Читать книгу Digital Forensic Science - Vassil Roussev - Страница 8

Contents

1 Introduction

1.1 Scope of this Book

1.2 Organization

2 Brief History

2.1 Early Years (1984–1996)

2.2 Golden Age (1997–2007)

2.3 Present (2007–)

2.4 Summary

3 Definitions and Models

3.1 The Daubert Standard

3.2 Digial Forensic Science Definitions

3.2.1 Law-centric Definitions

3.2.2 Working Technical Definition

3.3 Models of Forensic Analysis

3.3.1 Differential Analysis

3.3.2 Computer History Model

3.3.3 Cognitive Task Model

4 System Analysis

4.1 Storage Forensics

4.1.1 Data Abstraction Layers

4.1.2 Data Acquisition

4.1.3 Forensic Image Formats

4.1.4 Filesystem Analysis

4.1.5 Case Study: FAT32

4.1.6 Case Study: NTFS

4.1.7 Data Recovery and File Content Carving

4.1.8 File Fragment Classification

4.2 Main Memory Forensics

4.2.1 Memory Acquisition

4.2.2 Memory Image Analysis

4.3 Network Forensics

4.4 Real-time Processing and Triage

4.4.1 Real-time Computing

4.4.2 Forensic Computing with Deadlines

4.4.3 Triage

4.5 Application Forensics

4.5.1 Web Browser

4.5.2 Cloud Drives

4.6 Cloud Forensics

4.6.1 Cloud Basics

4.6.2 The Cloud Forensics Landscape

4.6.3 IaaS Forensics

4.6.4 SaaS Forensics

5 Artifact Analysis

5.1 Finding Known Objects: Cryptographic Hashing

5.2 Block-level Analysis

5.3 Efficient Hash Representation: Bloom Filters

5.4 Approximate Matching

5.4.1 Content-defined Data Chunks

5.4.2 Ssdeep

5.4.3 Sdhash

5.4.4 Evaluation

5.5 Cloud-native Artifacts

6 Open Issues and Challenges

6.1 Scalability

6.2 Visualization and Collaboration

6.3 Automation and Intelligence

6.4 Pervasive Encryption

6.5 Cloud Computing

6.5.1 From SaaP to SaaS

6.5.2 Separating Cloud Services from their Implementation

6.5.3 Research Challenges

6.6 Internet of Things (IoT)

Bibliography

Author’s Biography