Chapter 1: Need of Digital Forensics Proficiency
No. of pages: 15
Cyber crime is a growing problem, with the impact to society increasing exponentially, but the ability of local law enforcement agencies to investigate and successfully prosecute criminals for these crimes is unclear.
Topics:
(a) Better awareness/Techniques
(b) Support for cloud and mobile forensics
(c) Backing for and improvement of open-source tools
(d) Research on encryption, malware, and trail obfuscation
(f) Better communication, especially between/with law enforcement
(g) More personnel and funding
Chapter 2: Introduction to Windows, Linux and MAC Forensics
This chapter walks readers through the various types of Operating systems like Windows, Linux and Macintosh. It also covers almost critical components of investigation of Windows, Linux and Macintosh operating system functionality. The chapter contains MFT concepts, MBR files, Virtual Paging, Windows Registry, data recovery, memory forensics, and more. Hands-on exercises in each chapter to identifying the artifacts form different artefacts form OS.
Topics:
(a) Windows Forensics
(b) Use of BIOS in investigation
(c) MFT and MBR Concepts
(d) Windows Registry
(e) Windows Log forensics
(f) File System Forensics
(g) Data Recover
(h) File Signature
(i) Memory Forensics
(j) Linux Forensics
(k) Virtual Machine Forensics
(l) Macintosh Forensics
(m) Interesting Mac Artefacts
Chapter 3: Anti Forensics Techniques & Detection
No. of pages: 15
Anti Forensics is an attempt by cyber criminals to make the cyber forensic analysis of digital evidence difficult or impossible. Anti-forensics methods are divided into several sub-categories such as data hiding, artifact wiping, trail obfuscation and attacks against the computer forensics processes and tools. Attack against forensics tools is also known as counter-forensics. The common purpose of the anti-forensic tools is purely malicious in intent and design. Anti-forensics or counter-forensics can also be used for defense against espionage, as recovery of information by forensic tools can be prevented.
Sub Topics:
(a) Data hiding
(b) Encryption
(c) Stenography
(d) Artifacts wiping
(e) Disk cleaning utilities
(f) File wiping utilities
(g) Disk degaussing/destruction
(h) Forensic traits obfuscation/deletion
(i) Real Time case study with POC
Chapter 4: Network Forensics
Network forensics originates from high-volume of traffic generated due to network connections and applying forensic procedures on it is a troublesome process. There are various tools available in the market which helps to make the job of a network forensic analyst quite peaceful, but dealing with these tools is a complicated process, until you have a proper guidance to operate them.
(a) Real Life Scenarios and Case studies with POC
(b) Role of Network Components
(c) The Open Source Interconnection Reference Model
(d) Forensic Footprints
(e) Creating an event of Traffic
(f) Traffic Analysis
(g) Network Forensic Tools
(h) Role of Wireshark in Network Forensics
Chapter 5: Mobile forensics
No. of pages: 25
Mobile devices are an evolving form of computing, used widely for personal and organizational purposes. These compact devices are useful in managing information, such as contact details and appointments, corresponding electronically, and conveying electronic documents. Over time, they accumulate a sizeable amount of information about the owner. When involved in crimes or other incidents, proper tools and techniques are needed to recover evidence from such devices and their associated media.
Topics:
(a) Mobile forensic analysis with case study and POC
(b) Smart Devices forensic challenges
(c) Mobile phone evidence extraction process
(d) Smart operating systems overview
(e) Manual Extraction
(f) Logical Extraction
(g) Micro Read & Chip off
(h) Potential evidence stored on smart devices
(i) Challenges to smart device investigations
Chapter 6: Cloud Forensics
No. of pages: 20
The development of digital and computer forensics has been based on personal computers and devices. The capabilities required for performing forensics of criminal activities performed in the Cloud have yet to be established by the cloud service providers. To address these there have been several attempts for providing FraSS (Forensics As A Service). In this chapter we discuss them and highlight the emerging area of cloud computing and highlights its challenges and opportunities both from the perspective of performing forensics in the clouds and performing forensics of cloud computing resources.
Topics:
(a) Cloud Forensics Overview
(b) Client Forensics
(c) Cloud Forensics
(d) Case studies
(e) FRaaS
Chapter 7: Investigating Malware attacks
No. of pages: 25
Security breaches due to cyber-attacks incorporate technical components in the use of specific malware and technical skills as well as psychological components in exploiting user vulnerabilities. Moreover, the availability of resources such as markets and the support of nation-states play a role in how malware are developed, hacking skills are acquired and knowledge about the target is obtained. All of these components reflect the complex nature of cyber-attacks in general. In this section we carry out a literature review that identifies how these components have evolved and what set of features are present in the incidents that are considered more sophisticated.
