Muutke küpsiste eelistusi

Network Forensics: Privacy and Security [Kõva köide]

  • Formaat: Hardback, 282 pages, kõrgus x laius: 254x178 mm, kaal: 712 g, 11 Tables, black and white; 91 Line drawings, black and white; 19 Halftones, black and white; 110 Illustrations, black and white
  • Ilmumisaeg: 28-Dec-2021
  • Kirjastus: Chapman & Hall/CRC
  • ISBN-10: 0367493616
  • ISBN-13: 9780367493615
Teised raamatud teemal:
Network Forensics: Privacy and SecuritySuurem pilt
  • Formaat: Hardback, 282 pages, kõrgus x laius: 254x178 mm, kaal: 712 g, 11 Tables, black and white; 91 Line drawings, black and white; 19 Halftones, black and white; 110 Illustrations, black and white
  • Ilmumisaeg: 28-Dec-2021
  • Kirjastus: Chapman & Hall/CRC
  • ISBN-10: 0367493616
  • ISBN-13: 9780367493615
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780367493615.html
Märksõnad:
"Network Forensics: A privacy & Security provides a significance knowledge of network forensics in different functions and spheres of the security. The book gives the complete knowledge of network security, all kind of network attacks, intention of an attacker, identification of attack, detection, its analysis, incident response, ethical issues, botnet and botnet forensics. This book also refer the recent trends that comes under network forensics. It provides in-depth insight to the dormant and latent issues of the acquisition and system live investigation too"--

This book primarily focuses on providing deep insight into the concepts of network security, network forensics, botnet forensics, ethics and incident response in global perspectives. It also covers the dormant and contentious issues of the subject in most scientific and objective manner. Various case studies addressing contemporary network forensics issues are also included in this book to provide practical know – how of the subject.

Network Forensics: A privacy & Security

provides a significance knowledge of network forensics in different functions and spheres of the security. The book gives the complete knowledge of network security, all kind of network attacks, intention of an attacker, identification of attack, detection, its analysis, incident response, ethical issues, botnet and botnet forensics. This book also refer the recent trends that comes under network forensics. It provides in-depth insight to the dormant and latent issues of the acquisition and system live investigation too.

Features:

  • Follows an outcome-based learning approach.

  • A systematic overview of the state-of-the-art in network security, tools, Digital forensics.

  • Differentiation among network security, computer forensics, network forensics and botnet forensics.

  • Discussion on various cybercrimes, attacks and cyber terminologies.

  • Discussion on network forensics process model.

  • Network forensics tools and different techniques

  • Network Forensics analysis through case studies.

  • Discussion on evidence handling and incident response.

  • System Investigations and the ethical issues on network forensics.

This book serves as a reference book for post graduate and research investigators who need to study in cyber forensics. It can also be used as a textbook for a graduate level course in Electronics & Communication, Computer Science and Computer Engineering.



This book primarily focuses on providing deep insight into the concepts of network security, network forensics, botnet forensics, ethics and incident response in global perspectives. It also covers the dormant and contentious issues of the subject in most scientific and objective manner.

