وبلاگ بلیان

Digital Forensics Basics : A Practical Guide Using Windows OS

جلد کتاب Digital Forensics Basics : A Practical Guide Using Windows OS

معرفی کتاب «Digital Forensics Basics : A Practical Guide Using Windows OS» نوشتهٔ Michael Rees و Hassan, Nihad A.، منتشرشده توسط نشر Apress : Imprint: Apress در سال 2019. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

Table of Contents......Page 5 About the Author......Page 13 About the Technical Reviewer......Page 14 Acknowledgments......Page 15 Introduction......Page 16 Chapter 1: Introduction: Understanding Digital Forensics......Page 20 What Is Digital Forensics?......Page 21 Digital Forensics Goals......Page 22 Cybercrime Attack Mode......Page 23 Malware Distribution......Page 24 SQL Injections......Page 25 Phishing......Page 26 DDoS Attacks......Page 27 Computer Forensics......Page 28 Forensics Data Analysis......Page 29 Civil Ligation......Page 30 Intelligence and Counterintelligence......Page 31 Digital Forensics Investigation Types......Page 32 The Importance of Forensic Readiness for Organizations......Page 33 Digital Evidence......Page 35 Digital Evidence Types......Page 36 Machine/Network-Created Data......Page 37 Locations of Electronic Evidence......Page 39 Challenge of Acquiring Digital Evidence......Page 40 Who Should Collect Digital Evidence?......Page 42 Chain of Custody......Page 43 Seizure......Page 45 Acquisition......Page 46 Analysis......Page 47 Digital Forensics Process Official Guides......Page 48 Digital Forensics Certifications......Page 49 Digital Forensics vs. Other Computing Domain......Page 51 Chapter Summary......Page 52 Decimal (Base-10)......Page 53 Binary......Page 54 Hexadecimal (Base-16)......Page 55 Computer Character Encoding Schema......Page 58 File Structure......Page 59 Digital File Metadata......Page 61 Timestamps Decoder (Tool)......Page 64 Method Two: Using the Built-In Windows Hashing Feature......Page 65 Types of Computer Storage......Page 66 RAM......Page 67 ROM......Page 68 HDD......Page 69 How Is Data Stored on the HDD?......Page 70 SSD......Page 71 Optical Data Storage......Page 72 HPA and DCO......Page 73 NTFS......Page 76 Computing Environment......Page 77 Cloud Computing......Page 78 Infrastructure as a Service (IaaS)......Page 79 Windows Version Variations......Page 80 What Is an IP Address?......Page 81 Digital Forensics Resources and Study Materials......Page 83 Chapter Summary......Page 84 Chapter 3: Computer Forensics Lab Requirements......Page 86 Lab Physical Facility Requirements......Page 88 Environment Controls......Page 90 Hardware Equipment......Page 91 Evidence Container......Page 93 Forensic Workstation......Page 94 Commercial Forensics Tools......Page 96 Free and Open Source Forensic Tools......Page 97 Laboratory Information Management System (LIMS)......Page 98 Validation and Verification of Forensics Hardware and Software......Page 99 Lab Manager......Page 100 Lab Data Backup......Page 101 Training Requirements......Page 102 Lab Policies and Procedures......Page 103 Lab Accreditation Requirements......Page 104 Step 1: Self-Assessment......Page 105 Step 4: Implementation......Page 106 Chapter Summary......Page 107 Chapter 4: Initial Response and First Responder Tasks......Page 109 Search and Seizure......Page 110 Consent to Search......Page 111 Search Warrant......Page 113 First Responder Toolkit......Page 114 First Responder Tasks......Page 115 Order of Volatility......Page 120 Documenting the Digital Crime Scene......Page 121 Packaging and Transporting Electronic Devices......Page 122 First Responder Questions When Contacted by a Client......Page 123 Witness Interview Questions......Page 124 Chapter Summary......Page 125 Chapter 5: Acquiring Digital Evidence......Page 127 AFF......Page 128 Forensics Image File Validation......Page 129 Acquiring Volatile Memory (Live Acquisition)......Page 130 Virtual Memory (Swap Space)......Page 131 Windows Is Locked......Page 132 Capturing Tool Footprint......Page 133 Capturing RAM Using the DumpIt Tool......Page 134 Belkasoft Live RAM Capturer......Page 136 Capture RAM with FTK Imager......Page 137 Acquiring Nonvolatile Memory (Static Acquisition)......Page 140 Hard Drive Acquisition Methods......Page 141 Logical Acquisition......Page 142 Sparse Acquisition......Page 143 Using FTK Imager to Capture Hard Drive......Page 144 Hard Drive Imaging Risks and Challenges......Page 151 Corrupted or Physically Damaged Hard Drive......Page 152 Network Acquisition......Page 153 Other Challenges......Page 154 Chapter Summary......Page 155 Analyzing Hard Drive Forensic Images......Page 156 Arsenal Image Mounter......Page 157 OSFMount......Page 158 Launching the Wizard and Creating Your First Case......Page 160 How Long Should It Take to Finish the Data Source Analysis Process?......Page 168 Importing a Hash Database......Page 172 Redline......Page 177 Capturing a RAM Memory Using Redline......Page 178 Memory Forensics Using Redline......Page 185 Volatility Framework......Page 188 Chapter Summary......Page 192 Chapter 7: Windows Forensics Analysis......Page 193 Creating a Timeline Using Autopsy......Page 195 Generate a Timeline Report Using Autopsy......Page 197 File Recovery......Page 200 Windows Recycle Bin Forensics......Page 201 Data Carving......Page 207 Architecture of Windows Registry......Page 208 Acquiring Windows Registry......Page 211 Registry Examination......Page 212 Automatic Startup Locations......Page 213 Installed Program Keys in the Windows Registry......Page 215 USB Device Forensics......Page 217 Most Recently Used List......Page 220 Network Analysis......Page 222 Windows Shutdown Time......Page 224 Printer Registry Information......Page 225 Deleted Registry Key Recovery......Page 226 File Format Identification......Page 228 Windows Prefetch Analysis......Page 231 Windows Thumbnail Forensics......Page 233 Jump Lists Forensics......Page 234 AUTOMATICDESTINATIONS-MS......Page 