My Account Log in

1 option

Practical Cyber Intelligence : A Hands-On Guide to Digital Forensics.

O'Reilly Online Learning: Academic/Public Library Edition Available online

View online
Format:
Book
Author/Creator:
Jakobsen, Adam Tilmar.
Language:
English
Subjects (All):
Computer crimes--Investigation.
Computer crimes.
Cyber intelligence (Computer security).
Physical Description:
1 online resource (243 pages)
Edition:
1st ed.
Place of Publication:
Newark : John Wiley & Sons, Incorporated, 2024.
Summary:
"Cyber forensics is the process of using forensic and investigative techniques to identify and analyze digital events. This involves collecting and analyzing digital evidence from various sources, such as computers, networks, and mobile devices, to identify perpetrators. When discussing cyber investigation, many people often think about high-tech crimes like ransomware, DDoS, or BEC. However, it extends beyond these examples, as it also includes traditional crimes such as theft, fraud, or assault, which can leave behind digital evidence that can be collected and analyzed. In these cases, IT is merely a component of the event. As technology becomes increasingly integrated into our daily lives, the information that we can collect from devices, OSINT, and other sources becomes a critical part of any investigation, allowing us to map out a person's life."-- Provided by publisher.
Contents:
Cover
Title Page
Copyright
Contents
About the Author
Preface
Acknowledgments
Introduction
Chapter 1 Intelligence Analysis
1.1 Intelligence Life Cycle
1.1.1 Direction and Planning
1.1.2 Collection
1.1.3 Processing
1.1.4 Analysis
1.1.4.1 Structured Analytic Techniques (SAT)
1.1.4.2 Timeline Analysis
1.1.4.3 Competing Hypotheses
1.1.4.4 Link Analysis
1.1.4.5 Attribution
1.1.5 Dissemination
1.2 Cyber Threat Intelligence Frameworks
1.2.1 Cyber Kill Chain
1.2.2 The Diamond Models
1.3 Summary
Chapter 2 Digital Forensics
2.1 Device Collection
2.2 Preservation
2.3 Acquisition
2.4 Processing
2.4.1 Datetime
2.5 Analysis
2.5.1 Detecting Evidence Destruction
2.5.2 Evaluating the Result
2.6 Documentation and Reporting
2.7 Summary
Chapter 3 Disk Forensics
3.1 Acquisition
3.2 Preparation
3.2.1 Verify Integrity
3.2.2 Write Protection
3.3 Analysis
3.3.1 Installing Sleuthkit
3.3.2 Determine the Partition Structure
3.3.3 Determine the File System Type
3.3.4 Identify Files Within the File System
3.3.5 Extraction of Files
3.3.6 Creation of a Timeline
3.3.7 Autopsy
3.3.8 SMART Metrics
3.4 File and Data Carving
3.5 Summary
Chapter 4 Memory Forensics
4.1 Acquisition
4.2 Analysis
4.3 Summary
Chapter 5 SQLite Forensics
5.1 Analyzing
5.1.1 Timestamps
5.1.2 Temporary Files
5.1.3 Deleted Content
5.2 Summary
Chapter 6 Windows Forensics
6.1 New Technology File System (NTFS)
6.1.1 MFT (Master File Table)
6.1.2 I30
6.1.3 Journal
6.1.4 Alternate Data Stream Zone Identifier (ADS)
6.1.5 Volume Shadow Copy
6.1.6 BitLocker Encryption
6.2 Acquisition
6.3 Analysis
6.3.1 Registry
6.3.2 Event Logs
6.3.3 Memory Forensics
6.3.4 Timestamps.
6.3.5 Creation of Timeline of Activity
6.3.5.1 Plaso
6.3.5.2 Volatility 3 Timeline
6.3.5.3 Creating a Super Timeline
6.4 Evidence Location
6.4.1 System Information
6.4.1.1 Time Zone Information
6.4.1.2 Network Interfaces
6.4.2 Account Usage
6.4.2.1 SAM Accounts
6.4.2.2 Security Events