Preface xvii
Organization of This Book xix
Author xxi
Acknowledgments xxiii
Part A Network Forensics Concepts
1 Introduction to Network Forensics
3(28)
1.1 Introduction
3(2)
1.2 Network Security
5(3)
1.2.1 Evolution of Network Security
5(1)
1.2.2 Importance of Network Security
6(1)
1.2.3 Basic Terminology for Understanding Network Security
6(1)
1.2.4 Features of Network Security Services
7(1)
1.3 Types of Network Security Attacks
8(3)
1.3.1 Active Attack
8(2)
1.3.1.1 Modification
9(1)
1.3.1.2 Fabrication
9(1)
1.3.1.3 Interruption and Denial of Service
9(1)
1.3.1.4 Replay Attack
9(1)
1.3.1.5 Masquerade Attack
10(1)
1.3.2 Passive Attack
10(1)
1.3.2.1 Traffic Analysis
10(1)
1.3.2.2 Message Transmission
10(1)
1.4 Network Security Tools
11(2)
1.4.1 Intrusion Detection System
11(1)
1.4.1.1 Knowledge- or Signature-Based IDS
11(1)
1.4.1.2 Behavior- or Anomaly-Based IDS
11(1)
1.4.2 Firewall
12(1)
1.4.2.1 Network-Level Firewall
12(1)
1.4.2.2 Application-Level Firewall
13(1)
1.4.2.3 Proxy Firewall
13(1)
1.4.3 Antivirus
13(1)
1.5 Security Issues
13(4)
1.5.1 Network Access Control
14(1)
1.5.2 Application Security
14(1)
1.5.2.1 Application Security Process
15(1)
1.5.3 Email Security
15(2)
1.5.3.1 Antivirus Application on System
16(1)
1.5.3.2 Spam Filters
16(1)
1.5.3.3 Antispam Applications
16(1)
1.5.3.4 Strong Passwords
16(1)
1.5.3.5 Password Rotation
17(1)
1.5.4 Wireless Security
17(1)
1.5.5 Firewall
17(1)
1.6 Digital Forensics
17(3)
1.6.1 Digital Forensics Evolution
18(1)
1.6.2 Digital Forensic Types
19(1)
1.7 Computer Forensics
20(1)
1.7.1 Computer Forensics Process
20(1)
1.8 Network Forensics
21(5)
1.8.1 Definition
21(1)
1.8.2 Taxonomy of Network Forensics Tools
22(1)
1.8.3 Network Forensics Mechanism
23(1)
1.8.4 Network Forensics Process
24(2)
1.8.4.1 Authorization
24(1)
1.8.4.2 Collection of Evidences
24(1)
1.8.4.3 Identification of Evidences
25(1)
1.8.4.4 Detection of Crime
25(1)
1.8.4.5 Investigation
25(1)
1.8.4.6 Presentation
26(1)
1.8.4.7 Incident Response
26(1)
1.9 Computer Forensics vs Network Forensics
26(1)
1.9.1 Computer Forensics
27(1)
1.9.2 Network Forensics
27(1)
1.10 Network Security vs Network Forensics
27(1)
1.10.1 Network Security
28(1)
1.10.2 Network Forensics
28(1)
Questions
28(1)
Bibliography
29(2)
2 Cyber Crime
31(22)
2.1 Introduction
31(2)
2.2 Attack Intentions
33(2)
2.2.1 Warfare Sponsored by the Country
33(1)
2.2.2 Terrorist Attack
33(1)
2.2.3 Commercially Motivated Attack
33(1)
2.2.4 Financially Driven Criminal Attack
33(1)
2.2.5 Hacking
33(1)
2.2.6 Cyberstalking
34(1)
2.2.7 Child Pornography
34(1)
2.2.8 Web Jacking
34(1)
2.2.9 Data Diddling
35(1)
2.2.10 Counterfeiting
35(1)
2.2.11 Phishing
35(1)
2.3 Malware
35(9)
2.3.1 Definition
35(2)
2.3.2 History of Malware
37(1)
2.3.3 Classification of Malware
38(7)
2.3.3.1 Virus
40(1)
2.3.3.2 Worm
40(1)
2.3.3.3 Logic Bomb
40(1)
2.3.3.4 Trojan Horse
40(1)
2.3.3.5 Backdoor
40(1)
