Subject Index
A
Access Data’s Forensic Tool Kit (FTK), 64
Accounts used on OS X by a user, 111
Adult porn, 55
Advanced persistent threats (APT), 71
Altcoins, 1
Android, 70–72
devices, 79
Android Marketplace, 72
App-driven dating sites, 73
Apple, 72
Apple iOS apps, 72
Apple Maps, 78
Apple’s Find My iPhone (iCloud) login page, 71
Apple’s Xcode “toolkit”, 72
App marketplaces by vendor, 72
threats within, 72
App-store model, 72
Ares, 65
Association, 33
biometric logins, 34
fingerprint, 34
strong, 34
weak, 34
Asymmetric encryption., 2
Asymmetric key cryptography, 3
Automated license plate readers, 141
courts examined cases, 141
Automated tools, 53
B
Base-station (cell tower) triangulation, 77
Behavioral analysis
as important investigative tool, 49
model presentation, phases of, 49
classification, 50
collection, 50
context analysis, 50
decision/opinion, 52
limitations, 52–53
statistical analysis, 50
timeline analysis/visualization, 51
Bestiality, 55
Best Practices for Mobile Phone Forensics (2015), 82
Big data, 69
Bin, 102
Biometric logins, 34
benefits of model, 5
double spending protection, 5
exchange internationally, 5
signed transactions protection, 5
community, 7
current context, 4–5
encryption, 3
forensic relevance, 3–4
framework, 5
hardware failure, 7
historical perspective, 4–5
protocol, 13–15
in action, 19
trail-blazing, 2
identified by a SHA-256 hash of, 9
wallet, 7
Bitcoin Fog, 3
Bitmixer, 3
Blackberry, 72
genesis block, 6
made up of blocks, 6
structure of a block, 6
transaction details, 17
Boolean searching, 87
Bottom-up analysis, 45
Bulletin board systems, 129
the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), 120–121
Burglary, 61
BYOD (bring your own device), 71
C
Cache files, 64
Caches directory, 110
Calendar, 112
Calendars
with events, 114
CallHistoryDB, 110
CallHistoryDB database, 113
CallHistoryTransactions, 110
Call metadata, 112
Camera-enabled apps, 76–77
Carding IRC channels, 51
Case studies
Arson homicide, 54
possession of child porn, 55–57
shaken baby death, 53–54
Cat or dog not mouse, 87
Cat W/10 dog, 87–90
CCleaner, 7
CelleBrite Physical Analyzer, 64
CelleBrite UFED with Physical Analyzer, 64
arrestees diminished privacy, 143
cases decided, 142
Riley v. California (2014), 142
court interpreted and applied the Fourth Amendment, 142
digital data cannot be used as a weapon against, 142
possibility of remote wiping and encryption of digital data, 143
warrant before conducting” a cell phone search, 143
Chat programs, 65
Chat rooms, 129
Child Exploitation Investigations Unit, 121
the Childhood Sensuality Circle, 129
Child porn websites, 55
Child sexual exploitation, 128–129
Chinese burner phone vs. iOS device, 80
Chip-off forensics, 82
Classification/individualization, 33
class evidence, 33
digital evidence, classified by the software, 33
document files, 33
.DOC or .DOCX., 33
forensic question, 33
“individualized” the evidence, 33
TCP, IP, and UDP packets, 33
Cloaq, 60
Cloud, 69
Cloud-based model, 72
Cloud-based storage apps, 75
Cloud-driven marketplaces, 72
Cloud (hyper distributed), 53
Cloud services, 71
by mobile operating system, 71
Cloud storage, 37
CoinJoin, 7
com.apple.Safari, 111
Communication, 30
Computer crime investigations, 47
Computer crimes, estimated cost, 119
Computer device, 34
Computer-perpetrated crimes, 119
Computer resources, 28
Computers, 85
Computer science, 47
Computer science and engineering, 47
Computer systems, 48
Consumer Sentinel Network (CSN), 125
Courts, 35
Covey, Stephen, 37
