Digital Forensics Analysis Techniques, Findings versus Resources Ayman Shaaban AbouElela Mansour

By:

Ayman Shaaban AbouElela Mansour

Material type: Text

TextLanguage: English Summary language: English Publication details: 2018Description: 75 p. ill. 21 cmSubject(s):

Genre/Form:

Dissertation, Academic

DDC classification:

Contents:

Contents: CHAPTER ONE Foundations and Principles of Digital Forensics .................... 1 Scope .............................................................................................................. 2 Digital Forensics ............................................................................................. 2 Digital Evidence .............................................................................................. 3 Digital Forensics Goals .................................................................................. 4 Analysis Approaches ...................................................................................... 5 CHAPTER TWO Previous and Related Work ................................................... 7 CHAPTER THREE Case Study Scenario, Circumstances and Evidence Acquisition ........................................................................................................ 11 Evidence Acquisition .................................................................................... 13 Volatile Data ................................................................................................. 13 Using DumpIt to Create a RAM Dump ......................................................... 14 Using FTK Imager Lite to Create a RAM Dump .......................................... 15 Non-Volatile Data ......................................................................................... 16 System Down ................................................................................................ 16 System is Up and Running ........................................................................... 17 viii CHAPTER FOUR Digital Analysis .................................................................. 21 Memory Forensics, Small-Size High-Value ................................................. 21 Analysis .................................................................................................... 22 Memory Forensics Findings Summary .................................................... 31 Timeline Analysis, Long Creation Time but High Value .............................. 31 Plaso and Super Timeline Tools .............................................................. 31 Analysis .................................................................................................... 32 Live Analysis, Fastest and Most Valuable ................................................... 38 Live Analysis Tools ................................................................................... 38 Analysis .................................................................................................... 39 Findings against Techniques Comparison ................................................... 50 Findings .................................................................................................... 50 Resources ................................................................................................. 51 CHAPTER FIVE Conclusion and Future Approach ........................................ 53 REFERENCES ................................................................................................

Dissertation note: Thesis (M.A.)—Nile University, Egypt, 2018 . Abstract: Abstract: Change is the only constant. IT and cyber space are not exceptions for that. Everything along with day by day work flow is taking new, faster and easier form. The technology is changing everything. The crime, as we know it, is changing as well and taking new form with integrating technology in the process. This was a natural result after the nature of valuable assets changed as well. It will be easy to spot differences between the old west’s way of robbing a bank versus the modern way of hacking online banking systems and bank users. Also, espionage methods had its share of change. Its methods evolved from its traditional form in the WW2 movies to the nowadays form of cyber espionage and hacking governmental digital assets by other governments, activists or terrorists. As a normal result, a new counter wave had to appear to fight against these new crimes. From there, Digital Forensics analysis was introduced. Digital Forensics is relatively a new science and its importance rapidly increased in the last decade. Generally, forensics science is the scientific methods of gathering and examining data about past activities to extract useful information related to case under investigation. Therefore, we can define Digital Forensics analysis as the process of identifying information security incidents and analyzing the digital evidences in order to answer questions related to the digital incident. Live analysis process can take place just after the incident time or after the infected systems are down in what is called post-mortem analysis. Different from live analysis, post-mortem takes place in almost all cases. Generally, the analysis can confirm or refute hypothesis about the incident to rebuild full image about the activities of either attacker or victim during the time of the incident. Therefore, there is a necessity to continuously adjusting the best practices of digital forensics analysis in different situations for quicker results. xvi In our work, we help deciding which digital forensics analysis should be used in different situations. Using only free and open source tools on simulated reallife incident on Windows Operating System, we used three main digital forensics analysis techniques; live analysis, memory forensics and timeline analysis. For the same incident, solved by the three different techniques independently, the output of our experiment shows which incident’s tracks can be an output from each of these three techniques against the time and resources consumed by each analysis process itself. This will help incident responders and digital forensics investigators deciding which technique to use based on the circumstances of each situation.

Tags from this library: No tags from this library for this title. Log in to add tags.

