The basics of digital forensics : the primer for getting started in digital forensics / John Sammons.

Format:

Book

Author/Creator:

Sammons, John, author.

Series:

Basics.

Basics

Language:

English

Subjects (All):

Computer crimes.

Electronics in criminal investigation.

Physical Description:

xxiii, 177 p. : col. ill.

Edition:

Second edition.

Other Title:

Primer for getting started in digital forensics

Place of Publication:

Amsterdam : Syngress, [2015]

System Details:

text file

Summary:

The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered. The new Second Edition of this book provides you with completely up-to-date real-world examples and all the key technologies used in digital forensics, as well as new coverage of network intrusion response, how hard drives are organized, and electronic discovery. You'll also learn how to incorporate quality assurance into an investigation, how to prioritize evidence items to examine (triage), case processing, and what goes into making an expert witness. The Second Edition also features expanded resources and references, including online resources that keep you current, sample legal documents, and suggested further reading. Learn what Digital Forensics entails Build a toolkit and prepare an investigative plan Understand the common artifacts to look for in an exam Second Edition features all-new coverage of hard drives, triage, network intrusion response, and electronic discovery; as well as updated case studies, expert interviews, and expanded resources and references

Contents:

Cover

Title Page

Copyright Page

Dedication

Contents

Preface

Intended audience

Organization of this book

Chapter 1-Introduction

Chapter 2-Key technical concepts

Chapter 3-Labs and tools

Chapter 4-Collecting evidence

Chapter 5-Windows system artifacts

Chapter 6-Anti-forensics

Chapter 7-Legal

Chapter 8-Internet and e-mail

Chapter 9-Network forensics

Chapter 10-Mobile device forensics

Chapter 11-Looking ahead: challenges and concerns

Acknowledgments

Chapter 1 - Introduction

Information in This Chapter:

Introduction

What is forensic science?

What is digital forensics?

Uses of digital forensics

Criminal investigations

Bind, torture, kill

Civil litigation

Intelligence

Moussaoui and 9-11

Administrative matters

Securities and Exchange Commission

The digital forensics process

Locard's exchange principle

Scientific method

Organizations of note

Scientific Working Group on Digital Evidence

American Academy of Forensic Sciences

American Society of Crime Laboratory Directors/Laboratory Accreditation Board

National Institute of Standards and Technology

American Society for Testing and Materials

Role of the forensic examiner in the judicial system

The CSI effect

Summary

References

Chapter 2 - Key technical concepts

Bits, bytes, and numbering schemes

Hexadecimal

Binary to text: ASCII and Unicode

File extensions and file signatures

Storage and memory

Magnetic disks

Flash memory

Optical Storage

Volatile versus nonvolatile memory

Computing environments

Cloud computing

IaaS

PaaS

SaaS

Data types

Active data

Latent data

Archival data

File systems

Allocated and unallocated space

Data persistence.

How magnetic hard drives store data

Chapter 3 - Labs and tools

Forensic laboratories

Virtual labs

Lab security

Evidence storage

Policies and procedures

Quality assurance

Tool validation

Documentation

Forms

Examiner notes

Examiner's final report

Digital forensic tools

Tool selection

Hardware

Other equipment

Software

Additional resources

Open source tools

Alert!

Dependence on the tools

Accreditation

Accreditation versus certification

Chapter 4 - Collecting evidence

Crime scenes and collecting evidence

Removable media

Removable storage media

Cell phones

Protecting cell phones from network signals

Power

Order of volatility

Documenting the scene

Photography

Notes

Chain of custody

Marking evidence

Cloning

Purpose of cloning

The cloning process

Forensically clean media

Forensic image formats

Risks and challenges

Value in eDiscovery

Sanctions in electronic discovery

Live system versus dead system

Live acquisition concerns

More advanced

Preserving evidence in RAM

Advantage of live collection

Principles of live collection

Evidence in RAM

Conducting and documenting a live collection

Hashing

Types of hashing algorithms

Hashing example

Uses of hashing

Final report

Chapter 5 - Windows system artifacts

Deleted data

File carving

Hibernation file (hiberfile.sys)

Sleep

Hibernation

Hybrid sleep

Registry

Registry structure.

From the case files: the Windows registry

From the case files: the Windows registry and USBStor

Attribution

External drives

Print spooling

Recycle bin

Recycle bin function

Recycle bin bypass

Metadata

Date and time stamps

Removing metadata

From the case files: metadata

Thumbnail cache

Most recently used

Restore points and shadow copy

Restore points

From the case files: Internet history and restore points

Shadow copies

From the case files: restore points, shadow copies, and anti-forensics

Prefetch

Link files

Installed programs

Chapter 6 - Anti-forensics

Hiding data

Encryption

What is encryption?

Early encryption

Algorithms

Algorithms: it's no secret

Key space

Some common types of encryption

Encrypting file system

Bitlocker

Apple Filevault

Truecrypt

Breaking passwords

Password attacks

Brute force attacks

Password reset

Dictionary attack

Steganography

Data destruction

Drive wiping

Defragmentation as anti-forensic technique

Chapter 7 - Legal

The fourth amendment

Criminal law-searches without a warrant

Reasonable expectation of privacy

Private searches

E-mail

The Electronic Communications Privacy Act

Exceptions to the search warrant requirement

Consent forms

Cell phone searches: the Supreme Court weighs in

Searching with a warrant

Seize the hardware or just the information?

Particularity

Establishing need for offsite analysis

Stored Communications Act

Electronic discovery

Duty to preserve.

Private searches in the workplace

International e-Discovery

Expert testimony

Chapter 8 - Internet and e-mail

Internet overview

Web technology

Peer-to-peer (P2P)

Gnutella requests

The index.dat file

Web browsers-Internet Explorer

Cookies

Temporary Internet Files, a.k.a. web Cache

Internet history

The ntuser.dat file

Internet Explorer artifacts in the registry

Chat clients

Internet Relay Chat

"I seek you"

Accessing e-mail

E-mail protocols

E-mail as evidence

E-mail-covering the trail

Shared e-mail accounts

Tracing e-mail

Reading e-mail headers

Social networking sites

Casey Anthony trial testimony

Chapter 9 - Network forensics

Social engineering

Network fundamentals

Network types

Network security tools

Network attacks

Inside threat

Incident response

Network evidence and investigations

Log files

Network investigative tools

Network investigation challenges

Training and research

Chapter 10 - Mobile device forensics

Cellular networks

Cellular network components

Types of cellular networks

Code division multiple access

Global system for mobile communication

Integrated digitally enhanced network

Prepaid cell phones

Operating systems

Cell phone evidence

Call detail records

Collecting and handling cell phone evidence

Subscriber identity modules

Cell phone acquisition: physical and logical.

Cell phone forensic tools

Global positioning systems

Chapter 11 - Looking ahead: challenges and concerns

Standards and controls

Cloud forensics

What Is cloud computing?

Public clouds

Benefits of the cloud

Cloud forensics and legal concerns

Cloud persistence-Dropbox

Solid state drives

How solid state drives store data

File translation layer

The problem: taking out the trash

Speed of change

Twitter

Index.

Notes:

Includes bibliographical references and index.

Description based on print version record.

ISBN:

9780128016350

0128016353

OCLC:

900652365