DOCSLIB.ORG

Digital Forensics

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Digital Forensics Digital forensics the usual aim is to provide answers to a series of sim- pler questions) often involving complex time-lines or hypotheses.[4] 1 History Prior to the 1980s crimes involving computers were dealt with using existing laws. The first computer crimes were recognized in the 1978 Florida Computer Crimes Act, which included legislation against the unauthorized mod- ification or deletion of data on a computer system.[5][6] Over the next few years the range of computer crimes Aerial photo of FLETC, where US digital forensics standards being committed increased, and laws were passed to were developed in the 1980s and '90s deal with issues of copyright, privacy/harassment (e.g., cyber bullying, cyber stalking, and online predators) and child pornography.[7][8] It was not until the 1980s that Digital forensics (sometimes known as digital foren- federal laws began to incorporate computer offences. sic science) is a branch of forensic science encompassing Canada was the first country to pass legislation in 1983.[6] the recovery and investigation of material found in digi- This was followed by the US Federal Computer Fraud tal devices, often in relation to computer crime.[1][2] The and Abuse Act in 1986, Australian amendments to their term digital forensics was originally used as a synonym crimes acts in 1989 and the British Computer Abuse Act for computer forensics but has expanded to cover inves- in 1990.[6][8] tigation of all devices capable of storing digital data.[1] With roots in the personal computing revolution of the late 1970s and early '80s, the discipline evolved in a hap- 1.1 1980s–1990s: Growth of the field hazard manner during the 1990s, and it was not until the early 21st century that national policies emerged. The growth in computer crime during the 1980s and Digital forensics investigations have a variety of applica- 1990s caused law enforcement agencies to begin estab- tions. The most common is to support or refute a hy- lishing specialized groups, usually at the national level, to pothesis before criminal or civil (as part of the electronic handle the technical aspects of investigations. For exam- discovery process) courts. Forensics may also feature in ple, in 1984 the FBI launched a Computer Analysis and the private sector; such as during internal corporate in- Response Team and the following year a computer crime vestigations or intrusion investigation (a specialist probe department was set up within the British Metropolitan Po- into the nature and extent of an unauthorized network in- lice fraud squad. As well as being law enforcement pro- trusion). fessionals, many of the early members of these groups were also computer hobbyists and became responsible for The technical aspect of an investigation is divided into [9][10] several sub-branches, relating to the type of digital de- the field’s initial research and direction. vices involved; computer forensics, network forensics, One of the first practical (or at least publicized) exam- forensic data analysis and mobile device forensics. The ples of digital forensics was Cliff Stoll’s pursuit of hacker typical forensic process encompasses the seizure, foren- Markus Hess in 1986. Stoll, whose investigation made sic imaging (acquisition) and analysis of digital media and use of computer and network forensic techniques, was not the production of a report into collected evidence. a specialized examiner.[11] Many of the earliest forensic [12] As well as identifying direct evidence of a crime, digi- examinations followed the same profile. tal forensics can be used to attribute evidence to specific Throughout the 1990s there was high demand for these suspects, confirm alibis or statements, determine intent, new, and basic, investigative resources. The strain on identify sources (for example, in copyright cases), or au- central units lead to the creation of regional, and even thenticate documents.[3] Investigations are much broader local, level groups to help handle the load. For exam- in scope than other areas of forensic analysis (where ple, the British National Hi-Tech Crime Unit was set up 1 2 1 HISTORY in 2001 to provide a national infrastructure for computer devices.[20] crime; with personnel located both centrally in London Focus has also shifted onto internet crime, particularly and with the various regional police forces (the unit was the risk of cyber warfare and cyberterrorism. A February folded into the Serious Organised Crime Agency (SOCA) [10] 2010 report by the United States Joint Forces Command in 2006). concluded: During this period the science of digital forensics grew from the ad-hoc tools and techniques developed by these Through cyberspace, enemies will target hobbyist practitioners. This is in contrast to other foren- industry, academia, government, as well as the sics disciplines which developed from work by the scien- military in the air, land, maritime, and space [1][13] tific community. It was not until 1992 that the term domains. In much the same way that airpower “computer forensics” was used in academic literature (al- transformed the battlefield of World War II, though prior to this it had been in informal use); a paper cyberspace has fractured the physical barriers by Collier and Spaul attempted to justify this new disci- that shield a nation from attacks on its com- [14][15] pline to the forensic science world. This swift de- merce and communication.