Notes:
- Forensics: how was the impact or damage determined
- Acquisition, analysis, documentation, presentation
- Forensic tool kit (FTK)
- Reconstructing the image: make sure there is no tampering, get a golden copy
- GUI: graphic user interface
- Encryption: make things secure and you can decrypt to get the file back
- Hashing: used for comparing but cannot get it back (defend against man in the middle attacks, compare to find any tampering)
- Slack space: put in secret information into files which others can’t see (an important form of evidence in the field of forensic investigation. Often, slack space can contain relevant information about a suspect that a prosecutor can use in a trial)
- HxD
- Multihasher
- Autopsy
- WireShark
Using autopsy to analyze images in forensics:
Hiding and extracting hidden information(Steganography) from an image(jpeg):
~17 June 2021
Comentários