High-Level Forensic Analysis for Rogue Wireless Access Point Investigation

Slide Note
Embed
Share

Delve into the intricacies of forensic analysis in handling rogue Wireless Access Points (WAPs). Learn how to identify, preserve, and analyze digital evidence in investigating unauthorized WAPs, including establishing incident questions, determining where to find crucial information, and conducting forensic analysis to uncover the who, what, and when of rogue WAP activities.

ebrah
ebrah Follow

Uploaded on Sep 20, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Preparing for Forensic Analysis Security Planning Susan Lincke

  2. Title of the Presentation | 9/20/2024| 2 Objectives Students should be able to: Define and describe computer forensics: authenticity, continuity, forensic copy, chain of custody, root cause, Describe steps to obtain computer forensic information during an investigation. Describe general capabilities of a forensic tool. Describe steps to copy a disk. Define discovery, e-discovery, deposition, declaration, affidavit, fact witness, expert consultant, expert witness.

  3. Title of the Presentation | 9/20/2024| 3 Computer Forensics Information Systems Forensics The process of identifying preserving, analyzing and presenting digital evidence for a legal proceeding

  4. Title of the Presentation | 9/20/2024| 4 Aspects in Forensic Analysis High Level Forensic Analysis Forensic Analysis Legal Technical Forensics Perspective

  5. Title of the Presentation | 9/20/2024| 5 Establishing High-level Forensic Questions Incident Questions to Investigate Rogue Wireless Access Point (WAP) When did the rogue WAP appear? Who connected to it? Who introduced it? How do we eliminate it? What information passed through the rogue WAP and may have been compromised? What else might the owner of the rogue WAP do?

  6. Title of the Presentation | 9/20/2024| 6 Determining Where to Find Information: Rogue Wireless Access Point Potential Incident Rogue Wireless Access Point Important Information to Obtain Currently connected terminals (to rogue WAP and true WAP) Location of Information Accessible Wireshark: Connect Wireshark with radio capability and monitor for current transmissions: 1) observe MAC addresses interfacing with rogue and true WAP; 2) observe MAC address of rogue WAP and identify network card type; 3) Follow signal strength to rogue WAP area DHCP: Determine which MAC addresses connected at which times, including rogue WAP. WAP: Determine when MAC addresses connected and left the true WAP. Switch: Identify switch physical port and wire from rogue WAP s MAC address to determine where rogue WAP connects. Confirm Ethernet address, network card match DNS cache indicates IP addresses recently accessed; People interviews Equipment inventory list: assigned person Camera (if available nearby) Forensic analysis on machine running rogue WAP, to investigate or confirm what happened during timeframe in question Characteristics and identity of rogue WAP Connection time of affected terminals and rogue WAP Location of rogue WAP Apps used by persons during this time Person who installed rogue WAP Determine what rogue WAP accessed

  7. Title of the Presentation | 9/20/2024| 7 Balancing Priorities Consider the following priorities in advance of an event: Value Value: What information is most important? Effort: What information is easily accessible? Volatility: What information will disappear (e.g., in memory)? Balance: Volatility Effort

  8. Title of the Presentation | 9/20/2024| 8 Technical Perspective: Methods to Collect Evidence Three important methods to collect artifacts, include: Value Collecting volatile information: the current picture of what is happening; Collecting and analyzing logs Copying and analyzing disk images Balance: Volatility Effort

  9. Title of the Presentation | 9/20/2024| 9 Computer Crime Investigation Analyze copied images Call Incident Response Evidence must be unaltered Chain of custody professionally maintained Copy memory, processes files, connections In progress Take photos of surrounding area Four considerations: Identify evidence Preserve evidence Analyze copy of evidence Present evidence Preserve original system In locked storage w. min. access Power down Copy disk

  10. Title of the Presentation | 9/20/2024 | 10 Aspects in Forensic Analysis High Level Forensic Analysis Forensic Analysis Legal Technical Forensics Perspective

  11. Title of the Presentation | 9/20/2024 | 11 Network Forensics: Where to Find Forensic Information Connections, Network, Transport layer prohibited packets, configuration changes MAC Addresses, configurations, monitoring Router: Source IP address tracking, illegal packets, statistics, configuration changes Authentication Server: Successful/unsuccessful logon, unusual times DHCP: Translates MAC address to IP address, possibly machine name, can derive manufacturer/type DNS: Cache lookups track who accessed services when (e.g., email, web, ssh) Web Proxy: Web accesses, malware origination, view downloaded web pages Application Server: View normal events, errors and abuses via logs Switch: Translate MAC address to physical port, monitor traffic

