Categories

Archives

Cyber Forensics

How to Collect Forensics Evidence of PC using P2 Commander (Part 1)

P2C is a comprehensive digital investigation tool with over ten years of court-approved use by forensic examiners. An integrated database and true multi-threading mean faster processing. P2C was built on Paraben’s trusted email examination tools for unparalleled network email and personal email archive analysis. Advanced features like Data Triage analysis, Xbox analysis, pornography detection.

First Download the p2 commander from here and install in victim pc and open p2 commander Click New Case the ‘Create a New Case’ page will open

Then click on next to proceed to next step.

Here in next step you have to enter the case name and DEMO details and click on finish to proceed to next step

Here in next step you have to enter the Investigator name and email details and click on finish to proceed to next step

Now Click ‘Add Evidence’->Choose ‘Image File’

Now select Auto-detect Image option from source type which will add the image evidence in any format. You can choose any option from different available options such as Drive Image or Fat Partition Image.

Now load the Evidence Disk Image

How to create Disk Image read this article

 http://www.hackingarticles.in/how-to-create-copy-of-suspects-evidence-using-ftk-imager/

 After selecting the evidence Image, click on Open.

Now you will see the case Demo is created, which will show you the hierarchy of the directories of the evidence image.

Now you can click on any one of the directories of the evidence image and it will show you all the containing files and sub folders within that folder describing   their   file name, file type, file size, creation time and last modification etc.

Now click on generate report tab.

Select the report type which is to be generated. In my case I am selecting HTML Investigative Report & select the destination folder. Then click on next.

Now select the sorted file which is to be added by clicking on Add and Export button with their file types. Now click on next to proceed further.

Now click on Finish to proceed to next step. 

The report file will be saved on your destination folder. Now you will visualize the details of your report.

AuthorMukul Mohan is a Microsoft Certified system engineer in security and messaging .He is a Microsoft Certified Technology Specialist with high level of expertise in handling server side operations based on windows platform. An experienced IT Technical Trainer with over 20 years’ Technical Training experience you can contact him at mukul@ignitetechnologies.in