The basics of digital forensics the primer for getting started in digital forensics

Provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussion what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, net...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Sammons, John (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Amsterdam [u.a.] Syngress Media 2015
Ausgabe:	2. ed.
Schlagworte:	Computer crimes / Investigation Forensic sciences Criminal investigation Crime laboratories Computerforensik
Online-Zugang:	Inhaltsverzeichnis
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

MARC


LEADER	00000nam a2200000 c 4500
001	BV042363238
003	DE-604
005	20150327
007	t\|
008	150216s2015 xx a\|\|\| \|\|\|\| 00\|\|\| eng d
020			\|a 9780128016350 \|9 978-0-12-801635-0
035			\|a (OCoLC)905418106
035			\|a (DE-599)BVBBV042363238
040			\|a DE-604 \|b ger \|e rakwb
041	0		\|a eng
049			\|a DE-473 \|a DE-2070s
084			\|a ST 660 \|0 (DE-625)143688: \|2 rvk
100	1		\|a Sammons, John \|e Verfasser \|0 (DE-588)1023721023 \|4 aut
245	1	0	\|a The basics of digital forensics \|b the primer for getting started in digital forensics \|c John Sammons
250			\|a 2. ed.
264		1	\|a Amsterdam [u.a.] \|b Syngress Media \|c 2015
300			\|a xix, 180 S. \|b Ill. \|c 24 cm
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
500			\|a Includes bibliographic references and index
520			\|a Provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussion what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud, and the Internet are discussed
650		4	\|a Computer crimes / Investigation
650		4	\|a Forensic sciences
650		4	\|a Criminal investigation
650		4	\|a Crime laboratories
650	0	7	\|a Computerforensik \|0 (DE-588)4774034-6 \|2 gnd \|9 rswk-swf
689	0	0	\|a Computerforensik \|0 (DE-588)4774034-6 \|D s
689	0		\|5 DE-604
856	4	2	\|m Digitalisierung UB Bamberg - ADAM Catalogue Enrichment \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027799647&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
943	1		\|a oai:aleph.bib-bvb.de:BVB01-027799647