2.3.3.6 Mobile Code
41(1)
2.3.3.7 Exploits
41(1)
2.3.3.8 Downloaders
41(1)
2.3.3.9 Auto Rooter
41(1)
2.3.3.10 Kit (Virus Generator)
42(1)
2.3.3.11 Spammer
42(1)
2.3.3.12 Flooders
42(1)
2.3.3.13 Keyloggers
42(1)
2.3.3.14 Rootkit
42(1)
2.3.3.15 Zombie or Bot
42(1)
2.3.3.16 Spyware
43(1)
2.3.3.17 Adware
43(1)
2.3.3.18 Ransomware
43(1)
2.3.3.19 Hacker's Useful Components and Other Harmful Programs
44(1)
2.4 Terminology for the Cyber Attackers
44(1)
2.5 Types of Attacks
45(4)
2.5.1 Distributed Denial of Service Attack
45(1)
2.5.2 Spam
46(1)
2.5.3 Personal Information Thieving
47(1)
2.5.4 Click Fraud
48(1)
2.5.5 Identity Theft
49(1)
Questions
49(1)
Bibliography
50(3)
3 Network Forensics Process Model
53(24)
3.1 Introduction
53(1)
3.2 Recent Trend in Network Forensics
54(1)
3.2.1 Malware Forensics
55(1)
3.2.2 Botnet Forensics
55(1)
3.2.3 Cloud Forensics
55(1)
3.2.4 Grid Forensics
55(1)
3.3 Life Cycle of Network Forensics
55(2)
3.4 Network Forensics Process Model
57(3)
3.4.1 Authorization
57(1)
3.4.2 Collection of Evidence
58(1)
3.4.3 Identification of Evidence
58(1)
3.4.4 Detection of Crime
58(1)
3.4.5 Investigation
59(1)
3.4.6 Presentation
59(1)
3.4.7 Incident Response
59(1)
3.5 Detection and Investigative Network Forensics Frameworks
60(14)
3.5.1 Detection-Based Framework
60(4)
3.5.2 BOT GAD-Based Framework
64(1)
3.5.3 System Architecture-Based Framework
65(1)
3.5.4 Fast Flux-Based Framework
65(1)
3.5.5 Mac OS-Based Framework
66(1)
3.5.6 Open Flow-Based or AAFID Framework
67(1)
3.5.7 P2P-Based Framework
67(3)
3.5.8 Distributed Device-Based Frameworks
70(1)
3.5.9 Soft Computing-Based Frameworks
70(2)
3.5.10 Honeypot-Based Frameworks
72(1)
3.5.11 Attack Graph-Based Frameworks
72(1)
3.5.12 Formal Method-Based Frameworks
72(1)
3.5.13 Formal Method-Based Frameworks
72(1)
3.5.14 Network Monitoring Framework
72(2)
Questions
74(1)
References
74(3)
4 Classification of Network Forensics
77(20)
4.1 Introduction
77(3)
4.1.1 Signature-Based or Misuse Detection
77(2)
4.1.1.1 Monitoring
78(1)
4.1.1.2 Capturing (Avoidance of Packets Drop)
78(1)
4.1.1.3 Notification
78(1)
4.1.1.4 Software Initiation
78(1)
4.1.1.5 Multiperspective Environment
79(1)
4.1.2 Anomaly-Based or Hybrid Detection
79(1)
4.1.3 Comparative Difference between Signature- and Anomaly-Based Detection
79(1)
4.2 Detection and Prevention System
80(2)
4.2.1 Detection System
80(1)
4.2.2 Prevention System
81(1)
4.3 Types of Network Forensics Classification
82(6)
4.3.1 Payload-Based Identification
83(4)
4.3.1.1 Deep Packet Inspection
84(3)
4.3.2 Statistical-Based Identification
87(1)
4.3.2.1 Heuristic Analysis
87(1)
4.4 Network Forensics Analysis Classification
88(4)
4.4.1 Signature-Based Classification
88(1)
4.4.2 Decision Tree-Based Classification
88(1)
4.4.3 Ensemble-Based Classification
89(9)
4.4.3.1 Voting
91(1)
4.4.3.2 Adaptive Boosting
91(1)
4.4.3.3 Bagging
91(1)
4.5 Implementation and Results
92(1)
Questions
93(1)
References
93(4)
Part B Network Forensics Acquisition
5 Network Forensics Tools
97(22)
5.1 Introduction
97(1)
5.2 Visual Tracing Tools
98(2)
5.2.1 NeoTracePro
99(1)
5.2.2 VisualRoute
99(1)
5.2.3 Sam Spade
100(1)
5.2.4 eMailTrackerPro
100(1)
5.3 Traceroute Tools
100(2)
5.3.1 Text-Based Traceroute
101(1)
5.3.2 3D-Based Traceroute
101(1)
5.3.3 Visual Traceroute
102(1)
5.4 Monitoring Tools
102(8)
5.4.1 Packet Sniffer Tool
102(4)
5.4.1.1 Wireshark
102(1)
5.4.1.2 Argus
103(1)
5.4.1.3 TCP Dump
104(1)
5.4.1.4 OmniPeek
104(2)
5.4.2 Intrusion Detection System (IDS)
106(1)
5.4.2.1 Zeek
106(1)
5.4.2.2 SNORT
106(1)
5.4.3 Finger
107(1)
5.4.3.1 Nmap
107(1)
5.4.3.2 POF
108(1)
5.4.4 Pattern-Based Monitoring Tool
108(2)
5.4.4.1 NGREP
109(1)
5.4.4.2 TCPXTRACT
109(1)
5.4.5 Statistics-Based Monitoring System
110(1)
5.4.5.1 NetFlow
110(1)
5.4.5.2 TCPstat
110(1)
5.5 Analysis Tools
110(6)
5.5.1 Open-Source Tool
111(1)
5.5.1.1 NetworkMiner
111(1)
5.5.1.2 PyFlag
111(1)
5.5.2 Proprietary Tools
111(8)
5.5.2.1 NetIntercept
112(1)
5.5.2.2 SilentRunner
112(4)
Questions
116(1)
References
116(3)
6 Network Forensics Techniques
119(18)
6.1 Introduction
119(1)
6.1.1 Conventional Network Forensics Technique
120(1)
6.1.2 Advanced Network Forensics Technique
120(1)
6.2 Conventional Network Forensics Technique
120(7)
6.2.1 IP Traceback Technique
120(4)
6.2.1.1 Link State Testing
121(1)
6.2.1.2 Input Debugging
121(1)
6.2.1.3 Controlled Flooding
122(1)
6.2.1.4 ICMP Traceback
122(1)
6.2.1.5 Packet Marking Techniques
123(1)
6.2.1.6 Source Path Isolation Engine
123(1)
6.2.1.7 Payload Attribution
124(1)
6.2.2 Intrusion Detection System
124(1)
6.2.2.1 Knowledge- or Signature-Based IDS
125(1)
6.2.2.2 Behavior- or Anomaly-Based IDS
125(1)
6.2.3 Firewalls
125(2)
6.2.3.1 Network-Level Firewall
126(1)
6.2.3.2 Application-Level Firewall
127(1)
6.2.3.3 Proxy Firewall
127(1)
6.3 Advanced Network Forensics Techniques
127(8)
6.3.1 Vulnerability Detection Techniques
127(3)
6.3.1.1 Data Fusion, Alert Generation, and Correlation
128(1)
6.3.1.2 Black-Box Testing
128(1)
6.3.1.3 White-Box Testing
129(1)
6.3.1.4 Double-Guard Detecting Techniques
129(1)
6.3.1.5 Hidden Markov Models
130(1)
6.3.2 Honeypots and Honeynet
130(1)
6.3.2.1 Honeypot
130(1)
6.3.2.2 Honeynet
130(1)
6.3.2.3 Classification of Honeypots
130(1)
6.3.2.4 Honeywall
131(1)
6.3.2.5 Architecture Types of Honeynet
131(1)
6.3.3 Highly Efficient Techniques for Network Forensics
131(2)
6.3.3.1 Bloom Filters
132(1)
6.3.3.2 Rabin Fingerprinting
132(1)
6.3.3.3 Winnowing
132(1)
6.3.3.4 Attribution Systems
133(1)
6.3.4 UDP Flooding Technique
133(2)
Questions
135(1)
References
135(2)
7 Detection of Vulnerabilities
137(22)
7.1 Introduction
137(1)
7.2 Network Forensics Acquisition
138(9)
7.2.1 SIFT
138(1)
7.2.2 CAINE
139(1)
7.2.3 Autopsy
140(2)
7.2.3.1 Extensible
140(1)
7.2.3.2 Comfortable
140(1)
7.2.3.3 Centralized
