Monday, January 15, 2007

"Fundamental Computer Investigation Guide For Windows"

Fundamental Computer Investigation Guide For Windows

"Internet connectivity and technological advances expose computers and computer networks to criminal activities such as unauthorized intrusion, financial fraud, and identity and intellectual property theft. Computers can be used to launch attacks against computer networks and destroy data. E-mail can be used to harass people, transmit sexually explicit images, and conduct other malicious activities. Such activities expose organizations to ethical, legal, and financial risks and often require them to conduct internal computer investigations.

This guide discusses processes and tools for use in internal computer investigations. It introduces a multi-phase model that is based on well-accepted procedures in the computer investigation community. It also presents an applied scenario example of an internal investigation in an environment that includes Microsoft® Windows®–based computers. The investigation uses Windows Sysinternals tools (advanced utilities that can be used to examine Windows–based computers) as well commonly available Windows commands and tools.

..."

This is a high level, 60 page document to get you started...

For internal IT, or if you've had no exposure to computer forensics, this could be a good starting point. It's somewhat general, but does cover some very important concepts (like how important chain of custody is, avoiding spoliation, etc, etc).

I think Chapter 5, Applied Scenario Example, is one of the better parts of the document as it's fairly real-world and mid-level technical (i.e. registry spelunking, actual examples if using Sysinternals tools to gather data, yada).

(via Jeff Alexander's Weblog - The Fundamental Computer Investigation Guide..)

No comments: