Executive Summary
Background
On Friday, September 4, 2015 Allysa stated that her computer
has been running slow and thus she thinks it may be infected with a virus and
would like it to be reinstalled. The computer was brought in a powered off
state. Other than the belief that the computer is running slow and that the system
may be infected with a virus, no other evidence was provided to support and or
deny this theory.
Request
Allysa requested that the examiner reinstall her computer as
she thinks it was infected with a virus as it was running slow.
Summary of Findings
The examiner performed an analysis of the acquired memory
image file and was unable to find any evidence of a virus being present on the
computer. The examiner did not attempt to identify what may have been the cause
for the perceived slowness in operation of the computer.
Evidence
Table 1 outlines the evidence items of this case.
Description
|
Designation
|
Filename
|
MD5 Hash
|
Evidence Created
|
Working Copy
|
ALYSSA-PC-20150905-001215.rar
|
88f81f7990fb1b2e18080b6ca4744433
|
Evidence Examined
|
Working Copy
|
ALYSSA-PC-20150905-001215.rar
|
88f81f7990fb1b2e18080b6ca4744433
|
Other posts in this series
Volatility Memory Forensics - Investigation a potential virus situation - Part1
Volatility Memory Forensics - Investigation a potential virus situation - Part2
Volatility Memory Forensics - Investigation a potential virus situation - Part3
Volatility Memory Forensics - Investigation a potential virus situation - Part4
Volatility Memory Forensics - Investigation a potential virus situation - Part5
No comments:
Post a Comment