If you are Digital Forensic Analyst and want to read about Digital Forensic, check it out this book:
Title : Practical Digital Forensic
Author : Richard Boddington
ISBN : ISBN 978-1-78588-710-9
Publisher : Packt
Pages : 372
Year : 2016
Here is the details of this book.
Chapter 1: The Role of Digital Forensics and Its Environment
Understanding the history and purpose of forensics – specifically, digital forensics
The origin of forensics
Locard’s exchange principle
The evolution of fingerprint evidence
DNA evidence
The basic stages of forensic examination
Defining digital forensics and its role
Definitions of digital forensics
Looking at the history of digital forensics
The early days
A paucity of reliable digital forensic tools
The legal fraternity’s difficulty understanding digital evidence
More recent developments in digital forensics
Studying criminal investigations and cybercrime
Outlining civil investigations and the nature of e-discovery
The role of digital forensic practitioners and the challenges they face
The unique privilege of providing expert evidence and opinion
Issues faced by practitioners due to inadequate forensics processes
Inferior forensics tools confronting practitioners
The inadequate protection of digital information confronting practitioners
The tedium of forensic analysis
Qualities of the digital forensic practitioner
Determining practitioner prerequisites
Chapter 2: Hardware and Software Environments
Describing computers and the nature of digital information
Magnetic hard drives and tapes
Optical media storage devices
Random-access memory (RAM)
Solid-state drive (SSD) storage devices
Network-stored data
The cloud
Operating systems
Connecting the software application to the operating system
Connecting the software application to the operating system and a device
Describing filesystems that contain evidence
The filesystem category
The filename category
The metadata category
The content category
Locating evidence in filesystems
Determining the means of transgression
Determining opportunity to transgress
Determining the motive to transgress
Deciding where to look for possible evidence
Indexing and searching for files
Unallocated data analysis
Explaining password security, encryption, and hidden files
User access to computer devices
Understanding the importance of information confidentiality
Understanding the importance of information integrity
Understanding the importance of information availability
User access security controls
Encrypted devices and files
Case study – linking the evidence to the user
Chapter 3: The Nature and Special Properties of Digital Evidence
Defining digital evidence
The use of digital evidence
The special characteristics of digital evidence
The circumstantial nature of digital evidence
File metadata and correlation with other evidence
The technical complexities of digital evidence
The malleability of digital evidence
Metadata should not be taken at face value
Recovering files from unallocated space (data carving)
Date and time problems
Determining the value and admissibility of digital evidence
Explaining the evidentiary weight of digital evidence
Understanding the admissibility of digital evidence
Defining the lawful acquisition of digital evidence
Emphasizing the importance of relevance in terms of digital evidence
Outlining the reliability of digital evidence
The importance of the reliability of forensic tools and processes
Evaluating computer/network evidence preservation
Corroborating digital evidence
Chapter 4: Recovering and Preserving Digital Evidence
Understanding the chain of custody
Describing the physical acquisition and safekeeping of digital evidence
Explaining the chain of custody of digital evidence
Outlining the seizure and initial inspection of digital devices
Recovering digital evidence through forensic imaging processes
Dead analysis evidence recovery
Write-blocking hardware
Write-blocking software
Enhancing data preservation during recovery
Recovering remnants of deleted memory
Acquiring digital evidence through live recovery processes
The benefits of live recovery
The challenges of live recovery
The benefits of volatile memory recovery
Isolating the device from external exploits
Outlining the efficacy of existing forensic tools and the emergence of enhanced processes and tools
Standards for digital forensic tools
The reliability of forensic imaging tools to recover and protect digital evidence
Case studies – linking the evidence to the user
Chapter 5: The Need for Enhanced Forensic Tools
Digital forensics laboratories
The purpose of digital forensics laboratories
Acceptance of, consensus on, and uptake of digital forensics standards
Best practices for digital forensics laboratories
The physical security of digital forensic laboratories
Network and electronic requirements of digital forensic laboratories
Dilemmas presently confronting digital forensics laboratories
Emerging problems confronting practitioners because of increasingly large and widely dispersed datasets
Debunking the myth of forensic imaging
Dilemmas presently confronting digital forensics practitioners
Processes and forensic tools to assist practitioners to deal more effectively with these challenges
E-discovery evidence recovery and preservation
Enhanced digital evidence recovery and preservation
The benefits of enhanced recovery tools in criminal investigations