  12. Title of the Presentation | 9/20/2024 | 12 Collecting Important Technical Information Source Security Information Sample attacks IP spoofing, DDOS, formatting errors (e.g., LAND, teardrop), footprinting/nmap, illegal destination IP or port numbers DDOS/flooding, amplification attacks, formatting errors, fragmentation attacks, exfiltration Router Reverse IP address, statistics, illegal packets Prohibited packets for covered protocols, statistics Firewall Track who accessed services when (email, web, ssh) DNS Inappropriate websites, DNS downloads Application Server View abnormal and abusive events, and potentially view completed events Formatting errors, encoding attacks, SQL attacks Authentication Server Switch Successful/unsuccessful login, unusual times Translate MAC address to physical port Password attacks (dictionary, brute force), impersonation MAC spoofing Wireless Access Point Identify (inappropriate) MAC address Rogue WAP, MAC spoofing Track web accesses, cache status of web accesses Web Proxy Malware origins, inappropriate web accesses Intrusion Detection All Devices Track specific application attacks Nmap, encoding attacks Hiding tracks, enabling backdoors, password attacks Configuration changes, cleared logs, login

  13. Title of the Presentation | 9/20/2024 | 13 Collecting Volatile Information A jump drive: enables the investigator to record volatile information reliably in a short time. The jump drive includes command script(s) containing commands to record volatile information. Volatile information should be recorded in the order of volatility and may consists of: Processor memory: Cache and registers (For routers, switches and NIDS, this includes recording the running configuration.) Network state including current network connections, the routing configuration and ARP table. List of running processes Current statistics and recent command history. Swap file: This is the recent memory used by a computer for virtual memory purposes. Date and time, for evidentiary purposes. The date and time should be recorded as the first and last commands of the jump drive script.

  14. Title of the Presentation | 9/20/2024 | 14 Linux Commands Command: Function: Date Display the current date and time dd if=/dev/mem of=/evidence/case123.memory Copy memory from main memory (/dev/mem) and writing to evidence/case123.memory or an appropriate path. hostname Print the host name of this machine, applicable if IP address is in a DNS. ls -la List directories including permissions, last modifications uptime Display how long the system has been powered up printenv Print the environmental variables (e.g., command paths) pstree a Display a tree of processes ps ef Display statistics of all current processes who Display logged-in users last Display history of all users logged in and system boot time history Display the command history of the last 500 commands Ip Display IP address, router, DNS server with varied options netstat Display connections and active network listeners netstat nr Display routing table arp a Display arp table Systemctl Displays the status of all services Date Display the current date and time

  15. Title of the Presentation | 9/20/2024 | 15 Collecting Initial Information A forensic jumpkit includes: a laptop or memory stick with preconfigured with protocol sniffers and forensic software network taps and cables Since the attacked computer may be contaminated, the jumpkit must be considered reliable The investigator is likely to: Get a full memory image snapshot, to obtain network connections, open files, in progress processes Photograph computer: active screen, inside, outside computer for full configuration Take disk image snapshot to analyze disk contents. The investigator must not taint the evidence. E.g., a cell phone left on to retain evidence must be kept in a Faraday bag to shield phone from connecting to networks

  16. Title of the Presentation | 9/20/2024 | 16 Windows Log Priorities Windows Logs can be sorted by priority when the logs are displayed. Priorities include: Critical: Requires immediate attention Error: Problem does not require immediate attention Warning: A future problem is arising Information: For your information Since logs may be modified by attackers to hide their tracks, it is important to forward, in particular, security-related and priority logs to a dedicated centralized log server

  17. Table 16.5: Important Windows Logs and their Sources (Example) Title of the Presentation | 9/20/2024 | 17 Important Windows Logs and their Sources (Example) Important Information Device(s) Required Logs Notification Method Expanded security permissions Windows 4728, 4732, 4756 Member added to security-enabled group Alert by SIEM Password guessing Windows Logs deleted or disabled 4740 User account locked out 1102 Log deleted 4719 Log recording is disabled 4902 Changes to audit policy, can include turning off logging Alert by SIEM Alert by SIEM Windows Try to access privileged file or directory Windows 4663 Attempt made to access object Log Access the password hash file Windows 4782 Password hash account accessed Alert by SIEM Computer account created Windows 4741, 4742 Computer account created or changed Alert by SIEM

