Learn Computer Forensics - Second Edition

Learn Computer Forensics - Second Edition

by William Oettinger
Released July 2022
Publisher(s): Packt Publishing
ISBN: 9781803238302

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Learn Computer Forensics from a veteran investigator and technical trainer and explore how to properly document digital evidence collected

Key Features

  • Investigate the core methods of computer forensics to procure and secure advanced digital evidence skillfully
  • Record the digital evidence collected and organize a forensic examination on it
  • Perform an assortment of Windows scientific examinations to analyze and overcome complex challenges

Book Description

Computer Forensics, being a broad topic, involves a variety of skills which will involve seizing electronic evidence, acquiring data from electronic evidence, data analysis, and finally developing a forensic report.

This book will help you to build up the skills you need to work in a highly technical environment. This book's ideal goal is to get you up and running with forensics tools and techniques to successfully investigate crime and corporate misconduct. You will discover ways to collect personal information about an individual from online sources. You will also learn how criminal investigations are performed online while preserving data such as e-mails, images, and videos that may be important to a case. You will further explore networking and understand Network Topologies, IP Addressing, and Network Devices. Finally, you will how to write a proper forensic report, the most exciting portion of the forensic exam process.

By the end of this book, you will have developed a clear understanding of how to acquire, analyze, and present digital evidence, like a proficient computer forensics investigator.

What you will learn

  • Explore the investigative process, rules of evidence, legal process, and ethical guidelines
  • Understand the difference between sectors, clusters, volumes, and file slack
  • Validate forensic equipment, computer program, and examination methods
  • Create and validate forensically sterile media
  • Gain the ability to draw conclusions based on the exam discoveries
  • Record discoveries utilizing the technically correct terminology
  • Discover the limitations and guidelines for RAM Capture and its tools
  • Explore timeline analysis, media analysis, string searches, and recovery of deleted data

Who this book is for

This book is for IT beginners, students, or an investigator in the public or private sector. This book will also help IT professionals who are new to incident response and digital forensics and are looking at choosing cybersecurity as their career. Individuals planning to pass the Certified Forensic Computer Examiner (CFCE) certification will also find this book useful.

