Digital Forensic Publications
There are countless resources available in today that are designed specifically to teach different the basics or specializations contained within the digital forensic discipline. While the volume of reference materials on digital forensics is beyond the intention to identify and include them all in the list below, the following are recent publications that can be used as a learning tool for digital forensics.
Digital Forensics with the AccessData Forensic Toolkit (FTK). McGraw-Hill Osborne Media, 05 Sep 2015. ISBN: 9780071845021
Handbook of Digital Forensics of Multimedia Data and Devices. Wiley-IEEE Press, 31 Aug 2015. ISBN: 9781118640500
Hacking Exposed Computer Forensics Third Edition: Secrets & Solutions. McGraw-Hill Osborne Media, 06 Jul 2015. ISBN: 978-0071817745
Operating System Forensics 1st Edition. Syngress, 01 Jul 2015. ISBN: 9780128019498.
Cybercrime and Digital Forensics: An Introduction. Routledge, 12 Feb 2015. ISBN: 978-1138021303
The Basics of Digital Forensics 2nd Edition. Syngress, 15 Dec 2014. ISBN: 9780128016350.
Computer Forensics and Digital Investigation with EnCase Forensic v7. McGraw-Hill Osborne Media, 28 May 2014. ISBN: 978-0071807913
Windows Forensic Analysis Toolkit 4th Edition: Advanced Analysis Techniques for Windows 8. Syngress, 10 Apr 2014. ISBN: 9780124171572.
Computer Incident Response and Forensics Team Management 1st Edition. Syngress, 22 Nov 2013. ISBN: 9781597499965.
Digital Forensics Processing and Procedures 1st Edition. Syngress, 17 Sep 2013. ISBN: 9781597497428.
Computer Forensics InfoSec Pro Guide. McGraw-Hill Osborne Media, 09 Apr 2013. ASIN: B00BPO7AP8
Malware Forensics Field Guide for Windows Systems 1st Edition. Syngress, 13 Jun 2012. ISBN: 9781597494724. Digital Forensics with Open Source Tools. Syngress, 14 Apr 2011. ISBN: 9781597495868.
Handbook of Digital Forensics and Investigation. Academic Press, 26 Oct 2009. ISBN: 978-0123742674
Tools and Equipment
To identify and select the proper tools and equipment to perform their investigative activities and steps, the digital forensic team must have a good understanding of how different business environments functions respective to the hardware and operating system(s) they use. This assessment will determine what tools and equipment are required to gather and process evidence from the organizations data sources. While there might be some tools or equipment absent due to new ones being constantly developed, the websites below offer a listing of currently available digital forensic tools and equipment.
21 Popular Computer Forensics Tools, InfoSec Institute. http://resources.infosecinstitute.com/computer-forensics-tools/. 2014.
Digital Forensic Tools and Equipment. ForensicsWiki. http://www.forensicswiki.org/wiki/Tools. 2015.
Forensic Hardware, Digital Intelligence. https://www.digitalintelligence.com/cart/ComputerForensicsProducts/Forensic-Workstations-p1.html.
Forensic Workstations, Forensic Computers. http://www.forensiccomputers.com/workstations/forensic-workstations.html.
Free Computer Forensic Tools, Forensic Control. https://forensiccontrol.com/resources/free-software/. 2015.
List of Digital Forensics Tools, Wikipedia. http://en.wikipedia.org/wiki/List_of_digital_forensics_tools. 2015.
OpenSource Tools, Digital Forensic Association. http://www.digitalforensicsassociation.org/opensource-tools/.
Talino Forensic Workstation, InSig2. http://www.insig2.eu/talino-forensic-workstation-31.
Tools, ForensicsWiki. http://www.forensicswiki.org/wiki/Tools. 2015.
Integrity Monitoring Compliance Objectives
Implementation of integrity monitoring is an essential security control to guarantee the authenticity and integrity of business records as digital evidence. In addition to the use of integrity monitoring as means of maintaining integrity and proving authenticity of data, these solutions have also been established as a requirement for several regulatory compliance objectives; including:
FISMA SP800-53 R4. Requirement SI-7. http://csrc.nist.gov/drivers/documents/FISMA-final.pdf. NIST, 2013.
HIPAA SP800-66. Section 4.16. http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf. NIST, 2008.
PCI DSS: Requirements and Security Assessment Procedures v3.1. Requirement 11.5. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf. PCI Security Standards Council, 2015.
SOX Act of 2002. Section 404. https://www.sec.gov/about/laws/soa2002.pdf. U.S. Securities and Exchange Commissions, 2002.
Risk Management Methodologies
Generally, all risk assessments follow a similar methodology consisting of the same techniques to arriving at a final risk decision; including analyzing threats and vulnerabilities, asset valuation, and risk evaluation. However, there is no single risk assessment methodology that meets the needs of every organization because they were not designed to be “one-size-fits-all”. Each organization is unique in its own respect and has their own reasons for why they would complete risk assessments. Therefore, a variety of industry recognized risk assessment methodologies have been developed to address the varying needs and requirements of organizations. It is important to note that inclusion of a methodology below does not suggest that these are better or recommended over other models that were not included.