  18. Title of the Presentation | 9/20/2024 | 18 Windows Event View for Logs Operating System Logs Applications Logs Logs forwarded from other systems are stored here Patches applied or failed to apply OS events: low power, system connections MMC policy failures (audit), logon/logoff, resource utilization Some MS apps: e.g., Outlook, MS Edge

  19. Title of the Presentation | 9/20/2024 | 19 UNIX, Linux Logging Systems UNIX/Linux: System log capabilities include Syslog: Initial version Syslog-ng, rsyslogd provide extra capabilities to support both TCP and UDP, use encryption, and support enhanced configurability. Rsyslogd (reliable and extended syslog): supports IPv6 and high precision timestamps. Journalctl utilizes syslog s priorities and its next generation utilities. The format of Linux/UNIX logs is: <date> <time> <device> <command>[Process ID]: <log text>.

  20. Title of the Presentation | 9/20/2024 | 20 Where to Find Files in UNIX, Linux, Mac UNIX, Linux and Mac configuration files are located in /etc. The log configuration file may be found in an /etc directory, such as /etc/syslog.conf or /etc/syslog-ng/syslog-ng.conf or /etc/systemd. Logs are normally stored in files at /var/log, if not forwarded to a centralized log server. Log files are often named after <facility>.<severity>, where <facility> indicates the functional category and <severity> relates to the priority.

  21. Title of the Presentation | 9/20/2024 | 21 Creating a Forensic Copy 2) Accuracy Feature: Tool is accepted as accurate by the scientific community: 4) One-way Copy: Cannot modify original; set write-protect Mirror Image Original 5) Bit-by-Bit Copy: Mirror image 3) Forensically Sterile: Wipes existing data; Records sterility 1) & 6) Calculate Message Digest: Before and after copy 7) Calculate Message Digest Validate correctness of copy; set write-protect

  22. Title of the Presentation | 9/20/2024 | 22 Forensic Tools Normalizing data = converting disk data to easily readable form Forensic tools analyze disk or media copy for: logs file timestamps file contents recycle bin contents unallocated disk memory contents (or file slack) specific keywords anywhere on disk application behavior. The investigator: launches the application on a virtual machine runs identical versions of OS and software packages.

  23. Title of the Presentation | 9/20/2024 | 23 Forensic Software Tools EnCase: Interprets hard drives of various OS, tablets, smartphones and removable media for use in court. (www.guidancesoftware.com) Forensic Tool Kit (FTK): Supports Windows, Apple, UNIX/Linux OS including analysis of volatile (RAM and O.S. structures) and nonvolatile data for use in a court. (www.accessdata.com) Cellebrite: Handles commercial mobile devices for use in a court. Mobile devices are connected via appropriate cables to a workstation with the forensic tool installed, or via a travel kit. (www.cellebrite.com) ProDiscover: Analyzes hard disks for Windows, Linux and Solaris OS. An Incident Response tool can remotely evaluate a live system. (www.techpathways.com) X-ways: Specializes in Windows OS. X-ways can evaluate a system via a USB-stick without installation, and requires less memory. (www.x-ways.net) Sleuthkit: An open-source tool evaluates Windows, Unix, Linux and OS-X. It is programmer-extendable. Sleuth Kit (TSK) = command-line tool; Autopsy = graphical interface. (www.sleuthkit.org)

  24. Title of the Presentation | 9/20/2024 | 24 Example Required Skills & Training Expertise Name(s) Contact Information: Email, Phone Training Completed (or Needed) Forensic software Forensic certification Networking, Protocol analysis Host logs Windows, Linux, SIEM Expertise Networking education or certification System certification (per system being analyzed)

  25. Title of the Presentation | 9/20/2024 | 25 Aspects in Forensic Analysis High Level Forensic Analysis Forensic Analysis Legal Technical Forensics Perspective

