eBook - ePub

The Basics of Digital Forensics

Name: The Basics of Digital Forensics
ISBN: 9780128018927

The Primer for Getting Started in Digital Forensics

John Sammons,

200 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

The Basics of Digital Forensics

The Primer for Getting Started in Digital Forensics

John Sammons,

About this book

The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book offers guidance on how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered. The new Second Edition of this book provides the reader with real-world examples and all the key technologies used in digital forensics, as well as new coverage of network intrusion response, how hard drives are organized, and electronic discovery. This valuable resource also covers how to incorporate quality assurance into an investigation, how to prioritize evidence items to examine (triage), case processing, and what goes into making an expert witness. - Learn what Digital Forensics entails - Build a toolkit and prepare an investigative plan - Understand the common artifacts to look for in an exam - Second Edition features all-new coverage of hard drives, triage, network intrusion response, and electronic discovery; as well as updated case studies and expert interviews

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription

No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline

Perlego offers two plans: Essential and Complete

Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.

Both plans are available with monthly, semester, or annual billing cycles.

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud

Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app

Yes, you can access The Basics of Digital Forensics by John Sammons in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Syngress

Year

2014

eBook ISBN

9780128018927

Edition

Topic

Computer Science

Subtopic

Cyber Security

Index

Computer Science

Chapter 1

Introduction

Abstract

Digital forensics has exploded over the last several years. It is used in a wide array of situations, including criminal and civil litigation, intelligence, and administrative proceedings. There are several organizations, including the American Academy of Forensic Sciences (AAFS), Scientific Working Group on Digital Evidence (SWGDE), American Society for Testing and Materials (ASTM), and National Institute of Standards and Technology that set the standards for digital forensics.

Keywords

American Society of Crime Laboratory Directors/Laboratory Accreditation Board, Electronic Discovery

Document and Media Exploitation (DOMEX)

Scientific Working Group on Digital Evidence (SWGDE)

American Academy of Forensic Sciences

CSI Effect

Forensics

“Each betrayal begins with trust.”

—“Farmhouse” by the band Phish

Information in this chapter

• What is Forensic Science?

• What is Digital Forensics?

• Uses of Digital Forensics

• Role of the Forensic Examiner in the Judicial System

Introduction

Your computer will betray you. This is a lesson that many CEOs, criminals, politicians, and ordinary citizens have learned the hard way. You are leaving a trail, albeit a digital one; it’s a trail nonetheless. Like a coating of fresh snow, these 1s and 0s capture our “footprints” as we go about our daily life.

Cell phone records, ATM transactions, web searches, e-mails, and text messages are a few of the footprints we leave. As a society, our heavy use of technology means that we are literally drowning in electronically stored information. And the tide keeps rolling in. Don’t believe me? Check out these numbers from the research company IDC:

• The digital universe (all the digital information in the world) will reach 1.2 million petabytes in 2010. That’s up by 62% from 2009.

If you can’t get your head around a petabyte, maybe this will help:

“One petabyte is equal to: 20 million, four-drawer filing cabinets filled with text or 13.3 years of HD-TV video” (Mozy, 2009).

The impact of our growing digital dependence is being felt in many domains, not the least of which is the legal system. Everyday, digital evidence is finding its way into the world’s courts. This is definitely not your father’s litigation. Gone are the days when records were strictly paper. This new form of evidence presents some very significant challenges to our legal system. Digital evidence is considerably different from paper documents and can’t be handled in the same way. Change, therefore, is inevitable. But the legal system doesn’t turn on a dime. In fact, it’s about as nimble as the Titanic. It’s struggling now to catch up with the blinding speed of technology.

Criminal, civil, and administrative proceedings often focus on digital evidence, which is foreign to many of the key players, including attorneys and judges. We all know folks who don’t check their own e-mail or even know how to surf the Internet. Some lawyers, judges, businesspeople, and cops fit squarely into that category as well. Unfortunately for those people, this blissful ignorance is no longer an option.

Where law-abiding society goes, the bad guys will be very close behind (if not slightly ahead). They have joined us on our laptops, cell phones, iPads, and the Internet. Criminals will always follow the money and leverage any tools, including technology, that can aid in the commission of their crimes.

Although forensic science has been around for years, digital forensics is still in its infancy. It’s still finding its place among the other more established forensic disciplines, such as DNA and toxicology. As a discipline, it is where DNA was many years ago. Standards and best practices are still being developed.

Digital forensics can’t be done without getting under the hood and getting your hands dirty, so to speak. It all starts with the 1s and 0s. This binary language underpins not only the function of the computer but how it stores data as well. We need to understand how these 1s and 0s are converted into the text, images, and videos we routinely consume and produce on our computers.

What is forensic science?

