Practical Cyber Forensics, 1st ed. An Incident-Based Approach to Forensic Investigations
Langue : Anglais
Auteur : Reddy Niranjan
Become an effective cyber forensics investigator and gain a collection of practical, efficient techniques to get the job done. Diving straight into a discussion of anti-forensic techniques, this book shows you the many ways to effectively detect them. Now that you know what you are looking for, you?ll shift your focus to network forensics, where you cover the various tools available to make your network forensics process less complicated. Following this, you will work with cloud and mobile forensic techniques by considering the concept of forensics as a service (FaSS), giving you cutting-edge skills that will future-proof your career.
Building on this, you will learn the process of breaking down malware attacks, web attacks, and email scams with case studies to give you a clearer view of the techniques to be followed. Another tricky technique is SSD forensics, so the author covers this in detail to give you the alternative analysis techniques you?ll need. To keep you up to speed on contemporary forensics, Practical Cyber Forensics includes a chapter on Bitcoin forensics, where key crypto-currency forensic techniques will be shared. Finally, you will see how to prepare accurate investigative reports.
What You Will Learn
- Carry out forensic investigation on Windows, Linux, and macOS systems
- Detect and counter anti-forensic techniques
- Deploy network, cloud, and mobile forensics
- Investigate web and malware attacks
- Write efficient investigative reports
Who This Book Is For
Intermediate infosec professionals looking for a practical approach to investigative cyber forensics techniques.
Chapter 1: Need of Digital Forensics Proficiency
Chapter 6: Cloud Forensics
No. of pages: 25
Topics:
Law enforcement agencies face a new challenge in dealing with cyber crimes. Criminal acts are being committed and the evidence of these activities is recorded in electronic form. Besides, crimes are being committed in cyberspace. Evidence in these crimes is almost always recorded in digital fashion. It is important that computer security professionals be aware of some of the requirements of the legal system and understands the developing field of computer forensics. The reality of the information age is having a significant impact on the legal establishment. One major area in which this is being felt is that of the acquisition, authentication, evaluation and legal admissibility of information stored on magnetic and other media. This information can be referred to as digital evidence. Computer forensics is the application of science and engineering to the legal problem of digital evidence. (Theoretical Part)
No. of pages: 15
Cyber crime is a growing problem, with the impact to society increasing exponentially, but the ability of local law enforcement agencies to investigate and successfully prosecute criminals for these crimes is unclear.
Topics:
(a) Better awareness/Techniques
(b) Support for cloud and mobile forensics
(c) Backing for and improvement of open-source tools
(d) Research on encryption, malware, and trail obfuscation
(f) Better communication, especially between/with law enforcement
(g) More personnel and funding
Chapter 2: Introduction to Windows, Linux and MAC Forensics
This chapter walks readers through the various types of Operating systems like Windows, Linux and Macintosh. It also covers almost critical components of investigation of Windows, Linux and Macintosh operating system functionality. The chapter contains MFT concepts, MBR files, Virtual Paging, Windows Registry, data recovery, memory forensics, and more. Hands-on exercises in each chapter to identifying the artifacts form different artefacts form OS.
Topics:
(a) Windows Forensics
(b) Use of BIOS in investigation
(c) MFT and MBR Concepts(d) Windows Registry
(e) Windows Log forensics
(f) File System Forensics
(g) Data Recover
(h) File Signature
(i) Memory Forensics(j) Linux Forensics
(k) Virtual Machine Forensics
(l) Macintosh Forensics
(m) Interesting Mac Artefacts
Chapter 3: Anti Forensics Techniques & Detection
No. of pages: 15
Anti Forensics is an attempt by cyber criminals to make the cyber forensic analysis of digital evidence difficult or impossible. Anti-forensics methods are divided into several sub-categories such as data hiding, artifact wiping, trail obfuscation and attacks against the computer forensics processes and tools. Attack against forensics tools is also known as counter-forensics. The common purpose of the anti-forensic tools is purely malicious in intent and design. Anti-forensics or counter-forensics can also be used for defense against espionage, as recovery of information by forensic tools can be prevented.
