Welcome to Forensics and Network Intrusion! This course provides you with the knowledge and skills needed to work in the exciting, high-demand field of digital forensics. In preparation for the highly regarded Computer Hacking Forensic Investigator (CHFI) certification, you will learn about how to detect hacking attacks, how to properly extract and preserve evidence, and how to get the evidence needed for audits aimed at preventing future attacks. Throughout the course, you will find readings, videos, labs, and learning checks. These activities are designed to let you check your retention of the topics presented. It is important to note that the labs and learning checks are not meant to reveal any characteristics of the format or design of the final assessment. Instead, they
Prosecute the evidence
Obfuscate the evidence
Authorize the evidence
Preserve the evidence
Magistrate
Court of law
First responder
Concerned authority
Computer forensics deals with the monetary cost of finding evidence related to a crime to find the culprits and initiate legal action against them.
Computer forensics deals with the search for evidence related to a digital crime, but the forensics specialist does not need to be concerned about the legal admissibility of the evidence he or she finds.
Computer forensics deals with the process of finding evidence related to a digital crime to find the culprits and initiate legal action against them.
Computer forensics deals only with the process of finding evidence related to a digital crime and does not try to estimate the monetary damages caused by that crime.
It adopts an approach toward criminal activity as a criminal act.
It adopts a holistic approach toward any criminal activity as a criminal operation rather than as a single criminal activity.
It differs from traditional investigative methods and is less complex and less time- consuming.
It encourages reactive action on the structure of the criminal enterprise.
Fast-paced speed
Smaller evidence in size
Anonymity through masquerading
Volatile evidence
The initial reporting of the evidence is generally informal.
Law enforcement agencies are responsible for collecting and analyzing evidence.
The standards of proof need to be very high.
A formal investigation report is required.
Presentation of admissible evidence
Value or cost to the victim
Collection of clues and forensic evidence
Analysis of digital evidence
Breakdown of costs into daily and annual expenditure
Current media coverage of high-profile computer crimes
Past success rate as a measure of value
Use of outdated, but trusted, technologies
Secure the evidence.
Collect the evidence.
Destroy the evidence.
Assess the evidence.
Thumb drive
Digital camera
Smart card
Processor
Rule 105
Rule 102
Rule 103
Rule 101
Rule 105
Rule 101
Rule 102
Rule 103
Magnetic storage devices
Optical storage devices
Flash memory devices
Quantum storage devices
Double-level cell (DLC)
Single-level cell (SLC)
Multi-level cell (MLC)
Triple-level cell (TLC)
Spindle
NAND chips
Read/write heads
Platters
Area density
Bit density
Block density
Track density
16,384
32,768
512
256
ISO 9431
ISO 6990
ISO 1349
ISO 9660
The primary track sector
The secondary volume descriptor
The primary volume descriptor
The secondary track sector
Number 3
Number 1
Number 2
Number 0
Number 2
Number 0
Number 3
Number 1
Third
Fourth
Second
First
Extended partition
Tertiary partition
Primary partition
Secondary partition
(C:)
(B:)
(A:)
(D:)
Boot Parameter Block (BPB)
BIOS Parameter Block (BPB)
Primary Sequential Sector (PSS)
Primary Reserved Sector (PRS)