Credit card fraud, 51
Criminal investigation, 60
Criminal psychologists, 45
Cross-examination, 38
Cryptocurrencies, 1
built-in implementation, 2
characteristics, 2
decentralization, 2
perceived as an unknown quantity, 1
physical backing, 2
verification, 2
white paper, 1
Cryptography, 2
CSV files, 63
.cups folder, 105
Currencies, 2
physical backing, 2
Cyberbullying, 61
Cybercrimes, 119
combating, 120
contemporary, 119
current, and evolving threats, 122
law enforcement, 119
core elements, 48
cyber crime scene, 49
model focuses on, 46
Cyber Intelligence, 121
Cyber investigations, 49
Cyber punks, 122
Cyberterrorism, 61
D
DarkWallet, 7
Dark Web, 146
trading sites, 51
Data encryption, 79
Data extraction, 38–40
Data files, 40
Data storage technology, 47
Data type, 36
application (Microsoft Word), 36
metadata (dates/times), 36
word processing file, 36
Decentralization, 2
Decentralized cryptocurrency, See Bitcoin
Deductive behavioral analysis, 45
Defacing websites, 123
Default directory structure, 100
Desktop, 107
Digital artifacts, 49
volatile physical counterparts, 49
Digital cash, 3
Digital evidence, for examination, 30
Digital examiner, 85
Digital footprint, 60
Digital forensic analysts
future issues, 130
Digital forensic examiners, 39
Digital Forensic Laboratories, 99
Digital forensic professionals, 119
Digital forensics, 34
analysis, 28
collection, 28
examination, 28
reporting, 29
tools, 64
Digital Forensics Research Workshop (DFRWS), 90
Digital harassment, 127–128
Digital investigations workflows, 90–98
Digital search, goals and objectives, 35
Digital storage, 35
Direct messages (DMs), 73
Distributed Denial of Service (DDoS) attacks, 123
Documentation, 31
Document folders/directories, 37
Documents, 107
Doyle, Arthur Conan, Sir, 46
Drones, 138–139
.DS_Store file, 107
in .trash, showing past paths of deleted items, 107
Dubbed XcodeGhost, 72
E
Economics, 2
eDiscovery, 85
AccessData’s FTK Imager tool, 97
allocated data and recovered file
case creation, phase functions occur
collection of corporation data, 85
“collection” phase, 86
examiner, 85
extraction of file metadata
first phase of analysis, 86
key items report function, possess features
listing essential functions, 97
leverage processes for a digital forensic investigation, 94
“memo” format, 86
modern eDiscovery review software, 87
oftware vendors, 94
physical (human) review, 87
removing known files based on MD5 hashes (digital fingerprints), 86
software considerations, for processing phase, 95
software packages developing advanced visualization
listing essential functions, 96
tool exhibit features, for review stage, 96
tool for use in a criminal case, 94
tools limitation, 98
viewing data at the Hex level
vs. digital investigations, 94
e-forums, 129
Elcomsoft Phone Password Breaker (EPPB), 71
Electronic data, 85
Electronic discovery reference model (EDRM), 88
stages, 88
analysis, 89
collection, 89
identification, 89
information governance, 88
information governance review, 89
presentation, 89
preservation, 89
processing, 89
production, 89
review, 89
workflow, 98
Electronic storage media, 86
scalar multiplication, 8
eMule, 65
EnCase tool, 65
Encryption, 143–145
case law provide, password to law enforcement, 145
and cell phones, 145
compel suspect to produce documents, 144
court ruling, 145
defendant compelled to disclose data, 143
defendants may required to decrypt computers password, 145
defendant to produce unencrypted contents of laptop computer, 144