Empowering non-specialist law enforcement personnel and other stakeholders to become more effective first respondents at digital crime scenes
The challenges facing non-forensic law enforcement agents
Enhancing law enforcement agents as first respondents
The challenges facing IT administrators, legal teams, forensic auditors, and other first respondents
Enhancing IT administrators, legal team members, and other personnel as first respondents
Chapter 6: Selecting and Analyzing Digital Evidence
Structured processes to locate and select digital evidence
Locating digital evidence
Search processes
Searching desktops and laptops
Selecting digital evidence
Seeking the truth
More effective forensic tools
Categorizing files
Eliminating superfluous files
Deconstructing files
Searching for files
The Event Analysis tool
The Cloud Analysis tool
The Lead Analysis tool
Analyzing e-mail datasets
Detecting scanned images
Volume Shadow Copy analysis tools
Timelines and other analysis tools
Chapter 7: Windows and Other Operating Systems as Sources of Evidence
The Windows Registry and system files and logs as resources of digital evidence
Seeking useful leads within the Registry
Mapping devices through the Registry
Detecting USB removable storage
User activity
Reviewing Most Recently Used and Jump List activity
Detecting wireless connectivity
Observing Windows Event Viewer logs
Recovery of hidden data from a VSS
Examining prefetch files
Pagefiles
Hibernation and sleep files
Detecting steganography
Apple and other operating system structures
Examining Apple operating systems
The Linux operating system
Remote access and malware threats
Remote access
Detecting malware attacks and other exploits
The prevalence of anti-forensics processes and tools
Chapter 8: Examining Browsers, E-mails, Messaging Systems,and Mobile Phones
Locating evidence from Internet browsing
Typical web-browsing behavior
Recovering browsing artifacts from slack and unallocated space
Private browsing
Messaging systems
Examining Skype and chat room artifacts
The invisible Internet
E-mail analysis and the processing of large e-mail databases
Recovering e-mails from desktop and laptop computers
Recovering and analyzing e-mails from larger datasets
Searching for scanned files
The growing challenge of evidence recovery from mobile phones
and handheld devices
Extracting data from mobile devices
Managing evidence contamination
Concealing illegal activities
Extracting mobile data from the cloud
Analyzing GPS devices and other handheld devices
Chapter 9: Validating the Evidence
The nature and problem of unsound digital evidence
Challenges explaining the complexity of digital evidence
The immaturity of the forensic subdiscipline
The ineffective security integrity of computers and networks
Evidence contamination
Impartiality in selecting evidence
Meaning is only clear in context
Faulty case management and evidence validation
The structured and balanced analysis of digital evidence
Developing hypotheses
Modeling arguments
The Toulmin model of argumentation
Formalizing the validation of digital evidence
The perceived benefits of a formalized validation process
Rationale for selection
The conceptual framework of the model
The validation process
Applying Bayesian reasoning to the analysis of validation
The comparative simplicity of the analysis of legal admissibility
More complex components requiring scientific measurement
Determining prior probability
Setting post probabilities
Checking whether the remote access application was running at the
time of the transgression
Present limitations and scoping
The presentation of digital evidence
Preparing digital forensics reports
Court appearances
Ethical issues confronting digital forensics practitioners
Chapter 10: Empowering Practitioners and Other Stakeholders
The evolving nature of digital evidence vis-à-vis the role of the practitioner
Solutions to the challenges posed by new hardware and software
More efficacious evidence recovery and preservation
Challenges posed by communication media and the cloud
Mobile phone evidence recovery
The cloud – convenient for users but problematic for practitioners
The need for effective evidence processing and validation
Contingency planning
This book contains 10 Chapters. The Role of Digital Forensics and Its Environment is explaining in Chapter 1. Chapter 2 from this book talking about Hardware and Software Environments. The Nature and Special Properties of Digital Forensic is described in Chapter 3. Chapter 4 explore about Recovering and Preserving Digital Evidence. The Need for Enhanced Forensic Tools is explain in Chapter 5. Selecting and Analyzing Digital Evidence explain in Chapter 6. Chapter 7 described about Windows and Other Operating Systems as Sources of Evidence. Chapter 8 describe about Examining Browsers, E-mails, Messaging Systems. Chapter 9 explain about Validating the Evidence. The last chapter, Chapter 10 exploring how to Empowering Practitioners and Other Stakeholders.
Richard Boddington commenced general policing with the London Metropolitan Police in 1968 and joined the Royal Hong Kong Police in 1971, later serving as a chief inspector in the Special Branch. In 1980, Richard moved to Australia and worked as a desk officer and case officer with the Australian Security Intelligence Organization. He later worked in several federal and state government agencies, including the Western Australia Department of Treasury and Finance, as a senior intelligence officer.
