eBook - ePub
The Basics of Digital Forensics
The Primer for Getting Started in Digital Forensics
John Sammons
This is a test
Share book
- 200 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
The Basics of Digital Forensics
The Primer for Getting Started in Digital Forensics
John Sammons
Book details
Book preview
Table of contents
Citations
About This Book
The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book offers guidance on how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered.
The new Second Edition of this book providesthe readerwith real-world examples and all the key technologies used in digital forensics, as well as new coverage of network intrusion response, how hard drives are organized, and electronic discovery. This valuable resource also covers how to incorporate quality assurance into an investigation, how to prioritize evidence items to examine (triage), case processing, and what goes into making an expert witness.
- Learn what Digital Forensics entails
- Build a toolkit and prepare an investigative plan
- Understand the common artifacts to look for in an exam
- Second Edition features all-new coverage of hard drives, triage, network intrusion response, and electronic discovery; as well as updated case studies andexpert interviews
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoās features. The only differences are the price and subscription period: With the annual plan youāll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is The Basics of Digital Forensics an online PDF/ePUB?
Yes, you can access The Basics of Digital Forensics by John Sammons in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.
Information
Chapter 1
Introduction
Abstract
Digital forensics has exploded over the last several years. It is used in a wide array of situations, including criminal and civil litigation, intelligence, and administrative proceedings. There are several organizations, including the American Academy of Forensic Sciences (AAFS), Scientific Working Group on Digital Evidence (SWGDE), American Society for Testing and Materials (ASTM), and National Institute of Standards and Technology that set the standards for digital forensics.
Keywords
American Society of Crime Laboratory Directors/Laboratory Accreditation Board, Electronic Discovery
Document and Media Exploitation (DOMEX)
Scientific Working Group on Digital Evidence (SWGDE)
American Academy of Forensic Sciences
CSI Effect
Forensics
āEach betrayal begins with trust.ā
āāFarmhouseā by the band Phish
Information in this chapter
ā¢ What is Forensic Science?
ā¢ What is Digital Forensics?
ā¢ Uses of Digital Forensics
ā¢ Role of the Forensic Examiner in the Judicial System
Introduction
Your computer will betray you. This is a lesson that many CEOs, criminals, politicians, and ordinary citizens have learned the hard way. You are leaving a trail, albeit a digital one; itās a trail nonetheless. Like a coating of fresh snow, these 1s and 0s capture our āfootprintsā as we go about our daily life.
Cell phone records, ATM transactions, web searches, e-mails, and text messages are a few of the footprints we leave. As a society, our heavy use of technology means that we are literally drowning in electronically stored information. And the tide keeps rolling in. Donāt believe me? Check out these numbers from the research company IDC:
ā¢ The digital universe (all the digital information in the world) will reach 1.2 million petabytes in 2010. Thatās up by 62% from 2009.
If you canāt get your head around a petabyte, maybe this will help:
āOne petabyte is equal to: 20 million, four-drawer filing cabinets filled with text or 13.3 years of HD-TV videoā (Mozy, 2009).
The impact of our growing digital dependence is being felt in many domains, not the least of which is the legal system. Everyday, digital evidence is finding its way into the worldās courts. This is definitely not your fatherās litigation. Gone are the days when records were strictly paper. This new form of evidence presents some very significant challenges to our legal system. Digital evidence is considerably different from paper documents and canāt be handled in the same way. Change, therefore, is inevitable. But the legal system doesnāt turn on a dime. In fact, itās about as nimble as the Titanic. Itās struggling now to catch up with the blinding speed of technology.
Criminal, civil, and administrative proceedings often focus on digital evidence, which is foreign to many of the key players, including attorneys and judges. We all know folks who donāt check their own e-mail or even know how to surf the Internet. Some lawyers, judges, businesspeople, and cops fit squarely into that category as well. Unfortunately for those people, this blissful ignorance is no longer an option.
Where law-abiding society goes, the bad guys will be very close behind (if not slightly ahead). They have joined us on our laptops, cell phones, iPads, and the Internet. Criminals will always follow the money and leverage any tools, including technology, that can aid in the commission of their crimes.
Although forensic science has been around for years, digital forensics is still in its infancy. Itās still finding its place among the other more established forensic disciplines, such as DNA and toxicology. As a discipline, it is where DNA was many years ago. Standards and best practices are still being developed.
Digital forensics canāt be done without getting under the hood and getting your hands dirty, so to speak. It all starts with the 1s and 0s. This binary language underpins not only the function of the computer but how it stores data as well. We need to understand how these 1s and 0s are converted into the text, images, and videos we routinely consume and produce on our computers.
What is forensic science?
Letās start by examining what itās not. It certainly isnāt Humvees, sunglasses, and expensive suits. It isnāt done without lots of paperwork, and itās never wrapped up in 60 minutes (with or without commercials). Now that we know what it isnāt, letās examine what it is. Simply put, forensics is the application of science to solve a legal problem. In forensics, the law and science are forever integrated. Neither can be applied without paying homage to the other. The best scientific evidence in the world is worthless if itās inadmissible in a court of law.
What is digital forensics?
There are many ways to define digital forensics. In Forensic Magazine, Ken Zatyko defined digital forensics this way:
āThe application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentationā (Zatyko, 2007).
Digital forensics encompasses much more than just laptop and desktop computers. Mobile devices, networks, and ācloudā systems are very much within the scope of the discipline. It also includes the analysis of images, videos, and audio (in both analog and digital format). The focus of this kind of analysis is generally authenticity, comparison, and enhancement.
Uses of digital forensics
Digital forensics can be used in a variety of settings, including criminal investigations, civil litigation, intelligence, and administrative matters.
Criminal investigations
When you mention digital forensics in the context of a criminal investigation, people tend to think first in terms of child pornography and identity theft. Although those investigations certainly focus on digital evidence, they are by no means the only two. In todayās digital world, electronic evidence can be found in almost any criminal investigation. Homicide, sexual assault, robbery, and burglary are just a few of the many examples of āanalogā crimes that can leave digital evidence.
One of the major struggles in law enforcement is to change the paradigm of the police and get them to think of and seek out digital evidence. Everyday digital devices such as cell phones and gaming consoles can hold a treasure trove of evidence. Unfortunately, none of that evidence will ever see a courtroom if itās not first recognized and collected. As time moves on and our law enforcement agencies are replenished with āyounger blood,ā this will become less and less of a problem.
Bind, torture, kill
The case of Dennis Rader, better known as the BTK killer, is a great example of the critical role digital forensics can play in a criminal investigation. This case had national attention and, thanks to digital forensics, was solved 30 years later after it occurred. To all who knew him before his arrest, Dennis Rader was a family man, church member, and dedicated public servant. What they didnāt know was that he was also an accomplished serial killer. Dennis Rader, known as Bind, Torture, Kill (BTK), murdered ten people in Kansas from 1974 to 1991. Rader managed to avoid capture for more than 30 years until technology betrayed him.
After years of silence, Rader sent a letter to the Wichita Eagle newspaper declaring that he was responsible for the 1986 killing of a young mother. The letter was received by the Eagle on March 19, 2004. After conferring with the FBIās Behavioral Analysis Unit, the police decided to attempt to communicate with BTK through the media.
In January 2005, Rader left a note for police, hidden in a cereal box in the back of a pickup truck belonging to a Home Depot employee. In the note, he said:
āCan I communicate with Floppy and not be traced to a computer. Be honest. Under Miscellaneous Section, 494, (Rex, it will be OK), run it for a few days in case Iām out of town-etc. I will try a floppy for a test run some time in the near future-February or March.ā
The police did the only thing they could. They lied. As directed, they responded (via an ad in the Eagle) on January 28. The ad read: āRex, it will be ok, Contact me PO Box 1st four ref. numbers at 67202.ā
On February 16, a manila envelope arrived at KSAS-TV, the Fox affiliate in Wichita. Inside was a purple floppy disc from BTK. The disc contained a file named āTest A.rtf.ā (The .rtf extension stands for āRich Text Formatā). A forensic exam of the file struck gold. The fileās metadata (the data about the data) gave investigators the leads they had been waiting more than 30 years to find. In addition to the āDate Createdā (Thursday, February 10, 2005 6:05:34 PM) and the āDate Modifiedā (Monday, February 14, 2005 2:47:44 PM) were the āTitleā (Christ Lutheran Church) and āLast Saved By:ā (Dennis).
Armed with this information, investigators quickly logged on to the Christ Lutheran Church website. There they found that Dennis Rader was the president of the churchās Congregation Council. The noose was tightening, but it wasnāt tight enough. Investigators turned to DNA to make the case airtight. Detectives obtained a DNA sample from Raderās daughter and compared it to DNA from BTK. The results proved that BTK was her father. On February 25, three days after the DNA sample arrived at the lab, Rader was arrested, sealing the fate of BTK. He is currently serving ten consecutive life sentences (Wichita Eagle).
Civil litigation
The use of digital forensics in civil cases is big business. In 2011, the estimated total worth of the electronic discovery market was somewhere north of (780 million (Global EDD Group). As part of a process known as electronic discovery (eDiscovery), digital forensics has become a major component of much high-dollar litigation. eDiscovery ārefers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal caseā (TechTarget, 2005).
In a civil case, both parties are generally entitled to examine the evidence that wil...