documents sought with “reasonable particularity”, 144
Fifth Amendment protection against self-incrimination, 144
under “foregone conclusion” doctrine, law enforcement, 143
suspect in contempt of court and incarcerated, 144
Examination phase, 38
Examination planning process, 41–42
model, 42
Examiner education, 71
Examiner’s forensic questions, 36
EXIF data embedded, 78
Exploitation, 61
F
Facebook Messenger, 60
FaceTime, 75
Facsimile, 85
Federal Bureau of Investigation (FBI), 120–121
Federal privacy legislation, 138
Federal Trade Commission (FTC), 125
File/operating system, 39
File servers, 38
File signature, 36
File Vault, 99
Financial fraud, 39
Fingerprint, 34
Fishing expedition, 30
Forcing software, 69
Forensic analysis, 41
Forensic and legal communities, 30
Forensic challenges, 72
Forensic data, 39
Forensic enigma, 82
Forensic evidence, 36
developing falsifiable hypotheses, 35
forensic questions, 35
identification and classification questions, 35
Forensic practitioners, 33
as a bridge, 34
developing detailed tasking, and set of questions/hypotheses, 37–38
examination, 38
tools, 39
the Fourth Amendment to the United States Constitution, 133
circumstances enforcement officers not required, 136
Cupp v. Murphy, 1973, 136
Mincey v. Arizona (1978), 136
United States v. Bradley, 2012, 136
closed containers protection, 135
Robbins v. California, 1981, 135
United States v. Chadwick, 1977, 135
curtilage protection, 134–135
California v. Ciraolo, 134
Florida v. Riley (1989), 134
determin search warrant, 134
evidence seized in violation, exclud from criminal trial, 134
Silverthorne Lumber Co. v. United States, 1920, 134
expectation of privacy, 134
individuals crossing an international border
United States v. Cotterman, 2013, 137
United States v. Flores-Montano, 2004, 137
information or data shared
United States v. Jacobsen, 1984, 136
Katz v. United States, 1967, p. 353, 134
obtain consent to search from a third party
United States v. Matlock, 1974, 136
open fields protection, 135
Co. v. United States (1986), 135
Oliver v. United States (1984), 135
physical constructs of search and seizure, 135
United States v. David, 1991, 135
United States v. Gorshkov, 2001, 136
probationers and parolees, expectation of privac
United States v. Lifshitz, 2004, 137
provisions, 133–134
Rakas v. Illinois, 1978, 134
Smith v. Maryland, 1979, p. 740, 134
suspect provides voluntary consent to search a computer
United States v. Al-Marri, 2002, 136
Fraud identification, 124–126
Fraudulent activities, 120
Frostwire, 65
FTK tool, 65
Fuzzy hashing, 36
G
Garbage in/garbage out, 36
Genesis block, 6
Geotagged image taken from an iOS device, 78
Geotagging-enabled information services, 78
Geotaging, 61
Getdata packet, 20
data, 21
Gmail, 65
Gold, 2
Google Chrome, 65
Google Maps, 78
Google Play store, 72
Google Plus+, 59
Government fraud, 27
Graphical user interfaces (GUIs), 48
Grassroots, 72
Grindr, 73
Guidance Software’s EnCase, 64
800-11 Guidelines of Mobile Device Forensics, 82
H
Hackers, 72
Hacking, 122–124
Hard drives, 38
Hardware manufacturers, 69
Hardware vs. software complexity trend, 69
Harmful information, 119
Hash function, 47
Hidden file, 100
Hierarchical File System Plus (HSF +), 99
features of HFS+, 99
Hotmail, 65
Hybrid approach, 45
I
iCloud Drive app, 79
the Identity Theft Resource Center (2015), 125
Illegal goods, 1
iMessages, 106
Immigration and Customs Enforcement (ICE), 121
Immigration and Naturalization Services (INS), 121
iMovie, 108
