Digital Forensics

Get Started. It's Free
or sign up with your email address
Digital Forensics by Mind Map: Digital Forensics

1. Legal Aspects & Standards

1.1. Chain of Custody

1.1.1. Digital signing

1.2. Daubert Criteria

1.3. Digital alibis

1.4. Forensic Soundness

1.5. Laws

1.5.1. Constitutional law

1.5.2. Contract law

1.5.3. Evidence law

1.5.4. Property law

1.5.5. Tort Law

1.6. Standards and Guidelines

1.6.1. The Association of Chief Police Officers

1.6.2. National Institute of Justice (NIJ)

1.6.3. NIST

1.6.4. ISO 17025

1.7. Third party privacy

2. Digital Forensics Process

2.1. Forensic Readiness

2.2. Identification

2.3. Forensic Triage and Prioritization

2.4. Perservation

2.5. Evidence Collection

2.5.1. Live/Dynamic analysis

2.5.1.1. Methods for getting logical access

2.5.1.2. Volatile Evidence Collection

2.5.1.3. Remote Evidence Collection

2.5.2. Dead/Static analysis

2.5.2.1. Non-Volatile Evidence Collection

2.6. Examination

2.6.1. Hidden Data Recovery

2.6.2. Decryption

2.6.3. File Carving

2.6.4. E-Discovery

2.7. Analysis

2.7.1. String search

2.7.2. Evidence linkage

2.7.3. Hash filtering

2.7.4. Timelining

2.7.5. Event reconstruction

2.7.6. Data reduction

2.8. Presentation and Reporting

2.9. Returning Evidence

3. Education & Training

3.1. Certifications

3.2. Educational environments

3.2.1. Physical environments

3.2.2. Remotely accessible environments

3.2.3. Virtualized environments

3.3. Educational Materials

3.4. Educational Methodologies

3.5. Professions

3.5.1. Academia

3.5.2. Law

3.5.3. Military

3.5.4. Private sector

4. Digital Forensic Diciplines

4.1. Computer Forensics

4.1.1. Software forensics

4.1.1.1. Application foresics

4.1.1.2. Operating systems forensics

4.1.2. File system forensics

4.1.2.1. NTFS

4.1.2.2. Ext2/3/4

4.1.2.3. HFS+

4.1.3. Computer anti-forensics

4.1.3.1. Data tampering and trail obfuscation

4.1.3.2. Secure Deletion

4.1.3.3. Data hiding

4.1.3.3.1. Slack space

4.1.3.3.2. Hidden partitions

4.1.3.4. Whole drive encryption

4.1.3.5. Footprint minimalization

4.1.3.5.1. Live CDs

4.1.3.5.2. Bootable USB tokens

4.1.3.5.3. Virtual Machines

4.1.4. SSD foreniscs

4.2. Cloud Computing Forensics

4.2.1. Desktop-as-a-service

4.2.2. Forensics-as-a-service

4.2.3. IaaS (infrastructure-as-a-service)

4.2.4. PaaS (platform-as-a-service)

4.2.5. Storage-as-a-service

4.2.6. SaaS (software-as-a-service)

4.3. Database Forensics

4.3.1. DBMS

4.3.2. Databases

4.3.3. Tools

4.4. Malware Forensics

4.4.1. Anti-forensics

4.4.1.1. Anti-debugging

4.4.1.2. Anti-dumping

4.4.1.3. Anti-emulation

4.4.1.4. IAT Destruction

4.4.1.5. Anti-interception

4.4.1.6. Obfuscators

4.4.1.7. Protectors

4.4.1.8. Packers

4.4.2. Environments

4.4.3. Tools

4.4.4. Methods

4.4.4.1. Lab Setup

4.4.4.2. Analysis

4.4.4.2.1. Online Analysis Engines

4.4.4.2.2. Profiling

4.4.4.2.3. Call Graphs

4.4.4.2.4. Methodologies

4.4.4.2.5. Reverse engineering

4.4.4.2.6. Frameworks

4.4.4.2.7. Static analysis

4.4.4.2.8. Dynamic Analysis

4.4.4.2.9. Memory Analysis

4.4.4.2.10. Tracing

4.4.4.3. Collection

4.4.4.3.1. Honeypots

4.4.4.3.2. Forensic acquisition

4.4.4.3.3. Incident response

4.5. Mobile Phone Forensics

4.5.1. App forenics

4.5.2. Methods

4.5.2.1. Acquisition methods

4.5.2.1.1. Logical

4.5.2.1.2. Manual

4.5.2.1.3. Physical

4.5.2.2. Analysis methods

4.5.3. Mobile anti-forensics

4.5.4. Mobile malware

4.5.5. Operating systems

4.5.5.1. Android

4.5.5.2. Blackberry

4.5.5.3. iOS

4.5.5.4. Windows

4.5.6. Tools

4.6. Multimedia Forensics

4.6.1. Methods

4.6.1.1. Audio analysis

4.6.1.1.1. Splicing detection

