Digital Forensics

Get Started. It's Free
or sign up with your email address
Digital Forensics by Mind Map: Digital Forensics

1. Digital Forensic Tools

1.1. Software

1.1.1. Data Duplication Unix-based dd ewfacquire Adepto aimage AIR dcfldd EnCase LinEn GNU ddrescue ddrescue iLook IXimager MacQuisition Boot CD rdd sdd guyimager Windows-based ASR DIBS FTK Imager Ghost Paraben ProDiscovery X-Ways Forensics X-Ways Replica Multi-platform

1.1.2. Data Recovery Unix-based gparted foremost Magic Rescue Windows-based Partition Table Doctor NTFS Recovery Partition Recovery Software HD Doctor Suite BringBack RAID Reconstructor e-ROL Recuva Restoration Undelete Plus R-Studio Stellar Phoenix Androit Photo Recovery File Extractor Pro Simple Carver Suite Photo Rescue Multi-platform TestDisk Scalpel PhotoRec

1.1.3. Image Analysis Unix-based Windows-based Multi-platform Surf Recon LE

1.1.4. File Analysis Unix-based file ldd ltrace strace xtrace ktrace Valgrind Dtrace Rifiuti Pasco Galleta Hachoir Windows-based Code Suite PEiD Multi-platform PDF Miner strings Analog

1.1.5. Audio Analysis Unix-based Windows-based DC Live Multi-platform

1.1.6. Network Analysis Unix-based tcpdump Xplico ngrep chaosreader Windows-based windump OmniPeek Multi-platform Wireshark snort whois Kismet NetCat

1.1.7. Data Reduction Unix-based md5sum Windows-based Multi-platform

1.1.8. Reverse Engineering Unix-based gdb Windows-based OllyDbg IDAPro Multi-platform

1.1.9. Data Analysis Unix-based Windows-based Financial Crimes Enforcement Network AI System COPLINK Suite DataDetective Griffin Multi-platform FACE MultiAgent Digital Investigation toolKit (MADIK)

1.1.10. Multipurpose tools Unix-based The Coroners Toolkit SMART Windows-based EnCase by Guidance Forensic Toolkit (FTK) iLook Multi-platform SleuthKit/ Autopsy VM Ware

1.1.11. Mobile Phone Analysis Windows-based SIM Explorer SIM Manager SIMCon Unix-based Multi-platform

1.1.12. Live-CDs Helix3 Backtrack SPADA CAINE

1.1.13. Remote Monitoring Bundestrojaner

1.2. Hardware

1.2.1. Write Blockers ISC Drive Lock MyKey NoWrite Tableu WiebeTech

1.2.2. Hardware Imagers Data Compass DeepSpar Disk Imager Data Copy King ICS Solo3 Logicube Talon PSIClone Cellebrite Voom Hardcopy III

2. Professions

2.1. Law

2.1.1. Enforcements Collection/Analysis First Responders Media Aqusition Media Examination Evidence Preservation Presentation

2.1.2. Courts Laws Law Development Law Comparison People Expert Witness Firends of the Court Prosecution Defence

2.2. Academia

2.2.1. Research Dicsipline Definition Problem Solving Testing Evaluating

2.2.2. Education Contributions Professional Outcome

2.3. Military

2.3.1. Post attack analysis

2.4. Private sector

2.4.1. Consulting Data Recovery Forensic Analysis Expert Witness

2.4.2. Industry System Admins Legal Contact

3. Digital Evidence

3.1. Physical

3.1.1. Large Scale Digital Devices Computers Desktops Laptops Servers Tablets Netbooks Grids Clusters

3.1.2. Small Scale Digital Devices Mobile phones PDAs Digital Music Players Smart Phones Embedded Devices GPS Devices Storage Devices USB Thumb Drives External Harddrives Digital Cameras

3.1.3. Network Devices Routers Switches Hubs Firewalls IDS Wireless AP

3.1.4. Peripherals Printers Scanners Copiers

3.1.5. Storage Media Magnetic Floppy Tapes Optical CD DVD Blu-ray Transistor Memory Cards Smart Cards RFID Tags

3.1.6. Obscure Devices Gaming Devices Xbox PlayStation Wii PSP Recording Devices Camcorders Audio recorders Surveillance cameras Network enabled appliances Refrigerators

3.2. Logical

3.2.1. Operating Systems Registry System Logs System Files Printer Spool Swap files

3.2.2. Applications Application Logs Security Logs Browser History Application Files Cookies Configuration Files Executables

3.2.3. File Systems Files Images Data Documents Audio Video File metadata MAC-times Permissions

3.2.4. Memory RAM Cache

3.3. External

3.3.1. Telecom network Phone Records Internet logs

3.3.2. Internet Clouds Online Storage Cloud Apps Domain Name records Social networks Webpages

3.3.3. Access Control Systems Passport control logs Building security logs

3.3.4. Electronic Commerce Services Credit Card comany logs Bank logs E-payment logs Webshop logs

4. Digital Forensic Process

4.1. Preparation

4.1.1. Training

4.1.2. Prepare tools

4.1.3. Warrants and authorizations

4.1.4. Management support

4.2. Identification

4.2.1. Incident detection

4.3. Approach Strategy

4.4. Preservation

4.4.1. Isolate

4.4.2. Secure

4.5. Collection

4.5.1. Record

4.5.2. Duplicate

4.6. Examination

4.6.1. Search for evidence

4.7. Analysis

4.7.1. Reconstruct

4.7.2. Evaluate

4.7.3. Correlate

4.7.4. Conclude

4.8. Presentation

4.8.1. Summarize

4.8.2. Explain

4.9. Returning evidence

5. Digital Crime Cases

5.1. Cyber Crime Case

5.1.1. Increased Access Buffer Overflows Password attacks Malware Virus Worm Trojan

5.1.2. Disclosure of information Copyright infringement Identity Theft Sniffing Data theft Phishing Fraud

5.1.3. Corruption of information Tampering

5.1.4. Denial of Service Dos attack

5.1.5. Theft of resources Botnets SPAM

5.2. Traditional Crime Case

5.2.1. Traffic violations Speeding Reckless driving Collisions DUI Hit-and-run

5.2.2. Sex crime Rape Sexual abuse Child molestation Child pornography Prostitution Trafficking

5.2.3. Theft Robbery Burglary Auto theft Theft of national secrets

5.2.4. Fraud Money Laundering Counterfeiting Incurance fraud Corruption

5.2.5. Arson

5.2.6. Drugs Possesion Distribution Sale Trafficking

5.2.7. Violent crime Murder Assault Hate Crime Terrorism Bombing

6. Counter-Forensics

6.1. Encryption

6.1.1. PGP

6.1.2. Blowfish

6.1.3. TrueCrypt

6.1.4. IPSec

6.1.5. SSL

6.2. Steganography

6.2.1. Slacker

6.2.2. Steganos Privacy Suite

6.2.3. S-Tools

6.3. Proxies

6.3.1. The Onion Router (TOR)

6.4. Storage-less devices

6.4.1. LiveCDs

6.5. Secure deletion

6.5.1. Dariks Boot and Nuke (DBAN)

6.5.2. Eraser

6.5.3. Evidence Eliminator

6.5.4. ParetoLogic Privacy Controls

6.5.5. Steganos Privacy Suite

6.5.6. WinClear

6.5.7. Window Washer

6.5.8. PDWipe

6.6. Data Tampering

6.6.1. Timestomp (tool)

7. Digital Forensic Methods

7.1. Data Duplication

7.1.1. File copy

7.1.2. Backup

7.1.3. Partition copy

7.1.4. Bit-by-bit imaging

7.1.5. Memory Imaging

7.2. Image Analysis

7.2.1. Camera Identification

7.2.2. Location Identification

7.2.3. Manipulation Detection

7.2.4. Image Enhancement

7.2.5. Video Analysis

7.3. Audio Analysis

7.3.1. Microphone Identification

7.3.2. Location Identification

7.3.3. Manipulation Detection

7.3.4. Audio Enhancement

7.3.5. Voice Identification

7.4. Document Analysis

7.4.1. Author Attribution

7.4.2. Manipulation Detection

7.5. File Analysis

7.5.1. Call trace

7.5.2. String extraction

7.5.3. Parsing

7.5.4. Differentiating

7.5.5. Logfile analysis

7.5.6. Reverse engineering Decompiling Debugging Disassembly

7.6. Network Analysis

7.6.1. Packet capture

7.6.2. Packet analysis

7.6.3. Session analysis

7.7. Data reduction

7.7.1. Cryptographic hashes

7.7.2. Exclusion of known files

7.7.3. Thumbnailing

7.8. Data Recovery

7.8.1. File carving

7.8.2. Partition Recovery

7.8.3. Bad Sector Recovery

7.8.4. Slack-space recovery

7.8.5. Deleted Files Recovery

7.8.6. Hidden data recovery

7.8.7. Password recovery

7.8.8. Decryption

7.9. Data Analysis

7.9.1. Data mining Association analysis Classification Prediction Clustering Outlier analysis Pattern Recognition

7.9.2. String Search

8. Legal Aspects

8.1. Chain of Custody

8.2. Daubert Criteria

8.3. Privacy

9. Terminology

9.1. Computer Forensic

9.2. Internet Forenisc

9.3. Embedded Forensic

9.4. Mobile Forenisic

9.5. Network Forensic

9.6. File Forensic

9.7. Media Forensic

9.8. Live Analysis

9.9. Dead Analysis

9.10. Static analysis

9.11. Dynamic Analysis

9.12. eDiscovery