DOCSLIB.ORG

Hacking Exposed Computer Forensics.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hacking Exposed Computer Forensics.Pdf www.it-ebooks.info HACKING EXPOSED™ COMPUTER FORENSICS SECOND EDITION REVIEWS “This book provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties all the complex pieces together with real-world case studies. With so many books on the topic of computer forensics, Hacking Exposed Computer Forensics, Second Edition, delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations.” —Brian H. Karney, COO, AccessData Corporation “Hacking Exposed Computer Forensics is a ‘must-read’ for information security professionals who want to develop their knowledge of computer forensics.” —Jason Fruge, Director of Consulting Services, Fishnet Security www.it-ebooks.info 00-FM.indd i 8/23/2009 3:54:42 AM “Computer forensics has become increasingly important to modern incident responders attempting to defend our digital castles. Hacking Exposed Computer Forensics, Second Edition, picks up where the first edition left off and provides a valuable reference, useful to both beginning and seasoned forensic professionals. I picked up several new tricks from this book, which I am already putting to use.” —Monty McDougal, Raytheon Information Security Solutions, and author of the Windows Forensic Toolchest (WFT) (www.foolmoon.net) “Hacking Exposed Computer Forensics, Second Edition, is an essential reference for both new and seasoned investigators. The second edition continues to provide valuable information in a format that is easy to understand and reference.” —Sean Conover, CISSP, CCE, EnCE “This book is an outstanding point of reference for computer forensics and certainly a must-have addition to your forensic arsenal.” —Brandon Foley, Manager of Enterprise IT Security, Harrah’s Operating Co. “Starts out with the basics then gets DEEP technically. The addition of IP theft and fraud issues is timely and make this second edition that much more valuable. This is a core book for my entire forensics group.” —Chris Joerg, CISSP CISA/M, Director of Enterprise Security, Mentor Graphics Corporation “A must-read for examiners suddenly faced with a Mac or Linux exam after spending the majority of their time analyzing Windows systems.” —Anthony Adkison, Criminal Investigator and Computer Forensic Examiner, CFCE/EnCE “This book is applicable to forensic investigators seeking to hone their skills, and it is also a powerful tool for corporate management and outside counsel seeking to limit a company’s exposure.” —David L. Countiss, Esq., partner, Seyfarth Shaw LLP “I have taught information security at a collegiate level and in a corporate setting for many years. Most of the books that I have used do not make it easy for the student to learn the material. This book gives real-world examples, various product comparisons, and great step-by-step instruction, which makes learning easy.” —William R Holland, Chief Security Officer, Royce LLC www.it-ebooks.info 00-FM.indd ii 8/23/2009 3:54:42 AM HACKING EXPOSED™ COMPUTER FORENSICS SECOND EDITION AARON PHILIPP DAVID COWEN CHRIS DAVIS New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto www.it-ebooks.info 00-FM.indd iii 8/23/2009 3:54:42 AM Copyright © 2010 by The McGraw-Hill Companies. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval sys- tem, without the prior written permission of the publisher. ISBN: 978-0-07-162678-1 MHID: 0-07-162678-6 The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-162677-4, MHID: 0-07-162677-8. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trade- mark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative please e-mail us at [email protected]. Information has been obtained by McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill, or others, McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, trans- mit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the pos- sibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. www.it-ebooks.info To my mom and dad, thanks for teaching me to follow my dreams. To my sister, Renee, for always being there for me. To all of my friends and teachers at The University of Texas at Austin, for making me what I am and showing me what I can be. Hook ‘em Horns! —Aaron To my daughter, I can’t wait to meet you. To my wife, thank you for supporting me through the second edition. To my mom and dad, thank you for your enthusiasm for a book you will never read. To my friends at G-C, thank you for all the hard work. —Dave www.it-ebooks.info 00-FM.indd v 8/23/2009 3:54:43 AM About the Authors Aaron Philipp Aaron Philipp is a managing consultant in the Disputes and Investigations practice at Navigant Consulting, which assists domestic and global corporations and their counsel who face complex and risky legal challenges. In this capacity, he provides consulting services in the fields of computer forensics and high-tech investigations. Mr. Philipp specializes in complex computer forensic techniques such as identification and tracing of IP theft, timeline creation, and correlation relating to multiparty fraud and reconstruction of evidence after deliberate data destruction has