Sub Topics:
(a) Data hiding
(b) Encryption
(c) Stenography
(d) Artifacts wiping
(e) Disk cleaning utilities
(f) File wiping utilities
(g) Disk degaussing/destruction
(h) Forensic traits obfuscation/deletion
(i) Real Time case study with POC
Chapter 4: Network Forensics
Network forensics originates from high-volume of traffic generated due to network connections and applying forensic procedures on it is a troublesome process. There are various tools available in the market which helps to make the job of a network forensic analyst quite peaceful, but dealing with these tools is a complicated process, until you have a proper guidance to operate them.
(a) Real Life Scenarios and Case studies with POC
(b) Role of Network Components
(c) The Open Source Interconnection Reference Model
(d) Forensic Footprints
(e) Creating an event of Traffic
(f) Traffic Analysis
(g) Network Forensic Tools
(h) Role of Wireshark in Network Forensics
Chapter 5: Mobile forensics
No. of pages: 25
Mobile devices are an evolving form of computing, used widely for personal and organizational purposes. These compact devices are useful in managing information, such as contact details and appointments, corresponding electronically, and conveying electronic documents. Over time, they accumulate a sizeable amount of information about the owner. When involved in crimes or other incidents, proper tools and techniques are needed to recover evidence from such devices and their associated media.
Topics:
(a) Mobile forensic analysis with case study and POC
(b) Smart Devices forensic challenges
(c) Mobile phone evidence extraction process
(d) Smart operating systems overview
(e) Manual Extraction(f) Logical Extraction
(g) Micro Read & Chip off
(h) Potential evidence stored on smart devices
(i) Challenges to smart device investigations
No. of pages: 20
The development of digital and computer forensics has been based on personal computers and devices. The capabilities required for performing forensics of criminal activities performed in the Cloud have yet to be established by the cloud service providers. To address these there have been several attempts for providing FraSS (Forensics As A Service). In this chapter we discuss them and highlight the emerging area of cloud computing and highlights its challenges and opportunities both from the perspective of performing forensics in the clouds and performing forensics of cloud computing resources.
Topics:
(a) Cloud Forensics Overview
(b) Client Forensics
(c) Cloud Forensics
(d) Case studies
(e) FRaaS
Chapter 7: Investigating Malware attacks
No. of pages: 25
Security breaches due to cyber-attacks incorporate technical components in the use of specific malware and technical skills as well as psychological components in exploiting user vulnerabilities. Moreover, the availability of resources such as markets and the support of nation-states play a role in how malware are developed, hacking skills are acquired and knowledge about the target is obtained. All of these components reflect the complex nature of cyber-attacks in general. In this section we carry out a literature review that identifies how these components have evolved and what set of features are present in the incidents that are considered more sophisticated.
Subtopics:
(a) Malware and its family
(b) Zero-day exploits
(c) Ransomware
(d) Remote Administration Tool
(e) Insight into target
(f) Avoiding detection
(g) Encrypted data
(h) Insider access
(i) Poor security configurations
(j) SQL injection
(j) Brute Force
(k) Real time case study with POC
Chapter 8: Investigating web attacks
Vulnerabilities in the Internet-connected software run by large organizations create a large security risk. A single successful exploit — which can be as short as a few characters typed in the wrong place — can abuse these flaws and set a breach in motion. Exploits can be leveraged to access corporate databases and other sensitive information, causing financial and reputational damage to the target, system hijacking, theft of intellectual property, and downtime.
Topics:
(a) Various Network Attacks
(b) Eavesdropping
(c) Data Modification
(d) Identity Spoofing (IP Address Spoofing)
(e) Password-Based Attacks
(f) Denial-of-Service Attack(g) Man-in-the-Middle Attack
(h) Compromised-Key Attack
(i) Sniffer Attack
(j) MITM Attack
(k) Exploitation - Example – Metasploit(l) System Attacks
(m) Mobile Attacks & Wireless Attacks
(n) Web Attacks
(o) SQL Injection
(p) Real time case study with POC
Chapter 9: Investigating email crimes
No. of pages: 20
Scams using emails have grown in frequency and developed in sophistication, and now these are being misused by scammers to frequently launch criminal attacks. By using techniques such as phishing, scammers can make money in a very short time and generally avoid detection.
