Subject Index
A
Access Data’s Forensic Tool Kit (FTK),
64
Accounts used on OS X by a user,
111
Advanced persistent threats (APT),
71
Altcoins,
App-driven dating sites,
73
Apple’s Find My iPhone (iCloud) login page,
71
Apple’s Xcode “toolkit”,
72
App marketplaces by vendor,
72
Asymmetric encryption.,
Asymmetric key cryptography,
Automated license plate readers,
141
courts examined cases,
141
B
Base-station (cell tower) triangulation,
77
Behavioral analysis
as important investigative tool,
49
model presentation, phases of,
49
timeline analysis/visualization,
51
Best Practices for Mobile Phone Forensics (2015),
82
Bitcoin, ,
benefits of model,
double spending protection,
exchange internationally,
signed transactions protection,
community,
encryption,
framework,
hardware failure,
historical perspective,
4–5
trail-blazing,
transaction, ,
identified by a SHA-256 hash of,
wallet,
Bitcoin Fog,
Bitmixer,
genesis block,
made up of blocks,
structure of a block,
Bulletin board systems,
129
the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF),
120–121
BYOD (bring your own device),
71
C
Calendars
CallHistoryDB database,
113
CallHistoryTransactions,
110
Camera-enabled apps,
76–77
Case studies
possession of child porn,
55–57
CCleaner,
CelleBrite Physical Analyzer,
64
CelleBrite UFED with Physical Analyzer,
64
arrestees diminished privacy,
143
Riley,
United States v. Wurie (2014),
142
Riley v. California (2014),
142
court interpreted and applied the Fourth Amendment,
142
digital data cannot be used as a weapon against,
142
possibility of remote wiping and encryption of digital data,
143
warrant before conducting” a cell phone search,
143
Child Exploitation Investigations Unit,
121
the Childhood Sensuality Circle,
129
Chinese burner phone
vs. iOS device,
80
Classification/individualization,
33
digital evidence, classified by the software,
33
“individualized” the evidence,
33
TCP, IP, and UDP packets,
33
Cloud-based storage apps,
75
Cloud-driven marketplaces,
72
Cloud (hyper distributed),
53
by mobile operating system,
71
CoinJoin,
Computer crime investigations,
47
Computer crimes, estimated cost,
119
Computer-perpetrated crimes,
119
Computer science and engineering,
47
Consumer Sentinel Network (CSN),
125
Criminal investigation,
60
Criminal psychologists,
45
Cryptocurrencies,
built-in implementation,
characteristics,
decentralization,
perceived as an unknown quantity,
physical backing,
verification,
white paper,
Cryptography,
Currencies,
physical backing,
current, and evolving threats,
122
Cyber criminal investigations,
45,
46
D
DarkWallet,
Data storage technology,
47
application (Microsoft Word),
36
metadata (dates/times),
36
Decentralization,
Deductive behavioral analysis,
45
Default directory structure,
100
volatile physical counterparts,
49
Digital cash,
Digital evidence, for examination,
30
Digital forensic analysts
Digital forensic examiners,
39
Digital Forensic Laboratories,
99
Digital forensic professionals,
119
Digital Forensics Research Workshop (DFRWS),
90
Digital investigations workflows,
90–98
Digital search, goals and objectives,
35
Digital “signature”, ,
Direct messages (DMs),
73
Distributed Denial of Service (DDoS) attacks,
123
Document folders/directories,
37
Doyle, Arthur Conan, Sir,
46
in .trash, showing past paths of deleted items,
107
E
Economics,
AccessData’s FTK Imager tool,
97
allocated data and recovered file
case creation, phase functions occur
collection of corporation data,
85
extraction of file metadata
first phase of analysis,
86
key items report function, possess features
listing essential functions,
97
leverage processes for a digital forensic investigation,
94
modern eDiscovery review software,
87
physical (human) review,
87
removing known files based on MD5 hashes (digital fingerprints),
86
software considerations, for processing phase,
95
software packages developing advanced visualization
listing essential functions,
96
tool exhibit features, for review stage,
96
tool for use in a criminal case,
94
viewing data at the Hex level
vs. digital investigations,
94
Elcomsoft Phone Password Breaker (EPPB),
71
Electronic discovery reference model (EDRM),
88
information governance,
88
information governance review,
89
Electronic storage media,
86
Elliptic curve digital signature algorithm (ECDSA), ,
scalar multiplication,
case law provide, password to law enforcement,
145
compel suspect to produce documents,
144
defendant compelled to disclose data,
143
defendants may required to decrypt computers password,
145
defendant to produce unencrypted contents of laptop computer,
144
documents sought with “reasonable particularity”,
144
Fifth Amendment protection against self-incrimination,
144
under “foregone conclusion” doctrine, law enforcement,
143
suspect in contempt of court and incarcerated,
144
Examination planning process,
41–42
Examiner’s forensic questions,
36
F
Federal Bureau of Investigation (FBI),
120–121
Federal privacy legislation,
138
Federal Trade Commission (FTC),
125
File/operating system,
39
Forensic and legal communities,
30
Forensic examiners,
30,
32,
36
Forensic hypotheses,
34,
35
developing falsifiable hypotheses,
35
identification and classification questions,
35
Forensic practitioners,
33
developing detailed tasking, and set of questions/hypotheses,
37–38
Forensic software,
33,
34
the Fourth Amendment to the United States Constitution,
133
circumstances enforcement officers not required,
136
Cupp v. Murphy, 1973,
136
Mincey v. Arizona (1978),
136
United States v. Bradley, 2012,
136
closed containers protection,
135
Robbins v. California, 1981,
135