[21] velopment resulted in a lack of standardization and train- ing. In his 1995 book, "High-Technology Crime: Investi- The field of digital forensics still faces unresolved issues. gating Cases Involving Computers", K Rosenblatt wrote: A 2009 paper, “Digital Forensic Research: The Good, the Bad and the Unaddressed”, by Peterson and Shenoi Seizing, preserving, and analyzing evi- identified a bias towards Windows operating systems in dence stored on a computer is the greatest digital forensics research.[22] In 2010 Simson Garfinkel forensic challenge facing law enforcement in identified issues facing digital investigations in the future, the 1990s. Although most forensic tests, including the increasing size of digital media, the wide such as fingerprinting and DNA testing, are availability of encryption to consumers, a growing vari- performed by specially trained experts the ety of operating systems and file formats, an increasing task of collecting and analyzing computer ev- number of individuals owning multiple devices, and le- idence is often assigned to patrol officers and gal limitations on investigators. The paper also identified detectives.[16] continued training issues, as well as the prohibitively high cost of entering the field.[11] 1.2 2000s: Developing standards 1.3 Development of forensic tools Since 2000, in response to the need for standardization, various bodies and agencies have published guidelines for Main article: List of digital forensics tools digital forensics. The Scientific Working Group on Dig- ital Evidence (SWGDE) produced a 2002 paper, "Best During the 1980s very few specialized digital forensic practices for Computer Forensics", this was followed, in tools existed, and consequently investigators often per- 2005, by the publication of an ISO standard (ISO 17025, formed live analysis on media, examining computers General requirements for the competence of testing and from within the operating system using existing sysadmin calibration laboratories).[6][17][18] A European lead inter- tools to extract evidence. This practice carried the risk of national treaty, the Convention on Cybercrime, came into modifying data on the disk, either inadvertently or oth- force in 2004 with the aim of reconciling national com- erwise, which led to claims of evidence tampering. A puter crime laws, investigative techniques and interna- number of tools were created during the early 1990s to tional co-operation. The treaty has been signed by 43 address the problem. nations (including the US, Canada, Japan, South Africa, UK and other European nations) and ratified by 16. The need for such software was first recognized in 1989 at the Federal Law Enforcement Training Center, result- The issue of training also received attention. Commercial ing in the creation of IMDUMP (by Michael White) and companies (often forensic software developers) began to in 1990, SafeBack (developed by Sydex). Similar soft- offer certification programs and digital forensic analysis ware was developed in other countries; DIBS (a hardware was included as a topic at the UK specialist investigator [6][10] and software solution) was released commercially in the training facility, Centrex. UK in 1991, and Rob McKemmish released Fixed Disk Since the late 1990s mobile devices have become more Image free to Australian law enforcement.[9] These tools widely available, advancing beyond simple communica- allowed examiners to create an exact copy of a piece of tion devices, and have been found to be rich forms of digital media to work on, leaving the original disk intact information, even for crime not traditionally associated for verification. By the end of the '90s, as demand for with digital forensics.[19] Despite this, digital analysis of digital evidence grew more advanced commercial tools phones has lagged behind traditional computer media, such as EnCase and FTK were developed, allowing ana- largely due to problems over the proprietary nature of lysts to examine copies of media without using any live 3 forensics.[6] More recently, a trend towards “live memory well as unallocated and slack space), recovering deleted forensics” has grown
Load more

Recommended publications
  • Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking
    Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking ROD GEHL AND DARRYL PLECAS JUSTICE INSTITUTE OF BRITISH COLUMBIA NEW WESTMINSTER, BC Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted. Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl and Darryl Plecas is, unless otherwise noted, released under a Creative Commons Attribution 4.0 International (CC BY-NC) license. This means you are free to copy, retain (keep), reuse, redistribute, remix, and revise (adapt or modify) this textbook but not for commercial purposes. Under this license, anyone who revises this textbook (in whole or in part), remixes portions of this textbook with other material, or redistributes a portion of this textbook, may do so without gaining the author’s permission providing they properly attribute the textbook or portions of the textbook to the author as follows: Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl and Darryl Plecas is used under a CC BY-NC 4.0 International license. Additionally, if you redistribute this textbook (in whole or in part) you must retain the below statement, Download this book for free at https://pressbooks.bccampus.ca/criminalinvestigation/ as follows: 1. digital format: on every electronic page 2. print format: on at least one page near the front of the book To cite this textbook using APA, for example, follow this format: Gehl, Rod & Plecas, Darryl. (2016). Introduction to Criminal Investigation: Processes, Practices and Thinking.
