File Movement and Copying
File Movement and Copying
Think of all the ways a file can be copied. It can be emailed as an attachment, copied to a jump drive, burned onto a CD, copied on to an external hard drive, sent to a floppy. And, before the file is copied it might be encrypted, given a new extension, or packaged in a zip file in order to hide the copy. In one case we found file movement by analyzing the computers remote console log – files had been copied off the computer by using a remote desktop software. There are dozens of steps to this analysis – restore points, registry entries, unallocated space, logical drive assignments, shortcut files, internet history. If the file was copied, we will probably find the evidence.
Here's a relevant case study:
Think of all the ways a file can be copied. It can be emailed as an attachment, copied to a jump drive, burned onto a CD, copied on to an external hard drive, sent to a floppy. And, before the file is copied it might be encrypted, given a new extension, or packaged in a zip file in order to hide the copy. In one case we found file movement by analyzing the computers remote console log – files had been copied off the computer by using a remote desktop software. There are dozens of steps to this analysis – restore points, registry entries, unallocated space, logical drive assignments, shortcut files, internet history. If the file was copied, we will probably find the evidence.
Here's a relevant case study: