COMPUTER FORENSICS JUMPSTART VOL. 2 – FREE TEASER

Dear eForensic Readers!

We would like to present you new issue of eForensics Computer series titled Computer Forensics JumpStart Vol. 2.

In front of you you have the best practical pill for everyone who’d like to become en expert in digital forensics sector.  120+ pages of practical tips, trials and tutorials for everyone who’d like to dive into Computer Forensics world. Go from ZERO to HERO with eForensics Magazine!

Check what you will find inside:

FORENSICS ON LINUX

by Barry Kokotailo    

The majority of forensics examinations conducted today comprise Windows machines. Considering that the vast majority of desktops in use today are Windows based, this should not be of a surprise.  However a good majority of servers and workstations are Linux based and running interesting services such as databases, web and file services.  During the career span of a forensics professional you will need to perform a forensic examination of a Linux machine. This article will give you the step by step procedure in order to acquire an image, analysis, and report on the findings.

EDISCOVERY 101: AN INTRODUCTION TO EDISCOVERY

by Dauda Sule

Volonino and Redpath (2010) quoted Judge Shira A. Scheindlin as follow: “We used to say there’s e-discovery as if it was a subset of all discovery. But now there’s no other discovery.” The Law has been taking its course, technology has been developing; the result is the evolution of Law to keep up with technological advancements.

THE INTERVIEW WITH TERRY TANG, FOUNDER OF WISECLEANER

by Aby Rao

TWELVE OPEN-SOURCE LINUX FORENSIC TOOLS

by Priscilla Lopez

There are several open-source Linux forensic tool suites and tools such as Kali Linux, DEFT, HELIX, Backtrack, CAINE, Knoppix STD, FCCU, The Penguin Sleuth Kit, ADIA, DFF, SMART, and SIFT. This article will give you a brief overview of the available tool suites. Afterwards, I will show you step-by-step how to install one of the tool suites and run a practice case sample.

WINDOWS MEMORY FORENSICS & MEMORY ACQUISITION

by Dr Craig S. Wright, GSE, GSM, LLM, MStat

This article takes the reader through the process of imaging memory on a live Windows host. This is part one of a six part series and will introduce the reader to the topic before we go into the details of memory forensics.

The first step in doing any memory forensics on a Windows host involves acquisition. If we do not have a sample of the memory image from a system we cannot analyze it. This sounds simple, but memory forensics is not like imaging an unmounted hard drive. Memory is powered and dynamic, and changes as we attempt to image it. This means it is not a repeatable process. Not that there is a requirement at all times for the results of a forensic process to provide the same output; in this it is not necessary to be able to repeat a process and obtain exactly the same results. It does not mean we cannot use a variable process in a forensic investigation. What it does mean is we have a set of steps that will allow us to image memory but that every time we do those the results will change.