May 01)
- Re: forensics procedure for PC analysis max (May 01)
  - Re: forensics procedure for PC analysis Johnny Ramone (May 04)
    - RE: forensics procedure for PC analysis Dave Kleiman (May 06)
- RE: forensics procedure for PC analysis Simon Thornton (May 04)