Computer Forensics: A Pocket Guide

Computer Forensics

Computer

Forensics

A Pocket Guide

NATHAN CLARKE

Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address:

IT Governance Publishing

IT Governance Limited

Unit 3, Clive Court

Bartholomew’s Walk

Cambridgeshire Business Park

Ely

Cambridgeshire

CB7 4EH

United Kingdom

www.itgovernance.co.uk

© Nathan Clarke 2010

The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work.

First published in the United Kingdom in 2010

by IT Governance Publishing.

ISBN 978-1-84928-160-7

PREFACE

Computer forensics has become an essential tool in the identification of misuse and abuse of systems. Whilst widely utilised within law enforcement, the rate of adoption by organisations has been somewhat slower, with many organisations focusing upon the traditional security countermeasures to prevent an attack from occurring in the first place. Such an approach is certainly essential, but it is also well understood that no system or network is completely secure. Therefore, organisations will inevitably experience a cyberattack. Moreover, traditional countermeasures do little to combat the significant threat that exists from within the organisation. Computer forensics is an invaluable tool for an organisation in understanding the nature of an incident and being able to recreate the crime.

The purpose of this pocket book is to provide an introduction to the tools, techniques and procedures utilised within computer forensics, and in particular focus upon aspects that relate to organisations. Specifically, the book will look to:

develop the general knowledge and skills required to understand the nature of computer forensics;

provide an appreciation of the technical complexities that exist; and

allow the reader to understand the changing nature of the field and the subsequent effects that it will have upon an organisation.

This will allow managers to better appreciate the purpose, importance and challenges of the domain, and allow technical staff to understand the key processes and procedures that are required.

The final section of the text has been dedicated to resources that will provide the reader with further directions for reading and information on the tools and applications used within the computer forensic domain.

ABOUT THE AUTHOR

Dr Nathan Clarke is a senior lecturer at the Centre for Security, Communications and Network Research at the University of Plymouth and an adjunct lecturer with Edith Cowan University in Western Australia. He has been active in research since 2000, with interests in biometrics, mobile security, intrusion detection, digital forensics and information security awareness. Dr Clarke is also the undergraduate and postgraduate Programme Manager for information security courses at the University of Plymouth.

During his academic career, Dr Clarke has authored over 50 publications in referred international journals and conferences. He is the current co-chair of the Workshop on Digital Forensics & Incident Analysis (WDFIA) and of the Human Aspects of Information Security & Assurance (HAISA) symposium. Dr Clarke has also served on over 40 international conference events and regularly acts as a reviewer for numerous journals, including Computers & Security, IEEE Transactions