2.2.1 System Preservation Phase

  • Trying to preserver the  state of crime scene.
  • Actions / methods are depending on
    1. Legal requirements
    2. Business requirements
    3. Operational requirements
  • Ex. Easy case that may require seize the machine and clone the disk. Also there are some complicated cases like spyware etc.
  • Few cases will not go to court (business , military )
  • In preservation phase investigator tries to avoid overwriting the evidence. 

Preservation Techniques
  • Basic aim to to reduce tempering / overwriting.
  • For dead analysis i)turn off the machine ii) start making copies
  • For live analysis i) kill harmful processes ii) kill network if required iii)logging timestamps etc.
  • #values for integrity 

at

2.3.2 Essential & Non-essential data

  • 1.1.3.3 Types of Sector Addresses
    Physical address is address of the sector with respect to start of physical media. One way of addressing was to mentioning plate number , tr...
  • 1.1.2.1 CPU & Machine Codes
    CPU Central processing unit or processor. Can process assigned job. but cant create job for itself. OS assigns job to CPU. CPU picks up inst...
  • 1.1.1.3 Strings and Encoding
    How computer stores sentence ? Computer does not know characters and symbols. Computer has a unique numerical value for a symbol. Computer k...