Book 5 - Digital Investigation Techniques and Tools
1. DIGITAL FORENSIC TECHNIQUES AND TOOLS ...... 2 2. DIGITAL FORENSICS EVIDENCE ACQUISITION ...... 19 3. INTERNET INVESTIGATION ...... 39 4. INTRODUCTION TO DATABASE FORENSICS ...... 75 5. WINDOWS ARTIFACTS ...... 104 6. LINUX FORENSICS ...... 127 7. MEMORY FORENSICS ...... 165
1 1. Digital Forensic Techniques and Tools
Scope Number 1 Title Digital Forensic Techniques and Tools Introduction Digital forensic technologies and tools are developed to capture digital evidence, investigate digital devices and perform relevant network analysis. As such, the analysis and investigation encompass hard and soft components of digital devices. Although the number of the proposed processes and models are varying, this chapter introduce the commonly shared processes, models and standards for digital forensics to inform on how, where, and when to appropriately apply the proper model and tool. Outcomes At the end of this Module you should be able to: • Understand the concept of digital forensic process; • Demonstrate good knowledge of the common forensic techniques and tools; • Apply a systematic approach to an investigation using forensic techniques and tools; • Identify the main advantages and disadvantages of common forensic techniques; • Demonstrate clear understanding of network forensic analysis. Topics - Introduction - Digital Forensic Process - Digital Forensic Models - Digital Forensic Techniques and Tools - Digital Forensic and Network Analysis Study Guide Instructions on how to study this unit: • Required study time: You should plan to spend approximately 25 hours studying this unit. You may find it convenient to break up your study as follows: Activity Time Preparation 3 hours Content Review 1 hour Set Textbook Content 1 hours Software/Hardware Review 8 hours Thinking (Review questions, MCQs): 5 hours Tutorial 2 hours Related Course Work 5 hours Total 25 Hours • Required hardware/software: ü Digital Forensics Lab. ü Microsoft Internet Explorer version 5 or higher. • Required external resources including links and books: ü E- Library.
2
Content Section Number 1.1 Section Title Introduction Introduction This Section introduces digital forensic investigation and equipment for the reader with fundamental understanding for digital forensics. The subsequent sections present a selected number of digital forensic models and tools to be reviewed. The reviewed tools and models are chosen to present the state of art of the current digital forensic models and tools.
Content Gathering digital evidence from computers, networks, and storage media has become a vital weapon against different types of software and hardware attacks and forbidden threats. Generally, the practice of collecting, analyzing and reporting digital evidence in a way legally admissible in court is known as digital or computer forensics and the experts who practice this kind of science are known as forensic examiners. However, the acquisition, analysis, and reporting of the digital evidence depends on the nature of the crime scene, types of available evidence and the digital forensic tools employed. As there are loads of data and events encounter certain digital evidence, digital forensic examiners may apply different type of digital forensic techniques and tools. On the other hand, the accumulative number of digital activities using different kinds of digital devices have tightened and complicated the process of analyzing and the cleanse of target data. As such, evaluating digital forensic evidence is not an easy task due to the following reasons: