Notes - MCS
Computer Systems Forensic Analysis
Notes - MCS
Computer Systems Forensic Analysis
  • Computer Systems Forensic Analysis
  • Overview of Cybercrime
    • Cyberspace
    • Information Security Principles
    • Cybercrime vs. Computer Crime
    • Cybercrime slang
      • Images
    • Digital Evidence
  • Introduction to Digital Forensics
    • Concepts
    • Digital Forensic
    • Digital Investigation
    • Digital Crime Scene Investigation Methodology
    • Digital Evidence Handling
    • Ethical Code
  • Obtaining Evidences
    • Introduction
    • Boot Process
    • Secuere Boot Process
    • Windows Boot Process
    • Forensic Boot Tools
    • Bootable CD-ROMS - Linux Based
    • ADS
    • Forensic Sorting Tools
    • Forensic Acquisition
    • Dealing With Media Errors
    • Hidden Areas
    • Write Protection of Evidence Media
    • Storing Acquired Data
    • Image File Acquisition
    • Hash Values
  • Data Organization
    • Data Organization
    • File System
    • File Content
    • Endianness
    • Character Encoding
    • Data Structures
    • Date and Time
    • Encoding
  • Storage Devices
    • BIOS versus direct access
    • Hard Disk Geometry
    • Advanced Technology Attachment Interface
      • Device Configuration Overlay
    • Small Computer Systems Interface
    • NAND Flash memory
    • Level wearing
    • HDD vs SSD
    • Pen USB vs SSD Comparison
    • SSD Connectors, Interfaces, and Transfer Protocols
  • Volumes and Partitions
    • Concepts
    • Partition Tables
    • Sectors Addresses
    • Logical addresses
    • Volume Analysis
    • Types of Partition Tables
    • Common Partition Tables (MBR)
    • Boot Code
    • MBR examination
    • Removable Storage
    • Common Partition Tables (GPT)
    • Common Partition Tables (BSD)
    • Volumes’ Aggregation
  • RAM Analysis
    • RAM Analysis
    • General Computer Architecture
    • DMA – Direct Memory Access
    • Paging
    • Memory Acquisition
  • Mobile Forensics
    • Forensic value of phones
    • International Mobile Equipment Identifier
    • Potential Evidence
    • Forensics Dangers
    • Data Acquisition
    • Logical acquisition
    • Physical acquisition
    • Hashing
    • Software tools
  • Open Source INTelligence
    • Classical sources of information and intelligence
    • Evolution of OSINT - Open Sources Intelligence
    • Information sources
    • Closed source of information
    • Open sources
    • Information to Intelligence Cycle
    • Skills of the Analyst
    • Open Source Possibilities
    • Automated Processing
    • DarkNet
  • Documentation and Reporting
    • Introduction
    • Physical examination
    • Examining a computer
    • Media Examination
    • Examples of things to write in the report
    • Forensic Report
Powered by GitBook
On this page
  • OSINT process
  • Cognitive deviations (bias)
  1. Open Source INTelligence

Skills of the Analyst

Discipline in collecting due to excessive information.

Time
Task
Description

15 minutes

Requirements definition

Ensure an understanding of commander’s intent

30 minutes

Internet Collection

Use search tools, rapidly identify top ten sites and review

15 minutes

Resources’ Table

Create Resources’ Table for future use and for customer’s reference

60 minutes

Commercial Collection

Use fee sources, identify top 20 items for exploitation

60 minutes

Analysis

Read, understand, evaluate, and structure collected information

60 minutes

Production

Carefully create an analytical summary, table of contents, and slides

4 hours – Total time to produce an open-source analysis report using only internal sources.

OSINT process

  1. know who knows - have in-depth knowledge of the available sources’ characteristics.

  2. know what’s what - ability to evaluate and assess the validity, scope, degree of accuracy, and timeliness of the requirements.

  3. know what’s hot - the ability to distinguish what is important and relevant.

  4. know who’s who - the ability to distinguish between facts and speculation and avoid cognitive bias from the sources.

Cognitive deviations (bias)

  • systematic error in thinking that affects the decisions and judgments that people make.

  • individuals create their subjective social reality from their perception of the input.

  • may lead to perceptual distortion, inaccurate judgment, illogical interpretation, or what is broadly called irrationality.

The analyst should be able to avoid cognitive bias from the sources and from his own education, origin, religion, culture and profession.

Last updated 1 year ago