occurred that would nullify traditional computer forensic methodology. Mr. Philipp was previously Managing Partner of Affect Computer Forensics, a boutique forensics firm based in Austin, Texas, with offices in Dallas, Texas, and Hong Kong. Affect’s clients include the nation’s top law firms, FORTUNE 500 legal departments, and government investigatory agencies. In addition, Mr. Philipp is a regular speaker at technology and legal conferences around the world. He has been internationally recognized for his work, with citations of merit from the governments of Taiwan and South Africa. Mr. Philipp has a B.S. in computer science from The University of Texas at Austin. David Cowen, CISSP David Cowen is the co-author of the best-selling Hacking Exposed Computer Forensics and the Anti-Hacker Toolkit, Third Edition. Mr. Cowen is a Partner at G-C Partners, LLC, where he provides expert witness services and consulting to Fortune 500 companies nationwide. Mr. Cowen has testified in cases ranging from multimillion- dollar intellectual property theft to billion-dollar antitrust claims. Mr. Cowen has over 13 years of industry experience in topics ranging from information security to computer forensics. Chris Davis Chris Davis has trained and presented in information security and certification curriculum for government, corporate, and university requirements. He is the author of Hacking Exposed Computer Forensics, IT Auditing: Using Controls to Protect Information Assets, and Anti-Hacker Toolkit, and he contributed to the Computer Security Handbook, Fifth Edition. Mr. Davis holds a bachelor’s degree in nuclear engineering technologies from Thomas Edison and a master’s in business from The University of Texas at Austin.
Load more

Recommended publications
  • Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking
    Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking ROD GEHL AND DARRYL PLECAS JUSTICE INSTITUTE OF BRITISH COLUMBIA NEW WESTMINSTER, BC Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted. Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl and Darryl Plecas is, unless otherwise noted, released under a Creative Commons Attribution 4.0 International (CC BY-NC) license. This means you are free to copy, retain (keep), reuse, redistribute, remix, and revise (adapt or modify) this textbook but not for commercial purposes. Under this license, anyone who revises this textbook (in whole or in part), remixes portions of this textbook with other material, or redistributes a portion of this textbook, may do so without gaining the author’s permission providing they properly attribute the textbook or portions of the textbook to the author as follows: Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl and Darryl Plecas is used under a CC BY-NC 4.0 International license. Additionally, if you redistribute this textbook (in whole or in part) you must retain the below statement, Download this book for free at https://pressbooks.bccampus.ca/criminalinvestigation/ as follows: 1. digital format: on every electronic page 2. print format: on at least one page near the front of the book To cite this textbook using APA, for example, follow this format: Gehl, Rod & Plecas, Darryl. (2016). Introduction to Criminal Investigation: Processes, Practices and Thinking.
    [Show full text]
  • 2021-22 Undergraduate Catalog
    Undergraduate and Graduate Course Descriptions for the 2021 - 2022 Academic Year ACCT - Accounting ACCT 201 INTRO TO FINANCIAL ACCOUNTING: A comprehensive study of basic financial accounting processes applicable to a service, merchandising, and manufacturing business. An analysis of transactions, journalizing, posting, preparation of working papers and ­financial statements. ACCT 202 INTRO TO MANAGERIAL ACCT: An introductory study of managerial accounting processes including job order costing, process costing, cost­volume­profit analysis, standard costs, activity­based costing, cost analysis, budgeting, and managerial decision making. Prerequisite: ACCT 201 or equivalent with a minimum grade of C. ACCT 301 INTERMEDIATE ACCOUNTING I: A study of financial accounting ­standard setting, the conceptual framework underlying financial accounting, balance sheet and income statement ­presentations, revenue and expense ­recognition, and accounting for current assets, and current liabilities. Prerequisite: ACCT 202 with a minimum grade of C. ACCT 302 INTERMEDIATE ACCOUNTING II: This class is the second course of the three­semester sequence of intermediate financial accounting. This course focuses on issues related to the reporting and analysis of financial accounting information. The objective in this course is to examine in detail (with an emphasis on both the "what" and the "why") the following financial topics: 1) Operational Assets 2) Time value of money 3) Bonds and long term notes 4) Leases 5) Employee benefits and pensions. Prerequisite: ACCT301 or equivalent with a minimum grade of C. ACCT 306 COST ACCOUNTING: A study of cost behavior, overhead cost ­allocations, cost systems design, and an introduction to activity­based costing and control systems. Emphasis is on case studies and other practical applications.
