A Computer Forensic Investigation process includes identification of computer terminals which are compromised or where actual crime has happened. Investigation includes but not limited to
Extracting volatile data
-
Data from RAM
-
Running processes and services
-
Logged On users
-
System details
-
Command history
-
Open Files
-
Network Connections
-
Open ports
-
Clipboard content
Extracting non-volatile data
-
Data from hard disks
-
Data from removable devices
-
Windows registry
-
Firewall logs
-
Antivirus Logs
-
Windows event Logs
-
Web server Logs
-
Database Logs
-
Social Media evidence
-
Extracting data from various file systems
IWM follows due adherence to standard policies and procedures to extract evidence from the compromised system which can be produced as evidence to the authority.