Scribd Logo
Upload

Welcome to Scribd!

  • Day 0 Introduction

    Uploaded by

    kccho2
    43 views15 pages
    Day 0 Introduction

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Day 0 Introduction

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    43 views15 pages

    Day 0 Introduction

    Uploaded by

    kccho2
    Day 0 Introduction

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    Ivan CHOW 1

    Ricci IEONG

    Copyright © 2022 Ivan Chow, Karson Chan & Ricci IEONG Information Security and Forensics
    15/7/2022
    Society The University of Hong Kong, The Cyberport Institute of Hong Kong
    ivanchow@gmail.com

    EnCase , Xways, Accessdata, IACIS certified


    Advisor Royal Thai Police
    Forensic Team Big 4
    EnCase training
    IT Training 15year

    Copyright © 2022 Ivan Chow, Karson Chan & Ricci IEONG Information Security and Forensics
    Society The University of Hong Kong, The Cyberport Institute of Hong Kong
    15/7/2022 2
    ▪ Working Experience
    ▪ Part-time lecturer (IERG4350, FTEC5520) in the Chinese University of Hong Kong (2019 - )
    ▪ Educator of AWS Academy Program for HKUST (2021 - )
    ▪ Part-time lecturer (COMP4632) in the Hong Kong University of Science & Technology (2015 - )
    ▪ Part-time lecturer (Digital Forensics) in Tung Wah College (2019 - 2021 )
    ▪ Principal Consultant and Founder of eWalker Consulting Limited (2005 - )
    ▪ Authorized Trainer for CSA CCSK (2013 - )
    ▪ Consultant of Hewlett Packard HKSAR (2000 – 2005)
    ▪ Senior Consultant of PrivyLink HKSAR (2000)
    ▪ ACO of Cyberspace Center, HKUST (1997 – 2000)
    ▪ Demonstrator, COMP, HKUST (1996 – 1997)

    ▪ Education
    ▪ PhD (2013), HKU HK
    ▪ MA Arb (2006), City University HK
    ▪ M.Phil (1996), HKUST
    ▪ B.Sc (1994), CUHK

    ▪ Others
    ▪ Active speaker in HK IT security industry
    ▪ Council Member of Information Security and Forensics Society
    ▪ Vice Chairman of Cloud Security Alliance (HK&M) Chapter
    ▪ Authorized CCSK, CCAK, CCSP trainer

    Copyright © 2022 Ivan Chow, Karson Chan & Ricci IEONG Information Security and Forensics
    Society The University of Hong Kong, The Cyberport Institute of Hong Kong
    15/7/2022 3
    ▪ Full practical session

    ▪ Topics to be covered:
    ➢ Windows OS environment

    ➢ Processes

    ➢ Files (File system, content and meta data)

    ➢ Email Investigation

    ➢ Live Forensics and Investigation

    Copyright © 2022 Ivan Chow, Karson Chan & Ricci IEONG Information Security and Forensics
    Society The University of Hong Kong, The Cyberport Institute of Hong Kong
    15/7/2022 4
    ▪ SIFT Workstation

    ▪ Autopsy

    ▪ ProDiscover

    ▪ Sysinternals tools

    ▪ Nirosoft tools

    ▪ Foundstone tools

    And many more…

    Copyright © 2022 Ivan Chow, Karson Chan & Ricci IEONG Information Security and Forensics
    Society The University of Hong Kong, The Cyberport Institute of Hong Kong
    15/7/2022 5
    Date/Time Topic Instructor
    16 Jul 2022 Basic principles of computer forensics Ivan Chow &
    Introducing forensic tools Ricci IEONG
    Acquisition using EnCase / FTK imager
    Disk Structure, File Systems (FAT, ExFAT)
    23 Jul 2022 File Systems (NTFS) Ivan Chow
    Data Recovery and Carving
    06 Aug 2022 Understanding Timestamp Ivan Chow &
    Photo Forensics and Metadata Ricci IEONG
    13 Aug 2022 Live Forensics, Malware analysis basic Ricci IEONG
    Registry Artifacts, Event Logs
    20 Aug 2022 Windows LNK, Jump List forensics Ricci IEONG
    Web Browser forensics, Recycle Bin

    Copyright © 2022 Ivan Chow, Karson Chan & Ricci IEONG Information Security and Forensics
    Society The University of Hong Kong, The Cyberport Institute of Hong Kong
    15/7/2022 6
    ▪ 27 Aug 2022
    ▪ Group Exercise and Presentation

    Copyright © 2022 Ivan Chow, Karson Chan & Ricci IEONG Information Security and Forensics
    Society The University of Hong Kong, The Cyberport Institute of Hong Kong
    15/7/2022 7
    Divide yourselves groups of 3 to 4 persons:

    1. Case story board by session 3 (04 Jun 2021) – 10%

    2. Case image file by session 5 (18 Jun 2022) – 20%

    3. Case image file investigation by Session 6 (25 Jun 2022) – 20%

    Copyright © 2022 Ivan Chow, Karson Chan & Ricci IEONG Information Security and Forensics
    Society The University of Hong Kong, The Cyberport Institute of Hong Kong
    15/7/2022 8
    ▪ Open book exam

    ▪ You can look for information in your books, notes, or on the Internet

    ▪ 3-hour practical examination

    ▪ Tools can be prepared before the examination

    Copyright © 2022 Ivan Chow, Karson Chan & Ricci IEONG Information Security and Forensics
    Society The University of Hong Kong, The Cyberport Institute of Hong Kong
    15/7/2022 9
    Item Tasks Duration
    1.1 Introduction of Digital Forensics on Computer 30 minutes
    1.1a Briefing about the Case Story 15 minutes
    1.2a Disk and Disk Acquisition Exercise 30 + 30 minutes
    1.2a Volume, MBR, GPT, VBR and analysis Exercise 30 + 30 minutes
    1.2a Boot Process 15 minutes
    1.2b FAT File System 120 minutes
    1.3 File System Exercise 60 minutes
    Item Tasks Duration
    2.1 ExFAT/ NTFS FileSystem 60 + 30 minutes
    2.2 File Carving Exercise 60 + 45 minutes
    Item Tasks Duration
    3.1 Timestamp 90 minutes
    3.2 Timestamp exercise 60 minutes
    3.3 Use of EWF Tools and Super-timeline 30 minutes
    3.4 Analysis on Diana case 60 minutes
    Item Tasks Duration
    4.1 Email Forensics & Exercise 30 + 15 minutes
    4.2a Metadata & Metadata Exercise 10 + 20 minutes
    4.2b Photo Forensics & Photo Forensics Exercise 60 + 30 minutes
    4.2c Steganography & Steganography Exercise 5 + 10 minutes
    4.2d Video Forensics & Video Forensics Exercise 5 + 10 minutes
    4.3 Registry & Registry Exercise 20 + 40 minutes
    4.4 USB Device & Exercise 10 + 20 minutes
    4.5 Event Log & Exercise 15 + 30 minutes
    4.6 Live Forensics & Exercise 30 + 15 minutes
    4.7 Malware Analysis & Analysis Exercise 20 + 10 minutes
    Copyright © 2022 Ivan Chow, Karson Chan & Ricci IEONG 22/1/2022 14
    Item Tasks Duration
    5.1 User Activities (Lnk, UserAssist, ShellBag, Amcache, Jumplist, 60 + 30 minutes
    Prefetch)
    5.2 Web History 10 + 20 minutes
    5.3 Recycle Bin 10 + 20 minutes
    5.4 Searching for Similarity 15 + 15 minutes
    5.5 Consolidate Activities on forensics analysis 30 minutes +30
    minutes

    You might also like