In 2008, he commenced developing and coordinating information security and digital forensics undergraduate and postgraduate courses at Murdoch University, where he was responsible for the creation of a digital forensic and information security degree offering. He provided a unique online virtual digital forensics
unit for postgraduate students at the University of Western Australia in 2014.
Between 1991 and 2015, Richard was a security analyst and digital forensic practitioner, providing independent consultancy services for legal practitioners and organizations requiring independent digital forensic examinations and reports. This included analyzing case evidence in criminal and civil cases heard at Magistrate, District and Commonwealth Courts. His work included the compilation of digital forensic reports and testifying as an expert witness on complex technical matters to assist the jury in understanding digital evidence presented during trial. Recent forensic examinations undertaken by him include analyzing digital
evidence recovered from computers, mobile phones, and other digital devices and then preparing expert testimony relating to a broad range of criminal and civil cases, including: Child pornography and child exploitation, Cyberstalking, Aggravated burglary and false imprisonment, Analysis of CCTV video digital evidence of assault and rape cases, Alleged homicide, suicide, and other crimes of violence.
You can buy this book from online bookstores in the Internet such as Amazon, Barnes and Nobles, and others.
For any other IT Tutorial, you can check it here :
Cloud Computing : https://bukutrainingns.blogspot.com/2020/01/kumpulan-tutorial-belajar-cloud.html
Web : https://bukutrainingns.blogspot.com/2020/02/kumpulan-tutorial-belajar-web.html
Server Hardware : https://bukutrainingns.blogspot.com/2020/01/kumpulan-tutorial-belajar-server.html
Data Center : https://bukutrainingns.blogspot.com/2020/01/kumpulan-tutorial-belajar-data-center.html
Veritas Backup Exec : https://bukutrainingns.blogspot.com/2020/01/kumpulan-tutorial-belajar-veritas.html
Windows Server 2012R2 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-windows.html
Windows Server 2016 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-windows_6.html
Windows Server 2019 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-windows_19.html
Active Directory : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-active.html
Exchange Server 2013 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-exchange.html
Exchange Server 2016 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-exchange_9.html
Exchange Server 2019 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-exchange_20.html
Linux Ubuntu : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-linux-ubuntu.html
Linux RedHat : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-linux-redhat.html
Linux CEntOS : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-linux-centos.html
Cisco : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-cisco.html
Mikrotik : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-router.html
Hyper-V : https://bukutrainingns.blogspot.com/2019/12/belajar-hyper-v-kumpulan-tutorial.html
SQL Server 2014 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-sql-server.html
Jobs dan Career : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-karir-dunia-teknologi.html
Microsoft Office Word : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-microsoft.html
VMWare VSphere : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-vmware-vsphere.html
For any other IT Certification, you can check it here :
CompTIA : https://bukutrainingns.blogspot.com/2020/06/kumpulan-tutorial-belajar-sertifikasi.html
Cisco : https://bukutrainingns.blogspot.com/2020/06/kumpulan-tutorial-belajar-sertifikasi_8.html
Oracle : https://bukutrainingns.blogspot.com/2020/06/kumpulan-tutorial-belajar-sertifikasi_9.html
Microsoft : https://bukutrainingns.blogspot.com/2020/06/kumpulan-tutorial-belajar-sertifikasi_10.html
MikroTik : https://bukutrainingns.blogspot.com/2020/06/kumpulan-tutorial-belajar-sertifikasi_11.html
VMWare : https://bukutrainingns.blogspot.com/2020/06/kumpulan-tutorial-belajar-sertifikasi_12.html
FortiNet : https://bukutrainingns.blogspot.com/2020/06/kumpulan-tutorial-belajar-sertifikasi_16.html
EC Council : https://bukutrainingns.blogspot.com/2020/06/kumpulan-tutorial-belajar-sertifikasi_17.html
Juniper : https://bukutrainingns.blogspot.com/2020/06/kumpulan-tutorial-belajar-sertifikasi_22.html
RedHat : https://bukutrainingns.blogspot.com/2020/06/kumpulan-tutorial-sertifikasi-linux.html
For IT Tutorial visit here:
https://bukutrainingns.blogspot.com/
For IT Tutorial video watch here:
https://www.youtube.com/c/NanangSadikinOfficial
See you again.
Regards
Nanang