Sammons - Digital forensics: threatscape and best practices

Acquiring Editor: Chris Katsaropoulos

Editorial Project Manager: Anna Valutkevich

Project Manager: Priya Kumaraguruparan

Designer: Mark Rogers

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

Copyright 2016 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-804526-8

For Lora, Abby, and Rae for making me a truly blessed and lucky man. To my aunt Ruth whose love, support, and encouragement means so much. To my mother Juanita, and my grandmother Grace. For the many sacrifices you made and the example you set I miss you.

Rob Attoe , Marshall University, WV, USA

Dhruba J. Bora , Marshall University, WV, USA

Margaret Phipps Brown , Marshall University, WV, USA

Josh Brunty , Marshall University, WV, USA

Kimberly A. DeTardo-Bora , Marshall University, WV, USA

Shawn Jordan , Marshall University, WV, USA

Sean C. Leshney , Tippecanoe County Prosecutors Office, IN, USA

Preston Miller , Consultant at an International cybersecurity and forensics firm, USA

Mark Pollitt , Digital Evidence Professional Services, Inc., MD, USA

Marcus K. Rogers , Purdue University, IN, USA

Kathryn C. Seigfried-Spellar , Purdue University, IN, USA

John Sammons is an Assistant Professor and Director of the undergraduate program in Digital Forensics and Information Assurance at Marshall University in Huntington, West Virginia. John teaches digital forensics, electronic discovery, information security and technology in the Department of Integrated Science and Technology. He is also adjunct faculty with the Marshall University graduate forensic science program where he teaches the advanced digital forensics course. John is the founder and past President of the Appalachian Institute of Digital Evidence (AIDE). AIDE is a nonprofit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement and information security practitioners in the private sector. He is the author of best selling book, The Basics of Digital Forensics published by Syngress.

John, a former police officer, is also an Investigator with the Cabell County Prosecuting Attorneys Office and a member of the West Virginia Internet Crimes Against Children Task Force. He is an Associate Member of the American Academy of Forensic Sciences, the High Technology Crime Investigation Association, the Southern Criminal Justice Association and Infragard.

Rob Attoe is a Director within the training department at Cellebrite, where he leads the training departments business development and delivery of course content across all disciplines, ensuring the curriculum and delivery concepts, which are of the highest standards within the industry as well production of customized courses tailored for mobile forensic practitioners globally. Attoe also leads the research in to forensic artifacts found on various operating systems and regularly presents finding are large conferences globally. Previously as SVP of Global Training at Nuix and Director of Training at AccessData, Attoe has over a decade of experience developing Digital Forensics and Decryption training programs for the global digital investigations community.

In the past, Attoe has held positions as a Computer Crime Specialist II with the National White Collar Crime Centre, where his primary focus was the research and development of a file system analysis and automated forensic tool curriculum, and with the Kent Police as a Forensic Computer Analyst.

As a certified member of the International Association of Computer Investigative Specialists (IACIS), Attoe has instructed at the associations annual conference, as well as regularly presenting at the premier international digital forensics conferences and events such as High Technology Crime Investigation Association, Department of Defence Cyber Crime, F3 Annual Conference, and Internet Crimes against Children taskforce. Attoe has authored and taught many digital forensic courses globally as well as coauthoring a course for The National Hi-Tech Crime Unit in the United Kingdom and advanced courses for IACIS.

Kimberly A. DeTardo-Bora is a Professor of Criminal Justice and Criminology at Marshall University where she serves as both undergraduate and graduate program directors. She obtained her Ph.D. degree in Criminology from Indiana University of Pennsylvania in 2003. Dr. DeTardo-Bora has carried out state and federal-level grant projects to evaluate court-appointed special advocate programs, domestic violence programs, the weed and seed program, and housing authority programs. Her most recent endeavor has been exploring the world of hacktivists. Besides a book titled, West Virginias Criminal Justice System published with co-authors Dhruba J. Bora and Samuel L. Dameron, Dr. DeTardo-Boras research has been published in scholarly venues such as Action Research , Corrections Compendium, Security Journal, and Women and Criminal Justice.