140(1)
7.2.3.4 Multiple Users
141(1)
7.2.4 Forensics Acquisition Website
142(1)
7.2.5 Oxygen Forensic Suit
143(1)
7.2.6 Paladin Forensic Suit
143(1)
7.2.7 ExifTool
144(1)
7.2.8 CrowdResponse Tool
145(1)
7.2.9 BulkExtractor
145(1)
7.2.10 Xplico
146(1)
7.3 Identification of Network Attacks
147(7)
7.3.1 UDP Flooding
148(1)
7.3.2 Random-UDP Flooding
148(13)
7.3.2.1 Normal Flow of UDP Datagrams
148(2)
7.3.2.2 Random-UDP Flooding Attack
150(2)
7.3.2.3 Identification of Random-UDP Flooding Attack
152(2)
Questions
154(1)
References
155(4)
Part C Network Forensics Attribution
8 Network Forensics Analysis
159(22)
8.1 Introduction
159(2)
8.2 Network Forensic Standard Process Model
161(2)
8.2.1 Authorization
161(1)
8.2.2 Preservation
162(1)
8.2.3 Initial Assessment
162(1)
8.2.4 Strategy Planning
162(1)
8.2.5 Evidence Collection
163(1)
8.2.6 Documentation
163(1)
8.2.7 Analysis
163(1)
8.2.8 Investigation
163(1)
8.2.9 Decision and Reporting
163(1)
8.2.10 Review
163(1)
8.3 Network Forensic Framework for the Analysis
163(4)
8.3.1 Network Traffic Collector
164(1)
8.3.2 Reduction and Feature Extraction
164(1)
8.3.3 Analysis and Pattern Matching
165(1)
8.3.4 Reconstruction
166(1)
8.3.5 Replay
166(1)
8.4 Network Traffic Analysis
167(6)
8.4.1 Case Analysis
168(1)
8.4.2 Dataset: KDD Cup 99 Case Study-1
168(2)
8.4.3 Methodology
170(1)
8.4.4 Case Study-I: Experimental Setup
170(1)
8.4.5 Data Selection
170(2)
8.4.6 Analysis of the Case
172(1)
8.5 Network Forensics Analysis with Case Study-2
173(6)
8.5.1 Analysis Methodology
173(1)
8.5.2 Network Behavior
174(2)
8.5.2.1 Domain Name System
174(1)
8.5.2.2 Internet Control Message Protocol
174(2)
8.5.3 Bot Analysis Using Classification
176(3)
Questions
179(1)
References
179(2)
9 Evidence and Incident Response
181(20)
9.1 Introduction
181(1)
9.2 Evidence and Its Sources
182(4)
9.2.1 Sources of Evidence within Network
185(1)
9.2.2 Sources of Evidence in Remote Network
186(1)
9.3 Evidence Handling
186(2)
9.3.1 Recovery as Fast as Possible
187(1)
9.3.2 Monitoring and Collecting Evidence
187(1)
9.4 Evidence-Handling Procedure
188(4)
9.4.1 Identification of Evidence
188(1)
9.4.2 Collection for the Evidence
188(2)
9.4.3 Acquisition and Analysis of Evidence
190(2)
9.4.3.1 Physical Extraction
190(1)
9.4.3.2 Logical Extraction
190(2)
9.4.4 Preservation and Reporting of Evidence
192(1)
9.5 Incident Response and Its Methodology
192(6)
9.5.1 Process of Incident Response
193(2)
9.5.1.1 Preparation
193(1)
9.5.1.2 Identification
194(1)
9.5.1.3 Detection
194(1)
9.5.1.4 Analysis
194(1)
9.5.1.5 Containment
195(1)
9.5.1.6 Eradication and Recovery
195(1)
9.5.1.7 Post Incidence
195(1)
9.5.2 Incident Classification
195(2)
9.5.2.1 High-Level Incident
196(1)
9.5.2.2 Middle- or Moderate-Level Incident
196(1)
9.5.2.3 Low-Level Incident
197(1)
9.5.3 Role of CSIRT
197(1)
Questions
198(1)
References
199(2)
10 Introduction to Botnet
201(20)
