Notes:
CONTENT:manual analysis
COMPARISON:md5
TRANSACTION:grave-robber
EXTRACTION:dd and cryptcat
DELETED FILE RECOVERY:unrm and lazarus
FORMAT CONVERSION:various, manual/custom
KEYWORD SEARCHING:strings
PASSWORD DECRYPTION:crackers
SOURCE CODE ANALYSIS:manual analysis
STORAGE MEDIA:
this, @stake doesn’t do – its like for typewriter “RAM”, etc…
@stake will take printer RAM into consideration however, firmware on routers, host and other devices as well.
LACKING:
. Lacks password harvesting from caches, book-marks
. Lacks examination of what systems were touched –> potential additional acquisitions
. Lacks coorelation to external data (NIDS, syslog, phone bill, firewall logs, etc...)