6.4.2.3 Dead Box Password Cracking
6.4.2.4 User Access Logging
6.4.3 User Activity
6.4.3.1 Search History
6.4.3.2 Typed Path
6.4.3.3 LastVisitedMRU (Windows common dialog box)
6.4.3.4 XP Search
6.4.3.5 Thumbnails
6.4.3.6 Remote Desktop Protocol (RDP)
6.4.4 File or Folder Opening
6.4.4.1 Recent Files
6.4.4.2 Shortcut (.LNK) Files
6.4.4.3 Office Recent Files
6.4.4.4 Shellbag
6.4.4.5 Open/Save MRU
6.4.5 Program and File Execution
6.4.5.1 UserAssist
6.4.5.2 MUICache
6.4.5.3 Windows 10 Timeline
6.4.5.4 BAM and DAM
6.4.5.5 Amcache.hve
6.4.5.6 Jump List
6.4.5.7 Last‐Visited MRU
6.4.5.8 RecentApp
6.4.5.9 Prefetch
6.4.5.10 LastVisitedMRU
6.4.5.11 Taskbar Feature Usage
6.4.5.12 CapabilityAccessManager
6.4.5.13 RUN Box Execution
6.4.6 External Device/USB Usage
6.4.6.1 USB Device Types
6.4.6.2 Plugged in USB
6.4.6.3 Setupapi
6.4.6.4 Plug‐and‐Play Cleanup
6.4.6.5 PnP Events
6.4.6.6 MTP Device
6.4.6.7 User USB Device
6.4.6.8 Removable Devices Logs
6.4.7 Network Activity Artifacts
6.4.7.1 Network Mapping
6.4.7.2 Network History
6.4.7.3 Network Profiles Key
6.4.7.4 IP Address
6.4.8 Commands
6.4.8.1 Powershell History
6.4.8.2 WMI
6.4.8.3 WMI Database
6.4.8.4 Command Line Event Log
6.4.8.5 WMI Event Log
6.4.9 Browser Usage Artifacts
6.4.9.1 Account Records
6.4.9.2 Cookies
6.4.9.3 History
6.4.9.4 Cache
6.4.9.5 Internet Explorer
6.4.9.6 Browser Download Manager
6.4.9.7 Session Restore.
6.4.9.8 Browser Password
6.4.9.9 Supercookies
6.4.10 Mail
6.4.10.1 Mail Archives
6.4.10.2 Offline Folder Files
6.4.10.3 Unread Mail
6.4.11 Persistence
6.4.11.1 Auto Start Programs
6.4.11.2 Scheduled Tasks
6.4.11.3 Service
6.4.12 Evidence Destruction
6.4.12.1 Log Clearing
6.4.12.2 File Deletion Detection Using J
6.5 Summary
Chapter 7 macOS Forensics
7.1 File System
7.1.1 Native File Types
7.2 Security
7.3 Acquisition
7.3.1 Memory
7.3.1.1 Hibernation and RAM
7.4 Analysis
7.5 Evidence Location
7.5.1 System Configuration
7.5.2 User Accounts and Activity
7.5.2.1 Keychain
7.5.2.2 Notes
7.5.2.3 Recent Items
7.5.3 System Logs
7.5.4 Browser Usage
7.5.5 Email
7.5.6 Persistence Mechanisms
7.5.6.1 Login Item
7.5.6.2 Launch Items (Agents and Daemons)
7.5.6.3 Log In/Log Out Hooks
7.5.6.4 Dynamic Libraries (dylib)
7.5.6.5 At Tasks
7.5.6.6 Event Monitor Rules
7.5.6.7 Re‐opened Applications
7.5.7 Evidence of Destruction
7.6 Summary
Chapter 8 Linux Forensics
8.1 File System
8.1.1 File System Timestamps
8.2 Security
8.3 Acquisition
8.3.1 Dump Memory
8.4 Analysis
8.4.1 chroot
8.5 Evidence Location
8.5.1 System Info
8.5.1.1 System Version
8.5.1.2 Computer Name
8.5.1.3 Localtime Settings
8.5.1.4 Boot Logs
8.5.1.5 Kernel Logs
8.5.1.6 Apt Install Repository Sources
8.5.1.7 Hosts File
8.5.1.8 Root UUID
8.5.1.9 Services
8.5.1.10 Syslogs
8.5.1.11 Background Processes
8.5.1.12 Disk Partitions
8.5.2 User Activity
8.5.2.1 Accounts and Groups
8.5.2.2 Group Information
8.5.2.3 Command History
8.5.2.4 Authentication
8.5.2.5 Last Login
8.5.2.6 Failed Logon Attempts
8.5.2.7 Installation of Software
8.5.2.8 File Edit
8.5.3 Network
8.5.3.1 Interfaces.
8.5.3.2 DNS Configuration
8.5.3.3 Wi‐Fi SSID
8.5.4 File Execution and Information
8.5.4.1 Cronjobs
8.5.4.2 Processes
8.5.4.3 SGID
8.5.4.4 SUID
8.5.5 External Drive
8.5.5.1 Dmesg
8.5.5.2 USB Log
8.5.6 Persistence
8.5.6.1 Cron Jobs
8.5.6.2 SSH Key Authentication
8.6 Summary
Chapter 9 iOS
