Digital Forensics in the Era of Artificial Intelligence
- Length: 236 pages
- Edition: 1
- Language: English
- Publisher: CRC Pr I Llc
- Publication Date: 2022-07-18
- ISBN-10: 1032244933
- ISBN-13: 9781032244938
- Sales Rank: #0 (See Top 100 Books)
Digital Forensics plays a crucial role in identifying, analyzing and presenting cyber threats as evidence in a court of law. Artificial Intelligence (AI), particularly machine learning and deep learning, enables automation of the digital investigation process. This book provides an in-depth look at the fundamental and advanced methods in digital forensics. It also discusses how machine learning and deep learning algorithms can be used to detect and investigate cybercrimes.
The book demonstrates digital forensics and cyber investigating techniques with real-world applications. It examines hard disk analytics and style architectures, including Master Boot Record (MBR) and Guide Partition Table (GBT) as part of the investigative process. It also covers cyber-attack analysis in Windows, Linux and network systems using virtual machines in real-world scenarios.
This book will be helpful for those interested in digital forensics and using machine learning techniques in the investigation of cyberattacks and the detection of evidence in cybercrimes.
Cover Half Title Title Page Copyright Page Table of Contents Preface Dedication and Acknowledgment Author Acronyms 1. An Overview of Digital Forensics 1.1 Introduction 1.2 Practical Exercises Included in This Book 1.3 A Brief History of Digital Forensics 1.4 What Is Digital Forensics? 1.4.1 Identicfiation 1.4.2 Collection and Preservation 1.4.3 Examination and Analysis 1.4.4 Presentation 1.5 Artificial Intelligence for Digital Forensics 1.6 Digital Forensics and Other Related Disciplines 1.7 Different Types of Digital Forensics and How They Are Used 1.7.1 Types of Digital Evidence 1.7.1.1 Cloud Forensics in IoT 1.7.1.2 Digital Forensics and Artificial Intelligence 1.8 Understanding Law Enforcement Agency Investigations 1.8.1 Understanding Case Law 1.9 Significant Areas of Investigation for Digital Forensics 1.10 Following Legal Processes 1.11 The Cyber Kill Chain 1.12 Conclusion Note References 2. An Introduction to Machine Learning and Deep Learning for Digital Forensics 2.1 Introduction 2.2 History of Machine Learning 2.3 What Is Machine Learning? 2.3.1 Supervised Learning 2.3.1.1 Decision Trees 2.3.1.2 Support Vector Machine 2.3.1.3 K-Nearest Neighbours 2.3.1.4 Naive Bayes 2.3.1.5 Neural Networks 2.3.2 Unsupervised Learning 2.4 What Is Deep Learning 2.4.1 Discriminative Deep Learning 2.4.1.1 Recurrent Neural Network (RNN) 2.4.1.2 Convolutional Neural Network (CNN) 2.4.2 Generative Deep Learning 2.4.2.1 Deep Auto Encoder 2.4.2.2 Recurrent Neural Network (RNN) 2.5 Evaluation Criteria of Machine and Deep Learning 2.6 Case Study of Machine Learning-Based Digital Forensics 2.7 Conclusion References 3. Digital Forensics and Computer Foundations 3.1 Introduction 3.2 Digital Investigation Process 3.2.1 System Preservation Phase 3.2.2 Evidence Searching Phase 3.2.3 Evidence Reconstruction Phase 3.3 Common Phases of Digital Forensics 3.4 Numbering Systems and Formats in Computers 3.4.1 Hexadecimal 3.4.2 Binary 3.5 Data