  26. Title of the Presentation | 9/20/2024 | 26 Computer Forensics Did a crime occur? If so, what occurred? Evidence must pass tests for: Authenticity: Evidence is a true unmodified original from the crime scene Computer Forensics does not destroy or alter the evidence If disk is modified, not admissible in court of law Continuity: Chain of custody assures that the evidence is intact and history is known

  27. Title of the Presentation | 9/20/2024 | 27 Chain of Custody 11:05-11:44 System ABC Volatile memory copied PKB & RFT 11:47-1:05 Disk ABC Copied RFT & PKB 11:04 Inc. Resp. team arrives Time Line 10:53 AM Attack observed Jan K 11:15 11:45 1:15 System ABC brought Offline RFT System ABC Powered down PKB & RFT Disk copy ABC locked in static-free bag in Building P room 122 RFT & PKB Who did what to evidence when? (Witness is required)

  28. Title of the Presentation | 9/20/2024 | 28 Chain of Custody Requirements Chain of Custody: tracks who handled the evidence from minute to minute and ensures that the evidence was properly sealed and locked away with extremely limited access. The Chain of Custody document describes: when and where the evidence was held/stored, and the name, title, contact information and signature for each person who held or had access to the evidence at every time point and why they had access

  29. Title of the Presentation | 9/20/2024 | 29 Chain of Custody A chain of custody document tracks: Case number Device s model and serial number (if available) When and where the evidence was held/stored For each person who held or had access to the evidence (at every time) name, title, contact information and signature why they had access It is useful to have a witness at each point Evidence is stored in evidence bags, sealed with evidence tape

  30. Title of the Presentation | 9/20/2024 | 30 The Investigation Report The Investigation Report describes the incident accurately. It: Provides full details of all evidence, easily referenced Describes forensic tools used in the investigation Includes interview and communication info Provides actual results data of forensic analysis Describes how all conclusions are reached in an unambiguous and understandable way Includes the investigator s contact information and dates of the investigation Is signed by the investigator

  31. Title of the Presentation | 9/20/2024 | 31 Digital Evidence Digital Evidence form describes a piece of evidence, including: Timeline: where/when it was collected, stored and imaged Witnesses to transactions Evidence description: includes manufacturer, model, serial number, and digital hashes. Cryptographic hashes: ensure that the forensic artifacts are not modified. Evidence is stored in evidence bags, sealed with evidence tape, and stored in locked cabinets in a secured room.

  32. Title of the Presentation | 9/20/2024 | 32 Applied to U.S. ADVANCED: JUDICIAL PROCEDURE

  33. Title of the Presentation | 9/20/2024 | 33 The Investigation (U.S.) Avoid Infringing on the rights of the suspect Warrant required unless Organization/home gives permission; the crime is communicated to a third party; the evidence is in plain site or is in danger of being destroyed; evidence is found during a normal arrest process; or if police are in hot pursuit. Computer searches generally require a warrant except: When a signed acceptable use policy authorizes permission If computer repair person notices illegal activities (e.g., child pornography) they can report the computer to law enforcement

  34. Title of the Presentation | 9/20/2024 | 34 Preparing for Court When the case is brought to court, the tools & techniques used will be qualified for court: Disk copy tool and forensic analysis tools must be standard Investigator s qualifications include education level, forensic training & certification: forensic software vendors (e.g., EnCase, FTK) OR independent organizations (e.g.: Certified Computer Forensics Examiner or Certified Forensic Computer Examiner). Some states require a private detective license.

  35. Title of the Presentation | 9/20/2024 | 35 A Judicial Procedure Civil Case Criminal Case Plaintiff files Complaint (or lawsuit) Law enforcement arrests defendant Reads Miranda rights Defendant sends Answer within 20 days Prosecutor files an Information with charges or Grand Jury issues an indictment Plaintiff & Defendant provide list of evidence and witnesses to other side Discovery Phase Responsive documents Plaintiff & Defendant request testimony, files, documents The Trial

  36. Title of the Presentation | 9/20/2024 | 36 E-Discovery Electronic Responsive Documents = Electronically Stored Info (ESI) or E-Discovery The U.S. Federal Rules of Civil Procedure define how ESI should be requested and formatted E-requests can be general or specific: specific document set of emails referencing a particular topic. Discovery usually ends 1-2 months before trial, or when both sides agree All court reports become public documents unless specifically sealed.

