Introduction to Digital Forensics

From Wikibooks, open books for an open world
Jump to: navigation, search
Seagate ST33232A hard disk head and platters detail.jpg
Introduction to Digital Forensics

A "short and sweet" introduction to the topic of Digital Forensics

This book is a "short and sweet" introduction to the topic of Digital Forensics, covering theoretical, practical and legal aspects. The first part of the book focuses on the history of digital forensics as a discipline and discusses the traits and requirements needed to become an forensic analyst. The middle portion of the book constitutes a general guide to a digital forensic investigation, mostly focusing on computers. It finishes with a discussion of the legal aspects of digital forensics as well as some other observations for managers or other interested parties.

Contents

Introduction 100% developed
Overview of the topic and introduction to the book
So you want to be a forensic analyst? 100% developed
Who can benefit from this material?
Requirements 100% developed
Hardware and software requirements

Digital forensics

A history 50% developed
A brief history of the discipline
Types of investigations 100% developed
Investigations can take many forms
The forensic process 50% developed
Description of the traditional digital forensic process
Terminology 50% developed
Before we begin, explanation of some words

Acquiring Evidence

Tableau forensic write blocker used for acquisitions
Documenting evidence 50% developed
How to document exhibits and media
Acquisition 75% developed
Notes on the authentication of evidence
Example task 50% developed
Have a go at recording and acquiring some data

Analysis

Forensic tools 75% developed
Common forensic tools and their uses
First steps in analysis 25% developed
Where to begin? Often a daunting question
Chat, email and internet artefacts 25% developed
One of the main areas of investigation will be the internet cache
Image investigations 25% developed
Images can contain a wealth of information
Linux & Mac 0% developed
Some significant differences & problems exist when examining different operating systems
Example task 25% developed
Perform a simple analysis

Reporting findings

Reporting 50% developed
Reporting is one of the key aspects of digital forensics
Giving expert evidence 0% developed
How to defend your findings in court
Example task 0% developed
Try your hand at putting together a simple report

Mobile devices

iPhone in an RF bag
Mobile devices 0% developed
An introduction to mobile device forensics
Mobile forensics tools 0% developed
Hardware/software for mobile analysis
Mobile device analysis 0% developed
Specific notes for analysing mobile devices

Legal considerations

Criminal investigations 0% developed
Considerations when investigating crime
Civil investigations (eDiscovery) 0% developed
The various rules relating to civil investigation
Seizing digital media 0% developed
Important considerations apply to how and when you can seize media

Advice

Managing an investigation 0% developed
Advice for managers handling a digital investigation
Anti-forensics
Counter measures to impair forensics analysis

Appendices

Glossary
Authors
Bibliography
Further reading