Alberts, Christopher; Dorofee, Audrey; Stevens, James; Woody, Carol; Introduction to the OCTAVE Approach. http://resources.sei.cmu.edu/asset_files/UsersGuide/2003_012_001_51556.pdf. Carnegie Mellon University, 2003.
Ionita, Dan; Hartel, Pieter; Current Established Risk Assessment Methodologies and Tools. http://doc.utwente.nl/89558/1/%5Btech_report%5D_D_Ionita_-_Current_Established_Risk_Assessment_Methodologies_and_Tools.pdf. University of Twente, 2013.
Peltier, Thomas R; Facilitated Risk Analysis Process (FRAP). http://www.ittoday.info/AIMS/DSM/85-01-21.pdf. CRC Press, 2000.
Laws and Regulations
In several geographic regions, there are laws and regulations that dictate how technology can be used; such as information privacy, anti-spamming, and data exporting. Designed to connect technology with risk, these laws and regulations can be generally grouped into one of the following categories.
Computer Misuse Act of 1990. http://www.legislation.gov.uk/ukpga/1990/18/pdfs/ukpga_19900018_en.pdf. Parliament of the United Kingdom.
Cybercrime Act of 2001. https://www.comlaw.gov.au/Details/C2004A00937. Australian Government.
Cybercrime Prevention Act of 2012 (Republic Act No. 10175). http://www.gov.ph/2012/09/12/republic-act-no-10175. Congress of the Philipines.
Electronic Communications Privacy Act of 1986. http://www.loc.gov/law/opportunities/PDFs/ElectronicCommunicationsPrivacyAct-PL199-508.pdf. U.S. Congress.
ePrivacy Act of 2002. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:337:0011:0036:en:PDF. European Parliament.
FISMA SP800-53 R4. http://csrc.nist.gov/drivers/documents/FISMA-final.pdf. NIST, 2013.
HIPAA SP800-66. http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf. NIST, 2008.
Patriot Act of 2001. http://www.gpo.gov/fdsys/pkg/PLAW-107publ56/pdf/PLAW-107publ56.pdf. U.S. Congress.
PCI DSS: Requirements and Security Assessment Procedures v3.1. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf. PCI Security Standards Council, 2015.
SOX Act of 2002. https://www.sec.gov/about/laws/soa2002.pdf. U.S. Securities and Exchange Commissions, 2002.
Cloud Computing Environments
Through the combination of several major technology concepts, cloud computing has evolved over several decades to become the next-generation of computing models. As cloud computing continues to mature, providing organizations with an inexpensive means of deploying computing resources, it is driving a fundamental change in the ways technology is becoming a common layer of service-oriented architectures. Cloud computing presents unique challenges to an organization’s digital forensics capabilities because of the dynamic nature in which information exists and a shift where organizations have less control over physical infrastructure assets. This leads to the inherent challenge of maintaining best practices for cloud computing while continuing to enable digital forensic capabilities.
Cloud Security Alliance. Quick Guide to the Reference Architecture: Trusted Cloud Initiative. https://cloudsecurityalliance.org/wp-content/uploads/2011/10/TCI_Whitepaper.pdf.
Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing V3.0. https://downloads.cloudsecurityalliance.org/assets/research/security-guidance/csaguide.v3.0.pdf.
NIST Cloud Computing Security Working Group – Information Technology Laboratory. NIST Cloud Computing Security Reference Architecture. http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/CloudSecurity/NIST_Security_Reference_Architecture_2013.05.15_v1.0.pdf.
Mobile Devices
Since its inception, the world of mobile technologies has evolved quickly where new devices, operating systems, and threats are emerging every day. With mobile devices, achieving a state of digital forensic readiness is important because of the dynamic and portable nature by which these devices are used to interconnect and interface both business and personal information. Organizations need to optimize their investigative process by taking pro-active steps to guarantee that evidence will be readily available when (and if) needed from mobile devices.
Choo, Kim-Kwang Raymond; Dehghantanha, Ali. Contemporary Digital Forensic Investigations of Cloud and Mobile Applications. Syngress Press, 2016. ISBN # 9780128054482.
Doherty, Eamon P. Digital Forensics for Handheld Devices. CRC Press, 2016. ISBN # 9781439898789.
Ho, Anthony T.S., Li, Shujun. Handbook of Digital Forensics of Multimedia Data and Devices. John Wiley & Sons, 2016. ISBN # 9781118757079.
Martin, Andrew. Mobile Device Forensics. https://www.sans.org/reading-room/whitepapers/forensics/mobile-device-forensics-32888. SANS Institute, 2009.
National Institute of Standards and Technology (NIST) Special Publication 800-101 Revision 1. Guidelines on Mobile Device Forensics. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-101r1.pdf.
NIST Special Publication 800-124 Revision 1. Guidelines for Managing the Security of Mobile Devices in the Enterprise.
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r1.pdf.