Structures 3.5.1 Endianness 3.5.2 Character Encoding 3.5.2.1 ASCII 3.5.2.2 Unicode 3.6 Data Nature and State 3.6.1 Terms of Data 3.7 Conclusion References 4. Fundamentals of Hard Disk Analysis 4.1 Introduction 4.2 Storage Media 4.2.1 Rigid Platter Disk Technology 4.2.2 Solid State Technology 4.3 Hard Disk Forensic Features 4.3.1 Garbage Collection 4.3.2 TRIM Command 4.3.3 Methods of Accessing Hard Disk Addresses 4.3.3.1 Cylinder-Head-Sector (CHS) 4.3.3.2 Zone-Bit Recording 4.3.3.3 Logical Block Addressing (LBA) 4.4 Hard Disk Settings 4.4.1 Disk Types 4.4.2 Partition Architectures 4.4.2.1 MBR and GPT 4.4.2.2 Primary and Extended Partitions 4.4.2.3 Volumes and Partitions 4.4.3 File Systems 4.4.4 The Boot Process 4.4.4.1 Latest BIOS 4.4.4.2 BIOS and MBR 4.5 Essential Linux Commands for Digital Forensics Basics 4.5.1 User Privileges 4.5.2 Linux System 4.5.3 Data Manipulation 4.5.4 Managing Packages and Services 4.5.5 Managing Networking 4.6 Python Scripts for Digital Forensics Basics 4.6.1 Executing a DoS Attack 4.7 Conclusion References 5. Advanced Hard Disk Analysis 5.1 Introduction 5.2 Hard Disk Forensic Concepts 5.3 DOS-Based Partitions 5.3.1 Revisited MBR 5.4 GPT Disks 5.5 Forensic Implications 5.6 Practical Exercises for Computer Foundations ( Windows) 5.6.1 WinHex Tool 5.6.2 Recovering Deleted Partitions 5.6.3 Investigating Cyber Threat and Discovering Evidence 5.6.4 Hard Disk Analysis 5.6.4.1 Logical Access to C Drive 5.6.4.2 Accessing Drive as Physical Media 5.7 Conclusion References 6. File System Analysis (Windows) 6.1 Introduction 6.2 What Is a File System? 6.2.1 File System Reference Model 6.2.2 Slack Space 6.2.3 Free and Inter-Partition Space 6.2.4 Content Analysis 6.3 Methods for Recovering Data from Deleted Files 6.3.1 Data Carving and Gathering Text 6.3.2 Metadata Category Analysis 6.3.3 File Name and Application Category Analysis 6.4 Practices for Using Hashing and Data Acquisition 6.4.1 Prerequisite Steps for Doing the Following Practical Exercises 6.4.2 Data Acquisition 6.4.2.1 The FTK Imager Tool 6.4.2.2 Hard Disk Analysis Using the Autopsy Tool 6.5 Conclusion References 7. Digital Forensics Requirements and Tools 7.1 Introduction 7.2 Computer Forensic Requirements 7.3 Evaluating Needs for Digital Forensics Tools 7.3.1 Types of Digital Forensics Tools 7.3.2 Tasks Performed by Digital Forensics Tools 7.3.3 Data Acquisition Tools and Formats 7.4 Anti-Forensics 7.5 Evidence Processing Guidelines 7.6 Implementation of Data Validation and Acquisition Phases 7.6.1 Hash Functions 7.6.2 Authentication and Validation in Digital Forensics 7.6.2.1 Python Scripts for Hashing 7.6.2.2 MD5 7.6.2.3 SHA1 7.6.2.4 Example of Hashing Passwords 7.6.3 Hashing and Data Acquisition 7.6.3.1 Data Acquisition Using WinHexs 7.7 Conclusion References 8. File Allocation Table (FAT) File System 8.1 Introduction 8.2 File Allocation Table (FAT) 8.2.1 Common Types of FAT 8.2.2 FAT Layout 8.3 FAT Layout Analysis 8.3.1 FAT Analysis 8.3.2 Disk Editor for FAT Analysis 8.3.3 WinHex Tool for FAT Analysis 8.4 Implementation of Data Acquisition and Analysis in Windows 8.4.1 Prerequisites for Doing These Exercises 8.4.2 Data Acquisition and Analysis of FAT 8.4.2.1 The FTK Imager Tool 8.4.2.2 The Autopsy Tool 8.5 