Please enable JavaScript.

Coggle requires JavaScript to display documents.

Digital Forensic, Ram, Chain of custody process, Aquisition, SWGDE Best…

- - - - Client’s email software Ex. Gmail, Yahoo!mail, Microsoft LiveMail
    - - Mail server run with
        server mail software
        
        ex. SMTP. POP3, IMAP
    - - Application responsible for receiving an email message from MTA and store in into mailbox of the recipient
  - - - .PST
      - .OST
    - - .DBX
    - - .MBOX
    - - EMLX
- - - - ADS and Steganography
    - - Making the code unreadable or hard to read
      - Ex. Spoofing tactic, Data misidentification, Misinformation, Use of Proxy Server
    - - Manipulating digital signatures to make forged data appear legitimate or Altering file metadata (e.g., timestamps, author information) to mislead forensic investigators
    - - Secure File Deletion: Using secure deletion tools or techniques to overwrite data, making it unrecoverable
      - File Slack Wiping: Removing data remnants in the slack space within a file system.
    - - VPN or Onion Routing
    - - PAS5 to 31
        
        Gutmann method
      - PAS1 To 7
        
        Schneier method
- - - - Chrome Bookmarks are stored in the 'Bookmarks' JSON file.
    - - Chrome Cache is stored using an Index file ('index'), a number of Data Block files ('data#'), and a number of separate data files ('f######')
    - - HTTP Cookies are stored in the 'Cookies' SQLite database, within the 'cookies' table
    - - Chrome Downloads are stored in the 'History' SQLite database, within the 'downloads' and 'downloads_url_chains' tables
    - - Chrome Favicons are stored in the 'Favicons' SQLite database, within the 'favicons', 'favicon_bitmaps' and 'icon_mapping' tables. Older versions of Chrome stored Favicons in a 'Thumbnails' SQLite database, within the 'favicons' table.
    - - Chrome Form History is stored in the 'Web Data' SQLite database, within the 'autofill' table. Older versions of Chrome
        stored associated dates within an 'autofill_dates' table
- - - - Process
        
        Identify
        
        Preserving evidence
        
        Analysis the evidence
        
        Reporting
      - Investigation
- - - - Geolocation data/ Global Positioning System (longitude
        and latitude data) records, check-in records
    - - timestamp records for the files, web browsing history
        recorded time
    - - application account information, app log (activity
        records, transaction records, etc.)
    - - MAC address, Bluetooth record and information, IP
        addresses records
    - - archived files in cloud, PLIST (in Apple mobile device), Android Manifest (in Android mobile devices)
    - - digital stylus/ pen (Apple pencil)
    - - SQLite database (FRM file, MYD file), salt data for pwd
- - - - Custody Transfer: Evidence is transferred between individuals or locations, and each transfer is documented.
        
        Storage and Security: Evidence is stored securely to prevent unauthorized access, tampering, loss, or damage.
        
        Documentation of Access: Any examination, testing, or movement of evidence is documented, including the purpose and individuals involved.
        
        Court Presentation: Testimony is provided in court by individuals who handled the evidence, establishing the chain of custody and ensuring its integrity.
- - - - Reporting and Documentation
        
        Quality Assurance
        
        Legal and Ethical Considerations
        
        Continuous Education and Professional Development