Subtopics:
(a) Malware and its family
(b) Zero-day exploits
(c) Ransomware
(d) Remote Administration Tool
(e) Insight into target
(f) Avoiding detection
(g) Encrypted data
(h) Insider access
(i) Poor security configurations
(j) SQL injection
(j) Brute Force
(k) Real time case study with POC
Chapter 8: Investigating web attacks
No. of pages: 25
Vulnerabilities in the Internet-connected software run by large organizations create a large security risk. A single successful exploit — which can be as short as a few characters typed in the wrong place — can abuse these flaws and set a breach in motion. Exploits can be leveraged to access corporate databases and other sensitive information, causing financial and reputational damage to the target, system hijacking, theft of intellectual property, and downtime.
Topics:
(a) Various Network Attacks
(b) Eavesdropping
(c) Data Modification
(d) Identity Spoofing (IP Address Spoofing)
(e) Password-Based Attacks
(f) Denial-of-Service Attack
(g) Man-in-the-Middle Attack
(h) Compromised-Key Attack
(i) Sniffer Attack
(j) MITM Attack
(k) Exploitation - Example – Metasploit
(l) System Attacks
(m) Mobile Attacks & Wireless Attacks
(n) Web Attacks
(o) SQL Injection
(p) Real time case study with POC
Chapter 9: Investigating email crimes
No. of pages: 20
Scams using emails have grown in frequency and developed in sophistication, and now these are being misused by scammers to frequently launch criminal attacks. By using techniques such as phishing, scammers can make money in a very short time and generally avoid detection.
Topics:
(a) Anatomy of an Email
(b) Gathering evidences from an Email Server
(c) Exploits in Phishing Emails
(d) Anti-spamming techniques and resources
(e) Case study on e-discovery from Enron corpus with POC
Chapter 10: SSD Forensics
Total Pages: 20
SSDs are direct, plug compatible replacement devices for the spinning hard disk drives that provide most of the persistent storage of data and programs in modern computers at the laptop scale and above. SSDs are faster, lighter, and more reliable than spinning media drives. Spinning disk drives are cheaper and offer more storage in the same package size. Through the use of a separate processor, memory, and software, SSD devices emulate the function of a spinning disk drive to the operating system of a server, desktop or laptop computer. The emulated function of the spinning media drive is provided in the software and solid state hardware of the SSD device.
Topics:
(a) Spinning Media Drives and File Storage
(b) Forensic Investigation of Spinning Media Drives
(c) Solid State Disks
(d) Forensic Investigation of SSD Devices
(e) Alternative Analysis Methods
Chapter 11: BitCoin Forensics
No. of pages: 20
This chapter focuses on information for investigating cryptocurrencies (and in general BitCoin). The umbrella of Cryptocurrency includes Bitcoin and other alternative crypto currencies. The Blockchain universe forms the base of these public ledger systems and this has begun to change the way data and records (and currency!) are being created and maintained.
Topics:
(a) Virtual Money and The BlockChain
(b) Anonymity and Cryptocurrencies
(c) Cryptocurrency Investigations
(d) Tracking transactions on the Blockchain
(e) Identifying the owner of a cryptocurrency wallet
(f) Forensic tools and Device forensics (artifacts from Trezor, etc.)
(g) Establishing non-repudiation and Legal issues
(h) Real Time case study
Chapter 12: Investigative Reports and Legal Acceptance
Total No. of pages: 20
Law enforcement agencies face a new challenge in dealing with cyber crimes. Criminal acts are being committed and the evidence of these activities is recorded in electronic form. Besides, crimes are being committed in cyberspace. Evidence in these crimes is almost always recorded in digital fashion. It is important that computer security professionals be aware of some of the requirements of the legal system and understands the developing field of computer forensics. The reality of the information age is having a significant impact on the legal establishment. One major area in which this is being felt is that of the acquisition, authentication, evaluation and legal admissibility of information stored on magnetic and other media. This information can be referred to as digital evidence. Computer forensics is the application of science and engineering to the legal problem of digital evidence. (Theoretical Part)
Chapter 13: Cyber Laws overview
Total number of pages: 20
Topics:
(a) What Is Cyber Law?
(b) Need for Cyber Law
(c) Evolution of Key Terms and Concepts
(d) Evolution of Cyber Crime