Conclusion References 9. NTFS File System 9.1 Introduction 9.2 New Technology File System (NTFS) 9.3 NTFS Architecture 9.3.1 Master File Table (MFT) 9.4 NTFS Analytical Implications 9.5 Analysis and Presentation of NTFS Partition 9.5.1 Disk Editor for NTFS Analysis 9.5.2 WinHex Tool for NTFS Analysis 9.5.3 The Autopsy Tool for FAT and NTFS Analysis 9.6 Conclusion References 10. FAT and NTFS Recovery 10.1 Introduction 10.2 FAT and NTFS File Recovery 10.2.1 Deleting and Recovering Files in FAT File System 10.2.2 Deleting and Recovering Files in NTFS File System 10.3 Recycle Bin and Forensics Insights 10.4 Mounting Partitions Using SMB over Network 10.5 File Recovery and Data Carving Tools for File Systems 10.5.1 Foremost Tool 10.5.2 Scalpel Tool 10.5.3 Bulk Extractor Tool 10.6 Conclusion References 11. Basic Linux for Forensics 11.1 Introduction 11.2 Overview of Linux Operating System 11.3 Linux Kernel 11.4 Linux File System 11.4.1 Linux Hard Drives and Styles 11.5 Hard Disk Analysis in Linux 11.5.1 Hard Disk Analysis Using wxHexEditor 11.5.2 Crime Investigation: Adding/Changing Files’ Content Using wxHexEditor 11.5.3 Analysis of Hard Disk Using the Disk Editor Tool 11.6 Mount File Systems in Linux 11.6.1 Remote Connection Using SSHFS 11.6.2 Remote Connection Using SSH 11.6.3 Sharing and Mounting Files/Images between Various Virtual Machines 11.7 Data Acquisition in Linux 11.7.1 The dd Command 11.7.2 The dcfldd Command 11.8 Conclusion References 12. Advanced Linux Forensics 12.1 Introduction 12.2 Examining File Structures in Linux 12.3 Generic Linux File System Layout (EXT2, 3, 4) 12.4 Accessing Block Group Information in Linux 12.5 EXT File System Versions and Characteristics 12.5.1 EXT2 File System 12.5.2 EXT3 File System 12.5.3 EXT4 File Systems 12.6 Forensic Implications of EXT File Systems 12.6.1 Case Study: Linux’s Accounts 12.7 Data Analysis and Presentation in Linux 12.7.1 Examining Superblock and Inode Information in Disk Editor 12.7.2 Data Preparation Using Autopsy 12.7.2.1 Create a New Case in Autopsy Browser 12.8 Case Analysis Using Autopsy 12.8.1 Sorting Files 12.9 Conclusion References 13. Network Forensics 13.1 Introduction 13.2 What Is Network Forensics? 13.2.1 Benefits and Challenges of Network Forensics 13.3 Networking Basics 13.3.1 Open System Interconnection (OSI) Model 13.3.2 TCP/IP Protocol Stack 13.4 Network Forensic Investigations 13.4.1 Practical TCP/IP Analysis 13.5 Levels of Network Traffic Capture for Forensics Analysis 13.6 NetworkMiner Tool for Network Forensics 13.6.1 Applying the Network Forensic Investigation Process 13.6.2 Examples of Network Forensic Investigation 13.7 Conclusion References 14. Machine Learning Trends for Digital Forensics 14.1 Introduction 14.2 Why Do We Need Artificial Intelligence in Digital Forensics? 14.2.1 Artificial Intelligence for Digital Forensics 14.2.2 Machine Learning for Digital Forensics 14.2.3 Machine Learning Basics 14.3 Machine Learning Process 14.3.1 Data Collection and Pre-Processing 14.3.2 Training and Testing Phases 14.4 Applications of Machine Learning Models 14.4.1 Machine Learning Types 14.5 Case Study: Using the TON_IoT Dataset for Forensics 14.6 Conclusion References Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.