Computer Forensics


How Computer Forensics Books Stack Up

Comparative review of:

Webmail Forensics

Presentation on using computer forensics techniques on web-based e-mail.

NIST Guidelines on PDA Forensics

Personal Digital Assistants (PDAs) are a relatively recent phenomenon, not usually covered in classical computer forensics. This guide attempts to bridge that gap by providing an in-depth look into PDAs and explaining the technologies involved and their relationship to forensic procedures. It covers three families of devices - Pocket PC, Palm OS, and Linux-based PDAs - and the characteristics of their associated operating system. This guide also discusses procedures for the preservation, acquisition, examination, analysis, and reporting of digital information present on PDAs, as well as available forensic software tools that support those activities.

First Responders Guide to Computer Forensics

This handbook targets a critical training gap in the fields of information security, computer forensics, and incident response. In today's networked world, it is essential for system and network administrators to understand the fundamental areas and the major issues in computer forensics. Knowledgeable first responders apply good forensic practices to routine administrative procedures and alert verification, and know how routine actions can adversely affect the forensic value of data. This awareness will greatly enhance system and network administrators' effectiveness when responding to security alerts and other routine matters. This capability is a crucial and an often overlooked element of defense-in-depth strategies for protecting the availability, integrity, and survivability of IT and network infrastructures. For instance, the step of collecting data from a live system is often skipped because of time constraints, lack of preparation, and the common practice of returning the corrupted live system to its original state by either a fresh software installation or a system reboot.

Using Computer Forensics When Investigating System Attacks

This article explains how to conduct a computer forensic investigation of a system in response to the suspicion, or actual occurrence, of an attack on that system. It discusses computer forensic analysis at different levels and provides information that is useful to a wide audience, including CIOs, DSOs, auditors, and system administrators.

This article helps organizations prepare systems for faster recovery and recommends ways of preserving evidence so that it can possibly be used in a prosecution. This article describes a range of options for responding to a computer attack, including the ramifications of each option, and provides recommendations for determining the best course of action given the specific circumstances of the attack. It provides a list of tools that are useful for investigating attacks on Sun Solaris™ systems. Finally, this article walks readers through a step-by-step example of a computer forensic investigation.

Computer Forensics

The roots of computer forensics start with the first time a system administrator had to figure out how and what a hacker had done to gain unauthorized access to explore the system. This was mainly a matter of discovering the incursion, stopping the incursion if it was still in progress, hunting down the hacker to chastise him or her, and fixing the problem allowing the unauthorized access to begin with. In the beginning, the classic hackers breaking into computer systems were more interested in how things work than actually being malicious. So, collecting evidence for a hearing was not a process a system administrator needed to worry about. Just plug the hole, and often get back to personal hacking projects.

Forensics

Overview of computer forensics techniques from Purdue University.

Computer Forensics

The concept of storing and processing information at incredible speeds and across vast distances has generated an environment where the mysteries of technology can propagate a clouded perception that leads to a lack of trust and market confidence. Data theft, industrial espionage, employee misconduct and intellectual property theft are among other computer security incidents that increasingly plague corporate organizations. Additionally, the vast majority of information in the workplace is now stored on PCs and servers, meaning that no internal investigation of any form should ignore computer evidence.

Law mandates the proper capture and analysis of computer evidence in any investigation where a computer is the means of a crime or may contain evidence relevant to a criminal or civil litigation matter. Computer forensics is commonly defined as the collection, preservation, analysis and presentation of computer-related evidence in court of law.

Web Application Forensics

Conducting web application forensics is heavily based on the assumption that all HTTP data is kept in the log files, and is easily accessed when needed. Sadly, many contemporary web and application servers do not include proper handling of HTTP communications logging. Those that do, present the user with difficulties when trying to extract the data in a manner that will help to conduct a proper investigation of a hacking attempt (or even worse- a hacking attempt that succeeded!).

Cisco Router Forensics

Presentation on forensics evaluation of Cisco routers in reponse to DDOS and worm attacks.

The Law Enforcement and Forensic Examiner Introduction to Linux

This purpose of this document is to provide an introduction to the GNU/Linux (Linux) operating system as a forensic tool for computer crime investigators. There are better books written on the subject of Linux (by better qualified professionals), but my hope here is to provide a single document that allows a user to sit at the shell prompt (command prompt) for the first time and not be overwhelmed by a 700-page book.

Was Computer Forensics helpful to you?

Send us feedback on Computer Forensics
Bookmark Computer Forensics

© Be a Private Investigator. All rights reserved.