    [Show full text]
  • 2021-22 Undergraduate Catalog
    Undergraduate and Graduate Course Descriptions for the 2021 - 2022 Academic Year ACCT - Accounting ACCT 201 INTRO TO FINANCIAL ACCOUNTING: A comprehensive study of basic financial accounting processes applicable to a service, merchandising, and manufacturing business. An analysis of transactions, journalizing, posting, preparation of working papers and ­financial statements. ACCT 202 INTRO TO MANAGERIAL ACCT: An introductory study of managerial accounting processes including job order costing, process costing, cost­volume­profit analysis, standard costs, activity­based costing, cost analysis, budgeting, and managerial decision making. Prerequisite: ACCT 201 or equivalent with a minimum grade of C. ACCT 301 INTERMEDIATE ACCOUNTING I: A study of financial accounting ­standard setting, the conceptual framework underlying financial accounting, balance sheet and income statement ­presentations, revenue and expense ­recognition, and accounting for current assets, and current liabilities. Prerequisite: ACCT 202 with a minimum grade of C. ACCT 302 INTERMEDIATE ACCOUNTING II: This class is the second course of the three­semester sequence of intermediate financial accounting. This course focuses on issues related to the reporting and analysis of financial accounting information. The objective in this course is to examine in detail (with an emphasis on both the "what" and the "why") the following financial topics: 1) Operational Assets 2) Time value of money 3) Bonds and long term notes 4) Leases 5) Employee benefits and pensions. Prerequisite: ACCT301 or equivalent with a minimum grade of C. ACCT 306 COST ACCOUNTING: A study of cost behavior, overhead cost ­allocations, cost systems design, and an introduction to activity­based costing and control systems. Emphasis is on case studies and other practical applications.
    [Show full text]
  • Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing
    Georgia Southern University Digital Commons@Georgia Southern Electronic Theses and Dissertations Graduate Studies, Jack N. Averitt College of Spring 2018 Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing Crime Data Majeed Kayode Raji Follow this and additional works at: https://digitalcommons.georgiasouthern.edu/etd Part of the Business Analytics Commons, Business Intelligence Commons, Computational Engineering Commons, and the Other Engineering Commons Recommended Citation Raji, Majeed Kayode, "Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing Crime Data" (2018). Electronic Theses and Dissertations. 1879. https://digitalcommons.georgiasouthern.edu/etd/1879 This thesis (open access) is brought to you for free and open access by the Graduate Studies, Jack N. Averitt College of at Digital Commons@Georgia Southern. It has been accepted for inclusion in Electronic Theses and Dissertations by an authorized administrator of Digital Commons@Georgia Southern. For more information, please contact [email protected]. DIGITAL FORENSIC TOOLS & CLOUD-BASED MACHINE LEARNING FOR ANALYZING CRIME DATA by MAJEED KAYODE RAJI (Under the Direction of Hayden Wimmer) ABSTRACT Digital forensics is a branch of forensic science in which we can recreate past events using forensic tools for a legal measure. Also, the increase in the availability of mobile devices has led to their use in criminal activities. Moreover, the rate at which data is being generated has been on the increase which has led to big data problems. With cloud computing, data can now be stored, processed and analyzed as they are generated. This thesis document consists of three studies related to data analysis. The first study involves analyzing data from an Android smartphone while making a comparison between two forensic tools; Paraben E3: DS and Autopsy.