Datensatz im Suchindex

_version_	1819628879187279872
adam_text	Contents Pretace ......................................................................................................................xv Acknowledgments ...................................................................................................xix CHAPTER 1 Introduction ................................................................................. ι What ¡s ľorensic Science? ..............................................................2 What is Digital Forensics? ..............................................................2 Uses of Digital Forensics ................................................................3 Criminal Investigations ............................................................3 Civil Litigation .........................................................................4 Intelligence ...............................................................................3 Administrative Matters ............................................................5 The Digital Forensics Process .........................................................7 Loeard s Exchange Principle ..........................................................9 Scientific Method ..........................................................................10 Organizations of Note ...................................................................10 Scientific Working Group on Digital Fvidence .....................10 American Academy of Forensic Sciences .............................. 11 American Society of Crime Laboratory Di rec tors/I laboratory Accreditation Board .......................... National Institute of Standards and Technology .................. American Society for Testing and Materials ........................ Role of the Forensic Examiner in the Judicial System ............... The CSI Fffccl ..................................................................... References .....................................................................................14 CHAPTER 2 Key Technical Concepts .......................................................15 Bits. Bytes, and Numbering Schemes ...........................................15 Hexadecimal ..........................................................................16 Binar) to Text: ASCII and Unicode .......................................17 File Extensions and File Signatures ..............................................17 Storage and Memory ..................................................................... IS Magnetic Disks ......................................................................19 Flash Mcmorv ........................................................................20 Optical Storage .......................................................................20 Volatile versus Nonvolatile Memory ......................................20 Computing Fnvironments .............................................................21 Cloud Computing ...................................................................21 VII viii Contents Data Types ....................................................................................22 Active Data............................................................................22 Latent Data.............................................................................22 Archival Data .........................................................................2^ File Systems..................................................................................2^ Allocated and Unallocated Space.................................................24 Data Persistence .....................................................................24 How Magnetic Hard Drives Store Data........................................25 References .....................................................................................29 CHAPTER 3 Labs and Tools......................................................................... зі Forensic Laboratories................................................................... ЗІ Virtual Labs............................................................................32 Lab Security ...........................................................................32 Evidence Storage ...................................................................33 Policies and Procedures ................................................................34 Quality Assurance .........................................................................34 Tool Validation .......................................................................35 Documentation .......................................................................35 Digital Forensic Tools ...................................................................37 Tool Selection ........................................................................38 Hardware ................................................................................38 Software .................................................................................40 Additional Resources ....................................................................41 Open Source Tools .................................................................41 Alert! .............................................................................................42 Dependence on the Tools .......................................................42 Accreditation .................................................................................43 Accreditation versus Certification ..........................................44 References .....................................................................................45 CHAPTER 4 Collecting Evidence ...............................................................47 Crime Scenes and Collecting Evidence ........................................48 Removable Media ..................................................................48 Cell Phones ............................................................................49 Alen! .............................................................................................50 Protecting Cell Phones from Network Signals ......................50 Alert! .............................................................................................50 Power .....................................................................................50 Order of Volatility ..................................................................51 Documenting the Scene ................................................................51 Contents ix Photography ...........................................................................52 Notes......................................................................................52 Chain of Custody ..........................................................................53 Marking Evidence ..................................................................54 Cloning .........................................................................................54 Purpose of Cloning ................................................................55 The Cloning Process ..............................................................56 Forensically Clean Media ......................................................56 Forensic Image Formats .........................................................57 Risks and Challenges .............................................................57 Value in eDiscovery ...............................................................57 Лісп! .............................................................................................58 Sanctions in Electronic Discovery .........................................58 Live System versus Dead System .................................................58 Live Acquisition Concerns .....................................................58 More Advanced .............................................................................59 Preserving Evidence in Ram ..................................................59 Advanlage ol Live Collection ................................................59 Principles of Live Collection .................................................59 Alert! .............................................................................................60 Evidence in Ram ....................................................................60 Conducting and Documenting a Live Collection ...................60 Hashing .........................................................................................61 Types of Hashing Algorithms ................................................61 Hashing Example ...................................................................61 Uses of Hashing .....................................................................62 Final Report ..................................................................................62 References .....................................................................................64 CHAPTER 5 Windows System Artifacts 65 Deleted Data .................................................................................66 More Advanced .............................................................................66 File Carving ..................................................................................66 Hibernation lile (Hihcrfilcsys)....................................................66 Sleep .......................................................................................67 Hibernation ............................................................................67 Hvbml Sleep ..........................................................................67 Registry .........................................................................................67 Registry Structure ..................................................................68 Attribútum ..............................................................................71 Flxlemal Drives ......................................................................72 Contents Print Spooling ............................................................................... 