The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics

Paperback (Print)
Rent
Rent from BN.com
$7.45
(Save 75%)
Est. Return Date: 11/20/2014
Buy New
Buy New from BN.com
$20.97
Buy Used
Buy Used from BN.com
$17.62
(Save 41%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $17.83
Usually ships in 1-2 business days
(Save 40%)
Other sellers (Paperback)
  • All (7) from $17.83   
  • New (4) from $20.66   
  • Used (3) from $17.83   

Overview

The Basics of Digital Forensics will provide a foundation for people new to the digital forensics field.This book will teach people how to condusct examiniations by discussing what Digital Forensics is, the methodologies used, and the tools needed to perform examinations. The audience will learn how to prepare an investigative plan, as well as how to prepare for courtroom testimony.


  • Learn all about what Digital Forensics entails

  • Build a toolkit and prepare an investigative plan

  • Understand the common artifacts to look for during an exam
Read More Show Less

Editorial Reviews

From the Publisher
"The coverage of topics is very inclusive and this is sure to become required reading for anyone interested in this field."—Dr. Marcus K. Rogers (CISSP, DFCP) Director - Cyber Forensics Program at Purdue University

"The Basics of Digital Forensics is extremely easy to read and understand, and tackles the topic in a very broad manner. All in all, it's a perfect book for those who are interested in the subject and for gauging whether they might be interested in finding out more about it in the future."——Help Net Security

"Sammons (integrated science and technology and forensic science, Marshall U.), a former police officer, investigator, and cybercrime task force member, introduces students and beginners to digital forensics, its methods, concepts, and labs and tools. He explains how to collect evidence from Windows systems, the Internet, email, networks, and mobile devices, as well as antiforensic activities like hiding data and password attacks, legal issues, and emerging technologies such as solid state hard drives and cloud computing."—Reference and Research Book news, Inc.

"This is highly detailed material. Although the introductory chapter adopts an easy pace, with overviews of important technical concepts, most of the other chapters get right down to the practice of forensic analysis. This is not a book you’re going to want to read in bed: you’ll want this right next to a computer – preferably two or three computers running different operating systems – so that you can try the techniques for yourself as you work your way through. The authors admit that this book does?not cover everything you need to know. For instance, it focuses entirely on ‘dead drive’ forensics – offline systems. Analysing running systems often requires high-level proprietary tools. But it does give an excellent grounding in the methods of digital forensic analysis and provides a valuable first step in learning the technicalities."—Network Security, May 2012, page 4

"With the inclusion of some practical exercises, the book could easily become part of a basic training program for newly hired digital forensic examiners. For experienced examiners, the book can serve as a quick resource to review some basic concepts that we sometimes neglect as we focus on more detailed and complex examinations. This book should be considered a must-read for anyone who wants to pursue a career in digital forensics and a must-have for those examiners already working in the discipline."—DFINews. com

Read More Show Less

Product Details

  • ISBN-13: 9781597496612
  • Publisher: Elsevier Science
  • Publication date: 3/9/2012
  • Pages: 208
  • Sales rank: 136,377
  • Product dimensions: 7.52 (w) x 9.48 (h) x 0.49 (d)

Meet the Author

John Sammons is an Assistant Professor at Marshall University in Huntington, West Virginia. John teaches digital forensics, electronic discovery, information security and technology in the Department of Integrated Science and Technology. He's also adjunct faculty with the Marshall University graduate forensic science program. He is also the founder and Director of the Appalachian Institute of Digital Evidence. AIDE is a non-profit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement and information security practitioners in the private sector. Prior to joining the faculty at Marshall, John co-founded Second Creek Technologies, a digital forensics and electronic discovery firm. While at Second Creek, John served as the Managing Partner and CEO. John is a contract instructor for AccessData and is certified by them as both an instructor and examiner. He is a former Huntington Police officer and currently serves as a part-time investigator for the Cabell County (WV) Prosecutors Office. As an investigator, he focuses on Internet crimes against children and child pornography. John routinely provides training for the legal and law enforcement communities in the areas of digital forensics and electronic discovery. He is an Associate Member of the American Academy of Forensic Sciences and a member of the Southern Criminal Justice Association and Infragard.
Read More Show Less

Read an Excerpt

The Basics of Digital Forensics

The Primer for Getting Started in Digital Forensics


By John Sammons

Elsevier Science

Copyright © 2012 Elsevier, Inc.
All rights reserved.
ISBN: 978-1-59749-662-9


Excerpt

CHAPTER 1

Introduction


Information in This Chapter:

* What Is Forensic Science?

