RDS



Overview of Windows executable files (PE) and build a reference data set

Compatible with RDS NRSL format

Executable file hash value (MD5, SHA1) and major information

  • Data set configuration
    • - Windows operating system (2000, XP, 2003, Vista, 2008, etc.)
    • - Windows applications (Office, Adobe, Haansoft, etc.)
  • Service delivery approaching
    • - Web service
    • - Digital forensic software and work together.
    • - Deploying packages

While Working...
Go to Digital Forensic RDS

Smart Device Forensic System



Smart Device Forensic System

  • - A part of Integrated Automated Digital Forensic System

Overall Process

  • - Data Acquisition
    • - Flash Memory Image, Physical Memory Image, Normal File
      • - Android, iOS, USIM, ...

  • - Preprocessing & Classification
    • - Filesystem Analysis
    • - Data Classification (Carving)
    • - RDS Investigation

  • - Data Extraction & Normalization
    • - Normal & Deleted data (Application Data)
    • - Anti-Forensic Analysis (Decryption)
    • - String Extraction
    • - Credentials
    • - Timeline Extraction & Data Normalization

  • - Data Analysis
    • - Profiling
    • - Relationship Analysis
    • - Event Reconstruction
    • - Malware Analysis
    • - Overall Analysis

  • - Data Extraction & Normalization
    • - Visualization
    • - Reporting


Since 20XX

Forensic Recovery Tool



  • - The allocation of the file system, file recovery tools in the area of non-assignment development and implementation

  • - Support for major file systems (NTFS, FAT12/16/32, etc.)

  • - Support for file recover (more)


File Classification File Format
Document File - HWP : Hangul
- DOC, PPT, XLS : MS Office document using the OLE format
- ODT, ODS, ODP : open document format using open Office document
- HTM, HTML : Web article
- PDF : Adobe Acrobat
- GUL : Hunminjungem
- TXT : General documents
Graphics File - BMP : Bitmap
- GIF : Graphics Interchange Format
- PNG : Portable(Public) Network Graphic
- JPEG : Joint Photographic Experts Group
Compression File - ALZ : alzip format
- ZIP : ZIP format
- RAR : RAR format
Multimedia File - WMV, WMA : Windows Media File
- MOV : QuickTime
- ASF : Active Streaming Format
- AVI : Audio Video Interleaving
- MPG, MPEG, MP4 : MPEG
- WAV : Waveform Audio Format
Email File - PST, OST : Outlook
- DBX, IDX, MBX : Outlook Express
Others - Windows Registry File
- EVT : Windows Event Viewer Log File
- EXE, DLL, SYS : PE File

Since 20XX

Live System Forensics



Overview

  • - Active systems are normally running systems.
  • - An active system uses power when in the presence of volatile data and the power to disappear regardless of whether, in the long run be able to collect all of the data is maintained, there are non-volatile.
  • - However, BitLocker uses the system, or shut down the system, the Server service-driven environment where you are because you have to collect the data from the active system situation.
  • - The active system is altered by a malicious user could be all sorts of commands is a read-only medium, because the system uses research tools shall be stored.
  • - You should be aware that the collection of data in order to collect from should be a high priority for volatility.

Since 20XX

Digital Forensic Tool Testing Dataset



Testing Dataset

Since 20XX