directories and media storage, 111
Indentificiation, 32
Inductive/deductive reasoning, 45
International Mobile Subscriber Identity (IMSI) catchers, 141
and new-age technologies
opportunity for criminal activity, 119
Internet browser, 64
Internet child pornography, 61
Internet Evidence Finder, 65
Internet Explorer, 65
Internet History, 53
Internet of Things, 146
Internet-related artifacts, 65
Interpretations, 34
of evidence, 52
Investigative psychology, 45
Investigative questions, 31
Investigators, 30
Inv packet, 19
data, 20
iCloud Drive app, 79
passcodes, 79
history, 62
iPhone devices, 80
iPhone 5s, 71
Issues, 47
accountability, 48
lack of context, 48
volume of data, 47
iTunes, 79
J
Java, 102
Joint Test Action Group (JTAG), 81
J-tagging, 81
K
Keyword search algorithms, 47
“Knock-off” phones, 80
L
Laptop, 64
Law enforcement, 52
future issues, 130
Legal hypotheses, 32
Legal justice system, 47
Legal questions, 32
Library, 102
non-sandboxed applications, share information, 102
programming language, 102
root-level, 102
Line, 60
LinkedIn, 59
Linux, 99
Litigation, 85
Livestream, 74
Locard’s principle of exchange, 49
Location data, and apps, 77
M
Macintosh computers, 99
Mac OS X actually contain files behind icon
applications in, 101–102
Mac OS X El Capitan, 99
Magnet Forensics’ Internet Evidence Finder (IEF), 64
Mail app, 112
Mail downloads, 112
Mail folder, 112
Malicious program, 72
forensics, 61
Match, 73
“Memo” format, 86
Memory chips, 81
Memory dumps, 47
Message directory, 113
Metadata, 87
Metal gold, 2
Microchips, 82
Mining, 10–12
Mint, 4
Mobile devices, 69
forensics, 61
hardware, 69
annual growth of, 70
features in selecting, 69
Mobile forensic examiner, 78
Mobile forensic extraction tools, 79
Mobile operating systems, market share of, 70
Mobile phone, 59
Mobile platforms, 71
Mobile technology, 69
Modern electronics, 2
Mozilla Firefox, 65
Multibit HD, 16
Multibit log, 17–19
Multimedia, 74
Multimedia messaging service (MMS), 74
Multiuser data storage devices, 38
Multiuser file server, 38
N
National Center for Missing and Exploited Children (NCMEC), 55
National Child Victim Identification System (NCVIS), 121
National Computer Forensic Institute, 121
National Institute of Standards and Technology (NIST), 82
National security, 121
Native messaging apps, 74
Navigation-based applications, 78
Network forensics (Internet traffic), 61
“Niche” social media apps, 73
Non-native messaging apps, 74
the North American Man/Boy Love Association, 129
Note artifacts, 114
O
OKCupid, 73
Onion Router (“Tor”), project, 146
Online databases, 69
Online paraphilia, 55
Organization for Economic Cooperation and Development (OECD), 59
Organizations, supporting behavior of child sexual abuse and, 129
Organized crime, 61
Orphan blocks, 10
OS X 10.11, 99
OS X 10, default operating system, 99
OS X 10.11 EL Capitan, 115
new features in, 115
OS X file structure, 100
OS X operating systems, 100
command line examples in terminal, 100
P
Packet reconstruction, 34
Palo Alto Networks, company, 72
Passwords, stronger, 79
Pedophile, 55
Peer-to-peer networks, 129
People’s online behaviors, 51
Periscope, 74
fighting crime with, 74
PERL, 39
Personal cloud services, 71
Personal computer (PC), revolution, 69
Phishing, 61
attacks, 72
Photo Booth, 107
Photos app, 108
PhotoShop, 40
Physical Analyzer, 64
Pictures directory, 107
Pinterest, 59
Planning process, examination, 41–42
.plist files (Apple), 73
Poking, 127
Pornography, 128–129
Prepaid “burner” phones, 80
Private directory, 103
