This book provides an in-depth understanding of big data challenges to digital forensic investigations, also known as big digital forensic data. It also develops the basis of using data mining in big forensic data analysis, including data reduction, knowledge management, intelligence, and data mining principles to achieve faster analysis in digital forensic investigations. By collecting and assembling a corpus of test data from a range of devices in the real world, it outlines a process of big digital forensic data analysis for evidence and intelligence. It includes the results of experiments on vast volumes of real digital forensic data. The book is a valuable resource for digital forensic practitioners, researchers in big data, cyber threat hunting and intelligence, data mining and other related areas.
|
|
|
1 | (4) |
|
|
|
4 | (1) |
|
2 Quick Analysis of Digital Forensic Data |
|
|
5 | (24) |
|
2.1 Digital Forensic Quick Analysis Methodology |
|
|
7 | (9) |
|
2.1.1 Physical Examination |
|
|
9 | (1) |
|
|
|
10 | (6) |
|
2.2 Quick Analysis of Test Data |
|
|
16 | (5) |
|
2.3 Quick Analysis of Real World Digital Forensic Subsets |
|
|
21 | (5) |
|
2.3.1 Quick Analysis with EnCase on Real World Data |
|
|
21 | (2) |
|
2.3.2 Processing with NUIX on Real World Data |
|
|
23 | (3) |
|
|
|
26 | (1) |
|
|
|
26 | (3) |
|
|
|
27 | (2) |
|
3 Digital Forensic Data and Intelligence |
|
|
29 | (20) |
|
3.1 Intelligence Analysis and Digital Intelligence |
|
|
31 | (4) |
|
3.2 Digital Forensic Intelligence |
|
|
35 | (1) |
|
3.3 Mobile Phone and Portable Storage Growth 2003--2018 |
|
|
36 | (4) |
|
3.3.1 South Australia Police---Electronic Evidence 2000--2015 |
|
|
38 | (1) |
|
3.3.2 FBI Regional Computer Forensic Labs 2006--2013 |
|
|
38 | (2) |
|
|
|
40 | (2) |
|
|
|
42 | (2) |
|
|
|
44 | (1) |
|
|
|
45 | (4) |
|
|
|
45 | (4) |
|
4 Data Reduction of Mobile Device Extracts |
|
|
49 | (18) |
|
4.1 Digital Forensic Intelligence Analysis |
|
|
50 | (2) |
|
4.2 Mobile Phone Extracts |
|
|
52 | (4) |
|
|
|
53 | (1) |
|
4.2.2 Oxygen Forensic Suite 6.4.0.67 |
|
|
53 | (1) |
|
4.2.3 Cellebrite UFED 3.9.2.4 |
|
|
54 | (1) |
|
4.2.4 Guidance Software EnCase 7.09.04 |
|
|
54 | (1) |
|
4.2.5 Paraben Device Seizure 6.66 |
|
|
55 | (1) |
|
4.2.6 Internet Evidence Finder (IEF) 6.4.2.0070 |
|
|
55 | (1) |
|
4.2.7 Summary of Mobile Phone Exports |
|
|
56 | (1) |
|
4.3 Digital Forensic Intelligence Analysis of Test Data |
|
|
56 | (2) |
|
4.4 Review of South Australia Police Data |
|
|
58 | (4) |
|
4.4.1 Data Volume of South Australia Police XRY Extracts |
|
|
59 | (1) |
|
4.4.2 Extract Time from South Australia Police XRY Data |
|
|
60 | (1) |
|
4.4.3 Summary of South Australia Police Data |
|
|
61 | (1) |
|
|
|
62 | (2) |
|
|
|
64 | (3) |
|
|
|
65 | (2) |
|
5 Digital Forensic Data and Open Source Intelligence (DFINT+OSINT) |
|
|
67 | (16) |
|
5.1 The Role of Intelligence |
|
|
68 | (4) |
|
5.1.1 Intelligence-Led Policing (ILP) |
|
|
68 | (1) |
|
5.1.2 Open Source Intelligence |
|
|
69 | (2) |
|
5.1.3 Digital Forensic Intelligence + OSINT |
|
|
71 | (1) |
|
|
|
72 | (2) |
|
5.3 Results: Digital Intelligence and OSINT from M57 Test Data |
|
|
74 | (3) |
|
5.4 Applying DFINT+OSINT to Real World Data |
|
|
77 | (2) |
|
|
|
79 | (1) |
|
|
|
80 | (3) |
|
|
|
80 | (3) |
|
|
|
83 | (3) |
|
|
|
84 | (2) |
| References |
|
86 | |
Dr. Darren Quick is a Senior Intelligence Technologist with the Australian Department of Home Affairs and a former Digital Forensic Investigator with the Australian Border Force, and previously an Electronic Evidence Specialist with the South Australia Police. He has undertaken over 650 digital forensic investigations involving many thousands of digital evidence items. In 2012 Darren was awarded membership of the Golden Key International Honour Society, in 2014 he received a Highly Commended award from the Australian National Institute of Forensic Science, and in 2015 received the Publication of the Year award from the Australian Institute of Professional Intelligence Officers.
Dr. Kim-Kwang Raymond Choo holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio, is an adjunct associate professor at the University of South Australia, a fellow of the Australian Computer Society, and a senior member of IEEE. He and his team wonthe Digital Forensics Research Challenge 2015 organized by Germany's University of Erlangen-Nuremberg, and he is the recipient of various awards including the ESORICS 2015 Best Paper Award, the 2014 Highly Commended Award from the Australia New Zealand Policing Advisory Agency, Fulbright Scholarship in 2009, the 2008 Australia Day Achievement Medallion, and the British Computer Society's Wilkes Award in 2008.
Lisainfo e-raamatute kohta