COMPUTER FORENSICS JUMPSTART VOL. 1

Dear eForensic Readers!

We would like to present you new issue of Computer Forensics , devoted to Computer Forensics Jumpstart.

In front of you you have the best practical pill for everyone who’d like to become en expert in digital forensics field.  129 pages of practical tips, trials and tutorials for everyone who’d like to dive into Computer Forensics. Go from ZERO to HERO with eForensics!

Check what you can find inside:

DIGITAL FORENSICS IN A NUTSHELL by Barry Kokotailo

Before 1999, formal dedicated digital forensics toolkits did not exist. Then came the first free open source tool to perform digital forensics: The Coroners Toolkit created by Dan Farmer and Wietse Venema (http://www.porcupine.org/forensics/tct.html). This sparked a massive revolution in the science and art of digital forensics. This article will deal with the stages in a digital forensics examination, the tools used by most forensics people, and some final thoughts on the world of forensics.

HOW TO QUICKLY PROGRESS TO AN EXPERT FORENSICS CONSULTANT by Andrew Bycroft

In our information economy we are deeply immersed in technology for a large portion of each day and by that very nature, we are all leaving behind clues about ourselves and our activities – so called digital fingerprints. Should someone step across the boundary into the realm of dubious or criminal activities, those digital fingerprints are the very evidence that forensic consultants are engaged to find. If the field of forensics is on your radar, then this article will teach you the fundamentals to launch your career as a forensics consultant.

A STEP BY STEP GUIDE TO BEGINNING COMPUTER FORENSICS by David Biser

We live in an era of digital connectivity such as the world has never known. Each age has one symbol that seems to identify it to all other time periods, for instance Roman is known by the Imperial Eagle, the Industrial Revolution by the machines that were developed and used, our age can probably be symbolized by 1s and 0s. Nearly everyone is connected to the Internet in some form or manner, by smart phone, tablet or laptop. With such connectivity comes crime which brings the need for investigators with a specific skill set to be able to investigate, track and apprehend criminals in the digital world. This is where the exciting and ever changing world of computer forensics begins. As a computer forensic examiner you will find yourself tracking child pornographers, cyber thieves and terrorists, responding to the worst of crimes, all in an effort to deter and stop cyber crime. A very exciting field indeed!

WINDOWS REGISTRY FORENSICS 101 by Jason Stradley

This article meant to serve as a very basic introduction to the Windows registry and its usefulness as a resource for certain types of forensics investigation. Windows 9x/ME, Windows CE, Windows NT/2003 store configurations data in a data structure called the Registry. The Windows Registry contains lots of information that are of potential evidential value or helpful in aiding forensics examiners on other aspects of forensic analysis. It is central repository for configuration data that is stored in a hierarchical manner.

REVIEW OF “GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS” 4TH EDITION byRichard Leitz

DIGITAL FORENSICS – OVERVIEW OF SEARCH & SEIZURE by Patrick Ouellette

When we hear people talk about forensics, we typically imagine scenes from Crime Scene Investigation (CSI) or Crime Scene Unit (CSU) shows or movies so popularized in recent years. Although glamorized and using shortened time-frames for processes involved, these shows do adequately represent standard criminal and crime scene investigative and analytical processes. However, the reality of a digital crime is a much more complex one and involves a much broader spectrum of knowledge and skills related to technologies, non-localized criminal element that may not even be human in nature, and potential theories. In this article, we will discuss the basic processes of search and seizure as it applies to the investigative portion of a digital forensic case. This is intended to be the first in a series of articles in which the author will explore the different aspects and processes of digital forensics.

A PRACTICAL APPROACH TO TIMELINING by Davide Barbato

Sometimes we need to investigate a data breach, an identity thief, a program execution or, in a more general way, we need to know what happened on a system on a specific time: to accomplish that, we need to create a timeline of the system activities so we can add context data to our investigation. As it is, timelining refers to the technique used to keep tracks of changes occurred in an operating system by creating a timeline of activities, pulled down from various data sources, as the investigation process requires.

UNDERSTANDING FILE METADATA by Chris Sampson

Metadata exists throughout data storage systems, from the creation and modification dates stored within the file system, through to specific information embedded within the content of a file. Metadata can be hugely important to any forensic investigation, knowing how to extract this information and spot when it has been manipulated can prove very important. This article, aimed at those new to forensics, looks at various forms of metadata and provides examples of the way in which we can manually retrieve this information using the information that is available within our operating systems and moving on to other tools which can be used to extract this data from many different file types.

MALWARE ANALYSIS: DETECTING AND DEFEATING UNKNOWN MALWARE by Kevin McAleavey, The KNOS Project

Cyber-attacks against control systems are considered extremely dangerous for critical infrastructure operation. Today, the protection of critical infrastructures from cyber-attacks is one of the crucial issues for national and international security. Over the past ten years, intrusion detection and other security technologies for critical infrastructure protection have increasingly gained in importance.

THE INTERVIEW WITH JAMES E. WINGATE, VICE PRESIDENT OF BACKBONE SECURITY byGabriele Biondo and Kishore P.V.

STEGANOGRAPHY: THE ART OF HIDDEN DATA IN PLAIN SIGHT by Priscilla Lopez

Steganography is the art of hiding messages in plain sight. Different forms of steganography have been used for many years throughout history. Nowadays just about any data type can be embedded with a secret massage and the common passerby wouldn’t even notice.

DIGITAL IMAGE ACQUISITION – STEP BY STEP by Thomas Plunkett, CISSP, EnCE, MSIS

Proper digital image acquisition is key to any forensics practice. Accurate and thorough documentation along with rigorous adherence to procedures and established best practices lead to a successful acquisition process. This article will help the beginner learn what is necessary to successfully accomplish this important part of digital forensics.

FTK IMAGER BASICS by Marcelo Lau & Nichols Jasper

This article discusses a basic FTK Imager case study. In this case study a pen drive has been found with a suspect, but it appears to be empty. We will show how to image the pen drive’s file system and how the FTK tool can help us to show traces of deleted artifacts in the evidence media.

BASIC APPROACH TO INVESTIGATE A DIGITAL CRIME by Ali Fazeli

If there is a computer on the premises of a crime scene, the chances are very good that there is valuable evidence on that computer. Accidental/planned destruction of data, hardware failure or cyber attack can happen anytime and a computer forensics investigator may be called upon to respond, review and escalate the analysis to a formal investigation.

INTRODUCTION OF NETWORK FORENSICS USING WIRESHARK by Dauda Sule

Network forensics involves recording, monitoring, capturing and analysis of network traffic in a bid to uncover how incidents occurred (like a breach, attack, abuse or error). Network data is highly volatile and may be easily lost if not captured in real-time; for example, if malicious code is sent to an endpoint, the source or path of the code would be difficult to discover if the traffic data was not captured as it was coming in through the network. There are various tools that can be used to capture and analyze network traffic such as NetworkMiner, tcpdump, snort, windump and Wireshark. This article introduces the use of Wireshark for network analysis.