* What Is Digital Forensics?

* Uses of Digital Forensics

* Role of the Forensic Examiner in the Judicial System


Each betrayal begins with trust." —"Farmhouse" by the band Phish


INTRODUCTION

Your computer will betray you. This is a lesson that many CEO's, criminals, politicians, and ordinary citizens have learned the hard way. You are leaving a trail, albeit a digital one; it's a trail nonetheless. Like a coating of fresh snow, these 1s and 0s capture our "footprints" as we go about our daily life.

Cell phone records, ATM transactions, web searches, e-mails, and text messages are a few of the footprints we leave. As a society, our heavy use of technology means that we are literally drowning in electronically stored information. And the tide keeps rolling in. Don't believe me? Check out these numbers from the research company IDC:

* The digital universe (all the digital information in the world) will reach 1.2 million petabytes in 2010. That's up by 62% from 2009.

If you can't get your head around a petabyte, maybe this will help:

"One petabyte is equal to: 20 million, four-drawer filing cabinets filled with text or 13.3 years of HD-TV video."

(Mozy, 2009)

The impact of our growing digital dependence is being felt in many domains, not the least of which is the legal system. Everyday, digital evidence is finding its way into the world's courts. This is definitely not your father's litigation. Gone are the days when records were strictly paper. This new form of evidence presents some very significant challenges to our legal system. Digital evidence is considerably different from paper documents and can't be handled in the same way. Change, therefore, is inevitable. But the legal system doesn't turn on a dime. In fact, it's about as nimble as the Titanic. It's struggling now to catch-up with the blinding speed of technology.

Criminal, civil, and administrative proceedings often focus on digital evidence, which is foreign to many of the key players, including attorneys and judges. We all know folks who don't check their own e-mail or even know how to surf the Internet. Some lawyers, judges, businesspeople, and cops fit squarely into that category as well. Unfortunately for those people, this blissful ignorance is no longer an option.

Where law-abiding society goes, the bad guys will be very close behind (if not slightly ahead). They have joined us on our laptops, cell phones, iPads, and the Internet. Criminals will always follow the money and leverage any tools, including technology, that can aid in the commission of their crimes.

Although forensic science has been around for years, digital forensics is still in its infancy. It's still finding its place among the other more established forensic disciplines, such as DNA and toxicology. As a discipline, it is where DNA was many years ago. Standards and best practices are still being developed.

Digital forensics can't be done without getting under the hood and getting your hands dirty, so to speak. It all starts with the 1's and 0's. This binary language underpins not only the function of the computer but how it stores data as well. We need to understand how these 1's and 0's are converted into the text, images, and videos we routinely consume and produce on our computers.


WHAT IS FORENSIC SCIENCE?

Let's start by examining what it's not. It certainly isn't Humvees, sunglasses, and expensive suits. It isn't done without lots of paperwork, and it's never wrapped up in sixty minutes (with or without commercials). Now that we know what it isn't, let's examine what it is. Simply put, forensics is the application of science to solve a legal problem. In forensics, the law and science are forever integrated. Neither can be applied without paying homage to the other. The best scientific evidence in the world is worthless if it's inadmissible in a court of law.


WHAT IS DIGITAL FORENSICS?

There are many ways to define digital forensics. In Forensic Magazine, Ken Zatyko defined digital forensics this way:

"The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation."

(Zatyko, 2007)

Digital forensics encompasses much more than just laptop and desktop computers. Mobile devices, networks, and "cloud" systems are very much within the scope of the discipline. It also includes the analysis of images, videos, and audio (in both analog and digital format). The focus of this kind of analysis is generally authenticity, comparison, and enhancement.


USES OF DIGITAL FORENSICS

Digital forensics can be used in a variety of settings, including criminal investigations, civil litigation, intelligence, and administrative matters.


Criminal Investigations

When you mention digital forensics in the context of a criminal investigation, people tend to think first in terms of child pornography and identity theft. Although those investigations certainly focus on digital evidence, they are by no means the only two. In today's digital world, electronic evidence can be found in almost any criminal investigation conducted. Homicide, sexual assault, robbery, and burglary are just a few of the many examples of "analog" crimes that can leave digital evidence.

One of the major struggles in law enforcement is to change the paradigm of the police and get them to think of and seek out digital evidence. Everyday digital devices such as cell phones and gaming consoles can hold a treasure trove of evidence. Unfortunately, none of that evidence will ever see a courtroom if it's not first recognized and collected. As time moves on and our law enforcement agencies are replenished with "younger blood," this will become less and less of a problem.


BIND. TORTURE. KILL.

The case of Dennis Rader, better known as the BTK killer, is a great example of the critical role digital forensics can play in a criminal investigation. This case had national attention and, thanks to digital forensics, was solved thirty years later. To all that knew him before his arrest, Dennis Rader was a family man, church member, and dedicated public servant. What they didn't know was that he was also an accomplished serial killer. Dennis Rader, known as Bind, Torture, Kill (BTK), murdered ten people in Kansas from 1974 to 1991. Rader managed to avoid capture for over thirty years until technology betrayed him.

After years of silence, Rader sent a letter to the Wichita Eagle newspaper declaring that he was responsible for the 1986 killing of a young mother. The letter was received by the Eagle on March 19, 2004. After conferring with the FBI's Behavioral Analysis Unit, the police decided to attempt to communicate with BTK through the media.

In January 2005, Rader left a note for police, hidden in a cereal box, in the back of a pickup truck belonging to a Home Depot employee. In the note, he said:

"Can I communicate with Floppy and not be traced to a computer. Be honest. Under Miscellaneous Section, 494, (Rex, it will be OK), run it for a few days in case I'm out of town-etc. I will try a floppy for a test run some time in the near future-February or March."

The police did the only thing they could. They lied. As directed, they responded (via an ad in the Eagle) on January 28. The ad read "Rex, it will be ok, Contact me PO Box 1st four ref.numbers at 67202."

On February 16, a manila envelope arrived at KSAS, the Fox affiliate in Wichita. Inside was a purple floppy disc from BTK. The disc contained a file named "Test A.rtf." (The .rtf extension stands for "Rich Text File"). A forensic exam of the file struck gold. The file's metadata (the data about the data) gave investigators the leads they had been waiting over thirty years for. Aside from the "Date Created" (Thursday, February 10, 2005 6:05:34 PM) and the "Date Modified" (Monday, February 14, 2005 2:47:44 PM) were the "Title" (Christ Lutheran Church) and "Last Saved By:" (Dennis).

Armed with this information, investigators quickly logged on to the Christ Lutheran Church web site. There they found that Dennis Rader was the president of the church's Congregation Council. The noose was tightening, but it wasn't tight enough. Investigators turned to DNA to make the case airtight. Detectives went on to obtain a DNA sample from Rader's daughter and compared it to DNA from BTK. The results proved that BTK was her father. On February 25, three days after the DNA sample arrived at the lab, Rader was arrested, sealing the fate of BTK. He is currently serving ten consecutive life sentences (Witchita Eagle).


Civil Litigation

The use of digital forensics in civil cases is big business. In 2011, the estimated total worth of the electronic discovery market is somewhere north of $780 million (Global EDD Group). As part of a process known as Electronic Discovery (eDiscovery), digital forensics has become a major component of much high dollar litigation. eDiscovery "refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case" (TechTarget, 2005).

In a civil case, both parties are generally entitled to examine the evidence that will be used against them prior to trial. This legal process is known as "discovery." Previously, discovery was largely a paper-based exercise, with each party exchanging reports, letters, and memos; however, the introduction of digital forensics and eDiscovery has greatly changed this practice.

The proliferation of the computer has rendered that practice nearly extinct. Today, parties no longer talk about filing cabinets, ledgers, and memos; they talk about hard drives, spreadsheets, and file types. Some paper-based materials may come into play, but it's more the exception than the rule. Seeing the evidentiary landscape rapidly changing, the courts have begun to modify the rules of evidence. The rules of evidence, be they state or federal rules, govern how digital evidence can be admitted during civil litigation. The Federal Rules of Civil Procedure were changed in December 2006 to specifically address how electronically stored information is to be handled in these cases.

Digital evidence can quickly become the focal point of a case, no matter what kind of legal proceeding it's used in. The legal system and all its players are struggling to deal with this new reality.


Intelligence

Terrorists and foreign governments, the purview of our intelligence agencies, have also joined the digital age. Terrorists have been using information technology to communicate, recruit, and plan attacks. In Iraq and Afghanistan, our armed forces are exploiting intelligence collected from digital devices brought straight from the battlefield. This process is known as DOMEX (Document and Media Exploitation). DOMEX is paying large dividends, providing actionable intelligence to support the soldiers on the ground (U.S. Army).


MOUSSAOUI

It's well documented that the 9-11 hijackers sought out and received flight training in order to facilitate the deadliest terrorist attack ever on U.S. soil. Digital forensics played a role in the investigation of this aspect of the attack.

On August 16, 2001, Zacarias Moussaoui was arrested by INS agents in Eagan, Minnesota, for overstaying his visa. Agents also seized a laptop and floppy disk. After obtaining a search warrant, the FBI searched these two items on September 11, 2001. During the analysis, they found evidence of a Hotmail account (pilotz123@hotmail.com) used by Moussaoui. He used this account to send e-mail to the flight school as well as other aviation organizations.

For those not familiar with Hotmail accounts, it's a free e-mail service offered by Microsoft, similar to Gmail and Yahoo!. They're quite easy to get and only require basic subscriber information. This information is essentially meaningless, because none of the information is verified. During the examof Moussaoui's e-mail, agents were also able to analyze the Internet protocol connection logs. One of the IP addresses identified was assigned to "PC11" in a computer lab at the University of Oklahoma.

The investigation further showed that Moussaoui and the rest of the nineteen hijackers made extensive use of computers at a variety of Kinko's store locations in other cities. Agents arrived at the Kinko's in Eagan hoping to uncover evidence. They were disappointed to learn that this specific Kinko's makes a practice of erasing the drives on their rental computers every day. Now forty-four days after Moussaoui's visit, the agents felt the odds of recovering any evidence would be somewhere between slim and none. They didn't bother examining the Kinko's computer. The Eagan store isn't alone. Other locations make a routine practice of erasing or reimaging the rental computers as well. This is done periodically, some as soon as twenty-four hours, others as long as thirty days. The drives are erased to improve the performance and reliability of the computers as well as to protect the privacy of its customers (Lawler, 2002).
(Continues...)


Excerpted from The Basics of Digital Forensics by John Sammons. Copyright © 2012 by Elsevier, Inc.. Excerpted by permission of Elsevier Science.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Chapter 1. Introduction Chapter 2. Key Technical Concepts Chapter 3. Labs and Tools Chapter 4. Collecting Evidence Chapter 5. Windows System Artifacts Chapter 6. Anti-Forensics Chapter 7. Legal Chapter 8. eMail and Internet Chapter 9. Networks and Mobile Devices Chapter 10. Current Issues and Challenges Ahead

Read More Show Less

Customer Reviews

Average Rating 5
( 2 )
Rating Distribution

5 Star

(2)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Posted June 7, 2013

    I¿m loving McDonalds for fast food... MyDeals247 for the best de

    I’m loving McDonalds for fast food... MyDeals247 for the best deals;))

    0 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Posted March 9, 2012

    VERY VERY HIGHLY RECOMMENDED!!

    Are you a beginning digital forensics professional; as well as, a network and system administrator? If you are, then this book is for you! Author John Sammons, has done an outstanding job of writing a book that looks at what forensic science, particularly digital forensics, is and is not. Author Sammons, begins by defining digital forensics and examines how it’s being used. In addition, the author looks at binary, how data are stored, storage media and more. He then discusses the digital forensic environment and hardware and software that are used on a regular basis. The author then, covers fundamental forensically sound practices that you can use to collect the evidence and establish a chain of custody. He continues by looking at many of the common Windows artifacts and how they are created. He then discusses several techniques that are used to hide or destroy digital evidence. The author then examines the Fourth Amendment; as well as, reasonable expectations of privacy, private searches, searching with and without a warrant and the Stored Communications Act. Then, he looks at how web pages are found and sent to browsers using Uniform Resource Locators and Domain Name Servers. Next, the author shows you how networks are attacked, and what role digital forensics plays in not only the response, but how perpetrators can be traced. He continues by looking at the underlying technology powering cell phones and GPS units; as well as, the potential evidence they could contain. Finally, he discusses why the digital forensics community still has work to do, regarding how it conducts its business especially in relation to the other more traditional disciplines. This most excellent book brought out the fact that digital forensic sciences aren’t quite the fast-paced crime-solving dramas that you watch on TV. Perhaps more importantly, digital forensic sciences are in fact a scientific method of collection, investigation and analysis, that are used to solve some kind of legal problem.

    0 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)