This is a test
- 372 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Practical Digital Forensics
Book details
Book preview
Table of contents
Citations
About This Book
Get started with the art and science of digital forensics with this practical, hands-on guide!
About This Book
- Champion the skills of digital forensics by understanding the nature of recovering and preserving digital information which is essential for legal or disciplinary proceedings
- Explore new and promising forensic processes and tools based on 'disruptive technology' to regain control of caseloads.
- Richard Boddington, with 10+ years of digital forensics, demonstrates real life scenarios with a pragmatic approach
Who This Book Is For
This book is for anyone who wants to get into the field of digital forensics. Prior knowledge of programming languages (any) will be of great help, but not a compulsory prerequisite.
What You Will Learn
- Gain familiarity with a range of different digital devices and operating and application systems that store digital evidence.
- Appreciate and understand the function and capability of forensic processes and tools to locate and recover digital evidence.
- Develop an understanding of the critical importance of recovering digital evidence in pristine condition and ensuring its safe handling from seizure to tendering it in evidence in court.
- Recognise the attributes of digital evidence and where it may be hidden and is often located on a range of digital devices.
- Understand the importance and challenge of digital evidence analysis and how it can assist investigations and court cases.
- Explore emerging technologies and processes that empower forensic practitioners and other stakeholders to harness digital evidence more effectively.
In Detail
Digital Forensics is a methodology which includes using various tools, techniques, and programming language. This book will get you started with digital forensics and then follow on to preparing investigation plan and preparing toolkit for investigation.
In this book you will explore new and promising forensic processes and tools based on ?isruptive technology' that offer experienced and budding practitioners the means to regain control of their caseloads. During the course of the book, you will get to know about the technical side of digital forensics and various tools that are needed to perform digital forensics. This book will begin with giving a quick insight into the nature of digital evidence, where it is located and how it can be recovered and forensically examined to assist investigators. This book will take you through a series of chapters that look at the nature and circumstances of digital forensic examinations and explains the processes of evidence recovery and preservation from a range of digital devices, including mobile phones, and other media. This book has a range of case studies and simulations will allow you to apply the knowledge of the theory gained to real-life situations.
By the end of this book you will have gained a sound insight into digital forensics and its key components.
Style and approach
The book takes the reader through a series of chapters that look at the nature and circumstances of digital forensic examinations and explains the processes of evidence recovery and preservation from a range of digital devices, including mobile phones, and other media. The mystery of digital forensics is swept aside and the reader will gain a quick insight into the nature of digital evidence, where it is located and how it can be recovered and forensically examined to assist investigators.
Frequently asked questions
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Practical Digital Forensics by Richard Boddington in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.
Information
Practical Digital Forensics
Table of Contents
Practical Digital Forensics
Credits
About the Author
Acknowledgment
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
1. The Role of Digital Forensics and Its Environment
Understanding the history and purpose of forensics – specifically, digital forensics
The origin of forensics
Locard's exchange principle
The evolution of fingerprint evidence
DNA evidence
The basic stages of forensic examination
Defining digital forensics and its role
Definitions of digital forensics
Looking at the history of digital forensics
The early days
A paucity of reliable digital forensic tools
The legal fraternity's difficulty understanding digital evidence
More recent developments in digital forensics
Studying criminal investigations and cybercrime
Outlining civil investigations and the nature of e-discovery
The role of digital forensic practitioners and the challenges they face
The unique privilege of providing expert evidence and opinion
Issues faced by practitioners due to inadequate forensics processes
Inferior forensics tools confronting practitioners
The inadequate protection of digital information confronting practitioners
The tedium of forensic analysis
Qualities of the digital forensic practitioner
Determining practitioner prerequisites
Case studies
The Aaron Caffrey case – United Kingdom, 2003
The Julie Amero case – Connecticut, 2007
The Michael Fiola case – Massachusetts, 2008
References
Summary
2. Hardware and Software Environments
Describing computers and the nature of digital information
Magnetic hard drives and tapes
Optical media storage devices
Random-access memory (RAM)
Solid-state drive (SSD) storage devices
Network-stored data
The cloud
Operating systems
Connecting the software application to the operating system
Connecting the software application to the operating system and a device
Describing filesystems that contain evidence
The filesystem category
The filename category
The metadata category
The content category
Locating evidence in filesystems
Determining the means of transgression
Determining opportunity to transgress
Determining the motive to transgress
Deciding where to look for possible evidence
Indexing and searching for files
Unallocated data analysis
