Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Windows Forensics

You're reading from   Practical Windows Forensics Leverage the power of digital forensics for Windows systems

Arrow left icon
Product type Paperback
Published in Jun 2016
Publisher Packt
ISBN-13 9781783554096
Length 322 pages
Edition 1st Edition
Concepts
Arrow right icon
Toc

Table of Contents (15) Chapters Close

Preface 1. The Foundations and Principles of Digital Forensics FREE CHAPTER 2. Incident Response and Live Analysis 3. Volatile Data Collection 4. Nonvolatile Data Acquisition 5. Timeline 6. Filesystem Analysis and Data Recovery 7. Registry Analysis 8. Event Log Analysis 9. Windows Files 10. Browser and E-mail Investigation 11. Memory Forensics 12. Network Forensics appA. Building a Forensic Analysis Environment appB. Case Study

Digital forensic goals

The main object in the digital forensic analysis is the digital device related to the security incident under investigation. The digital device was either used to commit a crime, to target an attack, or is a source of information for the analyst. The goals of the analysis phase in the digital forensics process differ from one case to another. It can be used to support or refute assumptions against individuals or entities, or it can be used to investigate information security incidents locally on the system or over a network.

Consider analyzing a compromised system, the goals of the digital forensics, as a whole, are to answer these questions:

  • What happened to the system under analysis?
  • How was it compromised?

During the analysis too, the analyst could answer some other questions based on their findings, such as the following:

  • Who is the attacker? This asks whether the analyst could find the attacker IP and/or an IP of the command and control server or in some cases the attacker profile.
  • When did it happen? This asks whether the analyst could ascertain the time of the infection or compromise.
  • Where did it happen? This asks whether the analyst could identify the compromised systems in the network and the possibility of other victims.
  • Why did it happen? This is based on the attacker's activities in the hacked system, the analyst can form an idea of the attacker's motivation, either financial, espionage, or other.
You have been reading a chapter from
Practical Windows Forensics
Published in: Jun 2016
Publisher: Packt
ISBN-13: 9781783554096
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime