SlideShare a Scribd company logo

Radionica EnCase v6-2009

Download as PPTX, PDF
Damir Delija
Damir Delija
Education
1 of 44
sigurnost integrirana EnCase – radionica Alat za forenzičku istragu računala Damir Delija Dr.Sc.E.E
EnCase Forensic Guidance Software 2 Vodeći komercijalni alat za računalnu forenziku Proizvođač Guidance Software www.guidancesoftware.com Prihvaćen kao standardni alat u zemljama razvijene IT infrastrukture Veliki broj sudskih presuda i postupaka u kojima je ovaj alat korišten u dokaznom postupku (USA, UK ..) Nije neophodno da je korisnik računalni ekspert da bi proveo standardnu računalnu istragu
Osnovni izgleda alata 3 Table Pane Tree Pane View Pane Filter Pane
Radionica 4 - Cilj upoznati se sa alatom EnCase Forensic u stvarnim uslovima - Scenarij • na osnovi naloga provesti pretragu forenzički ispravne slike predmetnog računala • sliku računala napraviti korištenjem Encase alata • analizu provesti istim forenzičkim alatom • koristi se EnCase Forensic 6.13. verzija • dokazi su stvarni
Postupak 5 - Napraviti izuzimanje diskova i datoteke sa dokazima - Otvoriti datoteku sa dokazima - Definirati ključne riječi za traženje (keywords) - Provesti pregled slika (gallery view) - sve što je zanimljivo zabilježiti (bookmarkirati) - Provesti traženje po imenu datoteka (conditions) • sve što je zanimljivo zabilježiti (bookmarkirati) - Provesti traženje po ključnim riječima (search) • sve što je zanimljivo zabilježiti (bookmarkirati) - Na osnovu zabilježenog napraviti izvještaj (report)
Prvi korak izuzimanje diska 6 Zadatak je napraviti sliku diska kroz Encase unutar novog slučaja (case) • Otvara se novi slučaj • U slučaj se dodaju diskovi • Rad sa alatom mora se osnivati na proceduri prikupljanja i analize digitalnih dokaza • Alat se može prilagoditi specifičnostima pojedinih procedura / zakonodavstava tj. integrirati u postojeći sustav
Pokretanje Encase-a 7
Otvaranje novog case-a 8
Dodavanje diska 9
Odabir lokalnih diskova 10
Odabir fizičkog diska 11
Disk selektiran 12
Pregled (preview) odabranog diska 13
Izuzimanje diska 14 Desni klik na disk da se otvori meni
Izuzimanje – podešavanje 1 15
Izuzimanje – podešavanje 2 16
Izuzimanje u toku – status posla 17
Kraj izuzimanja 18
Rad sa slikom diska (disk image) 19
Završavanje izuzimanja i spremanje slike diska 20 • Nakon izuzimanja diska se preporuča spremiti case – File -> save • Dobra praksa je zatvoriti case i ponovo ga otvoriti – Zbog kontrole da li je sve uspjelo – Ili zbog izrade kopije case datoteka na druge medije (stvar procedure) • Zatvaranje case-a – File -> Exit – I odgovoriti na sve što program pita
Pokretanje alata i otvaranje slučaja (case) 21 kliknuti na open
Odabir datoteke dokaza 22 Odaberite datoteku dokaza
Forenzička slika računala - učitana i pripravna za pretragu 23
Conditions - traženje po imenu datoteke 24 kliknite na conditions i odaberite Search filename
Conditions - traženje po imenu datoteke 25
Rezultati traženja po imenu datoteke 26
Gallery pregled - prikaz slika 27 Za odabrane direktorije prikaz slika plava kvačica odabrano
Dodavanje nađenog u bookmarks 28 kliknite plavu kvačicu za odabir Desnim gumbom otvorite meni odaberite bookmark
Prikaz svih datoteka sa show-all boxom 29
Dodavanje ključnih riječi za pretraživanje 30 Odaberite keywords i kliknite na new
Otvorite box za dodavanje ključnih riječi 31
Unos riječi za traženje 32
Traženje - po svim datotekama na disku 33 kliknite na search otvara se maska za definiranje parametara
Odabir parametara traženja 34
Traženje u toku 35 Status traženja
Rezultati traženja- završetak 36
Rezultati pretraživanja 37
Traženje u odabranim direktorijima 38 kliknite na dir. u kojima želite tražiti i otvorite search
Rezultati traženja u odabranim direktorijima 39
Dodavanje bookmarka u izvještaj 40 Otvorite bookmarks za bookmarke koje želite desni klik
Izrada izvještaja iz bookmarka 41
Izvještaj o istrazi 42 sve što želite da uđe u report iz bookmarks mora imati kliknut zeleni trokut
Još ponešto 43 • Prošli smo nekih 25% sustava – osnovne mogućnosti • Postoji mrežna verzija – Enterprise – FIM (Field Investigation Module) • Postoje moduli za “automatsku” pripremu slučaja (case procesor) • Postoji enskript jezik za proširenja / prilagođavanja Nedostaci pojedinih verzija forenzičkih alata: • "Breaking Forensics Software: Weaknesses in Critical Evidence ollection", www.isecpartners.com/publications.html • www.nist.gov
Pitanja ? 44 damir.delija@insig2.hr www.insig2.hr

Recommended

Digitalni dokazi forenzicki alati i standardi
Digitalni dokazi forenzicki alati i standardiDigitalni dokazi forenzicki alati i standardi
Digitalni dokazi forenzicki alati i standardiDejan Jeremic
 
6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...
Damir Delija
 
6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...
Damir Delija
 
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Damir Delija
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
Damir Delija
 
Ecase direct servlet acess v1
Ecase direct servlet acess v1Ecase direct servlet acess v1
Ecase direct servlet acess v1
Damir Delija
 
Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1
Damir Delija
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
Damir Delija
 

Recommended

Digitalni dokazi forenzicki alati i standardi
Digitalni dokazi forenzicki alati i standardiDigitalni dokazi forenzicki alati i standardi
Digitalni dokazi forenzicki alati i standardiDejan Jeremic
 
6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...
Damir Delija
 
6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...
Damir Delija
 
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...
Damir Delija
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
Damir Delija
 
Ecase direct servlet acess v1
Ecase direct servlet acess v1Ecase direct servlet acess v1
Ecase direct servlet acess v1
Damir Delija
 
Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1Cis 2016 moč forenzičikih alata 1.1
Cis 2016 moč forenzičikih alata 1.1
Damir Delija
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
Damir Delija
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draft
Damir Delija
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Damir Delija
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations
Damir Delija
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2
Damir Delija
 
EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection
Damir Delija
 
Ocr and EnCase
Ocr and EnCaseOcr and EnCase
Ocr and EnCase
Damir Delija
 
Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2
Damir Delija
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation
Damir Delija
 
Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013 Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013 Damir Delija
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics tools
Damir Delija
 
Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt Damir Delija
 
Ibm aix wlm idea
Ibm aix wlm ideaIbm aix wlm idea
Ibm aix wlm idea
Damir Delija
 
Aix workload manager
Aix workload managerAix workload manager
Aix workload manager
Damir Delija
 
2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza 2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza
Damir Delija
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokaziDamir Delija
 
Sigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaSigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaDamir Delija
 
Improving data confidentiality in personal computer environment using on line...
Improving data confidentiality in personal computer environment using on line...Improving data confidentiality in personal computer environment using on line...
Improving data confidentiality in personal computer environment using on line...
Damir Delija
 
Communication network simulation on the unix system trough use of the remote ...
Communication network simulation on the unix system trough use of the remote ...Communication network simulation on the unix system trough use of the remote ...
Communication network simulation on the unix system trough use of the remote ...
Damir Delija
 
Mehanizmi razmjene poruka ostvareni preko RPCa
Mehanizmi razmjene poruka ostvareni preko RPCaMehanizmi razmjene poruka ostvareni preko RPCa
Mehanizmi razmjene poruka ostvareni preko RPCaDamir Delija
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokaziDamir Delija
 

More Related Content

More from Damir Delija

Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draft
Damir Delija
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Damir Delija
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations
Damir Delija
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2
Damir Delija
 
EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection
Damir Delija
 
Ocr and EnCase
Ocr and EnCaseOcr and EnCase
Ocr and EnCase
Damir Delija
 
Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2
Damir Delija
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation
Damir Delija
 
Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013 Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013 Damir Delija
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics tools
Damir Delija
 
Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt Damir Delija
 
Ibm aix wlm idea
Ibm aix wlm ideaIbm aix wlm idea
Ibm aix wlm idea
Damir Delija
 
Aix workload manager
Aix workload managerAix workload manager
Aix workload manager
Damir Delija
 
2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza 2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza
Damir Delija
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokaziDamir Delija
 
Sigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaSigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaDamir Delija
 
Improving data confidentiality in personal computer environment using on line...
Improving data confidentiality in personal computer environment using on line...Improving data confidentiality in personal computer environment using on line...
Improving data confidentiality in personal computer environment using on line...
Damir Delija
 
Communication network simulation on the unix system trough use of the remote ...
Communication network simulation on the unix system trough use of the remote ...Communication network simulation on the unix system trough use of the remote ...
Communication network simulation on the unix system trough use of the remote ...
Damir Delija
 
Mehanizmi razmjene poruka ostvareni preko RPCa
Mehanizmi razmjene poruka ostvareni preko RPCaMehanizmi razmjene poruka ostvareni preko RPCa
Mehanizmi razmjene poruka ostvareni preko RPCaDamir Delija
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokaziDamir Delija
 

More from Damir Delija (20)

Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draft
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2
 
EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection
 
Ocr and EnCase
Ocr and EnCaseOcr and EnCase
Ocr and EnCase
 
Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2Olaf extension td3 inisg2 2
Olaf extension td3 inisg2 2
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation
 
Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013 Moguće tehnike pristupa forenzckim podacima 09.2013
Moguće tehnike pristupa forenzckim podacima 09.2013
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics tools
 
Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt Cis 2013 digitalna forenzika osvrt
Cis 2013 digitalna forenzika osvrt
 
Ibm aix wlm idea
Ibm aix wlm ideaIbm aix wlm idea
Ibm aix wlm idea
 
Aix workload manager
Aix workload managerAix workload manager
Aix workload manager
 
2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza 2013 obrada digitalnih dokaza
2013 obrada digitalnih dokaza
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokazi
 
Sigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavimaSigurnost i upravljanje distribuiranim sustavima
Sigurnost i upravljanje distribuiranim sustavima
 
Improving data confidentiality in personal computer environment using on line...
Improving data confidentiality in personal computer environment using on line...Improving data confidentiality in personal computer environment using on line...
Improving data confidentiality in personal computer environment using on line...
 
Communication network simulation on the unix system trough use of the remote ...
Communication network simulation on the unix system trough use of the remote ...Communication network simulation on the unix system trough use of the remote ...
Communication network simulation on the unix system trough use of the remote ...
 
Mehanizmi razmjene poruka ostvareni preko RPCa
Mehanizmi razmjene poruka ostvareni preko RPCaMehanizmi razmjene poruka ostvareni preko RPCa
Mehanizmi razmjene poruka ostvareni preko RPCa
 
Tip zlocina digitalni dokazi
Tip zlocina digitalni dokaziTip zlocina digitalni dokazi
Tip zlocina digitalni dokazi
 

Radionica EnCase v6-2009