    [Show full text]
  • Hacking Exposed Computer Forensics, Second Edition, Delivers the Most Valuable Insight on the Market
    HACKING EXPOSED™ COMPUTER FORENSICS SECOND EDITION REVIEWS “This book provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties all the complex pieces together with real-world case studies. With so many books on the topic of computer forensics, Hacking Exposed Computer Forensics, Second Edition, delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations.” —Brian H. Karney, COO, AccessData Corporation “Hacking Exposed Computer Forensics is a ‘must-read’ for information security professionals who want to develop their knowledge of computer forensics.” —Jason Fruge, Director of Consulting Services, Fishnet Security 00-FM.indd i 8/23/2009 3:54:42 AM “Computer forensics has become increasingly important to modern incident responders attempting to defend our digital castles. Hacking Exposed Computer Forensics, Second Edition, picks up where the first edition left off and provides a valuable reference, useful to both beginning and seasoned forensic professionals. I picked up several new tricks from this book, which I am already putting to use.” —Monty McDougal, Raytheon Information Security Solutions, and author of the Windows Forensic Toolchest (WFT) (www.foolmoon.net) “Hacking Exposed Computer Forensics, Second Edition, is an essential reference for both new and seasoned investigators. The second edition continues to provide valuable information in a format that is easy to understand and reference.” —Sean Conover, CISSP, CCE, EnCE “This book is an outstanding point of reference for computer forensics and certainly a must-have addition to your forensic arsenal.” —Brandon Foley, Manager of Enterprise IT Security, Harrah’s Operating Co.
    [Show full text]
  • IEEE Paper Template in A4 (V1)
    ISSN 2319 – 1953 International Journal of Scientific Research in Computer Science Applications and Management Studies Digital Forensics in Cloud Computing Environment Santhosh B, Nelson Dsouza#2, Akash D Kumbhar*2 #1,Associate Professor, Dept of MCA,AIMIT, Mangaluru, Karnataka, India #2Department of MCA, AIMIT, Mangaluru, Karnataka, India Abstract— The Internet is growing explosively, as is the • In a lawful manner, preserving, extracting, storing, analyzing number of crimes committed against or using computers. As a and presenting the evidence. response to the growth of computer crime, the field of computer • To gain an insight into the activities and techniques used by forensics has emerged. Computer forensics involves carefully cybercriminals. And find a counter way to solve the loopholes. collecting and examining electronic evidence that not only assesses the damage to a computer as a result of an electronic III. CHALLENGES AND RESEARCH GAPS attack, but also to recover lost information from such a system to prosecute a criminal. With the growing importance of computer The states not available, suspect and court ready becomes a security today and the seriousness of cybercrime, it is important challenge for cloud forensic investigator to recognize the data for computer professionals to understand the technology that is set for them. The increase in data storage capacity in a cloud used in computer forensics. This paper will discuss the need, goal is a disadvantage for a digital forensic investigation as it for computer forensics to be practiced in an effective, legal ways increases the time for analyzing the abundant data. and challenges. Forensics is the process of using scientific Lack of tools and little expertise in cloud forensics is of knowledge for collecting, analyzing and presenting evidence to concern, involves more challenging when encryption, multi- the courts.