Table of contents

  1. Preface
    1. Who this book is for
    2. What this book covers
    3. Get in touch
  2. Types of Computer-Based Investigations
    1. Introduction to computer-based investigations
    2. Criminal investigations
      1. First responders
      2. Investigators
      3. Crime scene technician
        1. Illicit images
      4. The crime of stalking
      5. Criminal conspiracy
    3. Corporate investigations
      1. Employee misconduct
      2. Corporate espionage
        1. Security
        2. Threat Actors
        3. Social engineering
        4. Real-world experience
      3. Insider threat
    4. Case studies
      1. Dennis Rader
      2. Silk Road
      3. San Bernardino terror attack
      4. Theft of intellectual property
    5. Summary
    6. Questions
    7. Further reading
  3. The Forensic Analysis Process
    1. Pre-investigation considerations
      1. The forensic workstation
      2. The response kit
      3. Forensic software
      4. Forensic investigator training
    2. Understanding case information and legal issues
    3. Understanding data acquisition
      1. Chain of custody
    4. Understanding the analysis process
      1. Dates and time zones
      2. Hash analysis
      3. File signature analysis
      4. Antivirus
    5. Reporting your findings
      1. Details to include in your report
      2. Document facts and circumstances
      3. The report conclusion
    6. Summary
    7. Questions
    8. Further reading
  4. Acquisition of Evidence
    1. Exploring evidence
    2. Understanding the forensic examination environment
    3. Tool validation
    4. Creating sterile media
      1. Understanding write blocking
        1. Hardware write blocker
        2. Software write blocker
    5. Defining forensic imaging
      1. DD image
      2. EnCase evidence file
      3. SSD device
      4. Imaging tools
        1. FTK Imager
        2. PALADIN
    6. Summary
    7. Questions
    8. Further reading
  5. Computer Systems
    1. Understanding the boot process
      1. Forensic boot media
        1. Creating a bootable forensic device
      2. Hard drives
        1. Drive geometry
      3. MBR (Master Boot Record) partitions
        1. Extended partitions
      4. GPT partitions
      5. Host Protected Area (HPA) and Device Configuration Overlay (DCO)
    2. Understanding filesystems
      1. The FAT filesystem
        1. Boot record
        2. File allocation table
      2. Data area
      3. Long filenames
      4. Recovering deleted files
      5. Slack space
    3. Understanding the NTFS filesystem
    4. Summary
    5. Questions
    6. Further reading
  6. Computer Investigation Process
    1. Timeline analysis
      1. X-Ways
        1. Plaso (Plaso Langar Að Safna Öllu)
    2. Media analysis
    3. String search
    4. Recovering deleted data
    5. Summary
    6. Questions
    7. Further reading
    8. Exercise
      1. Data set
      2. Software needed
      3. Email exercise
      4. Data carving exercise
  7. Windows Artifact Analysis
    1. Understanding user profiles
    2. Understanding Windows Registry
    3. Determining account usage
      1. Last login/last password change
    4. Determining file knowledge
      1. Exploring the thumbcache
      2. Exploring Microsoft browsers
      3. Determining most recently used/recently used
      4. Looking into the Recycle Bin
      5. Understanding shortcut (LNK) files
      6. Deciphering JumpLists
      7. Opening shellbags
      8. Understanding prefetch
    5. Identifying physical locations
      1. Determining time zones
      2. Exploring network history
      3. Understanding the WLAN event log
    6. Exploring program execution
      1. Determining UserAssist
      2. Exploring the Shimcache
    7. Understanding USB/attached devices
    8. Summary
    9. Questions
    10. Further reading
    11. Exercise
      1. Data set
      2. Software needed
      3. Scenario
  8. RAM Memory Forensic Analysis
    1. Fundamentals of memory
    2. Random access memory?
    3. Identifying sources of memory
    4. Capturing RAM
      1. Preparing the capturing device
        1. Exploring RAM capture tools
        2. Using DumpIt
        3. Using FTK Imager
    5. Exploring RAM analyzing tools
      1. Using Bulk Extractor
      2. Using VOLIX II
    6. Summary
    7. Questions
    8. Further reading
  9. Email Forensics – Investigation Techniques
    1. Understanding email protocols
      1. Understanding SMTP – Simple Mail Transfer Protocol
      2. Understanding the Post Office Protocol
      3. IMAP – Internet Message Access Protocol
      4. Understanding web-based email
    2. Decoding email
      1. Understanding the email message format
      2. Email attachments
    3. Understanding client-based email analysis
      1. Exploring Microsoft Outlook/Outlook Express
      2. Exploring Microsoft Windows Live Mail
      3. Mozilla Thunderbird
    4. Understanding WebMail analysis
    5. Summary
    6. Questions
    7. Further reading
    8. Exercise
      1. Data set
      2. Software needed
      3. Scenario
        1. Interviews
      4. Email accounts
      5. Question to answer
  10. Internet Artifacts
    1. Understanding browsers
      1. Exploring Google Chrome
        1. Understanding bookmarks
        2. Understanding the Chrome history file
        3. Cookies
        4. Cache
        5. Passwords
      2. Exploring Internet Explorer/Microsoft Edge (Old Version)
        1. Bookmarks
        2. IE history
        3. Typed URL
        4. Cache
        5. Cookies
      3. Exploring Firefox
        1. Profiles
        2. Cache
        3. Cookies
        4. History
        5. Passwords
        6. Bookmarks
    2. Social media
      1. Facebook
      2. Twitter
      3. Service provider
    3. P2P file sharing
      1. Ares
      2. eMule
      3. Shareaza
    4. Cloud computing
    5. Summary
    6. Questions
    7. Further reading
  11. Online Investigations
    1. Undercover investigations
      1. Undercover platform
      2. Online persona
    2. Background searches
    3. Preserving online communications
    4. Summary
    5. Questions
    6. Further reading
  12. Networking Basics
    1. The Open Source Interconnection (OSI) model
      1. Physical (Layer 1)
      2. Data link (Layer 2)
      3. Network (Layer 3)
      4. Transport (Layer 4)
      5. Session (Layer 5)
      6. Presentation (Layer 6)
      7. Application (Layer 7)
      8. Encapsulation
    2. TCP/IP
      1. IPv4
        1. Port numbers
      2. IPv6
        1. Application layer protocols
        2. Transport layer protocols
        3. Internet layer protocols
    3. Summary
    4. Questions
    5. Further reading
  13. Report Writing
    1. Effective note taking
    2. Writing the report
      1. Evidence analyzed
      2. Acquisition details
      3. Analysis details
      4. Exhibits/technical details
    3. Summary
    4. Questions
    5. Further reading
  14. Expert Witness Ethics
    1. Understanding the types of proceedings
    2. Beginning the preparation phase
    3. Understanding the curriculum vitae
    4. Understanding testimony and evidence
    5. Understanding the importance of ethical behavior
    6. Summary
    7. Questions
    8. Further reading
  15. Assessments
    1. Chapter 01
    2. Chapter 02
    3. Chapter 03
    4. Chapter 04
    5. Chapter 05
    6. Chapter 06
    7. Chapter 07
    8. Chapter 08
    9. Chapter 09
    10. Chapter 10
    11. Chapter 11
    12. Chapter 12
    13. Chapter 13
  16. Other Books You May Enjoy
  17. Index

Product information

  • Title: Learn Computer Forensics - Second Edition
  • Author(s): William Oettinger
  • Release date: July 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781803238302