Skip to main content
main-content

Über dieses Buch

Use this hands-on, introductory guide to understand and implement digital forensics to investigate computer crime using Windows, the most widely used operating system. This book provides you with the necessary skills to identify an intruder's footprints and to gather the necessary digital evidence in a forensically sound manner to prosecute in a court of law.

Directed toward users with no experience in the digital forensics field, this book provides guidelines and best practices when conducting investigations as well as teaching you how to use a variety of tools to investigate computer crime. You will be prepared to handle problems such as law violations, industrial espionage, and use of company resources for private use.

Digital Forensics Basics is written as a series of tutorials with each task demonstrating how to use a specific computer forensics tool or technique. Practical information is provided and users can read a task and then implement it directly on their devices. Some theoretical information is presented to define terms used in each technique and for users with varying IT skills.

What You’ll Learn

Assemble computer forensics lab requirements, including workstations, tools, and more

Document the digital crime scene, including preparing a sample chain of custody form

Differentiate between law enforcement agency and corporate investigationsGather intelligence using OSINT sources

Acquire and analyze digital evidence

Conduct in-depth forensic analysis of Windows operating systems covering Windows 10–specific feature forensicsUtilize anti-forensic techniques, including steganography, data destruction techniques, encryption, and anonymity techniques

Who This Book Is For

Police and other law enforcement personnel, judges (with no technical background), corporate and nonprofit management, IT specialists and computer security professionals, incident response team members, IT military and intelligence services officers, system administrators, e-business security professionals, and banking and insurance professionals

Inhaltsverzeichnis

Frontmatter

Chapter 1. Introduction: Understanding Digital Forensics

Abstract
As the world goes digital, the use of computerized systems to provide services and store information becomes prevalent in both the public and private sectors. Individuals also use computing devices heavily in their daily lives; it is rare to see a person who is not dependent on some form of computing device to organize his or her digital data or to communicate with others.
Nihad A. Hassan

Chapter 2. Essential Technical Concepts

Abstract
Conducting a digital forensics investigation requires a thorough understanding of some of the main technical concepts of computing. Knowing how data is stored in computers, number theory, how digital files are structured, and the types of storage units and the difference between them are essential areas to know how to locate and handle digital evidence. While this book is intended for those with working knowledge of using computers in general (especially Windows OS), there are some technical theories that first must be discussed because of their importance in conducting digital forensics examinations. This chapter will cover those basic concepts.
Nihad A. Hassan

Chapter 3. Computer Forensics Lab Requirements

Abstract
With the increased number of cybercrime attacks that hit both the public and the private sector, the need for computer forensics lab to capture and analyze digital evidence with high accuracy increases. You may think that computer forensics labs are limited to law enforcement agencies. However, this is not true: many corporations in the United States maintain digital forensics labs with advanced investigation capabilities that exceed those of many police labs.
Nihad A. Hassan

Chapter 4. Initial Response and First Responder Tasks

Abstract
When an incident that involves digital evidence is reported, the entity (public agency or private laboratory) responsible for conducting the investigation will send one or more individuals to investigate the case; this person is called the “first responder,” and he/she is responsible for conducting the initial investigation of the incident to determine its root cause.
Nihad A. Hassan

Chapter 5. Acquiring Digital Evidence

Abstract
The main task of a computer forensics investigator is to acquire and analyze computing devices’ memory images. In a nutshell, a memory image—widely known as a forensic image—is a static snapshot of all or part of the data on a computing devices’ secondary storage (e.g., HDD, SSD), attached storage device (e.g., USB thumb drive, external hard drive, magnetic tape), or RAM memory (when performing live acquisition on running systems). We can think of this image as a container of data, where you can store individual files or the whole drive/live memory files in one image file.
Nihad A. Hassan

Chapter 6. Analyzing Digital Evidence

Abstract
In the previous chapter, we’ve covered how to capture/create a forensic image of both RAM and hard drive memories. Now, we are ready to move on to the next part of forensic work, which is analyzing acquired images for interesting leads.
Nihad A. Hassan

Chapter 7. Windows Forensics Analysis

Abstract
In July 2018, the market share of the Windows operating system (desktop version) range stood at 82.88%. This means that the majority of personal computers worldwide run using this operating system (using its different versions) (see Figure 7-1). Obviously, a world running on Windows computers certainly means that most of our digital forensic work involves investigating this type of OS; knowing how to find your way using Windows is a must for any digital forensics practitioner.
Nihad A. Hassan

Chapter 8. Web Browser and E-mail Forensics

Abstract
Internet applications already installed on Windows can give important information about user actions performed previously on his/her computer. For instance, a web browser is the only way to access the Internet, and criminals are using it to commit crimes related to the Internet or to target other users online. Internet users use web browsers to socialize, purchase online items, or to send e-mails and browse the web contents, among other things. This fact makes web browsers the preferred target for malicious actors to steal confidential information like account credentials.
Nihad A. Hassan

Chapter 9. Antiforensics Techniques

Abstract
As we mentioned before, digital forensics, also known as cyber or computer forensics, is a branch of forensic science that uses scientific knowledge, methodology, and rigor to aid the solving of crimes and incidents by collecting, analyzing, and presenting digital evidence to use in remedial action or a court of law. The primary goal of digital forensics is to perform a structured investigation of digital evidence and prepare this evidence for presentation in a court of law. Digital forensic investigators use different forensic tools to collect, preserve, and interpret digital evidence. Based on their findings, they will draw conclusions and present these conclusions to those who will act on them.
Nihad A. Hassan

Chapter 10. Gathering Evidence from OSINT Sources

Abstract
In today’s digital age, it is rare to meet a person with an Internet connection who doesn’t also own one or more accounts on different social media sites. People tend to post considerable amounts of personal details on their social media profiles: this includes personal photos, social interactions, and any kind of personal information you can imagine.
Nihad A. Hassan

Chapter 11. Digital Forensics Report

Abstract
Creating a report is the final phase of any investigation, where an investigator presents his/her findings during the digital forensics examination to the entity which was impacted by the cyberattack, or to the court if it is a public investigation.
Nihad A. Hassan

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise