![[Company Logo Image]](images/logo.gif){kind=logo}
Data
Forensics Engineering
|
|
|
|
The initial response should be executed from a trusted Cmd.exe from a USB, CDRom or floppy created to support an investigation.
Date & Time should be piped to a file recording all actions on the computer under investigation. Record who is logged on to the computer. Any changes to the files on the system should be recorded. a:\>dir /t:a /a /s /o:d c:\ directory listing of all access times for the c:\ drive a:\>dir /t:w /a /s /o:d c:\ directory listing of all modification times for the c:\ drive a:\>dir /t:c /a /s /o:d c:\ directory listing of all creation times for the c:\ drive Determine open ports and processes tied to these ports a:\>netstat -ano Determine process tied to ports a:\>netstate -o a:\>fport Foundstone utility to process port mapper Record all processes running on the computer a:\>pslist a:\>nbtstat -c view recent NetBIOS connections Preserve all logs from the computer.
|
|
Send mail to info@dataforensicsengineering.com with
questions or comments about this web site.
|
