Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Digital Forensics with Kali Linux

You're reading from   Digital Forensics with Kali Linux Perform data acquisition, digital investigation, and threat analysis using Kali Linux tools

Arrow left icon
Product type Paperback
Published in Dec 2017
Publisher Packt
ISBN-13 9781788625005
Length 274 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Shiva V. N. Parasram Shiva V. N. Parasram
Author Profile Icon Shiva V. N. Parasram
Shiva V. N. Parasram
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Introduction to Digital Forensics 2. Installing Kali Linux FREE CHAPTER 3. Understanding Filesystems and Storage Media 4. Incident Response and Data Acquisition 5. Evidence Acquisition and Preservation with DC3DD and Guymager 6. File Recovery and Data Carving with Foremost, Scalpel, and Bulk Extractor 7. Memory Forensics with Volatility 8. Autopsy – The Sleuth Kit 9. Network and Internet Capture Analysis with Xplico 10. Revealing Evidence Using DFF

Digital forensics methodology

Keeping in mind that forensics is a science, digital forensics requires that one follow appropriate best practices and procedures in an effort to produce the same results time and time again providing proof of evidence, preservation, and integrity which can be replicated ;if called upon to do so.

Although many people may not be performing digital forensics to be used as evidence in a court of law, it is best to practice in such a way as can be accepted and presented in a court of law. The main purpose of adhering to best-practices set by organizations specializing in digital forensics and incident response is to maintain the integrity of the evidence for the duration of the investigation. In the event that the investigator's work must be scrutinized and critiqued by another or an opposing party, the results found by the investigator must be able to be recreated, thereby proving the integrity of the investigation. The purpose of this is to ensure that your methods can be repeated and, if dissected or scrutinized, produce the same results time and again. The methodology used, including the procedures and findings of your investigation, should always allow for the maintenance of the data’s integrity, regardless of what tools are used.

The best practices demonstrated in this book, ensure that the original evidence is not tampered with, or in cases of investigating devices and data in a live or production environment, show well-documented proof that necessary steps were taken during the investigation to avoid unnecessary tampering of the evidence, thereby preserving the integrity of the evidence. For those completely new to investigations, I recommend familiarizing yourself with some of the various practices and methodologies available and widely practiced by the professional community.

As such, there exist several guidelines and methodologies that one should adopt, or at least follow, to ensure that examinations and investigations are forensically sound.

The 2 best-practices documents mentioned in this chapter are:

  • the ACPO's Good Practice Guide for Digital Evidence
  • the SWGDE's Best Practices for Computer Forensics.

Although written in 2012, the Association of Chief Police Officers, known as the ACPO, and now functioning as the National Police Chiefs' Council, or NPCO, put forth a document in a PDF file called The ACPO Good Practice Guide for Digital Evidence in best practices when carrying out digital forensics investigations, particularly focusing on evidence acquisition. The ACPO Good Practice Guide for Digital Evidence was then adopted and adhered to by Law Enforcement agencies in England, Wales, and Northern Ireland and can be downloaded in its entirety at https://www.7safe.com/docs/default-source/default-document-library/acpo_guidelines_computer_evidence_v4_web.pdf.

Another useful and more recent document, produced in September 2014, on best practices in digital forensics was issued by the Scientific Working Group on Digital Evidence (SWGDE). The SWGDE was founded in 1998 by the Federal Crime Laboratory Directors Group with major members and contributors including the FBI, DEA, NASA, and the Department of Defense Computer Forensics Laboratory. Though this document details procedures and practices within a formal computer forensics laboratory setting, the practices can still be applied to non-laboratory investigations by those not currently in or with access to such an environment.

The SWGDE Best Practices for Computer Forensics sheds light on many of the topics covered in the following chapters, including:

  • Evidence collection and acquisition
  • Investigating devices that are powered on and powered off
  • Evidence handling
  • Analysis and reporting
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image