Table of Contents......Page 5
About the Author......Page 13
About the Technical Reviewer......Page 14
Acknowledgments......Page 15
Introduction......Page 16
Chapter 1: Introduction: Understanding Digital Forensics......Page 20
What Is Digital Forensics?......Page 21
Digital Forensics Goals......Page 22
Cybercrime Attack Mode......Page 23
Malware Distribution......Page 24
SQL Injections......Page 25
Phishing......Page 26
DDoS Attacks......Page 27
Computer Forensics......Page 28
Forensics Data Analysis......Page 29
Civil Ligation......Page 30
Intelligence and Counterintelligence......Page 31
Digital Forensics Investigation Types......Page 32
The Importance of Forensic Readiness for Organizations......Page 33
Digital Evidence......Page 35
Digital Evidence Types......Page 36
Machine/Network-Created Data......Page 37
Locations of Electronic Evidence......Page 39
Challenge of Acquiring Digital Evidence......Page 40
Who Should Collect Digital Evidence?......Page 42
Chain of Custody......Page 43
Seizure......Page 45
Acquisition......Page 46
Analysis......Page 47
Digital Forensics Process Official Guides......Page 48
Digital Forensics Certifications......Page 49
Digital Forensics vs. Other Computing Domain......Page 51
Chapter Summary......Page 52
Decimal (Base-10)......Page 53
Binary......Page 54
Hexadecimal (Base-16)......Page 55
Computer Character Encoding Schema......Page 58
File Structure......Page 59
Digital File Metadata......Page 61
Timestamps Decoder (Tool)......Page 64
Method Two: Using the Built-In Windows Hashing Feature......Page 65
Types of Computer Storage......Page 66
RAM......Page 67
ROM......Page 68
HDD......Page 69
How Is Data Stored on the HDD?......Page 70
SSD......Page 71
Optical Data Storage......Page 72
HPA and DCO......Page 73
NTFS......Page 76
Computing Environment......Page 77
Cloud Computing......Page 78
Infrastructure as a Service (IaaS)......Page 79
Windows Version Variations......Page 80
What Is an IP Address?......Page 81
Digital Forensics Resources and Study Materials......Page 83
Chapter Summary......Page 84
Chapter 3: Computer Forensics Lab Requirements......Page 86
Lab Physical Facility Requirements......Page 88
Environment Controls......Page 90
Hardware Equipment......Page 91
Evidence Container......Page 93
Forensic Workstation......Page 94
Commercial Forensics Tools......Page 96
Free and Open Source Forensic Tools......Page 97
Laboratory Information Management System (LIMS)......Page 98
Validation and Verification of Forensics Hardware and Software......Page 99
Lab Manager......Page 100
Lab Data Backup......Page 101
Training Requirements......Page 102
Lab Policies and Procedures......Page 103
Lab Accreditation Requirements......Page 104
Step 1: Self-Assessment......Page 105
Step 4: Implementation......Page 106
Chapter Summary......Page 107
Chapter 4: Initial Response and  First Responder Tasks......Page 109
Search and Seizure......Page 110
Consent to Search......Page 111
Search Warrant......Page 113
First Responder Toolkit......Page 114
First Responder Tasks......Page 115
Order of Volatility......Page 120
Documenting the Digital Crime Scene......Page 121
Packaging and Transporting Electronic Devices......Page 122
First Responder Questions When Contacted by a Client......Page 123
Witness Interview Questions......Page 124
Chapter Summary......Page 125
Chapter 5: Acquiring Digital Evidence......Page 127
AFF......Page 128
Forensics Image File Validation......Page 129
Acquiring Volatile Memory (Live Acquisition)......Page 130
Virtual Memory (Swap Space)......Page 131
Windows Is Locked......Page 132
Capturing Tool Footprint......Page 133
Capturing RAM Using the DumpIt Tool......Page 134
Belkasoft Live RAM Capturer......Page 136
Capture RAM with FTK Imager......Page 137
Acquiring Nonvolatile Memory (Static Acquisition)......Page 140
Hard Drive Acquisition Methods......Page 141
Logical Acquisition......Page 142
Sparse Acquisition......Page 143
Using FTK Imager to Capture Hard Drive......Page 144
Hard Drive Imaging Risks and Challenges......Page 151
Corrupted or Physically Damaged Hard Drive......Page 152