    [Show full text]
  • Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing
    Georgia Southern University Digital Commons@Georgia Southern Electronic Theses and Dissertations Graduate Studies, Jack N. Averitt College of Spring 2018 Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing Crime Data Majeed Kayode Raji Follow this and additional works at: https://digitalcommons.georgiasouthern.edu/etd Part of the Business Analytics Commons, Business Intelligence Commons, Computational Engineering Commons, and the Other Engineering Commons Recommended Citation Raji, Majeed Kayode, "Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing Crime Data" (2018). Electronic Theses and Dissertations. 1879. https://digitalcommons.georgiasouthern.edu/etd/1879 This thesis (open access) is brought to you for free and open access by the Graduate Studies, Jack N. Averitt College of at Digital Commons@Georgia Southern. It has been accepted for inclusion in Electronic Theses and Dissertations by an authorized administrator of Digital Commons@Georgia Southern. For more information, please contact [email protected]. DIGITAL FORENSIC TOOLS & CLOUD-BASED MACHINE LEARNING FOR ANALYZING CRIME DATA by MAJEED KAYODE RAJI (Under the Direction of Hayden Wimmer) ABSTRACT Digital forensics is a branch of forensic science in which we can recreate past events using forensic tools for a legal measure. Also, the increase in the availability of mobile devices has led to their use in criminal activities. Moreover, the rate at which data is being generated has been on the increase which has led to big data problems. With cloud computing, data can now be stored, processed and analyzed as they are generated. This thesis document consists of three studies related to data analysis. The first study involves analyzing data from an Android smartphone while making a comparison between two forensic tools; Paraben E3: DS and Autopsy.
    [Show full text]
  • Hacking Exposed Computer Forensics, Second Edition, Delivers the Most Valuable Insight on the Market
    HACKING EXPOSED™ COMPUTER FORENSICS SECOND EDITION REVIEWS “This book provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties all the complex pieces together with real-world case studies. With so many books on the topic of computer forensics, Hacking Exposed Computer Forensics, Second Edition, delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations.” —Brian H. Karney, COO, AccessData Corporation “Hacking Exposed Computer Forensics is a ‘must-read’ for information security professionals who want to develop their knowledge of computer forensics.” —Jason Fruge, Director of Consulting Services, Fishnet Security 00-FM.indd i 8/23/2009 3:54:42 AM “Computer forensics has become increasingly important to modern incident responders attempting to defend our digital castles. Hacking Exposed Computer Forensics, Second Edition, picks up where the first edition left off and provides a valuable reference, useful to both beginning and seasoned forensic professionals. I picked up several new tricks from this book, which I am already putting to use.” —Monty McDougal, Raytheon Information Security Solutions, and author of the Windows Forensic Toolchest (WFT) (www.foolmoon.net) “Hacking Exposed Computer Forensics, Second Edition, is an essential reference for both new and seasoned investigators. The second edition continues to provide valuable information in a format that is easy to understand and reference.” —Sean Conover, CISSP, CCE, EnCE “This book is an outstanding point of reference for computer forensics and certainly a must-have addition to your forensic arsenal.” —Brandon Foley, Manager of Enterprise IT Security, Harrah’s Operating Co.