    [Show full text]
  • Auditing Database Systems Through Forensic Analysis
    DePaul University Via Sapientiae College of Computing and Digital Media Dissertations College of Computing and Digital Media Summer 7-17-2020 Auditing database systems through forensic analysis James Wagner DePaul University, [email protected] Follow this and additional works at: https://via.library.depaul.edu/cdm_etd Part of the Computer and Systems Architecture Commons, and the Data Storage Systems Commons Recommended Citation Wagner, James, "Auditing database systems through forensic analysis" (2020). College of Computing and Digital Media Dissertations. 23. https://via.library.depaul.edu/cdm_etd/23 This Dissertation is brought to you for free and open access by the College of Computing and Digital Media at Via Sapientiae. It has been accepted for inclusion in College of Computing and Digital Media Dissertations by an authorized administrator of Via Sapientiae. For more information, please contact [email protected]. AUDITING DATABASE SYSTEMS THROUGH FORENSIC ANALYSIS BY JAMES WAGNER A DISSERTATION SUBMITTED TO THE SCHOOL OF COMPUTING, COLLEGE OF COMPUTING AND DIGITAL MEDIA OF DEPAUL UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY DEPAUL UNIVERSITY CHICAGO, ILLINOIS 2020 DePaul University College of Computing and Digital Media Dissertation Verification This doctoral dissertation has been read and approved by the dissertation committee below according to the requirements of the Computer and Information Systems PhD program and DePaul University. Name: James Wagner Title of dissertation: AUDITING DATABASE SYSTEMS THROUGH FORENSIC ANALYSIS Date of Dissertation Defense: 07/17/2020 Alexander Rasin Dissertation Advisor* Boris Glavic st 1 Reader Tanu Malik 2nd Reader Jacob Furst 3rd Reader Karen Heart 4th Reader (if applicable) 5th Reader (if applicable) * A copy of this form has been signed, but may only be viewed after submission and approval of FERPA request letter.
    [Show full text]
  • A Brief on Innovation Towards Forensic Science
    Journal of Forensic Pathology Commentary A Brief on Innovation towards Forensic Science MA Farhangi* Department of Drug Applied Research Center, Tabriz University of Medical Sciences, Tabriz, Iran INTRODUCTION Ideally acquisition involves capturing a picture of the computer's volatile memory (RAM) and creating a particular sector level Digital forensics (sometimes referred to as digital forensic duplicate (or "forensic duplicate") of the media, often employing science) may be a branch of forensic science encompassing the a write blocking device to stop modification of the first . recovery and investigation of fabric found in digital devices, However, the expansion in size of storage media and often in reference to computer crime. The term digital forensics developments like cloud computing have led to more use of 'live' was originally used as a synonym for computer forensics but has acquisitions whereby a 'logical' copy of the info is acquired expanded to hide investigation of all devices capable of storing instead of an entire image of the physical memory device .Both digital data. With roots within the personal computing acquired image (or logical copy) and original media/data are revolution of the late 1970s and early 1980s, the discipline hashed (using an algorithm like SHA-1 or MD5) and therefore evolved during a haphazard manner during the 1990s, and it the values compared to verify the copy is accurate. had been not until the first 21st century that national policies emerged. Digital forensics is usually utilized in both legal code and personal investigation. Traditionally it's been related to legal Digital forensics investigations have a spread of applications.
    [Show full text]
  • Hacking Exposed Computer Forensics.Pdf
    www.it-ebooks.info HACKING EXPOSED™ COMPUTER FORENSICS SECOND EDITION REVIEWS “This book provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties all the complex pieces together with real-world case studies. With so many books on the topic of computer forensics, Hacking Exposed Computer Forensics, Second Edition, delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations.” —Brian H. Karney, COO, AccessData Corporation “Hacking Exposed Computer Forensics is a ‘must-read’ for information security professionals who want to develop their knowledge of computer forensics.” —Jason Fruge, Director of Consulting Services, Fishnet Security www.it-ebooks.info 00-FM.indd i 8/23/2009 3:54:42 AM “Computer forensics has become increasingly important to modern incident responders attempting to defend our digital castles. Hacking Exposed Computer Forensics, Second Edition, picks up where the first edition left off and provides a valuable reference, useful to both beginning and seasoned forensic professionals. I picked up several new tricks from this book, which I am already putting to use.” —Monty McDougal, Raytheon Information Security Solutions, and author of the Windows Forensic Toolchest (WFT) (www.foolmoon.net) “Hacking Exposed Computer Forensics, Second Edition, is an essential reference for both new and seasoned investigators. The second edition continues to provide valuable information in a format that is easy to understand and reference.” —Sean Conover, CISSP, CCE, EnCE “This book is an outstanding point of reference for computer forensics and certainly a must-have addition to your forensic arsenal.” —Brandon Foley, Manager of Enterprise IT Security, Harrah’s Operating Co.
    [Show full text]
  • Forensic Science 1 Forensic Science
    Forensic science 1 Forensic science "Forensics" redirects here. For other uses, see Forensics (disambiguation). Forensic science Physiological sciences • Forensic anthropology • Forensic archaeology • Forensic odontology • Forensic entomology • Forensic pathology • Forensic botany • Forensic biology • DNA profiling • Bloodstain pattern analysis • Forensic chemistry • Forensic osteology Social sciences • Forensic psychology • Forensic psychiatry Forensic criminalistics • Ballistics • Ballistic fingerprinting • Body identification • Fingerprint analysis • Forensic accounting • Forensic arts • Forensic footwear evidence • Forensic toxicology • Gloveprint analysis • Palmprint analysis • Questioned document examination • Vein matching Digital forensics • Computer forensics • Forensic data analysis • Database forensics • Mobile device forensics • Network forensics • Forensic video • Forensic audio Related disciplines • Fire investigation Forensic science 2 • Fire accelerant detection • Forensic engineering • Forensic linguistics • Forensic materials engineering • Forensic polymer engineering • Forensic statistics • Forensic taphonomy • Vehicular accident reconstruction People • William M. Bass • George W. Gill • Richard Jantz • Edmond Locard • Douglas W. Owsley • Werner Spitz • Auguste Ambroise Tardieu • Juan Vucetich Related articles • Crime scene • CSI effect • Perry Mason syndrome • Pollen calendar • Skid mark • Trace evidence • Use of DNA in forensic entomology • v • t [1] • e Forensic science is the scientific method of gathering and examining
    [Show full text]
  • A New Framework for Securing, Extracting and Analyzing Big Forensic Data
    Journal of Digital Forensics, Security and Law Volume 13 Article 6 October 2018 A New Framework for Securing, Extracting and Analyzing Big Forensic Data Hitesh Sachdev Georgia Southern University hayden wimmer Georgia Southern University, [email protected] Lei Chen Georgia Southern University Carl Rebman University of San Diego, [email protected] Follow this and additional works at: https://commons.erau.edu/jdfsl Part of the Computer and Systems Architecture Commons, Computer Law Commons, Data Storage Systems Commons, Information Security Commons, Management Information Systems Commons, Systems Architecture Commons, and the Technology and Innovation Commons Recommended Citation Sachdev, Hitesh; wimmer, hayden; Chen, Lei; and Rebman, Carl (2018) "A New Framework for Securing, Extracting and Analyzing Big Forensic Data," Journal of Digital Forensics, Security and Law: Vol. 13 , Article 6. DOI: https://doi.org/10.15394/jdfsl.2018.1419 Available at: https://commons.erau.edu/jdfsl/vol13/iss2/6 This Article is brought to you for free and open access by the Journals at Scholarly Commons. It has been accepted for inclusion in Journal of Digital Forensics, Security and Law by an authorized administrator of (c)ADFSL Scholarly Commons. For more information, please contact [email protected]. A NEW FRAMEWORK FOR SECURING, EXTRACTING AND ANALYZING BIG FORENSIC DATA Hitesh Sachdev1, Hayden Wimmer1, Lei Chen1, Carl Rebman2 1Georgia Southern University Dept. of Information Technology P.O. Box 8150 Statesboro, GA 30415, USA [email protected], [email protected]*, [email protected] 2University of San Diego School of Business Administration 5998 Alcala Park Coronado 212 San Diego, CA 92110 [email protected] ABSTRACT Finding new methods to investigate criminal activities, behaviors, and responsibilities has always been a challenge for forensic research.