dhcpclient folder, 103
path leads to SHA1 password, 103
Plist, 104
user’s DHCP lease and router information, 105
Professional criminals, 122
Project folder, 37
Prostitution, 61
Psychological profiling, 45
R
RATs (remote access tools), 51
Reconstruction examinations, 36
Recovered data, 40
the Rene Guyon Society, 129
Restrictive judicial constraints, 36
Reverse-engineer, 71
Root directory, 101
S
Safari artifacts, 112
Sbin, 102
Scientific Working Group on Digital Evidence, 82
Scope creep, 31
SDelete, 7
Search warrants, 137–138
Sexual assault, 61
SharedCoin, 3
Signature behaviors, 46
Skilled programmers, 122
Slack data (RAM and/or File), 38
Small storage media aid, 85
Smartphones, 60
SMS-like functionality, 74
SMS text message, 78
Snapchat, 74
Sneeky, 60
Social construct, 2
Social engineering, 61
content utilizing location services, 78
case of “El Chapo”, 78
valuable source of evidence, 78
and crime, 61
and digital forensics, 61
evidence on network, 62–63
evidence on physical device, 64–65
yield digital evidence, 61
“P Smurf” case, 61
Social media apps, 73
challenges and threats, exist in regards to forensic extraction and, 73
Social media sites, 59
Social networking sites (SNS), 59
“Solve” cases, 36
Spamming, 127
SQLite Browser, 110
.ssh file, 106
SSH information, including IP, keys, and encryption method, 107
SSH protocol, 106
Standard operating procedures (SOPs), 82
Streaming apps, 74
Subdirectory metadata, 112
Syllogistic reasoning, 45
Synced-up Macbook, 74
System Integrity Protection (SIP) account, 115
T
Technology, 47
globalization of, 60
Test access port (TAP), 81
Text files, 63
Theft identification, 124–126
“Thorough” examination, 35
Tinder, 73
Torrent programs, 65
Tracking cell phones, 141
case law, 151
Tracking vehicles, 140–141
United States v. Jones, 2012, 140
United States v. Karo, 1984, 140
United States v. Knotts 1983, 140
United States v. Kyllo, 2001, 140
Transactions, 5
in Bitcoin, 9
.Trash directory, 106
Travel vouchers, 40
Trojan horses, 51
preservation letter to, 63
Tx packet, 21–23
data, 23
U
Unallocated data (slack), 38
Un-focused and needless operations, 36
Unique identifiers, with phone numbers, 113
the United States Customs Service, 121
the United States Secret Service, 120–121
the United States Supreme Court, 35
UNIX, 99
Unix-based systems, 101
root directory, 101
terminal command, manual examination, 101
Unix commands, common, 101
UNIX server, 27
UNIX system, 27
USBdebugging, 80
User directory, 105
structure, 106
User generated content, 59
User security awareness training, 71
USR directory, 104
V
Validation, 82
accreditation standard for forensic testing and, 82
ISO 17025 or 17020, 82
updating hardware and software, 82
Var, 105
keychain folder, 105
basic step, 10
Victim Identification Program, 121
Video, 61
Violation, 47
Viper, 60
Virtual communities, 129
Virtual game worlds, 59
Virtual servers, 72
Visual confirmation, 40
Visualization, of data, 51
Voice calls, 75
Voice over IP (VoIP) apps, 74
potential source of communication and, 75
Vulnerabilities, 71
inherent, 72
W
Wallets, 7
software, 7
Waze, 60
Web 2.0, 59
Web-based services, 59
Web browsers, 65
Web searches, 53
WhatsApp Messenger, 60
Whisper, 60
Wi-Fi access points and hotspots, 77
Wikipedia, 59
Windows, 72
Windows Registry, 104
Windows registry file, 40
Wireless (Wi-Fi) hotspots, and access poin, 77
X
XcodeGhost, 72
XML documents, 104
Y
Yahoo Mail, 65
Yahoo Messenger, 65
YikYak, 60
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.