4.6.1.2. Content classification

4.6.1.3. Data recovery for multimedia files

4.6.1.4. Environment classification

4.6.1.5. Fragment identification

4.6.1.6. Image analysis

4.6.1.7. Source identification

4.6.1.8. Text analysis

4.6.1.9. Video analysis

4.6.1.9.1. Live forensic imaging

4.6.2. Multimedia anti-forensics

4.6.2.1. Content forgery

4.6.2.2. File encryption

4.6.2.3. Steganography

4.6.3. Tools

4.7. Network Forensics

4.7.1. Internet forensics

4.7.2. Network anti-forensics

4.7.2.1. IP-based cloaking

4.7.2.2. Covert channels

4.7.2.3. Proxies and anonymizers

4.7.3. Telecom network forensics

4.7.4. Wireless forensics

4.8. SCADA and ICS Forensics

4.8.1. Analysis

4.8.1.1. Hardware Forensics

4.8.1.2. Radio frequency forensics

4.8.1.3. Accountability

4.8.2. Distributed and Pervasive Systems

4.8.3. Evidence collection

4.8.3.1. Tools

4.8.4. Test beds

5. Case Modeling & Linkage

5.1. Case Linkage

5.2. Case Models

5.2.1. Cyber crime

5.2.1.1. Destructive and others

5.2.1.1.1. Advanced Persistent Threat

5.2.1.1.2. Botnets

5.2.1.1.3. Data leakage

5.2.1.1.4. DDOS

5.2.1.1.5. Hacktivism

5.2.1.1.6. Infections (worm, trojan or virus)

5.2.1.1.7. Network Intrusion

5.2.1.1.8. Spam

5.2.1.2. Financial and Fraud

5.2.1.2.1. Identity theft

5.2.1.2.2. Copyright infringement

5.2.1.2.3. Cyber espionage

5.2.1.2.4. Online scams

5.2.2. Not cyber crime

5.2.2.1. Economic crime

5.2.2.2. Murder

5.2.2.3. Rape

5.2.2.4. Theft

5.3. Large-scale investigations

6. Tool Testing & Validation

6.1. Frameworks

6.1.1. FACE

6.1.2. PyFlag

6.1.3. XIRAF

6.2. Hardware

6.2.1. Write blockers

6.3. Software

6.3.1. Open source

6.3.1.1. SeluthKit

6.3.2. Proprietary

6.3.2.1. EnCase

6.3.2.2. FTK

6.4. Forensic tool evasion

7. Evidence Types

7.1. Digital media

7.1.1. Audio

7.1.2. Image

7.1.3. Text

7.1.4. Video

7.2. External

7.2.1. Access Control Systems

7.2.1.1. Building security logs

7.2.1.2. Passport control logs

7.2.2. Electronic Commerce Services

7.2.2.1. Bank logs

7.2.2.2. Credit card company logs

7.2.2.3. E-payment logs

7.2.2.4. Webshop logs

7.2.3. Internet

7.2.3.1. Cloud service providers

7.2.3.2. Domain Name records

7.2.3.3. ISP logs

7.2.4. Telecom network

7.2.4.1. Phone Company Logs

7.3. Firmware

7.4. Hardware

7.4.1. Large Scale Digital Devices

7.4.1.1. Clusters

7.4.1.2. Computers

7.4.1.2.1. Desktops

7.4.1.2.2. Laptops

7.4.1.2.3. Servers

7.4.1.2.4. Tablets

7.4.1.3. Grids

7.4.2. Network Enabled Devices

7.4.2.1. Firewalls

7.4.2.2. IDS and IPS

7.4.2.3. Hubs

7.4.2.4. Routers

7.4.2.5. Switches

7.4.2.6. Wireless AP

7.4.3. Obscure Devices

7.4.3.1. Network enabled appliances

7.4.3.2. Gaming Devices

7.4.3.2.1. Wii

7.4.3.2.2. PSP

7.4.3.2.3. PlayStation

7.4.3.2.4. Xbox

7.4.3.3. Recording devices

7.4.4. Peripherals

7.4.4.1. Copiers

7.4.4.2. Printers

7.4.4.3. Scanners

7.4.5. Small Scale Digital Devices

7.4.5.1. Embedded devices

7.4.5.2. GPS

7.4.5.3. Music Players

7.4.5.4. PDA's

7.4.6. Storage Devices

7.4.6.1. External Hard Drives

7.4.6.2. Network Attached Storage (NAS)

7.4.6.3. Solid State Drives

7.4.6.4. Storage Area Network (SAN)

7.4.6.5. USB Thumb Drives

7.5. Software

7.5.1. Operating systems

7.5.1.1. iOS

7.5.1.2. Linux/Unix

7.5.1.3. Windows

7.5.2. Drivers

7.5.3. Filesystems

7.5.3.1. EXT2/3/4

7.5.3.2. HFS

7.5.3.3. NTFS

7.6. Applications

7.6.1. Web Services

7.6.2. Mail Services

7.6.3. DBMS

7.6.4. Databases

7.6.5. Browsers

7.6.5.1. Browser history

7.6.5.2. Bookmarks

7.6.5.3. Cookies

7.6.5.4. Plugins

7.7. Storage Media

7.7.1. CD

7.7.2. DVD

7.7.3. Memory cards

7.7.4. RFID-tags

7.7.5. SIM-cards

7.7.6. Tapes