Beruflich Dokumente
Kultur Dokumente
။
။
။
၂ ။
။)
၂ ။
။
....
....
၇
1822-1911
1847-1915
1858-1946
1887-1954
1891-1955
1932
1984
1993
1998
2000
Digita
၇
DD
-
( ...
-
၁ A++
၂ Operationsystem(window,linux,MAC,etc..)
၃ BasicNetworking
၄ RoutingandSwitching
၄ ProgrammingBasic
၅ Server/Vmware/Bigdata -Virus
၆ Webapplication
၇ SocialNetwork(Facbook,twitter,linkedlin,etc....)
၈ Mobilephone..Tablet(software,hardware)
၉ wirelessDevice..
....
- ။
။
- ။
device ။ ။
phonePrinterUSBHD Moderm Wireless AP , LAN cable
...etc.
-
၇
-
၇ ၇
Example soon .....
....case
၇ ၇
။
၇
....
။ wri
Dev
၇ ၇
Example soon .....
Example ....Sooon
....
၇ ၇
။
.
....
။ wri
Anti-DigitalForensics
D
device
။
- storage
- Bootable
-
-
VolatileData
....
Non-VolatileData Data)
TransientData Data)
websi
။
example Active Network Connection
FragileData Data)
Hard Disk , Memory Sti
TemporarilyAccessData
HardDisk,MemoryStick,
။
ActiveData
ArchivalData
BackupData
( ) HD
။
Collection Evidence
evidence
Example password
protect file , folder , hidden file , rar,zip, tar,
example = backup file , server log, event logs , system file , swap file, printer pools
။
(example ..usb, router , modern)
Online ...
- (eg..database,excel,paper),-
..Image
Credit card .
Writer
CreditcardGenerator
excel,world,database)
Imagefile
Email,Note,Letterbrowser,chatrecord,
Content No , call log
excel,world,database)
Imagefile
Email,Note,Letterbrowser,chatrecord,
Content No , call log
SimcardClone(hardware)
userdatabase ElectronicSerialnumber(ESI)
MobileidentificationNumber(MIN)
Browser,socialNetworkRecord
Steganography
Steganogra
။
-
- M
-
-
-
DVD/
။Eg..... bitstre
.
(10111110) (10111111) (10111111) (10111111) (10111111) (10111111) (10111111)
(10111110)
E-mail Forensics
(Cyber Stalking)
(Fraud Mail)
phishing)
(phishing) -----
-
(www.google.com www.gooogle.com
-
၇
။
gmail.com=>yahoo.com
၄
25 Domain n
။
yahoo.com
။
E-MailHeader
။
။ ။
။
။
။
။
Secure Your Online Banking & ATM
********************************************************************
-
Browser
။
- ။
- ။
- ။
- ။
-
။
- ။ ။
။
- ။
- ၁ ။ Eg ($%+cadf89A)
- ။
- ။
- ။
။ ။
- ။
။
။
AT
။
။
။
။
။
#onlinebanking #ATM
Memory forensics
။
။
။ ။
။
What is Cyber Forensics Part (22)
Evidence Device Cloning and Hashing
။ ။
။
။
Law Enforce
။
၁ ။
:D ။
၂ ။ ၇
။
၄ ။
၅ ။ ။
၆ ။
။
၇ ။
၈
1. Organization ။
။
။
Social Engin
။
6.DDos
Software , Ha
။
။
What Is Cyber Forensics Part (23)
Window Registry Analysis Part (1) (Window Forensics)
Network Information
။
။
Key, Sub key, Name , ။
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
၅
။
။
=========================
HKEY_CLASSES_ROOT
Software
။
။
HKEY_CURRENT_USER
User L
။ ။
HKEY_LOCAL_MACHINE
HKEY_USERS
။ ။
HKEY_CURRENT_CONFIG
။
======================
၅ ။
Software
System
SAM
Security
Default
================
Software
System
SAM
Security
။
။
Default
။
။
===============
၊ ။
1.REG_BINARY
။
။
2.REG_DWORD
------------------------
။
။
3.REG_EXPAND_SZ
----------------------------
4.REG_MULTI_SZ
--------------------------
5.REG_SZ
-----------------
။
6.REG_FULL_RESOCE_DESCRIPTOR
------------------------------------------------------
။
Window Registry Group
What Is Cyber Forensics Part (24)
Window Registry Analysis Part (2) (Window Forensics)
User
။
Login Time
Account Level
File Open activities
Network Connecting activities
Browser activities
။
။ Every things
Leave a Trace.
Windows\System32\Config
---------------------------
။
HKEY_USERS.DEFAULT : \system32\config\default
What Is Cyber Forensics Part (25)
Window Registry Analysis Part (3) (Window Forensics)
။
။
administ
။
။
။
Eve ။
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001
========
SS
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\NetworkCards
။
။
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\
HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Enum\USBSTOR\
HKEY_LOCAL_MACHINE\SYSTEM|MountedDevices
=====
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\Explorer\RunMRU
။
HKEY_CURRENT_USE ။
...
#Cybercrime #forensicsmyanmar
။
။
။
။ ။ More
tools Search in Google ....
Foren
။
။
။
၊ ....
What Is Cyber Forensics Part (25)
Window Registry Analysis Part (3) (Window Forensics)
။
။
။
။
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001
========
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\NetworkCards
။
။
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\
HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Enum\USBSTOR\
HKEY_LOCAL_MACHINE\SYSTEM|MountedDevices
=====
။
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\Explorer\RunMRU
။
။
။
။
။ ။ More
tools Search in Google ....