235 CUSTOMDESTINATIONS-MS......Page 236 LNK File Forensics......Page 237 Windows File Analyzer (WFA)......Page 239 Event Log Analysis......Page 240 Hidden Hard Drive Partition Analysis......Page 244 Windows Minidump File Forensics......Page 246 Pagefile.sys......Page 248 Swapfile.sys......Page 249 Windows Volume Shadow Copies Forensics......Page 250 ShadowCopyView......Page 251 Windows 10 Forensics......Page 253 Notification Area Database......Page 254 Cortana Forensics......Page 257 Chapter Summary......Page 259 Chapter 8: Web Browser and E-mail Forensics......Page 260 IE......Page 261 Microsoft Edge Web Browser......Page 264 Firefox......Page 266 Google Chrome......Page 270 History......Page 272 Login Data......Page 275 Bookmarks......Page 276 Cache Folder......Page 277 Other Web Browser Investigation Tools......Page 278 E-mail Forensics......Page 280 Steps in E-mail Communications......Page 281 List of E-mail Protocols......Page 282 E-mail Header Examination......Page 283 View Full Gmail Headers......Page 284 View E-mail Header Using Outlook Mail......Page 285 View Full E-mail Header in Outlook Mail Client......Page 287 Analyzing E-mail Headers......Page 288 eMailTrackerPro (www.emailtrackerpro.com)......Page 291 Determining a Sender’s Geographic Location......Page 294 Investigating E-mail Clients......Page 296 Webmail Forensics......Page 300 E-mail Investigations Challenge......Page 301 Chapter Summary......Page 302 Chapter 9: Antiforensics Techniques......Page 303 Classification of Antiforensics Techniques......Page 304 Digital Steganography......Page 305 Text Steganography......Page 306 Image Steganography......Page 307 Audio-Video Steganography......Page 309 Digital Steganography Tools......Page 310 Data Destruction and Antirecovery Techniques......Page 311 Files’ Metadata Manipulation......Page 313 Encryption Techniques......Page 315 FDE......Page 316 Windows BitLocker......Page 317 EFS......Page 318 Password Cracking......Page 319 Cryptographic Anonymity Techniques......Page 320 Direct Attacks Against Computer Forensics Tools......Page 321 Chapter Summary......Page 322 Chapter 10: Gathering Evidence from OSINT Sources......Page 323 Goals of OSINT Collection......Page 324 OSINF Categories......Page 325 OSINT Benefits......Page 327 Challenges of OSINT......Page 328 The OSINT Cycle......Page 329 OSINT Gathering and the Need for Privacy......Page 330 Surface Web......Page 331 Darknet......Page 332 Online Resources......Page 333 Chapter Summary......Page 334 Report Main Elements......Page 335 Autogenerated Report......Page 336 Chapter Summary......Page 338 Index......Page 339 Use this hands-on, introductory guide to understand and implement digital forensics to investigate computer crime using Windows, the most widely used operating system. This book provides you with the necessary skills to identify an intruder's footprints and to gather the necessary digital evidence in a forensically sound manner to prosecute in a court of law. Directed toward users with no experience in the digital forensics field, this book provides guidelines and best practices when conducting investigations as well as teaching you how to use a variety of tools to investigate computer crime. You will be prepared to handle problems such as law violations, industrial espionage, and use of company resources for private use. __Digital Forensics Basics__ is written as a series of tutorials with each task demonstrating how to use a specific computer forensics tool or technique. Practical information is provided and users can read a task and then implement it directly on their devices. Some theoretical information is presented to define terms used in each technique and for users with varying IT skills. **What You’ll Learn** * Assemble computer forensics lab requirements, including workstations, tools, and more * Document the digital crime scene, including preparing a sample chain of custody form * Differentiate between law enforcement agency and corporate investigations * Gather intelligence using OSINT sources * Acquire and analyze digital evidence * Conduct in-depth forensic analysis of Windows operating systems covering Windows 10–specific feature forensics * Utilize anti-forensic techniques, including steganography, data destruction techniques, encryption, and anonymity techniques **Who This Book Is For** Police and other law enforcement personnel, judges (with no technical background), corporate and nonprofit management, IT specialists and computer security professionals, incident response team members, IT military and intelligence services officers, system administrators, e-business security professionals, and banking and insurance professionals "Use this hands-on, introductory guide to understand and implement digital forensics to investigate computer crime using Windows, the most widely used operating system. This book provides you with the necessary skills to identify an intruder's footprints and to gather the necessary digital evidence in a forensically sound manner to prosecute in a court of law. Directed toward users with no experience in the digital forensics field, this book provides guidelines and best practices when conducting investigations as well as teaching you how to use a variety of tools to investigate computer crime. You will be prepared to handle problems such as law violations, industrial espionage, and use of company resources for private use. Digital Forensics Basics is written as a series of tutorials with each task demonstrating how to use a specific computer forensics tool or technique. Practical information is provided and users can read a task and then implement it directly on their devices. Some theoretical information is presented to define terms used in each technique and for users with varying IT skills."--Provided by publisher
دانلود کتاب Digital Forensics Basics : A Practical Guide Using Windows OS