Let’s start by examining what it’s not. It certainly isn’t Humvees, sunglasses, and expensive suits. It isn’t done without lots of paperwork, and it’s never wrapped up in 60 minutes (with or without commercials). Now that we know what it isn’t, let’s examine what it is. Simply put, forensics is the application of science to solve a legal problem. In forensics, the law and science are forever integrated. Neither can be applied without paying homage to the other. The best scientific evidence in the world is worthless if it’s inadmissible in a court of law.

What is digital forensics?

There are many ways to define digital forensics. In Forensic Magazine, Ken Zatyko defined digital forensics this way:

“The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation” (Zatyko, 2007).

Digital forensics encompasses much more than just laptop and desktop computers. Mobile devices, networks, and “cloud” systems are very much within the scope of the discipline. It also includes the analysis of images, videos, and audio (in both analog and digital format). The focus of this kind of analysis is generally authenticity, comparison, and enhancement.

Uses of digital forensics

Digital forensics can be used in a variety of settings, including criminal investigations, civil litigation, intelligence, and administrative matters.

Criminal investigations

When you mention digital forensics in the context of a criminal investigation, people tend to think first in terms of child pornography and identity theft. Although those investigations certainly focus on digital evidence, they are by no means the only two. In today’s digital world, electronic evidence can be found in almost any criminal investigation. Homicide, sexual assault, robbery, and burglary are just a few of the many examples of “analog” crimes that can leave digital evidence.

One of the major struggles in law enforcement is to change the paradigm of the police and get them to think of and seek out digital evidence. Everyday digital devices such as cell phones and gaming consoles can hold a treasure trove of evidence. Unfortunately, none of that evidence will ever see a courtroom if it’s not first recognized and collected. As time moves on and our law enforcement agencies are replenished with “younger blood,” this will become less and less of a problem.

Bind, torture, kill

The case of Dennis Rader, better known as the BTK killer, is a great example of the critical role digital forensics can play in a criminal investigation. This case had national attention and, thanks to digital forensics, was solved 30 years later after it occurred. To all who knew him before his arrest, Dennis Rader was a family man, church member, and dedicated public servant. What they didn’t know was that he was also an accomplished serial killer. Dennis Rader, known as Bind, Torture, Kill (BTK), murdered ten people in Kansas from 1974 to 1991. Rader managed to avoid capture for more than 30 years until technology betrayed him.

After years of silence, Rader sent a letter to the Wichita Eagle newspaper declaring that he was responsible for the 1986 killing of a young mother. The letter was received by the Eagle on March 19, 2004. After conferring with the FBI’s Behavioral Analysis Unit, the police decided to attempt to communicate with BTK through the media.

In January 2005, Rader left a note for police, hidden in a cereal box in the back of a pickup truck belonging to a Home Depot employee. In the note, he said:

“Can I communicate with Floppy and not be traced to a computer. Be honest. Under Miscellaneous Section, 494, (Rex, it will be OK), run it for a few days in case I’m out of town-etc. I will try a floppy for a test run some time in the near future-February or March.”

The police did the only thing they could. They lied. As directed, they responded (via an ad in the Eagle) on January 28. The ad read: “Rex, it will be ok, Contact me PO Box 1st four ref. numbers at 67202.”

On February 16, a manila envelope arrived at KSAS-TV, the Fox affiliate in Wichita. Inside was a purple floppy disc from BTK. The disc contained a file named “Test A.rtf.” (The .rtf extension stands for “Rich Text Format”). A forensic exam of the file struck gold. The file’s metadata (the data about the data) gave investigators the leads they had been waiting more than 30 years to find. In addition to the “Date Created” (Thursday, February 10, 2005 6:05:34 PM) and the “Date Modified” (Monday, February 14, 2005 2:47:44 PM) were the “Title” (Christ Lutheran Church) and “Last Saved By:” (Dennis).

Armed with this information, investigators quickly logged on to the Christ Lutheran Church website. There they found that Dennis Rader was the president of the church’s Congregation Council. The noose was tightening, but it wasn’t tight enough. Investigators turned to DNA to make the case airtight. Detectives obtained a DNA sample from Rader’s daughter and compared it to DNA from BTK. The results proved that BTK was her father. On February 25, three days after the DNA sample arrived at the lab, Rader was arrested, sealing the fate of BTK. He is currently serving ten consecutive life sentences (Wichita Eagle).

Civil litigation

The use of digital forensics in civil cases is big business. In 2011, the estimated total worth of the electronic discovery market was somewhere north of (780 million (Global EDD Group). As part of a process known as electronic discovery (eDiscovery), digital forensics has become a major component of much high-dollar litigation. eDiscovery “refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case” (TechTarget, 2005).

In a civil case, both parties are generally entitled to examine the evidence that wil...