By Bhushan Shah, NII Consulting Windows passwords are stored in the registry (encrypted) in the form of a hash. LMHash was the first hash function used by Microsoft to secure their passwords. Eventually when the security issues popped up (as LMHash is quite insecure) they had to come up with NLTM and the most recent […]
By Kush Wadhwa, NII Consulting Welcome to the world of log analysis. Log analysis plays a crucial role in intrusion detection. If the compromised system is running on Linux platform one of the first steps which the investigator will perform is the analysis of log files. Linux has an ability to store the logs of […]
Penetration Testing Fyodor’s back with his top 100 security tools for 2006. One of the most significant, but not surprising, entries is that of Metasploit Framework at #5 on the list. Since the launch of the 2.0 series, Metasploit has become one of the most popular security tools out there. The 3.0 series is a […]
by Chetan Gupta, NII Consulting A small experiment…Create a new text file. Edit it using Notepad and type “Hello” in it. save and exit the editor. Right click the file and check its properties. Did you notice the two attributes “Size” and “Size on disk”. It looks something like this on my Windows XP system […]
by Chetan Gupta, NII Consulting I was looking for a utility which allows me to remotely access running processes’ list of a suspect machine running Windows OS. I found this wonderful utility which allows to not only view the processses and their PIDs but also filter the processes according to the certain criteria such as […]
by Chetan Gupta, NII Consulting Windows XP has a built-in feature – UserAssist, that acts as a monitoring tool and greatly aids in the forensic investigation of Windows operating systems. UserAssist records user access of specific objects on the system, such as executables, Control Panel applets, shortcut files, etc. This is stored in the registry […]
by Chetan Gupta, NII Consulting How many times in an investigation does a forensic investigator come across the problem of acquiring data from a suspect’s laptop? The answer to this question would be ‘many times’. Whenever such a situation arises, the investigator is usually in a dilemma as to whether he should open the laptop, […]
by Khushbu Jithra, NII Consulting The expertise involved in a forensic investigation is best showcased through the documentation of the evidence and the recording of the techniques used for forensic investigation. Giving a written form to the investigation effort also enables clear explanation of findings and helps organize documents for litigation (if pursued).
By K. K. Mookhey, NII Consulting The Information Technology Act 2000 is India’s only act dealing with computer crime. For companies doing business in India, it is worthwhile to know the legal framework which provides for the protection of information. This article describes the important sections of the IT Act. It also looks at some […]
by Saurabh Ghelani, NII Consulting In computer forensics a suspect’s chargesheet is as good as the Chain of Custody log. It is the documented version of the circumstantial evidence which can be produced in the court, similar to the chargesheet which is filed by law enforcement agencies. Chain of Custody -> gathering and preservation of […]
