Book Image

Practical Digital Forensics

By : Richard Boddington
Book Image

Practical Digital Forensics

By: Richard Boddington

Overview of this book

Digital Forensics is a methodology which includes using various tools, techniques, and programming language. This book will get you started with digital forensics and then follow on to preparing investigation plan and preparing toolkit for investigation. In this book you will explore new and promising forensic processes and tools based on ‘disruptive technology’ that offer experienced and budding practitioners the means to regain control of their caseloads. During the course of the book, you will get to know about the technical side of digital forensics and various tools that are needed to perform digital forensics. This book will begin with giving a quick insight into the nature of digital evidence, where it is located and how it can be recovered and forensically examined to assist investigators. This book will take you through a series of chapters that look at the nature and circumstances of digital forensic examinations and explains the processes of evidence recovery and preservation from a range of digital devices, including mobile phones, and other media. This book has a range of case studies and simulations will allow you to apply the knowledge of the theory gained to real-life situations. By the end of this book you will have gained a sound insight into digital forensics and its key components.

Related Content you might be interested in

Current Title:

Small book image
Practical Digital Forensics
Richard Boddington
May, 2016 | 372 pages
No titles found
Table of Contents (18 chapters)
Practical Digital Forensics
Practical Digital Forensics
Credits
Credits
About the Author
About the Author
Acknowledgment
Acknowledgment
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
The Role of Digital Forensics and Its Environment
The Role of Digital Forensics and Its Environment
Understanding the history and purpose of forensics – specifically, digital forensics
Defining digital forensics and its role
Looking at the history of digital forensics
Studying criminal investigations and cybercrime
Outlining civil investigations and the nature of e-discovery
The role of digital forensic practitioners and the challenges they face
Case studies
References
Summary
2
Hardware and Software Environments
Hardware and Software Environments
Describing computers and the nature of digital information
Operating systems
Describing filesystems that contain evidence
Locating evidence in filesystems
Explaining password security, encryption, and hidden files
Case study – linking the evidence to the user
References
Summary
3
The Nature and Special Properties of Digital Evidence
The Nature and Special Properties of Digital Evidence
Defining digital evidence
The special characteristics of digital evidence
The technical complexities of digital evidence
Determining the value and admissibility of digital evidence
Case study – linking the evidence to the user
References
Summary
4
Recovering and Preserving Digital Evidence
Recovering and Preserving Digital Evidence
Understanding the chain of custody
Describing the physical acquisition and safekeeping of digital evidence
Recovering digital evidence through forensic imaging processes
Acquiring digital evidence through live recovery processes
Outlining the efficacy of existing forensic tools and the emergence of enhanced processes and tools
Case studies – linking the evidence to the user
References
Summary
5
The Need for Enhanced Forensic Tools
The Need for Enhanced Forensic Tools
Digital forensics laboratories
Emerging problems confronting practitioners because of increasingly large and widely dispersed datasets
Processes and forensic tools to assist practitioners to deal more effectively with these challenges
Empowering non-specialist law enforcement personnel and other stakeholders to become more effective first respondents at digital crime scenes
Case study – illustrating the challenges of interrogating large datasets
References
Summary
6
Selecting and Analyzing Digital Evidence
Selecting and Analyzing Digital Evidence
Structured processes to locate and select digital evidence
Locating digital evidence
Selecting digital evidence
More effective forensic tools
Case study – illustrating the recovery of deleted evidence held in volume shadows
Summary
7
Windows and Other Operating Systems as Sources of Evidence
Windows and Other Operating Systems as Sources of Evidence
The Windows Registry and system files and logs as resources of digital evidence
Apple and other operating system structures
Remote access and malware threats
Case study – corroborating evidence using Windows Registry
References
Summary
8
Examining Browsers, E-mails, Messaging Systems, and Mobile Phones
Examining Browsers, E-mails, Messaging Systems, and Mobile Phones
Locating evidence from Internet browsing
Messaging systems
E-mail analysis and the processing of large e-mail databases
The growing challenge of evidence recovery from mobile phones and handheld devices
Case study – mobile phone evidence in a bomb hoax
Summary
9
Validating the Evidence
Validating the Evidence
The nature and problem of unsound digital evidence
Impartiality in selecting evidence
The structured and balanced analysis of digital evidence
Formalizing the validation of digital evidence
The presentation of digital evidence
Ethical issues confronting digital forensics practitioners
Case study – presumed unauthorized use of intellectual property
Summary
10
Empowering Practitioners and Other Stakeholders
Empowering Practitioners and Other Stakeholders
The evolving nature of digital evidence vis-à-vis the role of the practitioner
Solutions to the challenges posed by new hardware and software
More efficacious evidence recovery and preservation
Challenges posed by communication media and the cloud
The need for effective evidence processing and validation
Contingency planning
References
Summary
Index
Index

Outlining civil investigations and the nature of e-discovery

Private organizations are not governed by criminal law per se and usually involve litigation disputes and disciplinary investigations involving computers and network systems, which are becoming more frequent. Civil investigations may escalate and become criminal cases. Civil cases rely on civil law, torts, and process, and information may be recovered from the opposing party through civil remedies, notably, "discovery" as well as powers of search and seizure, such as those provided by Anton Piller orders or search orders.

This book looks primarily at digital forensics and, to some extent, civil investigations. However, in my experience, there is no real distinction between criminal and civil examinations when using digital forensics. Each group is looking for the same sort of evidence but arguably to different standards. The e-discovery is almost entirely a civil matter as it involves disputes between different organizations, so the concept of evidence is slightly different. I contend that the approach used in the past for e-discovery typically involved a large number of machines, and it can be applied to digital forensics with some refinements as the only way to handle large data volumes. Chapter 5, The Need for Enhanced Forensic Tools, outlines some new software tools capable of processing large datasets, offering some long-overdue support to practitioners working in both environments.

Previous Section
End of Section 6
Next Section