Digital Forensic Science. Vassil Roussev

sheer volume of data to be examined also requires new means of processing it.

       KEYWORDS

      digital forensics, cyber forensics, cyber crime, incident response, data recovery

      To my parents, Reni and Rosen, for their love and for opening all of life’s opportunities.

      To my wife, Laura, for her love and unconditional support.

      To my advisor, Prasun, for his patience and the enduring wisdom of his lessons.

       Contents

       1 Introduction

       1.1 Scope of this Book

       1.2 Organization

       2 Brief History

       2.1 Early Years (1984–1996)

       2.2 Golden Age (1997–2007)

       2.3 Present (2007–)

       2.4 Summary

       3 Definitions and Models

       3.1 The Daubert Standard

       3.2 Digial Forensic Science Definitions

       3.2.1 Law-centric Definitions

       3.2.2 Working Technical Definition

       3.3 Models of Forensic Analysis

       3.3.1 Differential Analysis

       3.3.2 Computer History Model

       3.3.3 Cognitive Task Model

       4 System Analysis

       4.1 Storage Forensics

       4.1.1 Data Abstraction Layers

       4.1.2 Data Acquisition

       4.1.3 Forensic Image Formats

       4.1.4 Filesystem Analysis

       4.1.5 Case Study: FAT32

       4.1.6 Case Study: NTFS

       4.1.7 Data Recovery and File Content Carving

       4.1.8 File Fragment Classification

       4.2 Main Memory Forensics

       4.2.1 Memory Acquisition

       4.2.2 Memory Image Analysis

       4.3 Network Forensics

       4.4 Real-time Processing and Triage

       4.4.1 Real-time Computing

       4.4.2 Forensic Computing with Deadlines

       4.4.3 Triage

       4.5 Application Forensics

       4.5.1 Web Browser

       4.5.2 Cloud Drives

       4.6 Cloud Forensics

       4.6.1 Cloud Basics

       4.6.2 The Cloud Forensics Landscape

       4.6.3 IaaS Forensics

       4.6.4 SaaS Forensics

       5 Artifact Analysis

       5.1 Finding Known Objects: Cryptographic Hashing

       5.2 Block-level Analysis

       5.3 Efficient Hash Representation: Bloom Filters

       5.4 Approximate Matching

       5.4.1 Content-defined Data Chunks

       5.4.2 Ssdeep

       5.4.3 Sdhash

       5.4.4 Evaluation

       5.5 Cloud-native Artifacts

       6 Open Issues and Challenges

       6.1 Scalability

       6.2 Visualization and Collaboration

       6.3 Automation and Intelligence

       6.4 Pervasive Encryption

       6.5 Cloud Computing

       6.5.1 From SaaP to SaaS

       6.5.2 Separating Cloud Services from their Implementation

       6.5.3 Research Challenges

       6.6 Internet of Things (IoT)

       Bibliography

       Author’s Biography

      CHAPTER 1

       Introduction

      In a word, the computer scientist is a toolsmith—no more, but no less. It is an honorable calling.

      Frederick P. Brooks, Jr. [66]

      Forensic science (or forensics) is dedicated to the systematic application of scientific methods to gather and analyze evidence for a legal purpose. Digital forensics—a.k.a. cyber or computer forensics—is a subfield within forensics, which deals specifically with digital artifacts, such as files, and computer systems and networks used to create, transform, transmit, and store them.

      The rapid adoption of information technology (IT) in all aspects of modern life means that it bears witness to an ever expanding number of human- and machine-initiated interactions and transactions. It is increasingly the case that the only historical trace

Скачать книгу