Network Acquisition......Page 153
Other Challenges......Page 154
Chapter Summary......Page 155
Analyzing Hard Drive Forensic Images......Page 156
Arsenal Image Mounter......Page 157
OSFMount......Page 158
Launching the Wizard and Creating Your First Case......Page 160
How Long Should It Take to Finish the Data Source Analysis Process?......Page 168
Importing a Hash Database......Page 172
Redline......Page 177
Capturing a RAM Memory Using Redline......Page 178
Memory Forensics Using Redline......Page 185
Volatility Framework......Page 188
Chapter Summary......Page 192
Chapter 7: Windows Forensics Analysis......Page 193
Creating a Timeline Using Autopsy......Page 195
Generate a Timeline Report Using Autopsy......Page 197
File Recovery......Page 200
Windows Recycle Bin Forensics......Page 201
Data Carving......Page 207
Architecture of Windows Registry......Page 208
Acquiring Windows Registry......Page 211
Registry Examination......Page 212
Automatic Startup Locations......Page 213
Installed Program Keys in the Windows Registry......Page 215
USB Device Forensics......Page 217
Most Recently Used List......Page 220
Network Analysis......Page 222
Windows Shutdown Time......Page 224
Printer Registry Information......Page 225
Deleted Registry Key Recovery......Page 226
File Format Identification......Page 228
Windows Prefetch Analysis......Page 231
Windows Thumbnail Forensics......Page 233
Jump Lists Forensics......Page 234
AUTOMATICDESTINATIONS-MS......Page 235
CUSTOMDESTINATIONS-MS......Page 236
LNK File Forensics......Page 237
Windows File Analyzer (WFA)......Page 239
Event Log Analysis......Page 240
Hidden Hard Drive Partition Analysis......Page 244
Windows Minidump File Forensics......Page 246
Pagefile.sys......Page 248
Swapfile.sys......Page 249
Windows Volume Shadow Copies Forensics......Page 250
ShadowCopyView......Page 251
Windows 10 Forensics......Page 253
Notification Area Database......Page 254
Cortana Forensics......Page 257
Chapter Summary......Page 259
Chapter 8: Web Browser and E-mail Forensics......Page 260
IE......Page 261
Microsoft Edge Web Browser......Page 264
Firefox......Page 266
Google Chrome......Page 270
History......Page 272
Login Data......Page 275
Bookmarks......Page 276
Cache Folder......Page 277
Other Web Browser Investigation Tools......Page 278
E-mail Forensics......Page 280
Steps in E-mail Communications......Page 281
List of E-mail Protocols......Page 282
E-mail Header Examination......Page 283
View Full Gmail Headers......Page 284
View E-mail Header Using Outlook Mail......Page 285
View Full E-mail Header in Outlook Mail Client......Page 287
Analyzing E-mail Headers......Page 288
eMailTrackerPro (www.emailtrackerpro.com)......Page 291
Determining a Sender’s Geographic Location......Page 294
Investigating E-mail Clients......Page 296
Webmail Forensics......Page 300
E-mail Investigations Challenge......Page 301
Chapter Summary......Page 302
Chapter 9: Antiforensics Techniques......Page 303
Classification of Antiforensics Techniques......Page 304
Digital Steganography......Page 305
Text Steganography......Page 306
Image Steganography......Page 307
Audio-Video Steganography......Page 309
Digital Steganography Tools......Page 310
Data Destruction and Antirecovery Techniques......Page 311
Files’ Metadata Manipulation......Page 313
Encryption Techniques......Page 315
FDE......Page 316
Windows BitLocker......Page 317
EFS......Page 318
Password Cracking......Page 319
Cryptographic Anonymity Techniques......Page 320
Direct Attacks Against Computer Forensics Tools......Page 321
Chapter Summary......Page 322
Chapter 10: Gathering Evidence from OSINT Sources......Page 323
Goals of OSINT Collection......Page 324
OSINF Categories......Page 325
OSINT Benefits......Page 327
Challenges of OSINT......Page 328
The OSINT Cycle......Page 329
OSINT Gathering and the Need for Privacy......Page 330
Surface Web......Page 331
Darknet......Page 332
Online Resources......Page 333
Chapter Summary......Page 334
Report Main Elements......Page 335
Autogenerated Report......Page 336
Chapter Summary......Page 338
Index......Page 339

