Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

Digital Forensics by Mind Map: Digital Forensics
0.0 stars - 0 reviews range from 0 to 5

Digital Forensics

Digital Forensic Tools

This class is made to separate the technology class into the technology under analysis and the technology used for analysis Evidence and tools

Software

Data Duplication, Unix-based, dd, ewfacquire, Adepto, aimage, AIR, dcfldd, EnCase LinEn, GNU ddrescue, ddrescue, iLook IXimager, MacQuisition Boot CD, rdd, sdd, guyimager, Windows-based, ASR, DIBS, FTK Imager, Ghost, Paraben, ProDiscovery, X-Ways Forensics, X-Ways Replica, Multi-platform, Hardware-based, Magic-Qube

Data Recovery, Unix-based, gparted, foremost, Magic Rescue, Windows-based, Partition Table Doctor, NTFS Recovery, Partition Recovery Software, HD Doctor Suite, BringBack, RAID Reconstructor, e-ROL, Recuva, Restoration, Undelete Plus, R-Studio, Stellar Phoenix, Androit Photo Recovery, File Extractor Pro, Simple Carver Suite, Photo Rescue, Multi-platform, TestDisk, Scalpel, PhotoRec

Image Analysis, Unix-based, Windows-based, Multi-platform, Surf Recon LE

File Analysis, Unix-based, file, ldd, ltrace, strace, xtrace, ktrace, Valgrind, Dtrace, Rifiuti, Pasco, Galleta, Hachoir, Windows-based, Code Suite, PEiD, Multi-platform, PDF Miner, strings, dumpsterdive.pl, Analog

Audio Analysis, Unix-based, Windows-based, DC Live, Multi-platform

Network Analysis, Unix-based, tcpdump, Xplico, ngrep, chaosreader, Windows-based, windump, OmniPeek, Multi-platform, Wireshark, snort, whois, Kismet, NetCat

Data Reduction, Unix-based, md5sum, Windows-based, Multi-platform

Reverse Engineering, Unix-based, gdb, Windows-based, OllyDbg, IDAPro, Multi-platform

Data Analysis, Unix-based, Windows-based, Financial Crimes Enforcement Network AI System, COPLINK Suite, DataDetective, Griffin, Multi-platform, FACE, MultiAgent Digital Investigation toolKit (MADIK)

Multipurpose tools, Unix-based, The Coroners Toolkit, SMART, Windows-based, EnCase by Guidance, Forensic Toolkit (FTK), iLook, Multi-platform, SleuthKit/ Autopsy, VM Ware

Mobile Phone Analysis, Windows-based, SIM Explorer, SIM Manager, SIMCon, Unix-based, Multi-platform

Live-CDs, Helix3, Backtrack, SPADA, CAINE

Remote Monitoring, Bundestrojaner

Hardware

Write Blockers, ISC Drive Lock, MyKey NoWrite, Tableu, WiebeTech

Hardware Imagers, Data Compass, DeepSpar Disk Imager, Data Copy King, ICS Solo3, Logicube Talon, PSIClone, Cellebrite, Voom Hardcopy III

Professions

Law

Enforcements, Collection/Analysis, First Responders, Media Aqusition, Media Examination, Evidence, Preservation, Presentation

Courts, Laws, Law Development, Law Comparison, People, Expert Witness, Firends of the Court, Prosecution, Defence

Academia

Research, Dicsipline Definition, Problem Solving, Testing, Evaluating

Education, Contributions, Professional Outcome

Military

Post attack analysis

Private sector

Consulting, Data Recovery, Forensic Analysis, Expert Witness

Industry, System Admins, Legal Contact

Digital Evidence

This class is made to separate the technology class into the technology under analysis and the technology used for analysis Evidence and tools

Physical

Large Scale Digital Devices, Computers, Desktops, Laptops, Servers, Tablets, Netbooks, Grids, Clusters

Small Scale Digital Devices, Mobile phones, PDAs, Digital Music Players, Smart Phones, Embedded Devices, GPS Devices, Storage Devices, USB Thumb Drives, External Harddrives, Digital Cameras

Network Devices, Routers, Switches, Hubs, Firewalls, IDS, Wireless AP

Peripherals, Printers, Scanners, Copiers

Storage Media, Magnetic, Floppy, Tapes, Optical, CD, DVD, Blu-ray, Transistor, Memory Cards, Smart Cards, RFID Tags

