Forensics is the gathering of evidence to detect a crime. Digital forensics refers simply looking for digital evidence and includes locating anomalous files that may contain relevant information, searching for hidden data, figuring out when a file was last modified, figuring out who sent an email, hashing files, gathering information about an attacking IP, or capturing network communication.
In addition to forensics, this chapter will cover a basic example of steganography—the hiding of archives inside images. Steganography is a trick employed to hide information within other information so that it is not easily found.
Hashing, while relevant to forensics, is covered in Chapter 6, Cryptography, and packet capturing is covered in Chapter 5, Packet Capturing and Injection. You will find examples that could be useful to forensic investigators throughout all the chapters...
