Digital Forensics
Threatscape and Best Practices
Edited by
John Sammons
Assistant Professor and Director of the Digital Forensics and Information Assurance Program, Marshall University, Huntington, WV, USA
Table of Contents
Copyright
Acquiring Editor: Chris Katsaropoulos
Editorial Project Manager: Anna Valutkevich
Project Manager: Priya Kumaraguruparan
Designer: Mark Rogers
Syngress is an imprint of Elsevier
225 Wyman Street, Waltham, MA 02451, USA
Copyright 2016 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
ISBN: 978-0-12-804526-8
For information on all Syngress publications visit our website at store.elsevier.com/Syngress
Dedication
For Lora, Abby, and Rae for making me a truly blessed and lucky man. To my aunt Ruth whose love, support, and encouragement means so much. To my mother Juanita, and my grandmother Grace. For the many sacrifices you made and the example you set I miss you.
List of Contributors
Rob Attoe , Marshall University, WV, USA
Dhruba J. Bora , Marshall University, WV, USA
Margaret Phipps Brown , Marshall University, WV, USA
Josh Brunty , Marshall University, WV, USA
Kimberly A. DeTardo-Bora , Marshall University, WV, USA
Shawn Jordan , Marshall University, WV, USA
Sean C. Leshney , Tippecanoe County Prosecutors Office, IN, USA
Preston Miller , Consultant at an International cybersecurity and forensics firm, USA
Mark Pollitt , Digital Evidence Professional Services, Inc., MD, USA
Marcus K. Rogers , Purdue University, IN, USA
Kathryn C. Seigfried-Spellar , Purdue University, IN, USA
Editor Biography
John Sammons is an Assistant Professor and Director of the undergraduate program in Digital Forensics and Information Assurance at Marshall University in Huntington, West Virginia. John teaches digital forensics, electronic discovery, information security and technology in the Department of Integrated Science and Technology. He is also adjunct faculty with the Marshall University graduate forensic science program where he teaches the advanced digital forensics course. John is the founder and past President of the Appalachian Institute of Digital Evidence (AIDE). AIDE is a nonprofit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement and information security practitioners in the private sector. He is the author of best selling book, The Basics of Digital Forensics published by Syngress.
John, a former police officer, is also an Investigator with the Cabell County Prosecuting Attorneys Office and a member of the West Virginia Internet Crimes Against Children Task Force. He is an Associate Member of the American Academy of Forensic Sciences, the High Technology Crime Investigation Association, the Southern Criminal Justice Association and Infragard.
Biographies
Rob Attoe is a Director within the training department at Cellebrite, where he leads the training departments business development and delivery of course content across all disciplines, ensuring the curriculum and delivery concepts, which are of the highest standards within the industry as well production of customized courses tailored for mobile forensic practitioners globally. Attoe also leads the research in to forensic artifacts found on various operating systems and regularly presents finding are large conferences globally. Previously as SVP of Global Training at Nuix and Director of Training at AccessData, Attoe has over a decade of experience developing Digital Forensics and Decryption training programs for the global digital investigations community.
In the past, Attoe has held positions as a Computer Crime Specialist II with the National White Collar Crime Centre, where his primary focus was the research and development of a file system analysis and automated forensic tool curriculum, and with the Kent Police as a Forensic Computer Analyst.
As a certified member of the International Association of Computer Investigative Specialists (IACIS), Attoe has instructed at the associations annual conference, as well as regularly presenting at the premier international digital forensics conferences and events such as High Technology Crime Investigation Association, Department of Defence Cyber Crime, F3 Annual Conference, and Internet Crimes against Children taskforce. Attoe has authored and taught many digital forensic courses globally as well as coauthoring a course for The National Hi-Tech Crime Unit in the United Kingdom and advanced courses for IACIS.
Kimberly A. DeTardo-Bora is a Professor of Criminal Justice and Criminology at Marshall University where she serves as both undergraduate and graduate program directors. She obtained her Ph.D. degree in Criminology from Indiana University of Pennsylvania in 2003. Dr. DeTardo-Bora has carried out state and federal-level grant projects to evaluate court-appointed special advocate programs, domestic violence programs, the weed and seed program, and housing authority programs. Her most recent endeavor has been exploring the world of hacktivists. Besides a book titled, West Virginias Criminal Justice System published with co-authors Dhruba J. Bora and Samuel L. Dameron, Dr. DeTardo-Boras research has been published in scholarly venues such as Action Research , Corrections Compendium, Security Journal, and Women and Criminal Justice.