Cyber Securities Technology Logo Next-generation software for computer investigations of live computers inenterprises
Photo

Tour Background
1. Logging into OnLineDFS
2. Creating an inquiry
3. Logging into the target system
4. The initial acquisition
5. Analyzing data
6. Acquiring state data
7. Acquiring files
8. Displaying data
9. Continuing the investigation
10. Logging out

OnLineDFS: A Guided Tour


Background | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10

9. Continuing the investigation <-- Previous Next -->

Based on his suspicions and the evidence already acquired, Miller decides to continue his investigation. He returns to the Running Processes list, shown in Figure 21, to see what other processes are running.

Figure 21 - Running Processes
Figure 21 - Running Processes

He notices that mirc.exe is one of the running processes. Miller recognizes mIRC as a very commonly used Internet Relay Chat (IRC) client program. Based on the evidence already gathered, Miller is suspicious that Wallace is using IRC to communicate with a co-conspirator. He selects the link labeled mirc.exe to learn more information about the mIRC process, as he had done previously with WINWORD.EXE.

Back to top <-- Previous Next -->

Copyright © 2008 Cyber Security Technologies Corporation, All Rights Reserved. Terms & Conditions