Presentation is loading. Please wait.

Presentation is loading. Please wait.

Remote Forensic Tools --- PDIR and EEE Tool review - remote forensic preservation and examination tools Editor : Eoghan Casey, Aaron Stanley Source : Digital.

Published byChad Allison Modified over 8 years ago

Similar presentations

Presentation on theme: "Remote Forensic Tools --- PDIR and EEE Tool review - remote forensic preservation and examination tools Editor : Eoghan Casey, Aaron Stanley Source : Digital."— Presentation transcript:

1 Remote Forensic Tools --- PDIR and EEE Tool review - remote forensic preservation and examination tools Editor : Eoghan Casey, Aaron Stanley Source : Digital Investigation (2004) Volume 1, 284 - 297 Professor : Shieh-Jeng, Wang

2 Remote Forensic Tools --- PDIR and EEE PDIR ( ProDiscover IR 3.5 ) EEE ( EnCase Enterprise Edition 4.19a ) The main propose is to integrate incident response and computer forensics.

3 What is remote forensics

4 Operation Model Servlet : --- A piece of software loaded into the memory of the subject computer. --- This program starts a process listens for outside connections.

5 Installation methods for Stand-alone computer Login script System patch The third-party tools : psexec Dameware Secure Shell (SHH)

6 Relationships

7 Communication security Thawte in PDIR. SAFE ( Secure Authentication for EnCase ) in EEE.

8 Considerations for the network-based computer Router Access Control Lists Internal firewall Personal firewall They are barriers that prevent examiners from connecting to the servlet. EEE servlet must run on the 4445 port. PDIR servlet can use any port.

9 Functionalities (A) Memory inspection --- Snapshot module Storage media examination : --- Physical disks --- Logical volumes --- RAM disks (the PGP disk) --- only EEE Mounted network drives are not detected by either tool.

10 Functionalities (B) Keyword research MD5 hash comparison EEE can combine file listings multiple system. ( PDIR connect to one remote host at a time ) Both PDIR and EEE can acquire the entire contents of a hard drive or partition of a remote host.

11 Security PDIR uses Global Unique Identifiers to restrict a servlet to one client and to prevent tampering with the network communication. EEE uses a dedicated system called the SAFE to manage security. The SAFE protocol uses a combination of public, private, and session keys to ensure that all connections to the remote servlets are authorized and encrypted.

12 Performance In pre-viewing mode, PDIR uses an average of 340 kb/s of network bandwidth, whereas the EEE uses 50kb/s. In acquisition mode, PDIR uses an average of 5.5MB/s of network bandwidth, whereas the EEE uses 3.5MB/s.

13 Conclusion PDIR is design for examining a small number of system. EEE is designed to integrate with enterprise security architecture an examine a large number of systems simultaneously.

Download ppt "Remote Forensic Tools --- PDIR and EEE Tool review - remote forensic preservation and examination tools Editor : Eoghan Casey, Aaron Stanley Source : Digital."

Similar presentations

Working with Disks and Devices

Working with Disks and Devices
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.

Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.
Remote Desktop Connection Techniques Wireless Communication Networks.

Remote Desktop Connection Techniques Wireless Communication Networks.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
1.1 Installing Windows Server 2008 Windows Server 2008 Editions Windows Server 2008 Installation Requirements X64 Installation Considerations Preparing.

1.1 Installing Windows Server 2008 Windows Server 2008 Editions Windows Server 2008 Installation Requirements X64 Installation Considerations Preparing.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Presenter: Vikash Nath MCP, CCNA, MCTS. On-Premise Private Cloud Public Cloud Hybrid Cloud.

Presenter: Vikash Nath MCP, CCNA, MCTS. On-Premise Private Cloud Public Cloud Hybrid Cloud.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
Data Acquisition Chao-Hsien Chu, Ph.D.

Data Acquisition Chao-Hsien Chu, Ph.D.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Capturing Computer Evidence Extracting Information.

Capturing Computer Evidence Extracting Information.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Similar presentations

Ads by Google