The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics
By John Sammons
()
About this ebook
The Basics of Digital Forensics provides a foundation for people new to the field of digital forensics. This book teaches you how to conduct examinations by explaining what digital forensics is, the methodologies used, key technical concepts and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud, and Internet are discussed. Readers will also learn how to collect evidence, document the scene, and recover deleted data. This is the only resource your students need to get a jump-start into digital forensics investigations.
This book is organized into 11 chapters. After an introduction to the basics of digital forensics, the book proceeds with a discussion of key technical concepts. Succeeding chapters cover labs and tools; collecting evidence; Windows system artifacts; anti-forensics; Internet and email; network forensics; and mobile device forensics. The book concludes by outlining challenges and concerns associated with digital forensics. PowerPoint lecture slides are also available.
This book will be a valuable resource for entry-level digital forensics professionals as well as those in complimentary fields including law enforcement, legal, and general information security.
- Learn all about what Digital Forensics entails
- Build a toolkit and prepare an investigative plan
- Understand the common artifacts to look for during an exam
John Sammons
John Sammons is an Associate Professor and Director of the undergraduate program in Digital Forensics and Information Assurance at Marshall University in Huntington, West Virginia. John teaches digital forensics, electronic discovery, information security and technology in the School of Forensic and Criminal Justices Sciences. He's also adjunct faculty with the Marshall University graduate forensic science program where he teaches the advanced digital forensics course. John, a former police officer, is also an Investigator with the Cabell County Prosecuting Attorney’s Office and a member of the West Virginia Internet Crimes Against Children Task Force. He is a Member of the American Academy of Forensic Sciences, the High Technology Crime Investigation Association, and Infragard. John is the founder and President of the Appalachian Institute of Digital Evidence. AIDE is a non-profit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement and information security practitioners in the private sector. He is the author of best-selling book, The Basics of Digital Forensics published by Syngress.
Read more from John Sammons
The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics Rating: 4 out of 5 stars4/5The Basics of Cyber Safety: Computer and Mobile Device Safety Made Easy Rating: 5 out of 5 stars5/5Digital Forensics Trial Graphics: Teaching the Jury through Effective Use of Visuals Rating: 0 out of 5 stars0 ratings
Related to The Basics of Digital Forensics
Related ebooks
Computer Forensics: A Pocket Guide Rating: 4 out of 5 stars4/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility Rating: 3 out of 5 stars3/5Cloud Storage Forensics Rating: 4 out of 5 stars4/5Implementing Digital Forensic Readiness: From Reactive to Proactive Process Rating: 0 out of 5 stars0 ratingsPlacing the Suspect Behind the Keyboard: Using Digital Forensics and Investigative Techniques to Identify Cybercrime Suspects Rating: 0 out of 5 stars0 ratingsInvestigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace Rating: 0 out of 5 stars0 ratingsCybersecurity Law, Standards and Regulations, 2nd Edition Rating: 0 out of 5 stars0 ratingsBuilding an Intelligence-Led Security Program Rating: 5 out of 5 stars5/5Botnets: The Killer Web Applications Rating: 5 out of 5 stars5/5OS X Incident Response: Scripting and Analysis Rating: 0 out of 5 stars0 ratingsMastering Mobile Forensics Rating: 0 out of 5 stars0 ratingsBecoming an Ethical Hacker Rating: 4 out of 5 stars4/5Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats Rating: 3 out of 5 stars3/5How to Investigate Like a Rockstar: Hacking the Planet Rating: 0 out of 5 stars0 ratingsHacking the Hacker: Learn From the Experts Who Take Down Hackers Rating: 3 out of 5 stars3/5Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers Rating: 0 out of 5 stars0 ratingsCyber Attacks: Protecting National Infrastructure Rating: 4 out of 5 stars4/5Practical Cyber Forensics: An Incident-Based Approach to Forensic Investigations Rating: 0 out of 5 stars0 ratingsCarry On: Sound Advice from Schneier on Security Rating: 4 out of 5 stars4/5CISSP:Cybersecurity Operations and Incident Response: Digital Forensics with Exploitation Frameworks & Vulnerability Scans Rating: 0 out of 5 stars0 ratingsDefending IoT Infrastructures with the Raspberry Pi: Monitoring and Detecting Nefarious Behavior in Real Time Rating: 0 out of 5 stars0 ratingsDigital Evidence and Computer Crime: Forensic Science, Computers, and the Internet Rating: 4 out of 5 stars4/5Practical Digital Forensics Rating: 0 out of 5 stars0 ratingsDigital Forensics with Open Source Tools Rating: 3 out of 5 stars3/5Mobile Forensics – Advanced Investigative Strategies Rating: 0 out of 5 stars0 ratingsOperating System Forensics Rating: 4 out of 5 stars4/5
Security For You
How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Codes and Ciphers Rating: 5 out of 5 stars5/5
Reviews for The Basics of Digital Forensics
0 ratings0 reviews
Book preview
The Basics of Digital Forensics - John Sammons
Index
Chapter 1
Introduction
Information in This Chapter:
What Is Forensic Science?
