Practical Digital Forensics. Forensic Lab Setup, Evidence Analysis, and Structured Investigation Across Windows, Mobile, Browser, HDD, and Memory ISBN: 9789355511454
Table of Contents
1. Introduction to Digital Forensics
Introduction
Structure
Objectives
Defining digital forensics
Digital forensics goals
Defining cybercrime
Sources of cybercrime
Computers in cybercrimes
Digital forensics categories
Computer forensics
Mobile forensics
Network forensics
Database forensics
Forensic data analysis
Digital forensics users
Law enforcement
Civil ligation
Intelligence and counterintelligence
Digital forensics investigation types
Forensics readiness
Type of digital evidence
User-created data
Machine and network-created data
Locations of electronic evidence
Chain of custody
Examination process
Seizure
Acquisition
Analysis
Reporting
Conclusion
Multiple choice questions/questions
Learning Section
Answers
See in extra comments below
2. Essential Technical Concepts
Introduction
Structure
Objectives
Decimal (Base-10)
Binary
Hexadecimal (Base-16)
Hexadecimal (Base-64)
Character encoding schema
File carving
File structure
Digital file metadata
Timestamps decoder
Hash analysis
Calculate file hash
System memory
Types of computer memory storage
Primary storage
RAM
ROM
Secondary storage
Backup storage
HDD
Hard disk storage
SSD
DCO and HPA
Considerations for data recovery
File system
NTFS
FAT
Environment for computing
Cloud computing
Software as a service (SaaS)
Platform as a service (SaaS)
Infrastructure as a service (SaaS)
Windows versions
Internet protocol (IP) address
Getting an IP address
Conclusion
3. Hard Disks and File Systems
Introduction
Structure
Objectives
Hard disk and file systems
File systems
Hard disk
Hard disk forensics
Analyzing the registry files
Conclusion
4. Requirements for a Computer Forensics Lab
Introduction
Structure
Objectives
Digital Forensic Lab
Physical requirements
Environment controls
Digital forensic equipment
Forensic hardware
Office electrical equipment
Networked devices
Forensic workstation
Commercial digital forensic workstations
Forensic software applications
Commercial forensics tools
Open-source forensic tools
Linux distributions
Virtualization
Lab information management system (LIMS)
Lab policies and procedures
Documentation
Lab accreditation
Conclusion
5. Acquiring Digital Evidence
Introduction
Structure
Objectives
Raw format
Advanced forensic format
EnCase: Expert witness transfers
Other file formats
Validation of forensic imaging files
Live memory acquisition
Virtual memory: Swap space
Challenges acquiring RAM
Administration privilege
Live RAM capturer
Magnet RAM capture
FTK imager
Acquiring nonvolatile memory
Hard disk acquisition
Acquiring physical resources
Logical acquisition
Sparse acquisition
Capturing hard drives using FTK imager
Network acquisition
Limitations of a forensic tool
Conclusion
6. Analysis of Digital Evidence
Introduction
Structure
Objectives
Arsenal Image Mounter
OSFMount
Autopsy
Analyzing RAM forensic image
Memoryze
Redline
Volatility framework
Conclusion
7. Windows Forensic Analysis
Introduction
Structure
Timeline analysis tools
File recovery
Undeleting files
Recycle bin forensics
Data carving
Associated user account action
Windows registry analysis
Windows registry architecture
Acquiring windows registry
Registry examination
Windows registry program keys
USB device forensics
Most recently used list
Network analysis
Windows shutdown time
UserAssist forensics
Printer registry information
File format identification
Windows thumbnail forensics
Windows 10 forensics
Notification area database
Cortana forensics
Conclusion
8. Web Browser and E-mail Forensics
Introduction
Structure
Objectives
Web browser forensics
Google chrome browser forensics
Top sites and shortcuts
Login data
Web data
Bookmarks
Bookmarks.bak
Cache folder
Mozilla Firefox Browser Forensics
Microsoft Edge browser forensics
Other Web browser investigation tools
Conclusion
References
9. E-mail Forensics
Introduction
Structure
Objectives
E-mails around us
E-mail communication steps
E-mail protocols
Examine e-mail headers
Reveal header information
View Gmail headers
View Outlook mail header
View Mozilla Thunderbird headers
View Outlook mail client header
Analyzing e-mail headers
Determine the sender’s geolocation and time zone
Conclusion
10. Anti-Forensics Techniques and Report Writing
Introduction
Structure
Objectives
Anti-forensics techniques
Digital Steganography
Text Steganography
Image Steganography
Audio-video Steganography
Network Steganography
Metadata manipulation
Encryption techniques
Disk encryption using open-source tools
Anonymity techniques
Digital forensic reports
Conclusion
11. Hands-on Lab Practical
Introduction
Lab 1: FTK imager
Lab 2: Magnet RAM capture
Lab 3: Memory forensics
Lab 4: Malware analysis
Lab 5: data hiding—Steganography
Lab 6: Recovering deleted files
Lab 7: Finding key evidence
Lab 8: Analyzing the registry for evidence
Lab 9: Analyzing Windows pre-fetch files for evidence
Lab 10: Browser forensics
Lab 11: Extracting EXIF data from graphics files
Index