  37. Title of the Presentation | 9/20/2024 | 37 Discovery Stage Depositions: interviews of the key parties, e.g., witnesses or consultants question-and-answer session all statements recorded by court reporter; possible video The deponent (person being questioned) may correct transcript before it is entered into court record. Declarations: written documents Declarer states publicly their findings and conclusions Full references to public documents helps believability Includes name, title, employer, qualifications, often billing rate, role, signature Affidavit: a declaration signed by a notary Both declarations and affidavits are limited to support motions

  38. Title of the Presentation | 9/20/2024 | 38 Witnesses Witnesses must present their qualifications Notes accessible during discovery? NO: Email correspondence with lawyers is given attorney-client privilege YES: Notes, reports, and chain of custody documents are discoverable. Witnesses may include (least to most qualified): Fact witnesses report on their participation in the case, generally in obtaining and analyzing evidence. Expert consultants help lawyers understand technical details, but do not testify or give depositions Expert witnesses provide expert opinions within reports and/or testimony E.g., Computer forensic examiners Do not need first-hand knowledge of case; can interpret evidence Expert witness mistakes can ruin reputation

  39. Title of the Presentation | 9/20/2024 | 39 The Trial Stages of the Trial In U.S. and U.K. Case law is determined by: Regulation AND/OR precedence: previous decisions hold weight when regulation is not explicit and must be interpreted Opening Arguments Plaintiff s case Burden of Proof: In U.S. & U.K. criminal case : beyond a reasonable doubt that the defendant committed the crime In U.K. civil case: the balance of probabilities or more sure than not Defendant s case Closing arguments

  40. Title of the Presentation | 9/20/2024 | 40 Matching Question: Where to find information ? Jumpkit Translation of IP address to MAC address DHCP Translation of MAC address to physical port Domain Name Server Sequence of Internet lookups Switch Volatile information Forensic Software Successful and unsuccessful logins Authentication Server File and disk usage

  41. Title of the Presentation | 9/20/2024 | 41 Matching Question: Where to find information ? Jumpkit Translation of IP address to MAC address DHCP Translation of MAC address to physical port Domain Name Server Sequence of Internet lookups Switch Volatile information Forensic Software Successful and unsuccessful logins Authentication Server File and disk usage

  42. Title of the Presentation | 9/20/2024 | 42 Question Authenticity requires: 1. Chain of custody forms are completed 2. The original equipment is not touched during the investigation 3. Law enforcement assists in investigating evidence 4. The data is a true and unmodified original from the crime scene

  43. Title of the Presentation | 9/20/2024 | 43 Question You are developing an Incident Response Plan. An executive order is that the network shall remain up, and intruders are to be pursued. Your first step is to 1. Use commands off the local disk to record what is in memory 2. Use commands off of a memory stick to record what is in memory 3. Find a witness and log times of events 4. Call your manager and a lawyer in that order

  44. Title of the Presentation | 9/20/2024 | 44 Question What is NOT TRUE about forensic disk copies? 1. The first step in a copy is to calculate the message digest 2. Forensic analysis for presentation in court should always occur on the original disk 3. Normalization is a forensics stage which converts raw data to an understood format (e.g., ASCII, graphs, ) 4. Forensic copies requires a bit-by-bit copy

  45. Title of the Presentation | 9/20/2024 | 45 Summary Planning is necessary Without preparation, no incident will be detected Incident handlers should not decide what needs to be done. Stages: Identification: Determine what has happened Containment & Escalation: Limit incident Analysis & Eradication: Analyze root cause, repair Restore: Test and return to normal Process Improvement (Possibly) Breach Notification If case is to be prosecuted: Evidence must be carefully handled: Authenticity & Continuity Expert testimony must be qualified, accurate, bullet-proof

  46. Title of the Presentation | 9/20/2024 | 46 Jamie Ramon MD Doctor Chris Ramon RD Dietician Terry Licensed Practicing Nurse Pat Software Consultant HEALTH FIRST CASE STUDY Preparing for Forensic Analysis

  47. Title of the Presentation | 9/20/2024 | 47 Problem Statement Consider one of the following scenarios: 1) The application server is heavily loaded, delays are becoming unbearable even to sales personnel. 2) An application server has reported that its log file is close to overflowing. This is abnormal; normally critical logs are stored offline weekly. 3) An application server s antivirus has reported malware.

