MARC details
| 000 -LEADER |
|---|
| fixed length control field |
06796nam a22002537a 4500 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
|---|
| fixed length control field |
210125b2018 a|||f mb|| 00| 0 eng d |
| 040 ## - CATALOGING SOURCE |
|---|
| Original cataloging agency |
EG-CaNU |
| Transcribing agency |
EG-CaNU |
| 041 0# - Language Code |
|---|
| Language code of text |
eng |
| Language code of abstract |
eng |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER |
|---|
| Classification number |
658 |
| 100 0# - MAIN ENTRY--PERSONAL NAME |
|---|
| Personal name |
Ayman Shaaban AbouElela Mansour |
| 245 1# - TITLE STATEMENT |
|---|
| Title |
Digital Forensics Analysis Techniques, Findings versus Resources |
| Statement of responsibility, etc. |
Ayman Shaaban AbouElela Mansour |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. |
|---|
| Date of publication, distribution, etc. |
2018 |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
75 p. |
| Other physical details |
ill. |
| Dimensions |
21 cm. |
| 500 ## - GENERAL NOTE |
|---|
| Materials specified |
Supervisor: Nashwa Abd El-Baki |
| 502 ## - Dissertation Note |
|---|
| Dissertation type |
Thesis (M.A.)—Nile University, Egypt, 2018 . |
| 504 ## - Bibliography |
|---|
| Bibliography |
"Includes bibliographical references" |
| 505 0# - Contents |
|---|
| Formatted contents note |
Contents:<br/>CHAPTER ONE Foundations and Principles of Digital Forensics .................... 1<br/>Scope .............................................................................................................. 2<br/>Digital Forensics ............................................................................................. 2<br/>Digital Evidence .............................................................................................. 3<br/>Digital Forensics Goals .................................................................................. 4<br/>Analysis Approaches ...................................................................................... 5<br/>CHAPTER TWO Previous and Related Work ................................................... 7<br/>CHAPTER THREE Case Study Scenario, Circumstances and Evidence<br/>Acquisition ........................................................................................................ 11<br/>Evidence Acquisition .................................................................................... 13<br/>Volatile Data ................................................................................................. 13<br/>Using DumpIt to Create a RAM Dump ......................................................... 14<br/>Using FTK Imager Lite to Create a RAM Dump .......................................... 15<br/>Non-Volatile Data ......................................................................................... 16<br/>System Down ................................................................................................ 16<br/>System is Up and Running ........................................................................... 17<br/>viii<br/>CHAPTER FOUR Digital Analysis .................................................................. 21<br/>Memory Forensics, Small-Size High-Value ................................................. 21<br/>Analysis .................................................................................................... 22<br/>Memory Forensics Findings Summary .................................................... 31<br/>Timeline Analysis, Long Creation Time but High Value .............................. 31<br/>Plaso and Super Timeline Tools .............................................................. 31<br/>Analysis .................................................................................................... 32<br/>Live Analysis, Fastest and Most Valuable ................................................... 38<br/>Live Analysis Tools ................................................................................... 38<br/>Analysis .................................................................................................... 39<br/>Findings against Techniques Comparison ................................................... 50<br/>Findings .................................................................................................... 50<br/>Resources ................................................................................................. 51<br/>CHAPTER FIVE Conclusion and Future Approach ........................................ 53<br/>REFERENCES ................................................................................................ |
| 520 3# - Abstract |
|---|
| Abstract |
Abstract:<br/>Change is the only constant. IT and cyber space are not exceptions for that.<br/>Everything along with day by day work flow is taking new, faster and easier<br/>form. The technology is changing everything. The crime, as we know it, is<br/>changing as well and taking new form with integrating technology in the<br/>process. This was a natural result after the nature of valuable assets changed as<br/>well. It will be easy to spot differences between the old west’s way of robbing<br/>a bank versus the modern way of hacking online banking systems and bank<br/>users. Also, espionage methods had its share of change. Its methods evolved<br/>from its traditional form in the WW2 movies to the nowadays form of cyber<br/>espionage and hacking governmental digital assets by other governments,<br/>activists or terrorists. As a normal result, a new counter wave had to appear to<br/>fight against these new crimes. From there, Digital Forensics analysis was<br/>introduced.<br/>Digital Forensics is relatively a new science and its importance rapidly<br/>increased in the last decade. Generally, forensics science is the scientific<br/>methods of gathering and examining data about past activities to extract useful<br/>information related to case under investigation. Therefore, we can define Digital<br/>Forensics analysis as the process of identifying information security incidents<br/>and analyzing the digital evidences in order to answer questions related to the<br/>digital incident. Live analysis process can take place just after the incident time<br/>or after the infected systems are down in what is called post-mortem analysis.<br/>Different from live analysis, post-mortem takes place in almost all cases.<br/>Generally, the analysis can confirm or refute hypothesis about the incident to<br/>rebuild full image about the activities of either attacker or victim during the time<br/>of the incident. Therefore, there is a necessity to continuously adjusting the best<br/>practices of digital forensics analysis in different situations for quicker results.<br/>xvi<br/>In our work, we help deciding which digital forensics analysis should be used<br/>in different situations. Using only free and open source tools on simulated reallife<br/>incident on Windows Operating System, we used three main digital<br/>forensics analysis techniques; live analysis, memory forensics and timeline<br/>analysis. For the same incident, solved by the three different techniques<br/>independently, the output of our experiment shows which incident’s tracks can<br/>be an output from each of these three techniques against the time and resources<br/>consumed by each analysis process itself. This will help incident responders and<br/>digital forensics investigators deciding which technique to use based on the<br/>circumstances of each situation. |
| 546 ## - Language Note |
|---|
| Language Note |
Text in English, abstracts in English. |
| 650 #4 - Subject |
|---|
| Subject |
Information Security |
| 655 #7 - Index Term-Genre/Form |
|---|
| Source of term |
NULIB |
| focus term |
Dissertation, Academic |
| 690 ## - Subject |
|---|
| School |
Information Security |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) |
|---|
| Source of classification or shelving scheme |
Dewey Decimal Classification |
| Koha item type |
Thesis |
| 650 #4 - Subject |
|---|
| -- |
294 |
| 655 #7 - Index Term-Genre/Form |
|---|
| -- |
187 |
| 690 ## - Subject |
|---|
| -- |
294 |