Computer Forensics

Computer Forensics: A Pocket Guide

NATHAN CLARKE
Copyright Date: 2010
Published by: IT Governance Publishing
Pages: 75
https://www.jstor.org/stable/j.ctt5hh5mg
  • Cite this Item
  • Book Info
    Computer Forensics
    Book Description:

    The primary purpose of computer forensics is to enable organisations to pinpoint where the malware has infected their computer systems and which files have been infected, so that they can close the vulnerability. More and more organisations have realised that they need to acquire a forensic capability to ensure they are ready to cope with an information security incident. This pocket guide illustrates the technical complexities involved in computer forensics, and shows managers what makes the discipline relevant to their organisation. For technical staff, the book offers an invaluable insight into the key processes and procedures that are required.

    eISBN: 978-1-84928-040-2
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 2-4)
  2. PREFACE
    (pp. 5-6)
  3. ABOUT THE AUTHOR
    (pp. 7-8)
  4. ACKNOWLEDGEMENTS
    (pp. 8-8)
  5. Table of Contents
    (pp. 9-9)
  6. CHAPTER 1: THE ROLE OF FORENSICS WITHIN ORGANISATIONS
    (pp. 10-16)

    The importance of information security within an organisation is becoming better understood. Regulation, legislation and good governance are all motivators for organisations to consider the role information security plays in protecting data. Whilst better understood, the adoption of good information security practices is far from uniform across all organisations, with enterprise companies faring better than many smaller organisations who are trailing in their knowledge and deployment of secure practices. With the significant growing threat arising from cybercrime and related activities, it is increasingly important that all organisations address the issue of ensuring good information security.

    In order to appreciate the...

  7. CHAPTER 2: BE PREPARED – PROACTIVE FORENSICS
    (pp. 17-25)

    Within an organisation, undertaking forensics is not a simple task and involves a series of procedural and technical aspects that if not carried out correctly will affect the forensic value of the investigation and the resulting evidence. It is therefore essential that these are developed, implemented and tested prior to tackling an incident. Being proactive about the design of a forensic expertise within your organisation will ensure that your incident response team is able to respond effectively and efficiently. This chapter introduces the steps necessary to be proactive, and discusses the key procedural aspects that need to be followed during...

  8. CHAPTER 3: FORENSIC ACQUISITION OF DATA
    (pp. 26-33)

    A key theme in the digital forensics procedure is one of preservation of data. This is no more important than at the acquisition stage where the investigator has to deal with the original suspect system. Securing data at this stage is imperative for the integrity of the investigation. This chapter focuses upon the procedures and tools available for the acquisition of data on a computer system. It will also give consideration to the decisions an examiner will have to make during the process and the effects they have upon the data integrity.

    A computer system fundamentally has two sources of...

  9. CHAPTER 4: FORENSIC ANALYSIS OF DATA
    (pp. 34-45)

    The purpose of this chapter is to provide an insight into how to undertake an analysis of a forensic image. General topics will be discussed, such as dead analysis and file carving. However, the nature of an analysis is very much dependent upon the underlying file system being used by the operating system. Owing to its popularity, this chapter will specifically focus upon the Windows®file and operating system. How to identify forensic evidence from various aspects of the system, such as file slack, e-mail, Internet history and virtual memory, will all be discussed.

    The process of forensically analysing images...

  10. CHAPTER 5: ANTI-FORENSICS AND ENCRYPTION
    (pp. 46-51)

    As computer forensics becomes better understood, a variety of tools and techniques have been developed to hide evidence, remove artefacts or restrict forensic analysis. Tools, for instance, include the ability to forensically delete Internet histories so that organisations are not able to establish misuse, and the ability to modify timestamps so that establishing a chronology of an incident is impossible. This chapter will introduce the topic of anti-forensics and encryption, and explain to what extent it can hinder a forensic investigation.

    The use of cryptography to secure the data is increasing and introduces a significant barrier for the forensic examiner....

  11. CHAPTER 6: EMBEDDED AND NETWORK FORENSICS
    (pp. 52-57)

    The aim of this chapter is to provide an insight into the establishing discipline of embedded and network forensics. With embedded devices now encompassing a variety of everyday systems such as mobile phones, personal video recorders (PVRs) and game consoles, the ability to analyse those systems for forensic evidence can be key to establishing what happened in an incident. Furthermore, whilst computer and embedded forensics are able to establish evidence and events within systems, the increasing connectivity of devices means large volumes of evidence may reside on a variety of network appliances. Network forensics is useful for evidence gathering as...

  12. CONCLUSION
    (pp. 58-59)

    The forensic examination of electronic systems has undoubtedly been a huge success in the identification of cyber and computer-assisted crime. Organisations are placing an increasing importance on the need to be equipped with appropriate incident management capabilities to handle misuse of systems. Computer forensics is an invaluable tool in the process.

    The domain of computer forensics has grown considerably in the last decade. Driven by industry, focus was initially placed upon developing tools and techniques to assist in the practical application of the technology. In more recent years, an increasing volume of academic research is being produced exploring various new...

  13. RESOURCES
    (pp. 60-72)
  14. ITG RESOURCES
    (pp. 73-75)