Bruce Nikkel 1_2_overview_of_digital_forensics.pdf
Bruce Nikkel 1_2_overview_of_digital_forensics.pdf
Bruce Nikkel 1_2_overview_of_digital_forensics.pdf
7
0.0 (0)
Kartei Details
Karten | 7 |
---|---|
Sprache | English |
Kategorie | Technik |
Stufe | Universität |
Erstellt / Aktualisiert | 20.06.2019 / 28.06.2021 |
Lizenzierung | Keine Angabe |
Weblink |
https://card2brain.ch/box/20190620_bruce_nikkel_12overviewofdigitalforensics_pdf
|
Einbinden |
<iframe src="https://card2brain.ch/box/20190620_bruce_nikkel_12overviewofdigitalforensics_pdf/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What is the basic forensic process for digital evidence?
Basic forensic process for digital evidence:
- Evidence collection/acquisition
- Preservation, integrity, chain-of-custody
- Analysis, interpretation
- Presentation, reporting
Why is digital evidence important or useful?
- Admissible in court of law
- Usable for internal disciplinary hearings
- Supporting data for internal incident reports
- Assisting/furthering other investigations
- Helps reconstrucht past events or activity (timelines)
- Shows possession / handling of digital data
- Show use/abuse of IT infrastructure & services
- Shows evidence of policy violation or illegar activity
What are the original areas of digital forensics?
- Computer forensics (disks, removable media, flash chips ...)
- Network forensics (network intrusion, abuse ...)
- Software forensics (examining malicious code, malware ...)
- Live system forensics (compormied hosts, memory dumps ...)
What has modern digital forensics grown to include?
- Mobile forensics (smart phones, tablets)
- IoT forensics (internet connected toasters, tiny devices ...)
- Vehicle forensics (automobiles, drones)
- Cloud and Social Media forensics
What are the characteristics of digital evidence?
Easy to destroy
- bootin a PC updates timestamps and modifies files
- attaching external drives can modify file system timestamps, create files, overwrite deleted data
- volatile memory is lost when a machine is powered off
Hard to get
- network traffic only exists on the wire for milliseconds
- intrusions and attacks may be cleverly hidden (steg, obfuscation, crypto)
- anti-forensic activity may prevent collection
- proprietary devices of file formats
- over-providioned ares on flash drives
- service ares on disks
- encrypted drives and files
What are some concepts of digital forensics?
- acquisition vs analysis
- evidence vs intelligence
- private vs public sectors
- victioms vs perpetrators (ebanking, CP)
- limitations vs requierments (technical, policy, legal, ehtical)
Name some digital forensics resources and tools
- Academic papers and conferences
- DF (data forensic) tools and platforms
- sleuth kit + autopsy
- forensic focus
- kali linux
- my forensics page