10.1 Introduction
201(4)
10.1.1 Spartan Dominition Robot (SD Bot)
203(1)
10.1.2 AgoBot (aka Gaobot or Phatbot)
204(1)
10.1.3 Spybot
204(1)
10.1.4 Mytob
204(1)
10.1.5 Hybot
205(1)
10.2 Evolution of Botnet
205(1)
10.3 Botnet Lifecycle
206(2)
10.4 Botnet Structure
208(2)
10.4.1 Propagation and Compromise
208(1)
10.4.2 Command and Control
209(1)
10.4.2.1 Centralized
209(1)
10.4.2.2 P2P
209(1)
10.4.2.3 Hybrid
210(1)
10.4.3 Attacks and Theft
210(1)
10.5 Botnet Security Attacks
210(1)
10.5.1 Warfare Sponsored by the Country
210(1)
10.5.2 Terrorist Attack
210(1)
10.5.3 Commercially Motivated Attack
211(1)
10.5.4 Financially Driven Criminal Attack
211(1)
10.5.5 Hacking
211(1)
10.6 Traditional Botnet Attacks
211(5)
10.6.1 Distributed Denial of Service Attack
211(2)
10.6.2 Spam
213(1)
10.6.3 Personal Information Theft
214(1)
10.6.4 Click Fraud
215(1)
10.6.5 Identity Theft
215(1)
10.7 Recent Botnet Attacks
216(1)
10.7.1 StealRat Botnet
216(1)
10.7.2 Citadel Botnet
216(1)
10.7.3 Andromeda Botnet
217(1)
10.7.4 Attacks on WordPress Targeting "Admin" Password
217(1)
10.7.5 Android Master Key Vulnerability
217(1)
Questions
217(1)
References
218(3)
11 Botnet Forensics
221(26)
11.1 Introduction
221(2)
11.2 Methodology Used in Botnet Forensics
223(1)
11.2.1 Collection of Malwares
223(1)
11.2.2 Malware Analysis
223(1)
11.3 Nature of Botnet Forensics
223(1)
11.3.1 Continuous
224(1)
11.3.2 Comprise
224(1)
11.3.3 Concrete
224(1)
11.3.4 Convenient
224(1)
11.4 Background
224(2)
11.5 Botnet Forensics Classification
226(3)
11.5.1 Payload Classification
226(1)
11.5.2 Signature-Based Classification
227(1)
11.5.3 Decision Tree-Based Classification
228(1)
11.5.4 Ensemble-Based Classification
228(1)
11.6 Botnet Forensic Framework
229(2)
11.6.1 Botnet Forensic Identification
230(1)
11.7 Botnet Forensic Analysis
231(11)
11.7.1 Botnet Inquisition Model
232(4)
11.7.1.1 Data Sources
232(1)
11.7.1.2 Traffic Agents
233(1)
11.7.1.3 Traffic Sensors
234(1)
11.7.1.4 Network Traffic Filtration
234(1)
11.7.1.5 Whitelist
234(1)
11.7.1.6 Blacklist
234(1)
11.7.1.7 Detecting Malicious Traffic Content
234(1)
11.7.1.8 Attack Intention
235(1)
11.7.1.9 Data Traffic Extraction/Visualization
235(1)
11.7.2 Botnet Analysis Using Ensemble of Classifier
236(3)
11.7.3 Results and Discussion
239(3)
11.7.3.1 Single Classifier
239(1)
11.7.3.2 Ensemble of Classifier
240(1)
11.7.3.3 Discussion
241(1)
11.8 Challenges
242(1)
11.8.1 Collection
242(1)
11.8.2 Preservation
243(1)
11.8.3 Identification
243(1)
11.8.4 Traffic Analysis
243(1)
11.8.5 Investigation
243(1)
11.9 Summary
243(1)
Questions
244(1)
References
244(3)
12 System Investigation and Ethical Issues
247(24)
12.1 Introduction
247(1)
12.1.1 Postmortem Analysis
248(1)
12.1.2 Examination of Computer
248(1)
12.2 Crimes
248(3)
12.2.1 Computer Crime
248(2)
12.2.1.1 Intelligence Attacks
249(1)
12.2.1.2 Financial Attacks
249(1)
12.2.1.3 Business Attacks
249(1)
12.2.1.4 Terrorist Attacks
249(1)
12.2.1.5 Fun Attack
249(1)
12.2.1.6 Grudge Attack
249(1)
12.2.1.7 Thrill Attacks
250(1)
12.2.2 Challenges on Deterring Crime
250(1)
12.2.2.1 Inadequate Laws
250(1)
12.2.2.2 Lack of Understanding
250(1)
12.2.2.3 Lack of Evidence
250(1)
12.2.2.4 Rules of Evidence
250(1)
12.2.2.5 Casual Approach
251(1)
12.2.2.6 Lack of Knowledge
251(1)
12.2.2.7 Lack of Tangible Assets
251(1)
12.2.2.8 Loss of Data
251(1)
12.2.2.9 Multiple Roles
251(1)
12.3 Computer Law
251(4)
12.3.1 Privacy
251(1)
12.3.2 Intellectual Property
252(2)
12.3.2.1 Patent Law
252(1)
12.3.2.2 Copyright
253(1)
12.3.2.3 Trademark
253(1)
12.3.2.4 Trade Secret
253(1)
12.3.2.5 Comparison of Patent Law, Copyright, Trademark, and Trade Secret
253(1)
12.3.3 Contract
254(1)
12.3.4 Telecommunication Law
254(1)
12.3.5 Computer Crime
255(1)
12.4 Live System
255(3)
12.4.1 System Activities
256(1)
12.4.1.1 Permanent Files
256(1)
12.4.1.2 Temporary Files
256(1)
12.4.1.3 Random-Access Memory
256(1)
12.4.1.4 Unallocated Space
257(1)
12.4.1.5 Cache
257(1)
12.4.1.6 CPU Registers
257(1)
12.4.2 Methodology for Live System Analysis
257(1)
12.4.2.1 Implicit or Hidden System Monitoring
257(1)
12.4.2.2 Explicit System Acquisition
258(1)
12.4.3 Key Elements of Successful Live Analysis
258(1)
12.5 Live Computer Analysis
258(9)
12.5.1 Windows-Based Forensic Analysis
259(3)
12.5.1.1 Tools to Recover Data on Windows
262(1)
12.5.2 Unix-Based Forensic Analysis
262(5)
12.5.2.1 Unix Notations
262(1)
12.5.2.2 Live Forensics through Built-Up Tools on Unix
263(1)
12.5.2.3 Phases Involved in Live Forensics on Unix
264(2)
12.5.2.4 Acquisition Tools
266(1)
12.6 Ethical Issues
267(3)
12.6.1 Piracy
268(1)
12.6.2 Plagiarism
268(1)
12.6.3 Privacy
269(1)
12.6.4 Ergonomics
269(1)
12.6.5 Work Pressure
270(1)
Questions
270(1)
References
270(1)
Index 271
Dr. Anchit Bijalwan is an academician, researcher, consultant, and mentor with 18 years of teaching experience for graduate, postgraduate students, and Ph.D. He is working as an Associate Professor in the Faculty of Electrical & Computer Engineering, Arba Minch University, Ethiopia. He is handling projects from the various funding agencies. He has authored of books and published more than forty research papers in reputed international journals and conferences. He is also working on various international research and community service projects. He is a specialization in Privacy & Security. His interest areas include network forensics, botnet forensics, Industry 4.O, Internet of Things, and machine learning. He has chaired the technical sessions for IEEE international conferences as well as Springer conferences and he is a committee member for the umpteen conferences. He was a keynote speaker of the many conferences including El Salvador, Central America and India. He is a reviewer of Inderscience, IGI Global and many other publishers.