Computer Forensics with an emphasis on the NT operating system. presented at BlackHatWindows 2001

by Paul Sr.,

Summary : Many Forensic classes and papers discuss utilizing speciality Unix tools and operating system commands to perform indepth Forensics. Paul will cover the basics of general Forensics to include how to NOT totally destroy the crime scene and how to use some of the available NT tools to assist in an investigation. This speech and the one held by Mushin will assist the standard security administrator/manager in setting up policies and procedures on how to react to an intrusion. While it is not designed to create Forensic experts out of all of the attendees it will share enough information for a person to lay the framework for a forensic investigation.
Mr. Mobley served the United States Navy from 1989 -2000 as a Special Agent for the U.S. Naval Criminal Investigative Service. Paul's last assignment was with the NCIS Gulf Coast Field Office, Computer Crimes Investigation and Operations Unit; (CIO), located at Naval Air Station Pensacola, FL. Paul was assigned to the CIO in September 1996. While assigned to the CIO, he had the opportunity to investigate and assist in the investigation of major computer attacks against Department of the Navy and U.S. Marine Corps computer networks. A majority of Paul's network intrusion experience was in the Foreign Counter Intelligence arena. Forensic Examinations and Evidence presentation became a specialty for Paul while he was assigned to the CIO where the experience afforded him opportunity to work jointly with other Military Intelligence organizations, Federal Law Enforcement, and various U.S. Attorneys throughout the United States.
Their Presentation! (PowerPoint 1,556k)