Average rating: 0.0 (0 votes)

Holdings
Item type	Current library	Call number	Status	Date due	Barcode
Thesis	Main library	658/ A.S.D / 2018 (Browse shelf(Opens below))	Not For Loan

Browsing Main library shelves Close shelf browser (Hides shelf browser)

Previous	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	Next
Previous	658/ A.E.S 2013 Securing Ad-Hoc On Demand Distance Vector Routing Protocol Using Public Key Infrastructure /	658 / A.K.N / 2018 A New Web Deception System Framework with Intrusion and Ransomware Detection System [WDS-IRDS]	658 / A.M.T / 2022 TOWARDS THE DEPLOYMENT OF SECURE INFORMATION-CENTRIC VEHICULAR NETWORKING /	658/ A.S.D / 2018 Digital Forensics Analysis Techniques, Findings versus Resources	658/ A.S.S 2014 Securing Cloud Computing Using	658/ A.Y.D 2017 Dynamic Taint Analysis for Information Leakage in Android	658 / A.Z.C / 2021 CODE REUSE ATTACKS MITIGATION : ANALYSIS AND NEW HYBRID TECHNIQUE /	Next

Supervisor: Nashwa Abd El-Baki

Thesis (M.A.)—Nile University, Egypt, 2018 .

"Includes bibliographical references"

Contents:
CHAPTER ONE Foundations and Principles of Digital Forensics .................... 1
Scope .............................................................................................................. 2
Digital Forensics ............................................................................................. 2
Digital Evidence .............................................................................................. 3
Digital Forensics Goals .................................................................................. 4
Analysis Approaches ...................................................................................... 5
CHAPTER TWO Previous and Related Work ................................................... 7
CHAPTER THREE Case Study Scenario, Circumstances and Evidence
Acquisition ........................................................................................................ 11
Evidence Acquisition .................................................................................... 13
Volatile Data ................................................................................................. 13
Using DumpIt to Create a RAM Dump ......................................................... 14
Using FTK Imager Lite to Create a RAM Dump .......................................... 15
Non-Volatile Data ......................................................................................... 16
System Down ................................................................................................ 16
System is Up and Running ........................................................................... 17
viii
CHAPTER FOUR Digital Analysis .................................................................. 21
Memory Forensics, Small-Size High-Value ................................................. 21
Analysis .................................................................................................... 22
Memory Forensics Findings Summary .................................................... 31
Timeline Analysis, Long Creation Time but High Value .............................. 31
Plaso and Super Timeline Tools .............................................................. 31
Analysis .................................................................................................... 32
Live Analysis, Fastest and Most Valuable ................................................... 38
Live Analysis Tools ................................................................................... 38
Analysis .................................................................................................... 39
Findings against Techniques Comparison ................................................... 50
Findings .................................................................................................... 50
Resources ................................................................................................. 51
CHAPTER FIVE Conclusion and Future Approach ........................................ 53
REFERENCES ................................................................................................

Abstract:
Change is the only constant. IT and cyber space are not exceptions for that.
Everything along with day by day work flow is taking new, faster and easier
form. The technology is changing everything. The crime, as we know it, is
changing as well and taking new form with integrating technology in the
process. This was a natural result after the nature of valuable assets changed as
well. It will be easy to spot differences between the old west’s way of robbing
a bank versus the modern way of hacking online banking systems and bank
users. Also, espionage methods had its share of change. Its methods evolved
from its traditional form in the WW2 movies to the nowadays form of cyber
espionage and hacking governmental digital assets by other governments,
activists or terrorists. As a normal result, a new counter wave had to appear to
fight against these new crimes. From there, Digital Forensics analysis was
introduced.
Digital Forensics is relatively a new science and its importance rapidly
increased in the last decade. Generally, forensics science is the scientific
methods of gathering and examining data about past activities to extract useful
information related to case under investigation. Therefore, we can define Digital
Forensics analysis as the process of identifying information security incidents
and analyzing the digital evidences in order to answer questions related to the
digital incident. Live analysis process can take place just after the incident time
or after the infected systems are down in what is called post-mortem analysis.
Different from live analysis, post-mortem takes place in almost all cases.
Generally, the analysis can confirm or refute hypothesis about the incident to
rebuild full image about the activities of either attacker or victim during the time
of the incident. Therefore, there is a necessity to continuously adjusting the best
practices of digital forensics analysis in different situations for quicker results.
xvi
In our work, we help deciding which digital forensics analysis should be used
in different situations. Using only free and open source tools on simulated reallife
incident on Windows Operating System, we used three main digital
forensics analysis techniques; live analysis, memory forensics and timeline
analysis. For the same incident, solved by the three different techniques
independently, the output of our experiment shows which incident’s tracks can
be an output from each of these three techniques against the time and resources
consumed by each analysis process itself. This will help incident responders and
digital forensics investigators deciding which technique to use based on the
circumstances of each situation.

Text in English, abstracts in English.

There are no comments on this title.

to post a comment.