ebook img

Practical Forensic Imaging Securing Digital Evidence with Linux Tools PDF

324 Pages·2016·10.83 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Practical Forensic Imaging Securing Digital Evidence with Linux Tools

“An indispensible reference for anyone P r a responsible for preserving digital evidence.” Practical c t —Professor Eoghan Casey, University of Lausanne i c a l Forensic image acquisition is an important 🔍 Work with newer drive and interface Forensic Imaging F part of postmortem incident response and evi- tech nologies like NVME, SATA Express, o dence collection. Digital forensic investigators 4K-native sector drives, SSHDs, SAS, r acquire, preserve, and manage digital evidence UASP/USB3x, and Thunderbolt e to support civil and criminal cases; examine 🔍 Manage drive security such as ATA pass- n organizational policy violations; resolve dis- putes; and analyze cyber attacks. words; encrypted thumb drives; Opal self- s encrypting drives; OS-encrypted drives i Practical Forensic Imaging takes a detailed look using BitLocker, FileVault, and TrueCrypt; c Securing Digital Evidence at how to secure and manage digital evidence and others I using Linux-based command line tools. This 🔍 Acquire usable images from more complex m essential guide walks you through the entire or challenging situations such as RAID with Linux Tools forensic acquisition process and covers a wide a systems, virtual machine images, and range of practical scenarios and situations g damaged media related to the imaging of storage media. i With its unique focus on digital forensic acqui- n You’ll learn how to: sition and evidence preservation, Practical g 🔍 Perform forensic imaging of magnetic Forensic Imaging is a valuable resource for hard disks, SSDs and flash drives, opti- experienced digital forensic investigators S cal discs, magnetic tapes, and legacy wanting to advance their Linux skills and e c technologies experienced Linux administrators wanting u r to learn digital forensics. This is a must-have in 🔍 Protect attached evidence media from g reference for every digital forensics lab. accidental modification D i g i 🔍 Manage large forensic image files, stor- About the Author ta l age capacity, image format conversion, E v compression, splitting, duplication, secure Bruce Nikkel is the director of Cyber-Crime / id transfer and storage, and secure disposal IT Investigation & Forensics at a global finan- e n cial institution where he has managed the c 🔍 Preserve and verify evidence integrity e IT forensics unit since 2005. He is an editor w with cryptographic and piecewise hash- for Digital Investigation and has published it ing, public key signatures, and RFC-3161 h research on various digital forensic topics. t imestamping Li Bruce holds a PhD in network forensics. n u x T o o l THE FINEST IN GEEK ENTERTAINMENT™ s www.nostarch.com Nikkel $49.95 ($57.95 CDN) Shelve In: ComPuterS/SeCurIty Bruce Nikkel Foreword by Eoghan Casey Practical Forensic imaging P r a c t i c a l F o r e n s i c i m a g i n g securing Digital evidence with linux tools by Bruce Nikkel San Francisco Practical Forensic imaging. Copyright © 2016 by Bruce Nikkel. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 20 19 18 17 16 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-793-8 ISBN-13: 978-1-59327-793-2 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Garry Booth Interior Design: Octopod Studios Technical Reviewer: Don Frick Copyeditor: Anne Marie Walker Compositor: Alison Law Proofreader: Paula L. Fleming Indexer: BIM Creatives, LLC For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 415.863.9900; [email protected] www.nostarch.com Library of Congress Cataloging-in-Publication Data Names: Nikkel, Bruce, author. Title: Practical forensic imaging : securing digital evidence with Linux tools / Bruce Nikkel. Description: San Francisco : No Starch Press, [2016] | Includes index. Identifiers: LCCN 2016026449 (print) | LCCN 2016033058 (ebook) | ISBN 9781593277932 | ISBN 1593277938 | ISBN 9781593278007 (epub) | ISBN 1593278004 (epub) | ISBN 9781593278014 ( mobi) | ISBN 1593278012 (mobi) Subjects: LCSH: Computer crimes--Investigation. | Data recovery (Computer science) | Data encryption (Computer science) | Evidence, Criminal. | Linux. Classification: LCC HV8079.C65 N55 2016 (print) | LCC HV8079.C65 (ebook) | DDC 363.25/9680285586--dc23 LC record available at https://lccn.loc.gov/2016026449 No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. This book is dedicated to everyone who provided motivation, support, guidance, mentoring, inspiration, encouragement, critiques, wisdom, tools, techniques, and research—all of which influenced and helped with the creation of this book. about the author Bruce Nikkel is the director of Cyber-Crime / IT Investigation & Foren- sics at UBS AG, a global financial institution based in Switzerland. He has worked for the bank’s security and risk departments since 1997 and has managed the IT forensics team since 2005. Active in the digital forensics community, Bruce has published research papers on various digital foren- sics topics and is an editor for Digital Investigation: The International Journal of Digital Forensics and Incident Response. He is also on the organizing com- mittee of DFRWS Europe. Bruce holds a PhD in network forensics from Cranfield University. His forensics website is http://digitalforensics.ch/ and he can be reached at [email protected]. BRIEF CONTENTS ForewordbyEoghanCasey ..........................................................xvii Introduction......................................................................... xix Chapter0:DigitalForensicsOverview................................................. 1 Chapter1:StorageMediaOverview .................................................. 11 Chapter2:LinuxasaForensicAcquisitionPlatform ..................................... 47 Chapter3:ForensicImageFormats.................................................... 59 Chapter4:PlanningandPreparation.................................................. 69 Chapter5:AttachingSubjectMediatoanAcquisitionHost ..............................101 Chapter6:ForensicImageAcquisition.................................................141 Chapter7:ForensicImageManagement...............................................187 Chapter8:SpecialImageAccessTopics...............................................229 Chapter9:ExtractingSubsetsofForensicImages .......................................259 ClosingRemarks ....................................................................275 Index...............................................................................277

Description:
Forensic image acquisition is an important part of postmortem incident response and evidence collection. Digital forensic investigators acquire, preserve, and manage digital evidence to support civil and criminal cases examine organizational policy violations resolve disputes and analyze cyber attac
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.