  48. Title of the Presentation | 9/20/2024 | 48 Problem 1: What are the critical questions that should be asked? Incident Questions to Investigate Rogue Wireless Access Point (WAP) When did the rogue WAP appear? Who connected to it? Who introduced it? How do we eliminate it? What information passed through the rogue WAP and may have been compromised? What else might the owner of the rogue WAP do?

  49. Title of the Presentation | 9/20/2024 | 49 Problem 2: Where can we get additional information that will help? Potential Incident Rogue Wireless Access Point Important Information to Obtain Currently connected terminals (to rogue WAP and true WAP) Location of Information Accessible Wireshark: Connect Wireshark with radio capability and monitor for current transmissions: 1) observe MAC addresses interfacing with rogue and true WAP; 2) observe MAC address of rogue WAP and identify network card type; 3) Follow signal strength to rogue WAP area DHCP: Determine which MAC addresses connected at which times, including rogue WAP. WAP: Determine when MAC addresses connected and left the true WAP. Switch: Identify switch physical port and wire from rogue WAP s MAC address to determine where rogue WAP connects. Confirm Ethernet address, network card match DNS cache indicates IP addresses recently accessed; People interviews Equipment inventory list: assigned person Camera (if available nearby) Forensic analysis on machine running rogue WAP, to investigate or confirm what happened during timeframe in question Characteristics and identity of rogue WAP Connection time of affected terminals and rogue WAP Location of rogue WAP Apps used by persons during this time Person who installed rogue WAP Determine what rogue WAP accessed

  50. Title of the Presentation | 9/20/2024 | 50 Network Forensics: Where to Find Forensic Information Connections, Network, Transport layer prohibited packets, configuration changes MAC Addresses, configurations, monitoring Router: Source IP address tracking, illegal packets, statistics, configuration changes Authentication Server: Successful/unsuccessful logon, unusual times DHCP: Translates MAC address to IP address, possibly machine name, can derive manufacturer/type DNS: Cache lookups track who accessed services when (e.g., email, web, ssh) Web Proxy: Web accesses, malware origination, view downloaded web pages Application Server: View normal events, errors and abuses via logs Switch: Translate MAC address to physical port, monitor traffic

Related


Exploring Forensic Science: The Intersection of Science and Law

Exploring Forensic Science: The Intersection of Science and Law

navy
Understanding Wireless Communication Networks by Dr. K. Gopi at SITAMS

Understanding Wireless Communication Networks by Dr. K. Gopi at SITAMS

thelonious
Introduction to Forensic Psychology and its Intersection with Law

Introduction to Forensic Psychology and its Intersection with Law

baxter
Scrolls:Rolling Flexible Surfaces for Wideband Wireless

Scrolls:Rolling Flexible Surfaces for Wideband Wireless

prudence
Exploring Wireless Technologies and Mobile Commerce

Exploring Wireless Technologies and Mobile Commerce

rut_mac
Understanding Crime Scene Basics and Forensic Science Careers

Understanding Crime Scene Basics and Forensic Science Careers

jakai
Forensic Anthropology and Missing Persons Investigation

Forensic Anthropology and Missing Persons Investigation

mariyah
Understanding Handwriting Analysis in Forensic Science

Understanding Handwriting Analysis in Forensic Science

mindelst
Understanding Crash Investigation Procedures

Understanding Crash Investigation Procedures

odin
Requirements for Historical Investigation Internal Assessment

Requirements for Historical Investigation Internal Assessment

kart_358
Forensic Analysis Instruments: Microscope vs. Borescope

Forensic Analysis Instruments: Microscope vs. Borescope

leximae
Analysis of Explosive Impact in Forensic Science

Analysis of Explosive Impact in Forensic Science

ace
Impact of Blasphemy on Social Media: Forensic Linguistic Analysis

Impact of Blasphemy on Social Media: Forensic Linguistic Analysis

jonty
Comprehensive Overview of Molecular Diagnostics, Cytogenetics, and Forensic Biology