    [Show full text]
  • IEEE Paper Template in A4 (V1)
    ISSN 2319 – 1953 International Journal of Scientific Research in Computer Science Applications and Management Studies Digital Forensics in Cloud Computing Environment Santhosh B, Nelson Dsouza#2, Akash D Kumbhar*2 #1,Associate Professor, Dept of MCA,AIMIT, Mangaluru, Karnataka, India #2Department of MCA, AIMIT, Mangaluru, Karnataka, India Abstract— The Internet is growing explosively, as is the • In a lawful manner, preserving, extracting, storing, analyzing number of crimes committed against or using computers. As a and presenting the evidence. response to the growth of computer crime, the field of computer • To gain an insight into the activities and techniques used by forensics has emerged. Computer forensics involves carefully cybercriminals. And find a counter way to solve the loopholes. collecting and examining electronic evidence that not only assesses the damage to a computer as a result of an electronic III. CHALLENGES AND RESEARCH GAPS attack, but also to recover lost information from such a system to prosecute a criminal. With the growing importance of computer The states not available, suspect and court ready becomes a security today and the seriousness of cybercrime, it is important challenge for cloud forensic investigator to recognize the data for computer professionals to understand the technology that is set for them. The increase in data storage capacity in a cloud used in computer forensics. This paper will discuss the need, goal is a disadvantage for a digital forensic investigation as it for computer forensics to be practiced in an effective, legal ways increases the time for analyzing the abundant data. and challenges. Forensics is the process of using scientific Lack of tools and little expertise in cloud forensics is of knowledge for collecting, analyzing and presenting evidence to concern, involves more challenging when encryption, multi- the courts.
    [Show full text]
  • Auditing Database Systems Through Forensic Analysis
    DePaul University Via Sapientiae College of Computing and Digital Media Dissertations College of Computing and Digital Media Summer 7-17-2020 Auditing database systems through forensic analysis James Wagner DePaul University, [email protected] Follow this and additional works at: https://via.library.depaul.edu/cdm_etd Part of the Computer and Systems Architecture Commons, and the Data Storage Systems Commons Recommended Citation Wagner, James, "Auditing database systems through forensic analysis" (2020). College of Computing and Digital Media Dissertations. 23. https://via.library.depaul.edu/cdm_etd/23 This Dissertation is brought to you for free and open access by the College of Computing and Digital Media at Via Sapientiae. It has been accepted for inclusion in College of Computing and Digital Media Dissertations by an authorized administrator of Via Sapientiae. For more information, please contact [email protected]. AUDITING DATABASE SYSTEMS THROUGH FORENSIC ANALYSIS BY JAMES WAGNER A DISSERTATION SUBMITTED TO THE SCHOOL OF COMPUTING, COLLEGE OF COMPUTING AND DIGITAL MEDIA OF DEPAUL UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY DEPAUL UNIVERSITY CHICAGO, ILLINOIS 2020 DePaul University College of Computing and Digital Media Dissertation Verification This doctoral dissertation has been read and approved by the dissertation committee below according to the requirements of the Computer and Information Systems PhD program and DePaul University. Name: James Wagner Title of dissertation: AUDITING DATABASE SYSTEMS THROUGH FORENSIC ANALYSIS Date of Dissertation Defense: 07/17/2020 Alexander Rasin Dissertation Advisor* Boris Glavic st 1 Reader Tanu Malik 2nd Reader Jacob Furst 3rd Reader Karen Heart 4th Reader (if applicable) 5th Reader (if applicable) * A copy of this form has been signed, but may only be viewed after submission and approval of FERPA request letter.
    [Show full text]
  • A Brief on Innovation Towards Forensic Science
    Journal of Forensic Pathology Commentary A Brief on Innovation towards Forensic Science MA Farhangi* Department of Drug Applied Research Center, Tabriz University of Medical Sciences, Tabriz, Iran INTRODUCTION Ideally acquisition involves capturing a picture of the computer's volatile memory (RAM) and creating a particular sector level Digital forensics (sometimes referred to as digital forensic duplicate (or "forensic duplicate") of the media, often employing science) may be a branch of forensic science encompassing the a write blocking device to stop modification of the first . recovery and investigation of fabric found in digital devices, However, the expansion in size of storage media and often in reference to computer crime. The term digital forensics developments like cloud computing have led to more use of 'live' was originally used as a synonym for computer forensics but has acquisitions whereby a 'logical' copy of the info is acquired expanded to hide investigation of all devices capable of storing instead of an entire image of the physical memory device .Both digital data. With roots within the personal computing acquired image (or logical copy) and original media/data are revolution of the late 1970s and early 1980s, the discipline hashed (using an algorithm like SHA-1 or MD5) and therefore evolved during a haphazard manner during the 1990s, and it the values compared to verify the copy is accurate. had been not until the first 21st century that national policies emerged. Digital forensics is usually utilized in both legal code and personal investigation. Traditionally it's been related to legal Digital forensics investigations have a spread of applications.