What Is Digital Forensics?
Uses of Digital Forensics
Role of the Forensic Examiner in the Judicial System
American Society of Crime Laboratory Directors/Laboratory Accreditation Board, Electronic Discovery, Document and Media Exploitation (DOMEX), Scientific Working Group on Digital Evidence (SWGDE), American Academy of Forensic Sciences, CSI Effect
Each betrayal begins with trust.
—Farmhouse
by the band Phish
Introduction
Your computer will betray you. This is a lesson that many CEO's, criminals, politicians, and ordinary citizens have learned the hard way. You are leaving a trail, albeit a digital one; it's a trail nonetheless. Like a coating of fresh snow, these 1s and 0s capture our footprints
as we go about our daily life.
Cell phone records, ATM transactions, web searches, e-mails, and text messages are a few of the footprints we leave. As a society, our heavy use of technology means that we are literally drowning in electronically stored information. And the tide keeps rolling in. Don't believe me? Check out these numbers from the research company IDC:
The digital universe (all the digital information in the world) will reach 1.2 million petabytes in 2010. That's up by 62% from 2009.
If you can't get your head around a petabyte, maybe this will help:
One petabyte is equal to: 20 million, four-drawer filing cabinets filled with text or 13.3 years of HD-TV video.
(Mozy, 2009)
The impact of our growing digital dependence is being felt in many domains, not the least of which is the legal system. Everyday, digital evidence is finding its way into the world's courts. This is definitely not your father's litigation. Gone are the days when records were strictly paper. This new form of evidence presents some very significant challenges to our legal system. Digital evidence is considerably different from paper documents and can't be handled in the same way. Change, therefore, is inevitable. But the legal system doesn't turn on a dime. In fact, it's about as nimble as the Titanic. It's struggling now to catch-up with the blinding speed of technology.
Criminal, civil, and administrative proceedings often focus on digital evidence, which is foreign to many of the key players, including attorneys and judges. We all know folks who don't check their own e-mail or even know how to surf the Internet. Some lawyers, judges, businesspeople, and cops fit squarely into that category as well. Unfortunately for those people, this blissful ignorance is no longer an option.
Where law-abiding society goes, the bad guys will be very close behind (if not slightly ahead). They have joined us on our laptops, cell phones, iPads, and the Internet. Criminals will always follow the money and leverage any tools, including technology, that can aid in the commission of their crimes.
Although forensic science has been around for years, digital forensics is still in its infancy. It's still finding its place among the other more established forensic disciplines, such as DNA and toxicology. As a discipline, it is where DNA was many years ago. Standards and best practices are still being developed.
Digital forensics can't be done without getting under the hood and getting your hands dirty, so to speak. It all starts with the 1's and 0's. This binary language underpins not only the function of the computer but how it stores data as well. We need to understand how these 1's and 0's are converted into the text, images, and videos we routinely consume and produce on our computers.
What is Forensic Science?
Let's start by examining what it's not. It certainly isn't Humvees, sunglasses, and expensive suits. It isn't done without lots of paperwork, and it's never wrapped up in sixty minutes (with or without commercials). Now that we know what it isn't, let's examine what it is. Simply put, forensics is the application of science to solve a legal problem. In forensics, the law and science are forever integrated. Neither can be applied without paying homage to the other. The best scientific evidence in the world is worthless if it's inadmissible in a court of law.
What is Digital Forensics?
There are many ways to define digital forensics. In Forensic Magazine, Ken Zatyko defined digital forensics this way:
The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation.
(Zatyko, 2007)
Digital forensics encompasses much more than just laptop and desktop computers. Mobile devices, networks, and cloud
systems are very much within the scope of the discipline. It also includes the analysis of images, videos, and audio (in both analog and digital format). The focus of this kind of analysis is generally authenticity, comparison, and enhancement.
Uses of Digital Forensics
Digital forensics can be used in a variety of settings, including criminal investigations, civil litigation, intelligence, and administrative