Obscure Devices, Gaming Devices, Xbox, PlayStation, Wii, PSP, Recording Devices, Camcorders, Audio recorders, Surveillance cameras, Network enabled appliances, Refrigerators

Logical

Operating Systems, Registry, System Logs, System Files, Printer Spool, Swap files

Applications, Application Logs, Security Logs, Browser History, Application Files, Cookies, Configuration Files, Executables

File Systems, Files, Images, Data, Documents, Audio, Video, File metadata, MAC-times, Permissions

Memory, RAM, Cache

External

Put this in after meeting with Corey on 21th of April

Telecom network, Phone Records, Internet logs

Internet, Clouds, Online Storage, Cloud Apps, Domain Name records, Social networks, Webpages

Access Control Systems, Passport control logs, Building security logs

Electronic Commerce Services, Credit Card comany logs, Bank logs, E-payment logs, Webshop logs

Digital Forensic Process

The subclasses of this node is taken from Reith, Carr and Gunsch's paper An Examination of Digital Forensic Models. It may be to comprehensive Need to look into linkage

Preparation

Training

Prepare tools

Warrants and authorizations

Management support

Identification

Incident detection

Approach Strategy

Preservation

Isolate

Secure

Collection

Record

Duplicate

Examination

Search for evidence

Analysis

Reconstruct

Evaluate

Correlate

Conclude

Presentation

Summarize

Explain

Returning evidence

Digital Crime Cases

The DIALOG paper provides some input here, but this class needs more references

Cyber Crime Case

This taxonomy is taken from Altschaffel2009

Increased Access, Buffer Overflows, Password attacks, Malware, Virus, Worm, Trojan

Disclosure of information, Copyright infringement, Identity Theft, Sniffing, Data theft, Phishing, Fraud

Corruption of information, Tampering

Denial of Service, Dos attack

Theft of resources, Botnets, SPAM

Traditional Crime Case

Taxonomy from Chen2004

Traffic violations, Speeding, Reckless driving, Collisions, DUI, Hit-and-run

Sex crime, Rape, Sexual abuse, Child molestation, Child pornography, Prostitution, Trafficking

Theft, Robbery, Burglary, Auto theft, Theft of national secrets

Fraud, Money Laundering, Counterfeiting, Incurance fraud, Corruption

Arson

Drugs, Possesion, Distribution, Sale, Trafficking

Violent crime, Murder, Assault, Hate Crime, Terrorism, Bombing

Counter-Forensics

Counter forensics is an issue. Should probably be put into the ontology

Encryption

PGP

Blowfish

TrueCrypt

IPSec

SSL

Steganography

Slacker

Steganos Privacy Suite

S-Tools

Proxies

The Onion Router (TOR)

Storage-less devices

LiveCDs

Secure deletion

Dariks Boot and Nuke (DBAN)

Eraser

Evidence Eliminator

ParetoLogic Privacy Controls

Steganos Privacy Suite

WinClear

Window Washer

PDWipe

Data Tampering

Timestomp (tool)

Digital Forensic Methods

These methods needs to be placed somewhere. Not sure where yet

Data Duplication

File copy

Backup

Partition copy

Bit-by-bit imaging

Memory Imaging

Image Analysis

Some input from the short cource media forensics presentation

Camera Identification

Location Identification

Manipulation Detection

Image Enhancement

Video Analysis

Audio Analysis

Some input from the short cource media forensics presentation

Microphone Identification

Location Identification

Manipulation Detection

Audio Enhancement

Voice Identification

Document Analysis

Author Attribution

Manipulation Detection

File Analysis

Call trace

String extraction

Parsing

Differentiating

Logfile analysis

Reverse engineering, Decompiling, Debugging, Disassembly

Network Analysis

Packet capture

Packet analysis

Session analysis

Data reduction

Cryptographic hashes

Exclusion of known files

Thumbnailing

Data Recovery

File carving

Partition Recovery

Bad Sector Recovery

Slack-space recovery

Deleted Files Recovery

Hidden data recovery

Password recovery

Decryption

Data Analysis

Data mining, Association analysis, Classification, Prediction, Clustering, Outlier analysis, Pattern Recognition

String Search

Legal Aspects

Chain of Custody

Daubert Criteria

Privacy

Terminology

Computer Forensic

Internet Forenisc

Embedded Forensic

Mobile Forenisic

Network Forensic

File Forensic

Media Forensic

Live Analysis

Dead Analysis

Static analysis

Dynamic Analysis

eDiscovery