Preface Preface Our Purpose and Approach Welcome to the book named Real Digital Forensics . When we conceived this book, we wanted to give forensic investigators more than words to learn new skills. Many people express to us in our classes and speaking engagements a simple sentence we have heard hundreds of times: "How do I get into the field of computer forensics?" In our opinion, you cannot learn forensics unless you have hands-on practical experience. This brings up a more important question we usually hear next: "How do I get my hands on data to gain that experience?" This question is much more difficult to answer because the only data most people have to practice with comes from real casesand we all know that our clients do not want their data disseminated for learning tools! Therefore, it is difficult for most people to find data to practice with in order to sharpen their computer forensic skills. To answer this second question, we decided to publish this book with a DVD containing realistic evidence collected from several fictitious scenarios for the sole purpose of teaching the computer forensic tradecraft. Most of the scenarios you will find throughout this book are very similar to types of cases that we investigate every day. We used the same tools attackers use when establishing a foothold in your network, the same methods rogue employees make use of to steal your trade secrets, and the same media we typically collect when we created the e
About the Authors.
I. LIVE INCIDENT
1. Windows Live Response.
2. Unix Live Response.
3. Collecting Network-Based
4. Analyzing Network-Based Evidence
for a Windows Intrusion.
5. Analyzing Network-Based Evidence
for a Unix Intrusion.
III. ACQUIRING A FORENSIC
6. Before You Jump Right In…
7. Commercial-Based Forensic
8. Noncommercial-Based Forensic
IV. FORENSIC ANALYSIS
9. Common Forensic Analysis
10. Web Browsing Activity
11. E-Mail Activity Reconstruction.
12. Microsoft Windows Registry
13. Forensic Tool Analysis: An
Introduction to Using Linux for Analyzing Files of Unknown
14. Forensic Tool Analysis: A Hands-On
Analysis of the Linux File aio.
15. Forensic Tool Analysis: Analyzing
Files of Unknown Origin (Windows).
V. CREATING A COMPLETE FORENSIC
16. Building the Ultimate Response
17. Making Your CD-ROM a Bootable
MOBILE DEVICE FORENSICS.
18. Forensic Duplication and Analysis of
Personal Digital Assistants.
19. Forensic Duplication of USB and
Compact Flash Memory Devices.
20. Forensic Analysis of USB and Compact
Flash Memory Devices.
21. Tracing E-Mail.
22. Domain Name Ownership.
Appendix: An Introduction to