Download - CHFI 1
Module LXIV - Forensics Investigation Templates
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Forensics Investigation Templates
11. CD Investigation Checklist
12. Zip Drive Investigation Checklist
13. Flash Drives Investigation Checklist
14. Tape Investigation Checklist
15. Handheld Device Investigation Checklist
16. Fax Investigation Checklist
17. Hub Investigation Checklist
18. Switch Investigation Checklist
19. Router Investigation Checklist
20. Physical Security Checklist
21. Identity Theft Checklist
1. Case Feedback Form
2. Seizure Record
3. List of Evidences Gathered Form
4. Evidence Preservation Checklist
5. BIOS Configuration
6. System Configuration
7. Application Summary
8. Monitor Investigation Checklist
9. Hard Disk Investigation Checklist
10. Floppy Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Case Feedback Form
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Case Feedback Form (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Seizure Record
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Seizure Record (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
List of Evidence Gathered Form
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
List of Evidences Gathered Form (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Evidence Preservation Checklist
1 • Photograph crime scene
2 • Report the crime immediately to immediate authority
3 • Leave the computers and equipment as they are
4 • Don’t shut down or switch on the computers
5 • Switch over to your backup/failover systems
6 • Don’t run any programs
7 • Don’t access files
8 • Establish the chain of custody from the beginning
9 • Preserve physical evidence
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
BIOS Configuration
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
BIOS Configuration (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
System Configuration
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
System Configuration (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
System Configuration (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Application Summary
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Application Summary (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Monitor Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Monitor Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Hard Disk Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Hard Disk Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Hard Disk Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Floppy Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Floppy Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
CD Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
CD Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Zip Drive Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Zip Drive Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Flash Drives Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Flash Drives Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Tape Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Tape Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: Blackberry
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: Blackberry (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: Blackberry (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: Blackberry (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: iPod
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: iPod (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: iPod (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: Mobile Phone
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: Mobile Phone (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: Mobile Phone (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: PDA
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: PDA (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Handheld Device Investigation Checklist: PDA (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Fax Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Fax Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Fax Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Hub Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Hub Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Hub Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Switch Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Switch Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Switch Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Router Investigation Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Router Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Router Investigation Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Physical Security Checklist
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Physical Security Checklist (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Identity Theft Checklist
1. Report the crime to the police:1. Provide copies of evidence
2. Obtain copy of the Police Report
2. Request information on fraudulent accounts
3. In the case of lost credit cards:1. Call the bank and close your account
2. Follow up and trace your cards
4. In case your mail is stolen and your address is changed:1. Notify the postal inspector
5. If someone has stolen your Social Security number:1. Call the Employment Department
6. Contact FTC (Federal Trade Commission)
7. Other:1. Use secure mailboxes to send and receive mail
2. Shred confidential documents
3. Review credit reports annually
4. Report lost or stolen checks immediately
5. Do not ignore bills that include suspicious charges