lgrsnf/Z:\Bibliotik_\A Library\Info_Sec\Digital Forensics Basics A Practical Guide Using Windows OS.pdf

nexusstc/Digital Forensics Basics : A Practical Guide Using Windows OS/acf35fffaf9624ac17ad95904eeba677.pdf

scihub/10.1007/978-1-4842-3838-7.pdf

zlib/Computers/Internet & World Wide Web/Nihad A. Hassan/Digital forensics basics: a practical guide using Windows OS_11001177.pdf

Digital forensics basics ǂa ǂpractical guide using Windows OS

Nihad A. Hassan

Apress, Incorporated

Springer Nature, [Berkeley, California], 2019

United States, United States of America

1st ed., 2019-02-26

New York, cop. 2019

1st ed., FR, 2019

Feb 26, 2019

lg2859883

{"edition":"1","isbns":["1484238370","1484238389","9781484238370","9781484238387"],"last_page":342,"publisher":"Apress","source":"libgen_rs"}

Use this hands-on, introductory guide to understand and implement digital forensics to investigate computer crime using Windows, the most widely used operating system. This book provides you with the necessary skills to identify an intruder's footprints and to gather the necessary digital evidence in a forensically sound manner to prosecute in a court of law.
Directed toward users with no experience in the digital forensics field, this book provides guidelines and best practices when conducting investigations as well as teaching you how to use a variety of tools to investigate computer crime. You will be prepared to handle problems such as law violations, industrial espionage, and use of company resources for private use.
__Digital Forensics Basics__ is written as a series of tutorials with each task demonstrating how to use a specific computer forensics tool or technique. Practical information is provided and users can read a task and then implement it directly on their devices. Some theoretical information is presented to define terms used in each technique and for users with varying IT skills.
**What You’ll Learn**
* Assemble computer forensics lab requirements, including workstations, tools, and more
* Document the digital crime scene, including preparing a sample chain of custody form
* Differentiate between law enforcement agency and corporate investigations
* Gather intelligence using OSINT sources
* Acquire and analyze digital evidence
* Conduct in-depth forensic analysis of Windows operating systems covering Windows 10–specific feature forensics
* Utilize anti-forensic techniques, including steganography, data destruction techniques, encryption, and anonymity techniques
**Who This Book Is For**
Police and other law enforcement personnel, judges (with no technical background), corporate and nonprofit management, IT specialists and computer security professionals, incident response team members, IT military and intelligence services officers, system administrators, e-business security professionals, and banking and insurance professionals

"Use this hands-on, introductory guide to understand and implement digital forensics to investigate computer crime using Windows, the most widely used operating system. This book provides you with the necessary skills to identify an intruder's footprints and to gather the necessary digital evidence in a forensically sound manner to prosecute in a court of law. Directed toward users with no experience in the digital forensics field, this book provides guidelines and best practices when conducting investigations as well as teaching you how to use a variety of tools to investigate computer crime. You will be prepared to handle problems such as law violations, industrial espionage, and use of company resources for private use. Digital Forensics Basics is written as a series of tutorials with each task demonstrating how to use a specific computer forensics tool or technique. Practical information is provided and users can read a task and then implement it directly on their devices. Some theoretical information is presented to define terms used in each technique and for users with varying IT skills."--Provided by publisher

2020-11-29