United States v. Chadwick, 1977,
135
California v. Ciraolo,
134
Florida v. Riley (1989),
134
determin search warrant,
134
evidence seized in violation, exclud from criminal trial,
134
Silverthorne Lumber Co. v. United States, 1920,
134
expectation of privacy,
134
individuals crossing an international border
United States v. Cotterman, 2013,
137
United States v. Flores-Montano, 2004,
137
information or data shared
United States v. Jacobsen, 1984,
136
Katz v. United States, 1967, p. 353,
134
obtain consent to search from a third party
United States v. Matlock, 1974,
136
open fields protection,
135
Co. v. United States (1986),
135
Oliver v. United States (1984),
135
physical constructs of search and seizure,
135
United States v. David, 1991,
135
United States v. Gorshkov, 2001,
136
probationers and parolees, expectation of privac
United States v. Lifshitz, 2004,
137
Rakas v. Illinois, 1978,
134
Smith v. Maryland, 1979, p. 740,
134
suspect provides voluntary consent to search a computer
United States v. Al-Marri, 2002,
136
Fraudulent activities,
120
G
Garbage in/garbage out,
36
Genesis block,
Geotagged image taken from an iOS device,
78
Geotagging-enabled information services,
78
Global positioning system (GPS),
60,
61,
77
Gold,
Graphical user interfaces (GUIs),
48
Guidance Software’s EnCase,
64
800-11 Guidelines of Mobile Device Forensics,
82
H
Hardware manufacturers,
69
Hardware
vs. software complexity trend,
69
Hierarchical File System Plus (HSF +),
99
I
the Identity Theft Resource Center (2015),
125
Illegal goods,
Immigration and Customs Enforcement (ICE),
121
Immigration and Naturalization Services (INS),
121
directories and media storage,
111
Inductive/deductive reasoning,
45
International Mobile Subscriber Identity (IMSI) catchers,
141
and new-age technologies
opportunity for criminal activity,
119
Internet child pornography,
61
Internet Evidence Finder,
65
Internet-related artifacts,
65
Internet service provider (ISP),
62,
63
Investigative psychology,
45
Investigative questions,
31
J
Joint Test Action Group (JTAG),
81
JTAG and/or chip-off analysis,
79,
80
K
Keyword search algorithms,
47
L
non-sandboxed applications, share information,
102
programming language,
102
Locard’s principle of exchange,
49
Location data, and apps,
77
M
Mac OS X actually contain files behind icon
Magnet Forensics’ Internet Evidence Finder (IEF),
64
Metal gold,
Mint,
features in selecting,
69
Mobile forensic examiner,
78
Mobile forensic extraction tools,
79
Mobile operating systems, market share of,
70
Modern electronics,
Multimedia messaging service (MMS),
74
Multiuser data storage devices,
38
Multiuser file server,
38
N
National Center for Missing and Exploited Children (NCMEC),
55
National Child Victim Identification System (NCVIS),
121
National Computer Forensic Institute,
121
National Institute of Standards and Technology (NIST),
82
Native messaging apps,
74
Navigation-based applications,
78
Network forensics (Internet traffic),
61
“Niche” social media apps,
73
Non-native messaging apps,
74
the North American Man/Boy Love Association,
129
O
Onion Router (“Tor”), project,
146
Organization for Economic Cooperation and Development (OECD),
59
Organizations, supporting behavior of child sexual abuse and,
129
OS X 10, default operating system,
99
OS X 10.11 EL Capitan,
115
OS X operating systems,
100
command line examples in terminal,
100
P
Packet reconstruction,
34
Palo Alto Networks, company,
72
Peer-to-peer networks,
129
People’s online behaviors,
51
Personal cloud services,
71
Personal computer (PC), revolution,
69
Planning process, examination,
41–42
Prepaid “burner” phones,
80
path leads to SHA1 password,
103
user’s DHCP lease and router information,
105
Professional criminals,
122
Psychological profiling,
45
R
RATs (remote access tools),
51
Reconstruction examinations,
36
the Rene Guyon Society,
129
Restrictive judicial constraints,
36
S
Scientific Working Group on Digital Evidence,
82
SDelete,
SharedCoin,
Slack data (RAM and/or File),
38
Small storage media aid,
85
SMS-like functionality,
74
Social construct,
content utilizing location services,
78
valuable source of evidence,
78
and digital forensics,
61
evidence on network,
62–63
evidence on physical device,
64–65
yield digital evidence,
61
challenges and threats, exist in regards to forensic extraction and,
73
Social networking sites (SNS),
59
SSH information, including IP, keys, and encryption method,
107
Standard operating procedures (SOPs),
82
Subdirectory metadata,
112
Syllogistic reasoning,
45
System Integrity Protection (SIP) account,
115
T
Test access port (TAP),
81
“Thorough” examination,
35
Tracking cell phones,
141
United States v. Jones, 2012,
140
United States v. Karo, 1984,
140
United States v. Knotts 1983,
140
United States v. Kyllo, 2001,
140
Transactions,
in Bitcoin,
preservation letter to,
63
U
Unallocated data (slack),
38
Un-focused and needless operations,
36
Unique identifiers, with phone numbers,
113
the United States Customs Service,
121
the United States Secret Service,
120–121
the United States Supreme Court,
35
terminal command, manual examination,
101
Unix commands, common,
101
User generated content,
59
User security awareness training,
71
V
accreditation standard for forensic testing and,
82
updating hardware and software,
82
Victim Identification Program,
121
Visualization, of data,
51
Voice over IP (VoIP) apps,
74
potential source of communication and,
75
W
Wallets,
software,
Wi-Fi access points and hotspots,
77
Windows registry file,
40
Wireless (Wi-Fi) hotspots, and access poin,
77
X
XRY Mobile Forensic Tool,
64,
65
Y