    [Show full text]
  • Forensic Science 1 Forensic Science
    Forensic science 1 Forensic science "Forensics" redirects here. For other uses, see Forensics (disambiguation). Forensic science Physiological sciences • Forensic anthropology • Forensic archaeology • Forensic odontology • Forensic entomology • Forensic pathology • Forensic botany • Forensic biology • DNA profiling • Bloodstain pattern analysis • Forensic chemistry • Forensic osteology Social sciences • Forensic psychology • Forensic psychiatry Forensic criminalistics • Ballistics • Ballistic fingerprinting • Body identification • Fingerprint analysis • Forensic accounting • Forensic arts • Forensic footwear evidence • Forensic toxicology • Gloveprint analysis • Palmprint analysis • Questioned document examination • Vein matching Digital forensics • Computer forensics • Forensic data analysis • Database forensics • Mobile device forensics • Network forensics • Forensic video • Forensic audio Related disciplines • Fire investigation Forensic science 2 • Fire accelerant detection • Forensic engineering • Forensic linguistics • Forensic materials engineering • Forensic polymer engineering • Forensic statistics • Forensic taphonomy • Vehicular accident reconstruction People • William M. Bass • George W. Gill • Richard Jantz • Edmond Locard • Douglas W. Owsley • Werner Spitz • Auguste Ambroise Tardieu • Juan Vucetich Related articles • Crime scene • CSI effect • Perry Mason syndrome • Pollen calendar • Skid mark • Trace evidence • Use of DNA in forensic entomology • v • t [1] • e Forensic science is the scientific method of gathering and examining
    [Show full text]
  • A New Framework for Securing, Extracting and Analyzing Big Forensic Data
    Journal of Digital Forensics, Security and Law Volume 13 Article 6 October 2018 A New Framework for Securing, Extracting and Analyzing Big Forensic Data Hitesh Sachdev Georgia Southern University hayden wimmer Georgia Southern University, [email protected] Lei Chen Georgia Southern University Carl Rebman University of San Diego, [email protected] Follow this and additional works at: https://commons.erau.edu/jdfsl Part of the Computer and Systems Architecture Commons, Computer Law Commons, Data Storage Systems Commons, Information Security Commons, Management Information Systems Commons, Systems Architecture Commons, and the Technology and Innovation Commons Recommended Citation Sachdev, Hitesh; wimmer, hayden; Chen, Lei; and Rebman, Carl (2018) "A New Framework for Securing, Extracting and Analyzing Big Forensic Data," Journal of Digital Forensics, Security and Law: Vol. 13 , Article 6. DOI: https://doi.org/10.15394/jdfsl.2018.1419 Available at: https://commons.erau.edu/jdfsl/vol13/iss2/6 This Article is brought to you for free and open access by the Journals at Scholarly Commons. It has been accepted for inclusion in Journal of Digital Forensics, Security and Law by an authorized administrator of (c)ADFSL Scholarly Commons. For more information, please contact [email protected]. A NEW FRAMEWORK FOR SECURING, EXTRACTING AND ANALYZING BIG FORENSIC DATA Hitesh Sachdev1, Hayden Wimmer1, Lei Chen1, Carl Rebman2 1Georgia Southern University Dept. of Information Technology P.O. Box 8150 Statesboro, GA 30415, USA [email protected], [email protected]*, [email protected] 2University of San Diego School of Business Administration 5998 Alcala Park Coronado 212 San Diego, CA 92110 [email protected] ABSTRACT Finding new methods to investigate criminal activities, behaviors, and responsibilities has always been a challenge for forensic research.