9.1 File System
9.2 Security
9.2.1 Keychain
9.3 Applications
9.4 Acquisition
9.4.1 Jailbreaking
9.4.2 Locked Devices
9.5 iCloud
9.6 Analysis
9.6.1 KnowledgeC
9.7 Evidence of Location
9.7.1 Device Info
9.7.1.1 General Device Info
9.7.1.2 Operating System Version
9.7.1.3 Last Boot Time
9.7.2 User Settings
9.7.2.1 Homescreen Icon Layout
9.7.2.2 Cloud Sync Settings
9.7.2.3 iCloud Offline Cache
9.7.2.4 Blocked Dialers
9.7.3 Account and Password
9.7.3.1 Account Information
9.7.3.2 Account Information Used to Set Up Apps
9.7.3.3 iCloud Email Account Information
9.7.4 Communication
9.7.4.1 Call Log
9.7.4.2 SMS, iMessage, and FaceTime
9.7.4.3 Voicemail
9.7.5 Application Usage
9.7.5.1 TCC.db
9.7.5.2 Application Snapshots
9.7.5.3 Contacts
9.7.5.4 Contact Images
9.7.5.5 Calendar
9.7.5.6 Notes
9.7.5.7 Health Data
9.7.6 Device Backup
9.7.6.1 iTunes Backup
9.7.7 Third‐Party Apps
9.7.7.1 App‐Specific Data
9.7.7.2 App‐Specific Cache
9.7.8 Multimedia
9.7.8.1 User Created/Saved Photos
9.7.8.2 Picture Thumbnails Databases
9.7.8.3 Photo Albums Metadata
9.7.8.4 Photos and Videos Database
9.7.9 Browser Activity
9.7.9.1 History
9.7.9.2 Safari Bookmarks
9.7.9.3 Safari Cookies
9.7.9.4 Safari Download History
9.7.9.5 Safari Tabs Screenshots
9.7.10 Location
9.7.10.1 Apple Maps History
9.7.10.2 Application Traces and GeoFence Information
9.7.10.3 Cache&amp
uscore
encryptedB.
9.7.11 Cellular Location
9.7.12 Network Connection
9.7.12.1 Wi‐Fi
9.7.12.2 Seen Bluetooth Devices
9.7.12.3 Paired Bluetooth Devices
9.7.12.4 iTunes Prefs Computer Connections
9.7.13 Evidence Destruction
9.7.13.1 Restore Information
9.8 Summary
Chapter 10 Android
10.1 File Systems
10.2 Security
10.3 Application
10.4 Acquisition
10.4.1 Android Debug Bridge (ADB)
10.4.1.1 ADB Server
10.4.1.2 Extract APK from Android
10.4.2 Forensics Tools
10.4.2.1 Avilla
10.4.3 Downgrading Applications
10.4.3.1 Rooting
10.5 Analysis
10.6 Evidence of Location
10.6.1 System Information
10.6.1.1 Sim Card Info
10.6.2 User Settings
10.6.2.1 Accounts
10.6.2.2 Timezone
10.6.2.3 Dump User Data with adb
10.6.3 Communication
10.6.3.1 Call Logs
10.6.3.2 SMS/MMS
10.6.3.3 Email Information
10.6.4 Application Usage
10.6.4.1 APK Files Used for Installing Application
10.6.4.2 Dumpsys Usagestats
10.6.4.3 Application Traces
10.6.4.4 install&amp
requests
10.6.4.5 Application Usage
10.6.4.6 Application Notifications
10.6.4.7 Application Permissions and Metadata
10.6.4.8 Application Snapshots
10.6.4.9 Downloads
10.6.4.10 Calendar
10.6.4.11 Pictures
10.6.5 Wi‐Fi
10.6.6 Location
10.6.7 Evidence Destruction
10.6.7.1 Factory Reset
10.6.8 Summary
Chapter 11 Network Forensics
11.1 Acquisition
11.1.1 Pcap
11.1.1.1 File Extraction from Network
11.1.1.2 Geolocation with Wireshark
11.1.2 Netflow
11.1.3 Logs
11.2 Analysis
11.2.1 Connected Devices
11.2.2 Statistical Analysis
11.2.3 Expected Protocol and Connection Architecture
11.2.4 Encrypted Network Activity Classification
11.2.5 Identifying Network Beacons Using Historical Network Data with RITA
11.2.6 Domain Analysis
11.3 Summary.
Chapter 12 Malware Analysis.
Notes:
Description based on publisher supplied metadata and other sources.
Includes index.
ISBN:
9781394256105
1394256108
9781394256129
1394256124
9781394256112
1394256116
OCLC:
1450837245

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account