This is the last in my series of blog posts on computer forensics based on what I have learnt from the Infinite Skills course. A big thing in computing is virtualization where you can run something like a potential virus or suspect driver in a sandbox where it can run but the damage it can do is limited. There is 2 types of virtualization, one where it runs on the operating system and one where the operating system runs on the virtualization software. This also lets you run multiple operating systems on the same computer. Examples of virtualization software are VMware & Hyper-V. There is a website at http://totalvirus.com where you can have a suspect file or URL analyzed for viruses and the service is free. Often if your computer becomes infected you will want to remove the virus but also know what damage the virus has done in order to mitigate any problems.
There are a lot of utilities that will let you copy the contents of a smartphone to a computer and many are free. One issue is you must prove the contents came from the phone which is sometimes contested. On most smartphones the system memory is on a separate partition to the storage. You will also have to analyze the sim card separately. On an android phone most files are named descriptively but there is more room for misnaming files on an iphone. If you are interrogatting a symbian phone you will usually have to use the tools that came with the phone which can cause problems. Most software that interrogates an iphone only works on an Apple Mac. This kind of software will often reconstruct images on the computer which you may have to check. Often on smartphones the contacts list is on the sim card. Some software will also bypass the pin number or password if it's not available but you might not be able to access everything without it. To get this kind of software it's best to either do a search in a search engine like google or look on bulletin boards on the internet.
No comments:
Post a Comment