Introduction to Digital Forensics

1.1 Preface

  • In 2016, there were 298,728 complaints reported to the Internet Crime Complaint Center in the United States.

    • These complaints resulted in total victim losses of $1.33 billion.

    • This equates to an average of over 800 complaints per day.

    • Average victim loss per day: approximately $350,000.

  • Excluding the United States, significant sources of complaints included:

    • Canada

    • India

    • United Kingdom

    • Germany ranked 11th

  • The number of reported crimes in this domain has increased by 50% since 2008.

    • Total victim loss has increased almost sevenfold during the same period.

  • In contrast, rates of violent and white collar crime have decreased.

    • These traditional crimes still outnumber digital crime victim losses by $14 billion.

Historical Context of Digital Forensics

  • The introduction of the first personal computer by IBM in the 1980s made computing accessible to the masses.

  • Resulting growth of computer enthusiasts coincided with recognition from criminals of the technology's potential for exploitation, leading to initial digital crimes.

  • Law enforcement responded with investigations into digital offenses.

    • The Federal Bureau of Investigation (FBI) hosted its first digital forensics conference in 1993, called the "International Conference on Computer Evidence."

  • This conference initiated the establishment of the International Organization on Computer Evidence (IOCE) in 1995.

  • Major forensic challenges during this era included:

    • Data recovery issues linked to expensive storage resources.

    • The rise of commercial Internet Service Providers (ISPs) in the late 1980s and early 1990s increased internet accessibility.

    • Criminals began using dial-up connections and self-written command line tools for remote access attacks.

  • Digital forensic practitioners faced complications as criminal investigations geographically constrained, with little recognition for the field's legitimacy until 1995.

    • Only a few organizations acknowledged the need for digital forensic measures.

The Growth of Digital Forensics

  • The 1990s saw an explosion in computer-driven technologies and widespread use of personal computers and the internet.

  • The prominence of computer-related crimes rose; notable events included:

    • Child pornography scandal in 1993 involving George Slunty Burdynski Jr., who used a PC to disseminate illegal material online.

  • The aftermath of the 9/11 terror attacks highlighted the role of digital forensics, revealing key evidence on terrorist computers worldwide, which emphasized that criminals are using computers just like ordinary users.

  • In 2006, the need for legally sanctioned digital investigation support was bolstered by the US Congress through updates to the "Rules for Civil Procedure."

    • Digital information began to be recognized as a legitimate form of evidence, prompting a specialized framework for dealing with it.

  • This recognition led to exponential growth in the digital forensics sector.

    • Information security professionals and private companies began to acknowledge digital forensics as a critical skill area, resulting in the establishment of forensic programs at various academic institutions.

1.2 Targeted Audience

  • This book aims to teach not only the application of forensic tools but also the underlying principles and functionality of those tools.

  • Primary audience:

    • Beginners entering the field such as students, hobbyists, and the general public interested in digital forensics.

  • Secondary audience:

    • Advanced digital forensics practitioners and IT-security experts seeking to expand their knowledge of existing tools/frameworks or learn about new tools.

  • The content is particularly beneficial for practitioners who are new to the Linux operating system, on which the book heavily relies.

  • Acknowledgement: the book cannot cover every aspect exhaustively but aims to provide a solid foundational knowledge in digital forensics.

1.3 Structure of the Book

  • Following the introductory section:

    • Chapter 2: "What is Digital Forensic?"

    • Exploration of basic definitions, goals, processes, legal systems, and the role of digital forensics professionals.

    • Discussion on the differences between digital and classical forensics.

    • Chapter 3: Overview of the necessary tools for conducting forensic examinations.

    • Introduction to suitable operating systems.

    • Importance of open source software.

    • Introduction of both basic and advanced forensic tools to assemble a versatile digital forensics toolkit.

    • Chapter 4: Provision of several digital forensics investigation checklists to develop proper understanding of common procedures and techniques for examinations.

  • Part II of the book:

    • Practical component (Chapters 5-18) showcasing concrete real-world examples of digital forensics investigations (referred to as hacks).