    [Show full text]
  • Forensically Sound Data Acquisition in the Age of Anti-Forensic Innocence
    Forensically Sound Data Acquisition in the Age of Anti-Forensic Innocence Forensisch korrekte Datensicherung im Zeitalter anti-forensischer Arglosigkeit Der Technischen Fakultät der Friedrich-Alexander-Universität Erlangen-Nürnberg zur Erlangung des Doktorgrades Dr.-Ing. vorgelegt von Michael Gruhn aus Bad Windsheim Als Dissertation genehmigt von der Technischen Fakultät der Friedrich-Alexander-Universität Erlangen-Nürnberg Tag der mündlichen Prüfung: 2016-11-24 Vorsitzender des Promotionsorgans: Prof. Dr.-Ing. Reinhard Lerch Gutachter: Prof. Dr.-Ing. Felix Freiling Prof. Dr. Zeno Geradts Abstract In this thesis, we tackle anti-forensic and rootkit problems in digital forensics. An anti-forensic technique is any measure that prevents a forensic analysis or reduces its quality. First, we investigate the anti-forensic threat of hard drive firmware rootkits, which can prevent a forensic analyst from acquiring data from the hard drive, thus jeopardizing the forensic analysis. To this end, we first outline the threat of hard drive firmware rootkits. We then provide a procedure to detect and subvert already published hard disk drive firmware bootkits. We further outline potential avenues to detect hard drive firmware rootkits nested deeper within the hard disk drive’s so-called Service Area, a special storage on the magnetic platter reserved for use by the firmware. After addressing the acquisition of persistent data storage in form of hard disk drives, we shift towards acquisition and later analysis of volatile storage, in the form of RAM. To this end, we first evaluate the atomicity and integrity as well as anti-forensic resistance of different memory acquisition techniques with our novel black-box analysis technique.
    [Show full text]
  • Forensic Chemistry
    Cutting-Edge Programs, Experience It: Smart People, Cool Research Chemistry at Illinois Tech Bachelor of Science in FORENSIC CHEMISTRY What Is Forensic Chemistry? Learn forensic Forensic chemistry is the application of chemistry to forensic analytical chemistry investigation. It is a science at the interface of analytical and inorganic chemistry, biochemistry, microbiology, toxicology, and forensic toxicology lab and genetics. techniques that employers need. Is Forensic Chemistry Right for You? Program Benefits Do you want to learn how chemical, biochemical, and • Provides you with specialized skills in chemical, biological, microscopic analysis are applied to crime scene investigation spectroscopic, and chromatographic methods for analysis and drug enforcement administration? Would you like and characterization of forensic samples. to work in a government agency on a team in charge of forensic science and forensic chemistry biodefense and anti- • Learn various areas of forensic science and select courses bioterrorism? This program is right for you if you are interested based on your interest in forensic analytical chemistry, in developing a career in forensic science, forensic medicine, forensic DNA analysis, or forensic data analysis. forensic drug analysis, forensic toxicology and DNA analysis, or criminalistics. • Learn lab skills that employers want in instrumental, colorimetric, and microscopic analysis of forensic samples, What Makes This Program Unique? controlled substances, and standards. • You will build a strong foundation in traditional chemistry • Prepares you to be a viable candidate for professional and then develop sound knowledge and practical skills to positions in forensic chemistry, forensic science, crime earn a B.S. in this specialized program. scene investigation (CSI), drug investigation and enforcement labs.
    [Show full text]