Samenvatting: Forensics Jumpstart
Inhoud
Hoofdstuk 1: The Need for Computer Forensics ..................................................................................... 2
Hoofdstuk 2: prepation What to do before you start? ........................................................................... 4
Hoofdstuk 3: computer evidence ............................................................................................................ 6
Hoofdstuk 4: Common tasks ................................................................................................................... 9
Hoofdstuk 5: Capturing the Data image ................................................................................................ 11
Hoofdstuk 6: Extracting information from data .................................................................................... 15
Hoofdstuk 7: Passwords and encryption ............................................................................................... 18
Hoofdstuk 8: Common Forensic Tools .................................................................................................. 22
Hoofdstuk 9: putting it all together ....................................................................................................... 27
Hoofdstuk 10: How to testify in Court .................................................................................................. 31
, Hoofdstuk 1: The Need for Computer Forensics
The New Shorter Oxford English Dictionary defines computer forensics as “the application of forensic
science techniques to computer‐based material.” In other words, forensic computing is the process
of identifying, preserving, analyzing, and presenting digital evidence in a manner that is acceptable in
a legal proceeding.
Computer forensics can also be described as the critical analysis of a computer hard disk drive after
an intrusion or crime.
In looking at the major concepts behind computer forensics, the main emphasis is on data recovery.
To do that you must:
Identify meaningful evidence
Determine how to preserve the evidence
Extract, process, and interpret the evidence
Ensure that the evidence is acceptable in a court of law
Incident: A threatening computer security breach that can be recovered from in a relatively short
period of time.
incident response: The action taken to respond to asituation that can be recovered from relatively
quickly.
security policies: Specifications for a secure environment,including such items as physical security
requirements, network security planning details, a detailed list of approved software, and human
resources policies on employee hiring and dismissal.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted on August 21,
1996, to ensure the portability, privacy, and security of medical information.
The Gramm‐Leach‐Bliley (GLB) Act require financial institutions to ensure the security and
confidentiality of the personal information that they collect. This includes information such as names,
addresses, phone numbers, income, and Social Security numbers. Basically, financial institutions are
required to secure customer records and information regardless of size of the information files.
The Sarbanes‐Oxley Act, named for the two Congressmen who sponsored it, was passed to restore
the public’s confidence in corporate governance by requiring chief executives of publicly traded
companies to personally validate financial statements and other information.
The following factors help determine which cases get priority:
• Amount of harm inflicted
• Crime jurisdiction
• Success of investigation
• Availability and training of personnel
• Frequency
2
Inhoud
Hoofdstuk 1: The Need for Computer Forensics ..................................................................................... 2
Hoofdstuk 2: prepation What to do before you start? ........................................................................... 4
Hoofdstuk 3: computer evidence ............................................................................................................ 6
Hoofdstuk 4: Common tasks ................................................................................................................... 9
Hoofdstuk 5: Capturing the Data image ................................................................................................ 11
Hoofdstuk 6: Extracting information from data .................................................................................... 15
Hoofdstuk 7: Passwords and encryption ............................................................................................... 18
Hoofdstuk 8: Common Forensic Tools .................................................................................................. 22
Hoofdstuk 9: putting it all together ....................................................................................................... 27
Hoofdstuk 10: How to testify in Court .................................................................................................. 31
, Hoofdstuk 1: The Need for Computer Forensics
The New Shorter Oxford English Dictionary defines computer forensics as “the application of forensic
science techniques to computer‐based material.” In other words, forensic computing is the process
of identifying, preserving, analyzing, and presenting digital evidence in a manner that is acceptable in
a legal proceeding.
Computer forensics can also be described as the critical analysis of a computer hard disk drive after
an intrusion or crime.
In looking at the major concepts behind computer forensics, the main emphasis is on data recovery.
To do that you must:
Identify meaningful evidence
Determine how to preserve the evidence
Extract, process, and interpret the evidence
Ensure that the evidence is acceptable in a court of law
Incident: A threatening computer security breach that can be recovered from in a relatively short
period of time.
incident response: The action taken to respond to asituation that can be recovered from relatively
quickly.
security policies: Specifications for a secure environment,including such items as physical security
requirements, network security planning details, a detailed list of approved software, and human
resources policies on employee hiring and dismissal.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted on August 21,
1996, to ensure the portability, privacy, and security of medical information.
The Gramm‐Leach‐Bliley (GLB) Act require financial institutions to ensure the security and
confidentiality of the personal information that they collect. This includes information such as names,
addresses, phone numbers, income, and Social Security numbers. Basically, financial institutions are
required to secure customer records and information regardless of size of the information files.
The Sarbanes‐Oxley Act, named for the two Congressmen who sponsored it, was passed to restore
the public’s confidence in corporate governance by requiring chief executives of publicly traded
companies to personally validate financial statements and other information.
The following factors help determine which cases get priority:
• Amount of harm inflicted
• Crime jurisdiction
• Success of investigation
• Availability and training of personnel
• Frequency
2