Foren
။
။
။
၊
OPEN SOURCE INTELLIGENCE (OSINT)
။
။
။
။ ၊ ၊
။
၂
။
။
။
။
။
၊ ၊
။
။
။
Facebook Graph Sea
။
။
။
။
။
Foreign Broadcast Information S
။ - - ။
။ ။
။
။
======================
။
။
၇ ။
======================
။
၂ ။ ။
။
======================
Actulator
။
======================
Actulator Arm
။
။
။
======================
======================
track
။
။
plat ။
။
======================
Cylinder
။
။
။
======================
Sector
။
။ ။ ၄
data
======================
Cluster
Cluster
။
။
။
။ ။ Eg= 4
x 4k(sector) = 1600 byte
======================
volume
volume
partation ။ ။
What is Cyber Forensics ? Part 28
Hard Disk Forensic . (Part 2)
Hard Disk (bad Sector, slack space, firmware half or full damage )
၊
။
။
။
E
။ ၂
။
Slack Space
data ။
။
။
။ ။ Eg= 4
x 4k(sector) = 1600 byte
။
sector ၂ ။
။
။ ။
။
။
။ ။
====================================
HD firmware
။
။
firmwar ။
။
။
Special R ။
What is Cyber Forensics ? Part 29
Hard Disk Forensic . (Part 3)
Boot Loader , Boot Sector , Master Boot Record (MBR) & Window System Boot Process
===============================
Boot Loader (Boot manage
။
။ ။
Boot Sect
။
။ - -
။B ။ (POST
===============================
၂ ။
။ ။ (multi boot)
၂ ။
။ ။
===============================
။
===============================
System s - - ။
the Com
။ DVD,keysboard , Mouse ,extended Harddisk , etc .....
။
===============================
===============================================
။
။
Delete
။
။
။
Shift+Delete
။ ။
=====================================
Window File System
=====================================
။
New Technology File Sys ။
၂ ။
၁
၂
Mast ၊
၊
။
Cl ။
။
။
==========================================
fi
==========================================
။ NTFS
။
။
။ file
။
။
===============
၊
။
RAI
။
။
၃ ။
။
။
။
။ ။
Mirroring
Hard disk ။
။
။ ။
Parity
။
Parity informa
Disk 1 = 1 0 1 0
Disk 2 = 1 1 0 0
Disk 3 = 0 0 1 1
------------------------------------------------
Disk 4 = 0 1 0 1 ( Parity Information)
------------------------------------------------
< ။
Disk 1 = x x x x
Disk 2 = 1 1 0 0
Disk 3 = 0 0 1 1
------------------------------------------------
Disk 4 = 0 1 0 1 ( Parity Information)
------------------------------------------------
Result
၁ ၁
Disk 2 = 1 1 0 0
Disk 3 = 0 0 1 1
------------------------------------------
Disk 4 = 0 1 0 1 ( Parity Information)
============================================
base
။
- ။
- ။
RAID 1 (Mirroring )
==============
- ။
- ၂ ။
။
။
- ။
- Fault tolerance ။
- - -
RAID 0 , ။
။
။
============================================
HOW To Forensics RAID SYSTEM
============================================
-
- ။
။
။
- ။ (Try to
Image ......Hash.....load image and Recover If Need )
- ။
။။ ။
Case Back Ground
===============
။ ၊
။ Ant
။
-------
Window 10 64 bit
Processor Brand Intel
Processor Type Core i7 4.2 GHz
RAM Size 16 GB
Hard Drive Size 1 TB + 1 TB (Raid0)
Graphics Coprocessor Nvidia Geforce GTX 1070
Graphics Card Description Nvidia Geforce GTX 1070
========================================
-
။
။
။
======================
။
။ ။
။
။
။
။
:D ။
HD 2
။
။
။
။
။
:)
။။ ။
။
။
။
။ ။
။
။ ။
Crime Case Back Ground (NOTE: Base On CHFI&CCFP Note Not Real Wold Case)
======================================
။
။ ။
:D )
။
။ ။
။
။ ။
Ok Let it be ...
Ok Let it Be ...
။
- Organiz
philosophy ။
။
။
။ ။
-
။
Peer view
===========
။
။
============
-
။
။
။
။
။
===================
inman-Rudin Paradigm
-
....
Identification
Individualization
။ ။
Association
Reconstruction
BIOS ,
- ။
A ။
။
။
။
။
......... ?
:)
Ma ။
။
။
။
.... :)
။
What is Cyber Forensics ? Part 36
Hard Disk Platter Forensics
===============
===============
-
-Same Doner
- ...
===================
-
- ...
-
===========
Computer forensics Part 37
Solid-State Drive (SSD) - Forensics (Part 1 )
။
- ။
။
၊
။
- ၊
၊ ၊ ၊ ၊
read- ။
။
။
- - ။
။
။
။
။
Controller
S ။
-
။ ။ garbage collection,
encryption, wear-levelling, , RA
Buffer Memory
- ။
-
။
SSD SATA ,SSD M2, SSD msata, SSD U2 , SSD Pcie , SSD sas ,
======================
Garbage Collection
။ -
။
။
။
။
။
။
။
။
=============
Wear leveling
။
။
===========
Trim ( You can use from OS )
။ ။
။
။
(Garbage Collection, W
Computer forensics Part 38
Solid-State Drive (SSD) - Forensics (Part 2 )
။
။ - -
- ။
:)
။
။
။
။
။
- ။
- ။
- - ။
- ။ (kits or
(hashing Problem )
- ။
- ။
- raid ။
၃၉
..
Forensics
To
m2
chec
PCB
.... :-)
..
appl
..
၆
. :-)
Cust :-)
:-) :-)
:-)
:-)
:-)
...
https://www.facebook.com/forensicsmyanmar