Book Image

Practical Digital Forensics

By : Richard Boddington
Book Image

Practical Digital Forensics

By: Richard Boddington

Overview of this book

Digital Forensics is a methodology which includes using various tools, techniques, and programming language. This book will get you started with digital forensics and then follow on to preparing investigation plan and preparing toolkit for investigation. In this book you will explore new and promising forensic processes and tools based on ‘disruptive technology’ that offer experienced and budding practitioners the means to regain control of their caseloads. During the course of the book, you will get to know about the technical side of digital forensics and various tools that are needed to perform digital forensics. This book will begin with giving a quick insight into the nature of digital evidence, where it is located and how it can be recovered and forensically examined to assist investigators. This book will take you through a series of chapters that look at the nature and circumstances of digital forensic examinations and explains the processes of evidence recovery and preservation from a range of digital devices, including mobile phones, and other media. This book has a range of case studies and simulations will allow you to apply the knowledge of the theory gained to real-life situations. By the end of this book you will have gained a sound insight into digital forensics and its key components.

Related Content you might be interested in

Current Title:

Small book image
Practical Digital Forensics
Richard Boddington
May, 2016 | 372 pages
No titles found
Table of Contents (18 chapters)
Practical Digital Forensics
Practical Digital Forensics
Credits
Credits
About the Author
About the Author
Acknowledgment
Acknowledgment
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
The Role of Digital Forensics and Its Environment
The Role of Digital Forensics and Its Environment
Understanding the history and purpose of forensics – specifically, digital forensics
Defining digital forensics and its role
Looking at the history of digital forensics
Studying criminal investigations and cybercrime
Outlining civil investigations and the nature of e-discovery
The role of digital forensic practitioners and the challenges they face
Case studies
References
Summary
2
Hardware and Software Environments
Hardware and Software Environments
Describing computers and the nature of digital information
Operating systems
Describing filesystems that contain evidence
Locating evidence in filesystems
Explaining password security, encryption, and hidden files
Case study – linking the evidence to the user
References
Summary
3
The Nature and Special Properties of Digital Evidence
The Nature and Special Properties of Digital Evidence
Defining digital evidence
The special characteristics of digital evidence
The technical complexities of digital evidence
Determining the value and admissibility of digital evidence
Case study – linking the evidence to the user
References
Summary
4
Recovering and Preserving Digital Evidence
Recovering and Preserving Digital Evidence
Understanding the chain of custody
Describing the physical acquisition and safekeeping of digital evidence
Recovering digital evidence through forensic imaging processes
Acquiring digital evidence through live recovery processes
Outlining the efficacy of existing forensic tools and the emergence of enhanced processes and tools
Case studies – linking the evidence to the user
References
Summary
5
The Need for Enhanced Forensic Tools
The Need for Enhanced Forensic Tools
Digital forensics laboratories
Emerging problems confronting practitioners because of increasingly large and widely dispersed datasets
Processes and forensic tools to assist practitioners to deal more effectively with these challenges
Empowering non-specialist law enforcement personnel and other stakeholders to become more effective first respondents at digital crime scenes
Case study – illustrating the challenges of interrogating large datasets
References
Summary
6
Selecting and Analyzing Digital Evidence
Selecting and Analyzing Digital Evidence
Structured processes to locate and select digital evidence
Locating digital evidence
Selecting digital evidence
More effective forensic tools
Case study – illustrating the recovery of deleted evidence held in volume shadows
Summary
7
Windows and Other Operating Systems as Sources of Evidence
Windows and Other Operating Systems as Sources of Evidence
The Windows Registry and system files and logs as resources of digital evidence
Apple and other operating system structures
Remote access and malware threats
Case study – corroborating evidence using Windows Registry
References
Summary
8
Examining Browsers, E-mails, Messaging Systems, and Mobile Phones
Examining Browsers, E-mails, Messaging Systems, and Mobile Phones
Locating evidence from Internet browsing
Messaging systems
E-mail analysis and the processing of large e-mail databases
The growing challenge of evidence recovery from mobile phones and handheld devices
Case study – mobile phone evidence in a bomb hoax
Summary
9
Validating the Evidence
Validating the Evidence
The nature and problem of unsound digital evidence
Impartiality in selecting evidence
The structured and balanced analysis of digital evidence
Formalizing the validation of digital evidence
The presentation of digital evidence
Ethical issues confronting digital forensics practitioners
Case study – presumed unauthorized use of intellectual property
Summary
10
Empowering Practitioners and Other Stakeholders
Empowering Practitioners and Other Stakeholders
The evolving nature of digital evidence vis-à-vis the role of the practitioner
Solutions to the challenges posed by new hardware and software
More efficacious evidence recovery and preservation
Challenges posed by communication media and the cloud
The need for effective evidence processing and validation
Contingency planning
References
Summary
Index
Index

Studying criminal investigations and cybercrime

In line with more established forensic disciplines, digital forensics, a comparatively new field, also involves preserving the crime scene in a digital environment. Digital forensics practitioners examine evidence recovered from the complete range of digital devices and networks. This requires some understanding of computer technology, notwithstanding the advent of more automated forensic processes and tools.

Note

Many examinations do not necessarily end in a criminal case and may become part of civil legal action or internal disciplinary procedures. The reverse, of course, is also common, when a civil case can result in criminal prosecution.

Digital forensics falls into three broad categories:

  • Public investigations: These are state initiated

  • Private investigations: These are corporate

  • Individual: These are often in the form of e-discovery

Personnel misconduct investigation requiring digital forensic examinations is an emerging category. Defense and intelligence forensic examinations are considered another category, but it is not covered in this book.

Evidence found on a computer may be presented in a court of law to support accusations of crime or civil action such as:

  • Murder and acts of violence

  • Fraud, money laundering, and theft

  • Extortion

  • Involvement with narcotics

  • Sabotage and record destruction

  • Pedophilia and cyberstalking

  • Terrorism and bomb threats

  • Family violence

Typically, criminal investigations and prosecutions involve government agencies that work within the framework of criminal law. Law enforcement officers are granted search and seizure powers under relevant criminal laws that enable them to locate and capture devices suspected of being used in crimes or to facilitate them.

Previous Section
End of Section 5
Next Section