Professional Documents
Culture Documents
Digital Forensics Lec1 Springl 2021
Digital Forensics Lec1 Springl 2021
Digital Forensics
Course Logistics / Contents Preview
1. Course Logistics
2. Contents Primer
4. Autopsy
Forensic science
– the application of science to criminal and civil laws, mainly, on
the criminal side, during criminal investigation, as governed by
the legal standards of admissible evidence and criminal
procedure
– https://www.softschools.com/timelines/forensic_science_timeline/99/
– https://en.wikipedia.org/wiki/Digital_forensics
https://en.wikipedia.org/wiki/Forensic_science
https://ifflab.org/branches-of-forensic-science/
https://aafs.org/Home/Resources/Students/Types.aspx
Digital Forensics- Riphah International University 5
All rights reserved
Course Logistics
Reference Books
– Text Book 1: Guide to Computer Forensics and Investigations, Digital
Evidence Processing, 6th Edition
• Bill Nelson et al., 2019
– Supporting Book: Learn Computer Forensics
• Packt Publishing, 2020
– Text Book 2: File System Forensic Analysis
• Brian Carrier, Addison Wesley Professional, 2008
– Supporting Book: Practical Windows Forensics
• Packt Publishing, 2016
– Text Book 3: Digital Evidence and Computer Crime, Elsevier, Eoghan
Casey et al.
– Lab Work: Text book-1 and CHFI
Note:
Subject to Change
– Rules of evidence
• Best evidence rule and FRE (USA)
– Network devices
– Disk Wiping
http://www.aliciaproject.org/about-alicia-kozakiewicz.html
Digital Forensics- Riphah International University 30
All rights reserved
Case 2 – BTK
2005 Dennis Rader --- The "BTK" Serial Killer
– Played with police for more than 30 years
– Used to send messages to Police via newspapers
• He asked, if all put on a floppy would be safe, police reply was +ive
https://en.wikipedia.org/wiki/Dennis_Rader
– A witness testified that Matt Baker had, in fact, murdered his wife
https://en.wikipedia.org/wiki/Deadly_Little_Secrets
https://www.iigpi.com/5-cases-cracked-with-digital-forensics/46/2821/
https://blog.eccouncil.org/5-cases-solved-using-extensive-digital-forensic-evidence/
https://www.fbi.gov/investigate/cyber/news
https://www.journals.elsevier.com/forensic-science-international-digital-
investigation/recent-articles
AUTOPSY (4.8.0)
s
set
ash
h
ns
tio
ica
ppl
a
le,
b
cea
, t ra
wn
kno
f
et o
as
ash
RL
NS
s
f ile
e
bas
at a
ged
g ua
. lan
s e.g
f ile
d
i ze
tom
us
n tc
e
i ffer
d
n tify
i de
To
Extracts data hidden inside well-known file types e.g. doc, docx, ppt etc.
Digital Forensics- Riphah International University 57
All rights reserved
Autopsy – Ingest Modules
Module 05 – Exif Parser
A simple way to do Anti-forensics – make a legal file appear illegal i.e. change ext