72 Recycle Bin ................................................................................... 73 Alert! ............................................................................................. 73 Recycle Bin Function .............................................................73 More Advanced .............................................................................74 Recycle Bin Bypass ............................................................... 74 Metadata ....................................................................................... 75 Alert! ............................................................................................. 76 Date and Time Stamps ...........................................................76 Removing Metadata ............................................................... 76 Thumbnail Cache .......................................................................... 78 Most Recently Used ...................................................................... 78 Restore Points and Shadow Copy .................................................79 Restore Points ........................................................................79 Shadow Copies .......................................................................79 Prefetch .........................................................................................80 Link Files ......................................................................................81 Installed Programs .................................................................81 References .....................................................................................82 CHAPTER б Anti-Forensics ..........................................................................83 Hiding Data ...................................................................................84 Encryption ..............................................................................85 What is Encryption? ...............................................................85 Early Encryption ....................................................................85 Algorithms .............................................................................86 Key Space ..............................................................................88 Some Common Types of Encryption .....................................88 Breaking Passwords ...............................................................90 Password Attacks ..........................................................................91 Brute Force Attacks ................................................................91 Password Reset ......................................................................91 Dictionary Attack ...................................................................91 Additional Resources ....................................................................93 Encryption ..............................................................................93 Stcganography ..............................................................................93 Data Destruction ...........................................................................95 Drive Wiping ..........................................................................% More Advanced .............................................................................% Defragmentation as Anti-Forensic Technique ........................% References ...................................................................................101 Contents XI CHAPTER? Legal..........................................................................................105 The Fourth Amendment ..............................................................106 Criminal Law — searches without a Warrant ...............................106 Reasonable Expectation of Privacy ......................................106 Private Searches ...................................................................107 E-mail ...................................................................................107 The Electronic Communications Privacy Act ......................107 Exceptions to the Search Warrant Requirement ...................107 More Advanced ...........................................................................108 Consent Forms .....................................................................108 Alert! ...........................................................................................110 Cell Phone Searches: The Supreme Court Weighs In .......... 1 10 Searching with a Warrant ............................................................ 111 Seize the Hardware or Just the Information? ....................... 111 Particularity .......................................................................... 111 Establishing Need for Offsite Analysis ................................ 1 12 Stored Communications Act ................................................ 11 3 Electronic Discovery ................................................................... 11 ^ Duty to Preserve ................................................................... 1 14 Private Searches in the Workplace ....................................... 1 15 Alert! ...........................................................................................115 International e-Discovery ..................................................... 1 15 Export Testimony ........................................................................ 1 16 Additional Resources .................................................................. 1 17 Expert Testimony ................................................................. 1 17 References ................................................................................... 1 17 CHAPTER 8 Internet and E-mail ............................................................... П9 19 20 20 21 21 21 21 η M 22 2 λ 24 Hie NTUSER.DAT File .......................................................124 Internet Overview ................................................ Additional Resources ........................................... Web Technology ........................................... Peer-to-peer (P2P) ......................................... More Advanced .................................................... Gnutella Requests ......................................... The INPEX.DAT lile .................................... Web Browsers — Internet Explorer ...................... Cookies ......................................................... Temporar) Internet liles, а.к. a. Web Cache Internet History ............................................. More advanced ..................................................... xii Contents Internet Explorer Artifacts in the Registry...........................124 Chat Clients..........................................................................125 Internet Relay Chat..............................................................126 I Seek You .........................................................................126 E-mail.........................................................................................127 Accessing E-mail................................................................. E-mail Protocols ................................................................... E-Mail as Evidence.............................................................. 128 E-Mail— Covering the Trail ................................................. 128 Alert! ...........................................................................................128 Shared E-Mail Accounts ......................................................128 Tracing E-Mail .....................................................................129 Reading E-Mail Headers ......................................................129 Social Networking Sites .............................................................130 Additional Resources ..................................................................130 Casey Anthony Trial Testimony ...........................................130 References ...................................................................................131 CHAPTER 9 Network Forensics ................................................................ ізз Introduction .................................................................................133 Social Engineering ...............................................................134 Network Fundamentals ...............................................................134 Network Types .....................................................................135 Network Security Tools ..............................................................136 Network Attacks .........................................................................137 Alert! ...........................................................................................138 Inside Threat ........................................................................138 Incident Response .......................................................................139 Network Evidence and Investigations .........................................140 Network Investigation Challenges .......................................142 Additional Resources ..................................................................143 Training and Research .........................................................143 References ...................................................................................143 CHAPTER 10 Mobile Device Forensics ....................................................145 Cellular Networks .......................................................................146 Cellular Network Components ............................................147 Types of Cellular Networks ................................................. Ąg Operating Systems ................................................................. 149 Cell Phone Evidence ...................................................................¡50 Call Detail Records ..................................................... 151 Contents xiii Collecting and Handling Cell Phone Evidence ....................152 Subscriber Identity Modules ................................................154 Cell Phone Acquisition: Physical and Logical .....................154 Cell Phone Forensic Tools ..........................................................155 Global Positioning Systems ........................................................157 References ...................................................................................160 CHAPTER 11 Looking Ahead: Challenges and Concerns ..................163 Standards and Controls ...............................................................163 Cloud Forensics ..........................................................................165 What Is Cloud Computing? .................................................165 Additional Resources ..................................................................165 Public Clouds .......................................................................165 Benefits of the Cloud ...........................................................166 Cloud Forensics and Legal Concerns ...................................166 Alert! ...........................................................................................166 Cloud Persistence — Dropbox ...............................................166 Solid State Drives .......................................................................167 How Solid State Drives Store Data ......................................167 More Advanced ...........................................................................168 File Translation Layer ..........................................................168 The Problem: Taking out the Trash ......................................168 Speed of Change .........................................................................168 Additional Resources ..................................................................169 Twitter ..................................................................................169 References ...................................................................................170 Index ......................................................................................................................173
any_adam_object	1
author	Sammons, John
author_GND	(DE-588)1023721023
author_facet	Sammons, John
author_role	aut
author_sort	Sammons, John
author_variant	j s js
building	Verbundindex
bvnumber	BV042363238
classification_rvk	ST 660
ctrlnum	(OCoLC)905418106 (DE-599)BVBBV042363238
discipline	Informatik
edition	2. ed.
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01893nam a2200397 c 4500</leader><controlfield tag="001">BV042363238</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20150327 </controlfield><controlfield tag="007">t\|</controlfield><controlfield tag="008">150216s2015 xx a\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780128016350</subfield><subfield code="9">978-0-12-801635-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)905418106</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV042363238</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-473</subfield><subfield code="a">DE-2070s</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 660</subfield><subfield code="0">(DE-625)143688:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Sammons, John</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1023721023</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">The basics of digital forensics</subfield><subfield code="b">the primer for getting started in digital forensics</subfield><subfield code="c">John Sammons</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">2. ed.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Amsterdam [u.a.]</subfield><subfield code="b">Syngress Media</subfield><subfield code="c">2015</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">xix, 180 S.</subfield><subfield code="b">Ill.</subfield><subfield code="c">24 cm</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographic references and index</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussion what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud, and the Internet are discussed</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer crimes / Investigation</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Forensic sciences</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Criminal investigation</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Crime laboratories</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computerforensik</subfield><subfield code="0">(DE-588)4774034-6</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Computerforensik</subfield><subfield code="0">(DE-588)4774034-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Bamberg - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027799647&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-027799647</subfield></datafield></record></collection>
id	DE-604.BV042363238
illustrated	Illustrated
indexdate	2024-12-24T04:21:19Z
institution	BVB
isbn	9780128016350
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-027799647
oclc_num	905418106
open_access_boolean
owner	DE-473 DE-BY-UBG DE-2070s
owner_facet	DE-473 DE-BY-UBG DE-2070s
physical	xix, 180 S. Ill. 24 cm
publishDate	2015
publishDateSearch	2015
publishDateSort	2015
publisher	Syngress Media
record_format	marc
spellingShingle	Sammons, John The basics of digital forensics the primer for getting started in digital forensics Computer crimes / Investigation Forensic sciences Criminal investigation Crime laboratories Computerforensik (DE-588)4774034-6 gnd
subject_GND	(DE-588)4774034-6
title	The basics of digital forensics the primer for getting started in digital forensics
title_auth	The basics of digital forensics the primer for getting started in digital forensics
title_exact_search	The basics of digital forensics the primer for getting started in digital forensics
title_full	The basics of digital forensics the primer for getting started in digital forensics John Sammons
title_fullStr	The basics of digital forensics the primer for getting started in digital forensics John Sammons
title_full_unstemmed	The basics of digital forensics the primer for getting started in digital forensics John Sammons
title_short	The basics of digital forensics
title_sort	the basics of digital forensics the primer for getting started in digital forensics
title_sub	the primer for getting started in digital forensics
topic	Computer crimes / Investigation Forensic sciences Criminal investigation Crime laboratories Computerforensik (DE-588)4774034-6 gnd
topic_facet	Computer crimes / Investigation Forensic sciences Criminal investigation Crime laboratories Computerforensik
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027799647&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT sammonsjohn thebasicsofdigitalforensicstheprimerforgettingstartedindigitalforensics

The basics of digital forensics the primer for getting started in digital forensics

MARC

Datensatz im Suchindex

Ähnliche Einträge