Comprehensive Overview of Molecular Diagnostics, Cytogenetics, and Forensic Biology

maxen
Computer Forensic Fundamentals in Modern Computing Environment

Computer Forensic Fundamentals in Modern Computing Environment

roise
Biomedical Forensics: Solving Mysteries Through DNA Analysis

Biomedical Forensics: Solving Mysteries Through DNA Analysis

mans106
Overview of Forensic Fingerprinting Techniques

Overview of Forensic Fingerprinting Techniques

gain_53
Rate Optimization in Wideband RIS-assisted Wireless Systems

Rate Optimization in Wideband RIS-assisted Wireless Systems

llewellyn
Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

quer_sna
Wireless Network Essentials and Classification

Wireless Network Essentials and Classification

aisl_373
Title IX Webinar #3 on Investigation and Hearing Process Changes

Title IX Webinar #3 on Investigation and Hearing Process Changes

hus_wen
Modernizing Forensics: Transforming Strategies for Better Justice

Modernizing Forensics: Transforming Strategies for Better Justice

yasir
Career Insights: Forensic Psychology and Ultrasound Technician

Career Insights: Forensic Psychology and Ultrasound Technician

buster
Forensic Science Lab: Fingerprint Collection and Classification

Forensic Science Lab: Fingerprint Collection and Classification

laan769

More Related Content

Physical Health and Activity of Forensic Mental Health Patients Research Project
Physical Health and Activity of Forensic Mental Health Patients Research Project
Advancing Research and Innovation in Neglected Tropical Diseases and Forensic Biotechnology at Ahmadu Bello University, Zaria
Advancing Research and Innovation in Neglected Tropical Diseases and Forensic Biotechnology at Ahmadu Bello University, Zaria
Enhancing Geotechnical Investigation Methods in Ghana for Foundation Design of Large Structures
Enhancing Geotechnical Investigation Methods in Ghana for Foundation Design of Large Structures
Simpson's Forensic Medicine
Simpson's Forensic Medicine
Purrfect Match Case Study: Solving a Homicide Mystery
Purrfect Match Case Study: Solving a Homicide Mystery
Understanding IEEE 802.11b Wireless LANs
Understanding IEEE 802.11b Wireless LANs
Guide to Creating Access from Wired to Wireless Devices Using Airborne AP Ethernet Bridge
Guide to Creating Access from Wired to Wireless Devices Using Airborne AP Ethernet Bridge
Procedure and Jurisdiction Under a Specific Act for Investigation of Offences
Procedure and Jurisdiction Under a Specific Act for Investigation of Offences
Global Impact of Auto Parts Investigation and Cartel Enforcement
Global Impact of Auto Parts Investigation and Cartel Enforcement
Murder and a Meal: Investigation of a Mysterious Crime Through Macromolecules
Murder and a Meal: Investigation of a Mysterious Crime Through Macromolecules
Computer Forensics: Capturing and Verifying Evidence
Computer Forensics: Capturing and Verifying Evidence
Understanding Forensic Accounting and Fraud - Types and Definitions
Understanding Forensic Accounting and Fraud - Types and Definitions
Understanding Floating Point Representation in Binary Systems
Understanding Floating Point Representation in Binary Systems
Evolution of Wireless-Wireline Convergence in 5G Networks
Evolution of Wireless-Wireline Convergence in 5G Networks
Wireless Sensing Privacy Discussions in May 2023 Document
Wireless Sensing Privacy Discussions in May 2023 Document
Wireless LANs: Components and Security Issues
Wireless LANs: Components and Security Issues
Traffic Analysis and Forensic Investigation Puzzle
Traffic Analysis and Forensic Investigation Puzzle
Wireless Soil Moisture Tension Measurements for Irrigation Management
Wireless Soil Moisture Tension Measurements for Irrigation Management
Unveiling the Intricacies of Forensic Handwriting Analysis
Unveiling the Intricacies of Forensic Handwriting Analysis
Understanding Hair and Fiber Analysis in Forensic Science
Understanding Hair and Fiber Analysis in Forensic Science
Guide to Setting Up a Computer Forensics Lab
Guide to Setting Up a Computer Forensics Lab
Exploring Rogue Wave Vocabulary in Maritime Context
Exploring Rogue Wave Vocabulary in Maritime Context
Overview of DSW End Point Assessment Team Leader Level 3
Overview of DSW End Point Assessment Team Leader Level 3
A Review of Wireless Body Area Networks for Medical Applications
A Review of Wireless Body Area Networks for Medical Applications