Page 113 - Hacker HighSchool eBook
P. 113
LESSON 8 – DIGITAL FORENSICS
Table of Contents
“License for Use” Information..................................................................................................................2
Contributors................................................................................................................................................4
8.0 Introduction..........................................................................................................................................5
8.1 Forensic Principles................................................................................................................................6
8.1.0 Introduction...................................................................................................................................6
8.1.1 Avoid Contamination..................................................................................................................6
8.1.2 Act Methodically..........................................................................................................................6
8.1.3 Chain of Evidence.......................................................................................................................6
8.1.4 Conclusion.....................................................................................................................................6
8.2 Stand-alone Forensics.........................................................................................................................7
8.2.0 Introduction...................................................................................................................................7
8.2.1 Hard Drive and Storage Media Basics......................................................................................7
8.2.2 Encryption, Decryption and File Formats..................................................................................8
8.2.3 Finding a Needle in a Haystack...............................................................................................10
8.2.3.1 find.......................................................................................................................................10
8.2.3.2 grep.....................................................................................................................................10
8.2.3.3 strings...................................................................................................................................11
8.2.3.4 awk......................................................................................................................................11
8.2.3.5 The Pipe “|”.......................................................................................................................11
8.2.4 Making use of other sources.....................................................................................................11
8.3 Network Forensics..............................................................................................................................13
8.3.0 Introduction.................................................................................................................................13
8.3.1 Firewall Logs................................................................................................................................13
8.3.2 Mail Headers...............................................................................................................................13
Further Reading........................................................................................................................................14
3
