Forensic Computing

Mohamed Hamdi, National Digital Certification Agency, Tunisia

Noureddine Boudriga, National Digital Certification Agency and University of Carthage, Tunisia

M. S. Obaidat, Monmouth University

Introduction and Foundations of Computer Forensics

Definition

Computer Forensic Process

Computer Evidence Requirements

Disk Forensics

Storing Data in Computers

Hiding and Recovering Information from Hard Disks

Cryptanalysis: Breaking Attackers' Ciphers and Codes

Steganography and Digital Watermarking

Identifying the Source of Network Attacks

Computer Network Attack Features

IP Marking Approaches

Edge Sampling Algorithm and Fragment Marking Scheme

Advanced and Authenticated Marking Schemes

Deterministic Packet Marking

Hash-Based IP Trace-Back

Connection Chain Identification

Thumb Printing

Interpacket Delay-Based Tracing

Discovering Attack Steps

Statistical Computer Forensics

Computer Forensics and Artificial Intelligence

Legal Issues

Enhancing the Existing Infrastructure

Improving Standards, Protocols, and Regulation

Improving Theory

Improving Industry Support

Improving Human Skills

Concluding Remarks

Cross References

References

INTRODUCTION AND FOUNDATIONS OF COMPUTER FORENSICS

In this section, we present the main concepts, background information, and foundations of computer forensics.

Definition

In 2001, computer forensics was defined as “the use of scientifically derived and proved methods toward the preservation, collection, validation, identification, analysis, interpretation, ...

Get Handbook of Information Security: Information Warfare, Social, Legal, and International Issues and Security Foundations, Volume 2 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.