Introduction to Digital Forensics
Introduction to Digital Forensics
A "short and sweet" introduction to the topic of Digital Forensics
This book is a "short and sweet" introduction to the topic of Digital Forensics, covering theoretical, practical and legal aspects. The first part of the book focuses on the history of digital forensics as a discipline and discusses the traits and requirements needed to become an forensic analyst. The middle portion of the book constitutes a general guide to a digital forensic investigation, mostly focusing on computers. It finishes with a discussion of the legal aspects of digital forensics as well as some other observations for managers or other interested parties.
Contents
- Introduction
- Overview of the topic and introduction to the book
- So you want to be a forensic analyst?
- Who can benefit from this material?
- Requirements
- Hardware and software requirements
Digital forensics
- A history
- A brief history of the discipline
- Types of investigations
- Investigations can take many forms
- The forensic process
- Description of the traditional digital forensic process
- Terminology
- Before we begin, explanation of some words
Acquiring Evidence
- Documenting evidence
- How to document exhibits and media
- Acquisition
- Notes on the authentication of evidence
- Example task
- Have a go at recording and acquiring some data
Analysis
- Forensic tools
- Common forensic tools and their uses
- First steps in analysis
- Where to begin? Often a daunting question
- Chat, email and internet artefacts
- One of the main areas of investigation will be the internet cache
- Image investigations
- Images can contain a wealth of information
- Linux & Mac
- Some significant differences & problems exist when examining different operating systems
- Example task
- Perform a simple analysis
Reporting findings
- Reporting
- Reporting is one of the key aspects of digital forensics
- Giving expert evidence
- How to defend your findings in court
- Example task
- Try your hand at putting together a simple report
Mobile devices
- Mobile devices
- An introduction to mobile device forensics
- Mobile forensics tools
- Hardware/software for mobile analysis
- Mobile device analysis
- Specific notes for analysing mobile devices
Legal considerations
- Criminal investigations
- Considerations when investigating crime
- Civil investigations (eDiscovery)
- The various rules relating to civil investigation
- Seizing digital media
- Important considerations apply to how and when you can seize media
Advice
- Managing an investigation
- Advice for managers handling a digital investigation
- Anti-forensics
- Counter measures to impair forensics analysis