Introduction to Digital Forensics

Introduction to Digital Forensics

A "short and sweet" introduction to the topic of Digital Forensics

This book is a "short and sweet" introduction to the topic of Digital Forensics, covering theoretical, practical and legal aspects. The first part of the book focuses on the history of digital forensics as a discipline and discusses the traits and requirements needed to become an forensic analyst. The middle portion of the book constitutes a general guide to a digital forensic investigation, mostly focusing on computers. It finishes with a discussion of the legal aspects of digital forensics as well as some other observations for managers or other interested parties.


Overview of the topic and introduction to the book
So you want to be a forensic analyst?  
Who can benefit from this material?
Hardware and software requirements

Digital forensics

A history  
A brief history of the discipline
Types of investigations  
Investigations can take many forms
The forensic process  
Description of the traditional digital forensic process
Before we begin, explanation of some words

Acquiring Evidence

Tableau forensic write blocker used for acquisitions
Documenting evidence  
How to document exhibits and media
Notes on the authentication of evidence
Example task  
Have a go at recording and acquiring some data


Forensic tools  
Common forensic tools and their uses
First steps in analysis  
Where to begin? Often a daunting question
Chat, email and internet artefacts  
One of the main areas of investigation will be the internet cache
Image investigations  
Images can contain a wealth of information
Linux & Mac  
Some significant differences & problems exist when examining different operating systems
Example task  
Perform a simple analysis

Reporting findings

Reporting is one of the key aspects of digital forensics
Giving expert evidence  
How to defend your findings in court
Example task  
Try your hand at putting together a simple report

Mobile devices

iPhone in an RF bag
Mobile devices  
An introduction to mobile device forensics
Mobile forensics tools  
Hardware/software for mobile analysis
Mobile device analysis  
Specific notes for analysing mobile devices

Legal considerations

Criminal investigations  
Considerations when investigating crime
Civil investigations (eDiscovery)  
The various rules relating to civil investigation
Seizing digital media  
Important considerations apply to how and when you can seize media


Managing an investigation  
Advice for managers handling a digital investigation
Counter measures to impair forensics analysis


Further reading