Sunday, August 06, 2023

Practical Digital Forensics (Book 2023)

Practical Digital Forensics. Forensic Lab Setup, Evidence Analysis, and Structured Investigation Across Windows, Mobile, Browser, HDD, and Memory ISBN: 9789355511454



Table of Contents

1. Introduction to Digital Forensics

Introduction

Structure

Objectives

Defining digital forensics

Digital forensics goals

Defining cybercrime

Sources of cybercrime

Computers in cybercrimes

Digital forensics categories

Computer forensics

Mobile forensics

Network forensics

Database forensics

Forensic data analysis

Digital forensics users

Law enforcement

Civil ligation

Intelligence and counterintelligence

Digital forensics investigation types

Forensics readiness

Type of digital evidence

User-created data

Machine and network-created data

Locations of electronic evidence

Chain of custody

Examination process

Seizure

Acquisition

Analysis

Reporting

Conclusion

Multiple choice questions/questions

Learning Section

Answers


See in extra comments below


2. Essential Technical Concepts

Introduction

Structure

Objectives

Decimal (Base-10)

Binary

Hexadecimal (Base-16)

Hexadecimal (Base-64)

Character encoding schema

File carving

File structure

Digital file metadata

Timestamps decoder

Hash analysis

Calculate file hash

System memory

Types of computer memory storage

Primary storage

RAM

ROM

Secondary storage

Backup storage

HDD

Hard disk storage

SSD

DCO and HPA

Considerations for data recovery

File system

NTFS

FAT

Environment for computing

Cloud computing

Software as a service (SaaS)

Platform as a service (SaaS)

Infrastructure as a service (SaaS)

Windows versions

Internet protocol (IP) address

Getting an IP address

Conclusion


3. Hard Disks and File Systems

Introduction

Structure

Objectives

Hard disk and file systems

File systems

Hard disk

Hard disk forensics

Analyzing the registry files

Conclusion


4. Requirements for a Computer Forensics Lab

Introduction

Structure

Objectives

Digital Forensic Lab

Physical requirements

Environment controls

Digital forensic equipment

Forensic hardware

Office electrical equipment

Networked devices

Forensic workstation

Commercial digital forensic workstations

Forensic software applications

Commercial forensics tools

Open-source forensic tools

Linux distributions

Virtualization

Lab information management system (LIMS)

Lab policies and procedures

Documentation

Lab accreditation

Conclusion


5. Acquiring Digital Evidence

Introduction

Structure

Objectives

Raw format

Advanced forensic format

EnCase: Expert witness transfers

Other file formats

Validation of forensic imaging files

Live memory acquisition

Virtual memory: Swap space

Challenges acquiring RAM

Administration privilege

Live RAM capturer

Magnet RAM capture

FTK imager

Acquiring nonvolatile memory

Hard disk acquisition

Acquiring physical resources

Logical acquisition

Sparse acquisition

Capturing hard drives using FTK imager

Network acquisition

Limitations of a forensic tool

Conclusion


6. Analysis of Digital Evidence

Introduction

Structure

Objectives

Arsenal Image Mounter

OSFMount

Autopsy

Analyzing RAM forensic image

Memoryze

Redline

Volatility framework

Conclusion


7. Windows Forensic Analysis

Introduction

Structure

Timeline analysis tools

File recovery

Undeleting files

Recycle bin forensics

Data carving

Associated user account action

Windows registry analysis

Windows registry architecture

Acquiring windows registry

Registry examination

Windows registry program keys

USB device forensics

Most recently used list

Network analysis

Windows shutdown time

UserAssist forensics

Printer registry information

File format identification

Windows thumbnail forensics

Windows 10 forensics

Notification area database

Cortana forensics

Conclusion


8. Web Browser and E-mail Forensics

Introduction

Structure

Objectives

Web browser forensics

Google chrome browser forensics

Top sites and shortcuts

Login data

Web data

Bookmarks

Bookmarks.bak

Cache folder

Mozilla Firefox Browser Forensics

Microsoft Edge browser forensics

Other Web browser investigation tools

Conclusion

References


9. E-mail Forensics

Introduction

Structure

Objectives

E-mails around us

E-mail communication steps

E-mail protocols

Examine e-mail headers

Reveal header information

View Gmail headers

View Outlook mail header

View Mozilla Thunderbird headers

View Outlook mail client header

Analyzing e-mail headers

Determine the sender’s geolocation and time zone

Conclusion


10. Anti-Forensics Techniques and Report Writing

Introduction

Structure

Objectives

Anti-forensics techniques

Digital Steganography

Text Steganography

Image Steganography

Audio-video Steganography

Network Steganography

Metadata manipulation

Encryption techniques

Disk encryption using open-source tools

Anonymity techniques

Digital forensic reports

Conclusion


11. Hands-on Lab Practical

Introduction

Lab 1: FTK imager

Lab 2: Magnet RAM capture

Lab 3: Memory forensics

Lab 4: Malware analysis

Lab 5: data hiding—Steganography

Lab 6: Recovering deleted files

Lab 7: Finding key evidence

Lab 8: Analyzing the registry for evidence

Lab 9: Analyzing Windows pre-fetch files for evidence

Lab 10: Browser forensics

Lab 11: Extracting EXIF data from graphics files

Index