    [Show full text]
  • Forensically Sound Data Acquisition in the Age of Anti-Forensic Innocence
    Forensically Sound Data Acquisition in the Age of Anti-Forensic Innocence Forensisch korrekte Datensicherung im Zeitalter anti-forensischer Arglosigkeit Der Technischen Fakultät der Friedrich-Alexander-Universität Erlangen-Nürnberg zur Erlangung des Doktorgrades Dr.-Ing. vorgelegt von Michael Gruhn aus Bad Windsheim Als Dissertation genehmigt von der Technischen Fakultät der Friedrich-Alexander-Universität Erlangen-Nürnberg Tag der mündlichen Prüfung: 2016-11-24 Vorsitzender des Promotionsorgans: Prof. Dr.-Ing. Reinhard Lerch Gutachter: Prof. Dr.-Ing. Felix Freiling Prof. Dr. Zeno Geradts Abstract In this thesis, we tackle anti-forensic and rootkit problems in digital forensics. An anti-forensic technique is any measure that prevents a forensic analysis or reduces its quality. First, we investigate the anti-forensic threat of hard drive firmware rootkits, which can prevent a forensic analyst from acquiring data from the hard drive, thus jeopardizing the forensic analysis. To this end, we first outline the threat of hard drive firmware rootkits. We then provide a procedure to detect and subvert already published hard disk drive firmware bootkits. We further outline potential avenues to detect hard drive firmware rootkits nested deeper within the hard disk drive’s so-called Service Area, a special storage on the magnetic platter reserved for use by the firmware. After addressing the acquisition of persistent data storage in form of hard disk drives, we shift towards acquisition and later analysis of volatile storage, in the form of RAM. To this end, we first evaluate the atomicity and integrity as well as anti-forensic resistance of different memory acquisition techniques with our novel black-box analysis technique.
    [Show full text]
  • Forensic Chemistry
    Cutting-Edge Programs, Experience It: Smart People, Cool Research Chemistry at Illinois Tech Bachelor of Science in FORENSIC CHEMISTRY What Is Forensic Chemistry? Learn forensic Forensic chemistry is the application of chemistry to forensic analytical chemistry investigation. It is a science at the interface of analytical and inorganic chemistry, biochemistry, microbiology, toxicology, and forensic toxicology lab and genetics. techniques that employers need. Is Forensic Chemistry Right for You? Program Benefits Do you want to learn how chemical, biochemical, and • Provides you with specialized skills in chemical, biological, microscopic analysis are applied to crime scene investigation spectroscopic, and chromatographic methods for analysis and drug enforcement administration? Would you like and characterization of forensic samples. to work in a government agency on a team in charge of forensic science and forensic chemistry biodefense and anti- • Learn various areas of forensic science and select courses bioterrorism? This program is right for you if you are interested based on your interest in forensic analytical chemistry, in developing a career in forensic science, forensic medicine, forensic DNA analysis, or forensic data analysis. forensic drug analysis, forensic toxicology and DNA analysis, or criminalistics. • Learn lab skills that employers want in instrumental, colorimetric, and microscopic analysis of forensic samples, What Makes This Program Unique? controlled substances, and standards. • You will build a strong foundation in traditional chemistry • Prepares you to be a viable candidate for professional and then develop sound knowledge and practical skills to positions in forensic chemistry, forensic science, crime earn a B.S. in this specialized program. scene investigation (CSI), drug investigation and enforcement labs.
    [Show full text]
  • Forensic Importance of SIM Cards As a Digital Evidence
    orensi f F c R o e l s a e n r a r u c o h J Journal of Forensic Research Srivastava and Vatsal, J Forensic Res 2016, 7:2 ISSN: 2157-7145 DOI: 10.4172/2157-7145.1000322 Research Article Open Access Forensic Importance of SIM Cards as a Digital Evidence Ankit Srivastava* and Pratik Vatsal Institute of Forensic Science and Criminology, Bundelkhand University, Jhansi, UP, India *Corresponding author: Srivastava A, Institute of Forensic Science and Criminology, Bundelkhand University, Jhansi, UP-284128, India, Tel: 919415067667; E-mail: [email protected] Rec date: Dec 03, 2015; Acc date: Apr 29, 2016; Pub date: May 04, 2016 Copyright: © 2016 Srivastava A, et al. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. Abstract Digital Forensics is a branch of Forensic Science pertaining to evidential articles of digital and electronic nature, of which mobile forensics is a major stream. A proliferation of handheld cellular devices and crimes involving mobile phones in the previous years has led to an enormous demand for specialists in the field of mobile forensics. The interesting part is that any mobile phone is incomplete without a SIM card. Therefore, SIM cards are the most common type of forensic evidence to be found in cases where handheld devices are involved, a SIM card is imperative, no matter the phone belongs to the normal mobile phones category or the satellite phones that contain an iDEN (Integrated Digital Enhanced Network) SIM.
    [Show full text]