(a) Anatomy of an Email
(b) Gathering evidences from an Email Server
(c) Exploits in Phishing Emails
(d) Anti-spamming techniques and resources
(e) Case study on e-discovery from Enron corpus with POC
Chapter 10: SSD Forensics
Total Pages: 20
SSDs are direct, plug compatible replacement devices for the spinning hard disk drives that provide most of the persistent storage of data and programs in modern computers at the laptop scale and above. SSDs are faster, lighter, and more reliable than spinning media drives. Spinning disk drives are cheaper and offer more storage in the same package size. Through the use of a separate processor, memory, and software, SSD devices emulate the function of a spinning disk drive to the operating system of a server, desktop or laptop computer. The emulated function of the spinning media drive is provided in the software and solid state hardware of the SSD device.
Topics:
(a) Spinning Media Drives and File Storage
(b) Forensic Investigation of Spinning Media Drives
(c) Solid State Disks
(d) Forensic Investigation of SSD Devices
(e) Alternative Analysis Methods
Chapter 11: BitCoin Forensics
No. of pages: 20
This chapter focuses on information for investigating cryptocurrencies (and in general BitCoin). The umbrella of Cryptocurrency includes Bitcoin and other alternative crypto currencies. The Blockchain universe forms the base of these public ledger systems and this has begun to change the way data and records (and currency!) are being created and maintained.
Topics:
(a) Virtual Money and The BlockChain
(b) Anonymity and Cryptocurrencies
(c) Cryptocurrency Investigations
(d) Tracking transactions on the Blockchain
(e) Identifying the owner of a cryptocurrency wallet
(f) Forensic tools and Device forensics (artifacts from Trezor, etc.)
(g) Establishing non-repudiation and Legal issues
(h) Real Time case study
Chapter 12: Investigative Reports and Legal Acceptance
Total No. of pages: 20
Chapter 13: Cyber Laws overview
Total number of pages: 20
Topics:
(a) What Is Cyber Law?
(b) Need for Cyber Law
(c) Evolution of Key Terms and Concepts
(d) Evolution of Cyber Crime
Mr Niranjan Reddy is a renowed and passionate Information Security professional who specializes in Cyber Security & Digital Forensics. He has a hands-on experience in almost all domains of Information Security specializing in Cyber Forensics. He is an Electronics Graduate and possess numerous International Certifications under his belt to name a few are MCSE,CCNA,Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), EC-Council Certified Security Analyst (ECSA), Certified Information System Security Professional(CISSP),Offensive Security Certified Professional(OSCP),ISO-27000:2013-Lead Auditor and many more.He is a Mentor,Enetrpreneur, Founder & CTO of NetConclave Systems which is an IT Security Consulting,Services & Trainings firm headquartered in Pune-India.
He was awarded the Global ECCouncil Excellence Instructor Award for 9 years in a row (2009-2017) in the South Asia category by ECCouncil,USA for corporate trainings and his contributions to the Infosec domain. .His articles on forensics and cyber security have been featured in many international and domestic publications such as Hakin9, E-Forensics,D46 magazine,India Legal, etc.
He has 14+ years plus of rich global experience in field of Information Security, Digital Forensics, Security Audits, Cyber Laws and Incident Response and handled critical runaway projects worldwide. He has been a speaker at various international & domestic conferences such as GroundZero, National Information Security Summit(NISS),ECCouncil International Cyber Security Summit in Colombo,HAKON, Hackers Day,NASSCOMM,Inforsecon at GFSU National Cyber Defence Research Center(NCDRC),ISACA Pune chapter and many more.He has also authored various articles on information security and Digital forensics,Cyber Crime Investigations in many domestic and international print media’s like e-forensics,Hakin9, India Legal ,Digital 4N6 magazine Gulf Times, Daily-Financial Times Daily-Colombo,
Covers forensics as a service (FraSS)
Includes crypto-currency forensic techniques
Features example cases on web attacks and email crimes
Date de parution : 07-2019
Ouvrage de 488 p.
17.8x25.4 cm
Thèmes de Practical Cyber Forensics :
© 2024 LAVOISIER S.A.S.
