Locked How to identify what was the scam? Or any attack in general?

[NonSensical]

So let's say a computer is brought in and has a virus or whatever. And a person wants to find out what downloaded link or how the computer was attacked. Is it possible to find out, or even gain access to the computer in the first place? 

Would you be able to identify phishing attacks also? from where and what took your information?

[dEEpEst]

You question touches on multiple aspects of digital forensics and incident response. Here's a concise breakdown of the process and possibilities:

Is it possible to identify the source of an attack?

Sometimes. If a system is compromised, forensic investigators can analyze system logs, network traffic, and other indicators to try to identify the source or method of the attack. This, however, is not always definitive. Sophisticated attackers often cover their tracks or use compromised third-party systems as launch points.

Identifying malicious downloads or actions:

Computer forensics tools can help identify recently downloaded files, accessed URLs, email attachments, etc.

Monitoring tools and logs can show suspicious activity and potentially the originating source.

Malware analysis can provide insights into the purpose of the malicious software and possibly its origin.

Gaining access to a compromised computer:

If the computer is still functional and the malware does not restrict access, then yes.

If ransomware has encrypted the data, it can be challenging. Always have backups!

Identifying phishing attacks:

Phishing emails can often be identified by examining the email's headers, content, and links.

If you click a phishing link, forensic tools might help identify what data was sent out by examining network traffic and system activity.

Some advanced phishing attacks, like spear phishing, are harder to identify as they target specific individuals with personalized content.

Determining what information was taken:

This can be tricky. Network monitoring can show outgoing data, but if encryption was used, the exact content might be unknown.

Inspecting system changes or logs can provide clues on what an attacker accessed or modified.

Preventive Measures:

Regularly backup your data.

Use updated security software.

Educate yourself and others about phishing and common online scams.

Always be skeptical of unsolicited communications, especially those urging immediate action or providing links.

Regularly monitor account and system activity.

Remember, while forensics can sometimes identify the source or method of an attack, it's not always possible to do so with certainty. Preventing attacks in the first place is the best defense.

 

Personally I think that you can catch the attacker, it all depends on the protection measures I take, here is an article that interests you: