Fundamentals of Digital Forensics Theory, Methods, and Real-Life Applications
Title:
Fundamentals of Digital Forensics Theory, Methods, and Real-Life Applications
Author:
Kävrestad, Joakim. author.
ISBN:
9783319963198
Personal Author:
Physical Description:
XII, 230 p. 124 illus., 6 illus. in color. online resource.
Contents:
Part I: Theory -- What is Digital Forensics? -- Cybercrime, Cyber-Aided Crime and Digital Evidence -- Computer Theory -- Notable Artifacts -- Decryption and Password Enforcing -- Collecting Evidence -- Analyzing Data and Writing Reports -- Part II: Put It to Practice -- Collecting Data -- Indexing and Searching -- Cracking -- Finding Artifacts -- Some Common Questions -- FTK Specifics -- Open Source or Freeware Tools -- Part III: Memory Forensics -- Memory Management -- Volatility -- Memory Analysis in Criminal Investigations -- Malware Analysis -- Part IV: Appendices -- Appendix A – Solutions -- Appendix B – Useful Scripts -- Appendix C – Sample Report (Template) -- Appendix D – List of Time Zones -- Appendix E – complete Jitsi Chat Log.
Abstract:
This hands-on textbook provides an accessible introduction to the fundamentals of digital forensics. The text contains thorough coverage of the theoretical foundations, explaining what computer forensics is, what it can do, and also what it can’t. A particular focus is presented on establishing sound forensic thinking and methodology, supported by practical guidance on performing typical tasks and using common forensic tools. Emphasis is also placed on universal principles, as opposed to content unique to specific legislation in individual countries. Topics and features: Introduces the fundamental concepts in digital forensics, and the steps involved in a forensic examination in a digital environment Discusses the nature of what cybercrime is, and how digital evidence can be of use during criminal investigations into such crimes Offers a practical overview of common practices for cracking encrypted data Reviews key artifacts that have proven to be important in several cases, highlighting where to find these and how to correctly interpret them Presents a survey of various different search techniques, and several forensic tools that are available for free Examines the functions of AccessData Forensic Toolkit and Registry Viewer Proposes methods for analyzing applications, timelining, determining the identity of the computer user, and deducing if the computer was remote controlled Describes the central concepts relating to computer memory management, and how to perform different types of memory analysis using the open source tool Volatility Provides review questions and practice tasks at the end of most chapters, and supporting video lectures on YouTube This easy-to-follow primer is an essential resource for students of computer forensics, and will also serve as a valuable reference for practitioners seeking instruction on performing forensic examinations in law enforcement or in the private sector. Joakim Kävrestad is a Lecturer in informatics at the University of Skövde, Sweden, with several years of experience as a forensic expert with the Swedish police.
Subject Term:
Added Corporate Author:
Electronic Access:
https://doi.org/10.1007/978-3-319-96319-8