Computer Forensics: Investigating Data and Image Files
Total Page:16
File Type:pdf, Size:1020Kb
EC-Council | Press The Experts: EC-Council EC-Council’s mission is to address the need for well educated and certifi ed information security and e-business practitioners. EC-Council is a global, member based organization comprised of hundreds of industry and subject matter experts all working together to set the standards and raise the bar in Information Security certifi cation and education. EC-Council certifi cations are viewed as the essential certifi cations needed where standard confi guration and security policy courses fall short. Providing a true, hands-on, tactical approach to security, individuals armed with the knowledge disseminated by EC-Council programs are securing networks around the world and beating the hackers at their own game. The Solution: EC-Council Press The EC-Council | Press marks an innovation in academic text books and courses of study in information security, computer forensics, disaster recovery, and end-user security. By repurposing the essential content of EC-Council’s world class professional certifi cation programs to fi t academic programs, the EC-Council | Press was formed. With 8 Full Series, comprised of 27 different books, the EC-Council | Press is set to revolutionize global information security programs and ultimately create a new breed of practitioners capable of combating this growing epidemic of cybercrime and the rising threat of cyber war. This Certifi cation: C|HFI – Computer Hacking Forensic Investigator Computer Hacking Forensic Investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. The C|HFI materials will give participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute. Additional Certifi cations Covered By EC-Council Press: Security|5 E|DRP – EC-Council E|NSA – EC-Council Security|5 is an entry level certifi cation for Disaster Recovery Professional Network Security Administrator anyone interested in learning computer E|DRP covers disaster recovery topics, including The E|NSA program is designed to provide networking and security basics. Security|5 identifying vulnerabilities, establishing policies and fundamental skills needed to analyze the internal means 5 components of IT security: fi rewalls, roles to prevent and mitigate risks, and develop- and external security threats against a network, anti-virus, IDS, networking, and web security. ing disaster recovery plans. and to develop security policies that will protect Wireless|5 C|EH - Certifi ed Ethical Hacker an organization’s information. Wireless|5 introduces learners to the basics Information assets have evolved into critical E|CSA - EC-Council Certifi ed Security Analyst of wireless technologies and their practical components of survival. The goal of the Ethical The objective of E|CSA is to add value to experienced adaptation. Learners are exposed to various Hacker is to help the organization take pre- security professionals by helping them analyze wireless technologies; current and emerging emptive measures against malicious attacks by the outcomes of their tests. It is the only in-depth standards; and a variety of devices. attacking the system himself or herself; all the Advanced Hacking and Penetration Testing Network|5 while staying within legal limits. certifi cation available that covers testing in all Network|5 covers the ‘Alphabet Soup of modern infrastructures, operating systems, and Networking’ – the basic core knowledge application environments. to know how infrastructure enables a work environment, to help students and employees succeed in an integrated work environment. Investigating Data and Image Files EC-Council | Press Volume 3 of 5 mapping to ™ C H F I Computer Hacking Forensic INVESTIGATOR Certification Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Investigating Data and Image Files: © 2010 EC-Council EC-Council | Press ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be Course Technology/Cengage Learning reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, Staff : or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval Vice President, Career and Professional systems, except as permitted under Section 107 or 108 of the 1976 United States Editorial: Dave Garza Copyright Act, without the prior written permission of the publisher. Director of Learning Solutions: Matthew Kane Executive Editor: Stephen Helba For product information and technology assistance, contact us at Managing Editor: Marah Bellegarde Cengage Learning Customer & Sales Support, 1-800-354-9706 Editorial Assistant: Meghan Orvis For permission to use material from this text or product, Vice President, Career and Professional submit all requests online at www.cengage.com/permissions. Marketing: Jennifer Ann Baker Further permissions questions can be e-mailed to Marketing Director: Deborah Yarnell [email protected] Marketing Manager: Erin Coffi n Marketing Coordinator: Shanna Gibbs Production Director: Carolyn Miller Library of Congress Control Number: 2009933549 Production Manager: Andrew Crouth ISBN- 13: 978-1-4354-8351-4 Content Project Manager: ISBN-10: 1-4354-8351-0 Brooke Greenhouse Senior Art Director: Jack Pendleton Cengage Learning EC-Council: 5 Maxwell Drive Clifton Park, NY 12065-2919 President | EC-Council: Sanjay Bavisi USA Sr. Director US | EC-Council: Steven Graham Cengage Learning is a leading provider of customized learning solutions with offi ce locations around the globe, including Singapore, the United Kingdom,Kingdom, Australia, Mexico, Brazil, and Japan. Locate your local offi ce at: international.cengage.com/region Cengage Learning products are represented in Canada by Nelson Education, Ltd. For more learning solutions, please visit our corporate website at www.cengage.com NOTICE TO THE READER Cengage Learning and EC-Council do not warrant or guarantee anyan of the products described herein or perform any independent analysis in connection with any of the product information contained herein. Cengage Learning and EC-Council do not assume, and expressly disclaim, any obligation to obtain and include information other than that provided to it by the manufacturer. The reader is expressly warned to consider and adopt all safety precautions that might be indicated by the activities described herein and to avoid all potential hazards. By following the instructions contained herein, the reader willingly assumes all risks in connection with such instructions. Cengage Learning and EC-Council make no representations or warranties of any kind, including but not limited to, the warranties of fi tness for particular purpose or merchantability, nor are any such representations implied with respect to the material set forth herein, and Cengage Learning and EC-Council take no responsibility with respect to such material. Cengage Learning and EC-Council shall not be liable for any special, consequential, or exemplary damages resulting, in whole or part, from the readers’ use of, or reliance upon, this material. Printed in the United States of America 1 2 3 4 5 6 7 12 11 10 09 Brief Table of Contents TABLE OF CONTENTS . .v PREFACE . ix ACKNOWLEDGEMENT . .xv CHAPTER 1 Steganography . .1-1 CHAPTER 2 Data Acquisition and Duplication . .2-1 CHAPTER 3 Forensic Investigations Using EnCase . .3-1 CHAPTER 4 Recovering Deleted Files and Deleted Partitions . .4-1 CHAPTER 5 Image File Forensics . .5-1 INDEX . I-1 iii Table of Contents PREFACE . ix ACKNOWLEDGEMENT . .xv CHAPTER 1 Steganography . 1-1 Objective . .1-1 Key Terms . .1-1 Introduction to Steganography . .1-2 Stegosystem Model . .1-2 Application of Steganography . .1-2 Classification of Steganography . 1-3 Technical Steganography . 1-3 Linguistic Steganography . 1-3 Digital Steganography . 1-5 Digital File Types . 1-8 Text Files . 1-8 Image Files . 1-9 Audio Files . .1-11 Video Files . .1-11 Steganographic File System . .1-11 Cryptography . .1-12 Model of a Cryptosystem. .1-13 Steganography Versus Cryptography . ..