Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Windows Forensics Cookbook

You're reading from   Windows Forensics Cookbook Over 60 practical recipes to acquire memory data and analyze systems with the latest Windows forensic tools

Arrow left icon
Product type Paperback
Published in Aug 2017
Publisher
ISBN-13 9781784390495
Length 274 pages
Edition 1st Edition
Concepts
Arrow right icon
Authors (2):
Arrow left icon
Oleg Skulkin Oleg Skulkin
Author Profile Icon Oleg Skulkin
Oleg Skulkin
Scar de Courcier Scar de Courcier
Author Profile Icon Scar de Courcier
Scar de Courcier
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Digital Forensics and Evidence Acquisition FREE CHAPTER 2. Windows Memory Acquisition and Analysis 3. Windows Drive Acquisition 4. Windows File System Analysis 5. Windows Shadow Copies Analysis 6. Windows Registry Analysis 7. Main Windows Operating System Artifacts 8. Web Browser Forensics 9. Email and Instant Messaging Forensics 10. Windows 10 Forensics 11. Data Visualization 12. Troubleshooting in Windows Forensic Analysis

Digital forensic investigation - an international field

As we have briefly discussed, one of the biggest challenges encountered by digital forensic investigators, whether in criminal or civil cases is the international nature of their investigative scope.

When investigating cases such as DDoS attacks (where a person or group of people flood a website or machine with requests in order to stop it from functioning), online credit card details theft, or bank fraud for example, it is likely that an investigator may find their suspects scattered all around the world. In a recent case involving the live streaming of child abuse from the Philippines, one of the main problems the investigators ran into was that the people who were watching the live streamed content were also subjects for investigation, but they were spread internationally and were difficult to track down due to so many of them using various methods of obfuscation. Laws around the world differ too: legislation in one country may create a legal loophole that causes havoc for a case and has implications on whether it is eventually brought to a conclusion or shelved.

The increasingly globalised nature of crime means that this is a problem we cannot ignore - it is not something that is going to go away. On the contrary, it looks set to only grow further with each passing year. Nowadays, our data is stored in the cloud—Nowadays, our data is stored in the cloud; people we interact with aren't just those we have met in real life, but instead people we would have previously termed strangers now increasingly form the basis of our social interactions; our bank accounts are accessible from almost anywhere in the world, often in multiple currencies. It is difficult enough to trace the actions and data trail of a single individual who is merely living life in the 21st century, let alone to attempt to investigate a large group of people, spread across diverse physical locations, who are making deliberate and sustained attempts to obfuscate data and hide themselves from view.

Strides ahead are being made, however. Various projects have sprung up over recent years which aim to address the specific challenges brought up by international investigations. One example is the EVIDENCE Project coordinated by Maria Angela Biasotti, an Italian lawyer who, in collaboration with colleagues across Europe, is seeking to develop a common understanding of electronic evidence and a more globally viable way of collaborating between territories, as well as a more standardized criminal investigation procedure around the world.

A laudable goal, and one that the EVIDENCE Project at least is moving swiftly towards; at the time of writing, a test implementation between several member countries is on the cards. However, at the moment, investigators are still faced with having to work on cases that have international data sources and implications.

What can we do to make things easier for ourselves in the meantime?

Scoping out a case before taking it on is good practice regardless of its size or relative importance, but this becomes even more pertinent when international factors might be involved. These may have an impact on the time it takes to acquire evidence: for example, if you are looking to extract data from a server in another country, or even another state, you will need at least a basic understanding of the requirements necessary to gain access to it, and indeed whether this is even possible in the first place.

It is, of course, impossible to have an in-depth understanding of the various bits of legislation that are relevant to digital forensic investigations around the world. In reality, the best an investigator can do is to verse themselves as fully as possible in the laws of their own local area, and then seek advice when the need arises to work across borders.

Beyond the legislative elements, however, there are also the more mundane aspects of international investigation, such as linguistic analysis. Keyword searches are often where an investigation starts, or at least fall somewhere near the beginning—but if your case spans a multitude of countries, you may well end up at a loss for keywords.

Most of the larger digital forensics solutions, such as EnCase and Nuix Investigator, have multilingual keyword abilities built in, which is a huge help. Some can even scan the evidence you enter for you, and then bring back an analysis of the languages used within the case. You can then use this to form the basis of your investigation and to inform future searches. Slang is still a problem for many though, and criminals are increasingly becoming wise to this. While a thesaurus can bring back a number of synonyms for a given term relating to drug abuse, the exploitation of children, or financial fraud, it may not be able to include all the less formal terms people are using in their discussions.

Progress is being made, however, and much of the air time at digital forensics conferences and research groups is devoted to how we as investigators can increase collaboration and make it easier to investigate global cases.

You have been reading a chapter from
Windows Forensics Cookbook
Published in: Aug 2017
Publisher:
ISBN-13: 9781784390495
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image