Explaining password security, encryption, and hidden files
User access to computer devices
Understanding the importance of information confidentiality
Understanding the importance of information integrity
Understanding the importance of information availability
User access security controls
Encrypted devices and files
Case study – linking the evidence to the user
References
Summary
3. The Nature and Special Properties of Digital Evidence
Defining digital evidence
The use of digital evidence
The special characteristics of digital evidence
The circumstantial nature of digital evidence
File metadata and correlation with other evidence
The technical complexities of digital evidence
The malleability of digital evidence
Metadata should not be taken at face value
Recovering files from unallocated space (data carving)
Date and time problems
Determining the value and admissibility of digital evidence
Explaining the evidentiary weight of digital evidence
Understanding the admissibility of digital evidence
Defining the lawful acquisition of digital evidence
Emphasizing the importance of relevance in terms of digital evidence
Outlining the reliability of digital evidence
The importance of the reliability of forensic tools and processes
Evaluating computer/network evidence preservation
Corroborating digital evidence
Case study – linking the evidence to the user
References
Summary
4. Recovering and Preserving Digital Evidence
Understanding the chain of custody
Describing the physical acquisition and safekeeping of digital evidence
Explaining the chain of custody of digital evidence
Outlining the seizure and initial inspection of digital devices
Recovering digital evidence through forensic imaging processes
Dead analysis evidence recovery
Write-blocking hardware
Write-blocking software
Enhancing data preservation during recovery
Recovering remnants of deleted memory
Acquiring digital evidence through live recovery processes
The benefits of live recovery
The challenges of live recovery
The benefits of volatile memory recovery
Isolating the device from external exploits
Outlining the efficacy of existing forensic tools and the emergence of enhanced processes and tools
Standards for digital forensic tools
The reliability of forensic imaging tools to recover and protect digital evidence
Case studies – linking the evidence to the user
References
Summary
5. The Need for Enhanced Forensic Tools
Digital forensics laboratories
The purpose of digital forensics laboratories
Acceptance of, consensus on, and uptake of digital forensics standards
Best practices for digital forensics laboratories
The physical security of digital forensic laboratories
Network and electronic requirements of digital forensic laboratories
Dilemmas presently confronting digital forensics laboratories
Emerging problems confronting practitioners because of increasingly large and widely dispersed datasets
Debunking the myth of forensic imaging
Dilemmas presently confronting digital forensics practitioners
Processes and forensic tools to assist practitioners to deal more effectively with these challenges
E-discovery evidence recovery and preservation
Enhanced digital evidence recovery and preservation
The benefits of enhanced recovery tools in criminal investigations
Empowering non-specialist law enforcement personnel and other stakeholders to become more effective first respondents at digital crime scenes
The challenges facing non-forensic law enforcement agents
Enhancing law enforcement agents as first respondents
The challenges facing IT administrators, legal teams, forensic auditors, and other first respondents
Enhancing IT administrators, legal team members, and other personnel as first respondents
Case study – illustrating the challenges of interrogating large datasets
The setting of the crime
The investigation
The practitioner's brief
The available evidence
The data extraction process
The outcome of the recovery and examination
Conclusion
References
Summary
6. Selecting and Analyzing Digital Evidence
Structured processes to locate and select digital evidence
Locating digital evidence
Search processes
Searching desktops and laptops
Selecting digital evidence
Seeking the truth
More effective forensic tools
Categorizing files
Eliminating superfluous files
Deconstructing files
Searching for files
The Event Analysis tool
The Cloud Analysis tool
The Lead Analysis tool
Analyzing e-mail datasets
Detecting scanned images
Volume Shadow Copy analysis tools
Timelines and other analysis tools
Case study – illustrating the recovery of deleted evidence held in volume shadows
Summary
7. Windows and Other Operating Systems as Sources of Evidence
The Windows Registry and system files and logs as resources of digital evidence
Seeking useful leads within the Registry
Mapping devices through the Registry
Detecting USB removable storage
User activity
Reviewing Most Recently Used and Jump List activity
Detecting wireless connectivity
Observing Windows Event Viewer logs
Recovery of hidden data from a VSS
Examining prefetch files
Pagefiles
Hibernation and sleep files
Detecting steganography
Apple and other operating system structures
Examining Apple operating systems
The Linux operating system
Remote access and malware threats
Remote access
Detecting malware attacks and other exploits
The prevalence of anti-forensics processes and tools
Case study – corroborating evidence using Windows Registry
References
Summary
8. Examining Browsers, E-mails, Messaging Systems, and Mobile Phones
Locating evidence from Internet browsing
Typical web-browsing behavior
Recovering browsing artifacts from slack and unallocated space
Private browsing
Messaging systems
Examining Skype and chat room artifacts
The invisible Internet
E-mail analysis and the processing of large e-mail databases
Recovering e-mails from desktop and laptop computers
Recovering and analyzing e-mails from larger datasets
Searching for scanned files
The growing challenge of evidence recovery from mobile phones and handheld devices
Ext...
Table of contents
- Practical Digital Forensics