Practical Cyber Forensics, 1st ed.
An Incident-Based Approach to Forensic Investigations


Language: Anglais

29.53 €

In Print (Delivery period: 15 days).

Add to cartAdd to cart
Publication date:
335 p. · 17.8x25.4 cm · Paperback
Become an effective cyber forensics investigator and gain a collection of practical, efficient techniques to get the job done. Diving straight into a discussion of anti-forensic techniques, this book shows you the many ways to effectively detect them. Now that you know what you are looking for, you?ll shift your focus to network forensics, where you cover the various tools available to make your network forensics process less complicated. Following this, you will work with cloud and mobile forensic techniques by considering the concept of forensics as a service (FaSS), giving you cutting-edge skills that will future-proof your career.

Building on this, you will learn the process of breaking down malware attacks, web attacks, and email scams with case studies to give you a clearer view of the techniques to be followed. Another tricky technique is SSD forensics, so the author covers this in detail to give you the alternative analysis techniques you?ll need. To keep you up to speed on contemporary forensics, Practical Cyber Forensics includes a chapter on Bitcoin forensics, where key crypto-currency forensic techniques will be shared. Finally, you will see how to prepare accurate investigative reports. 

What You Will Learn
  • Carry out forensic investigation on Windows, Linux, and macOS systems
  • Detect and counter anti-forensic techniques 
  • Deploy network, cloud, and mobile forensics
  • Investigate web and malware attacks
  • Write efficient investigative reports

Who This Book Is For

Intermediate infosec professionals looking for a practical approach to investigative cyber forensics techniques. 

Chapter 1: Need of Digital Forensics Proficiency

No. of pages: 15

Cyber crime is a growing problem, with the impact to society increasing exponentially, but the ability of local law enforcement agencies to investigate and successfully prosecute criminals for these crimes is unclear. 


(a) Better awareness/Techniques
(b) Support for cloud and mobile forensics
(c) Backing for and improvement of open-source tools
(d) Research on encryption, malware, and trail obfuscation
(f) Better communication, especially between/with law enforcement
(g) More personnel and funding

Chapter 2: Introduction to Windows, Linux and MAC Forensics

This chapter walks readers through the various types of Operating systems like Windows, Linux and Macintosh. It also covers almost critical components of investigation of Windows, Linux and Macintosh operating system functionality. The chapter contains MFT concepts, MBR files, Virtual Paging, Windows Registry, data recovery, memory forensics, and more. Hands-on exercises in each chapter to identifying the artifacts form different artefacts form OS.  


(a) Windows Forensics
(b) Use of BIOS in investigation
(c) MFT and MBR Concepts
(d) Windows Registry
(e) Windows Log forensics
(f) File System Forensics
(g) Data Recover
(h) File Signature
(i) Memory Forensics
(j) Linux Forensics
(k) Virtual Machine Forensics
(l) Macintosh Forensics
(m) Interesting Mac Artefacts 

Chapter 3: Anti Forensics Techniques & Detection

No. of pages: 15

Anti Forensics is an attempt by cyber criminals to make the cyber forensic analysis of digital evidence difficult or impossible. Anti-forensics methods are divided into several sub-categories such as data hiding, artifact wiping, trail obfuscation and attacks against the computer forensics processes and tools. Attack against forensics tools is also known as counter-forensics. The common purpose of the anti-forensic tools is purely malicious in intent and design. Anti-forensics or counter-forensics can also be used for defense against espionage, as recovery of information by forensic tools can be prevented. 

Sub Topics:

(a) Data hiding
(b) Encryption
(c) Stenography
(d) Artifacts wiping
(e) Disk cleaning utilities
(f) File wiping utilities
(g) Disk degaussing/destruction
(h) Forensic traits obfuscation/deletion
(i) Real Time case study with POC

Chapter 4: Network Forensics

Network forensics originates from high-volume of traffic generated due to network connections and applying forensic procedures on it is a troublesome process. There are various tools available in the market which helps to make the job of a network forensic analyst quite peaceful, but dealing with these tools is a complicated process, until you have a proper guidance to operate them.

(a) Real Life Scenarios and Case studies with POC
(b) Role of Network Components
(c) The Open Source Interconnection Reference Model
(d) Forensic Footprints
(e) Creating an event of Traffic
(f) Traffic Analysis
(g) Network Forensic Tools
(h) Role of Wireshark in Network Forensics

Chapter 5: Mobile forensics

No. of pages: 25

Mobile devices are an evolving form of computing, used widely for personal and organizational purposes. These compact devices are useful in managing information, such as contact details and appointments, corresponding electronically, and conveying electronic documents. Over time, they accumulate a sizeable amount of information about the owner. When involved in crimes or other incidents, proper tools and techniques are needed to recover evidence from such devices and their associated media.


(a) Mobile forensic analysis with case study and POC
(b) Smart Devices forensic challenges
(c) Mobile phone evidence extraction process
(d) Smart operating systems overview
(e) Manual Extraction
(f) Logical Extraction
(g) Micro Read & Chip off
(h) Potential evidence stored on smart devices
(i) Challenges to smart device investigations

Chapter 6: Cloud Forensics

No. of pages: 20

The development of digital and computer forensics has been based on personal computers and devices. The capabilities required for performing forensics of criminal activities performed in the Cloud have yet to be established by the cloud service providers. To address these there have been several attempts for providing FraSS (Forensics As A Service). In this chapter we discuss them and highlight the emerging area of cloud computing and highlights its challenges and opportunities both from the perspective of performing forensics in the clouds and performing forensics of cloud computing resources.


(a) Cloud Forensics Overview
(b) Client Forensics
(c) Cloud Forensics
(d) Case studies
(e) FRaaS

Chapter 7: Investigating Malware attacks

No. of pages: 25

Security breaches due to cyber-attacks incorporate technical components in the use of specific malware and technical skills as well as psychological components in exploiting user vulnerabilities. Moreover, the availability of resources such as markets and the support of nation-states play a role in how malware are developed, hacking skills are acquired and knowledge about the target is obtained. All of these components reflect the complex nature of cyber-attacks in general. In this section we carry out a literature review that identifies how these components have evolved and what set of features are present in the incidents that are considered more sophisticated.         


(a)    Malware and its family
(b)   Zero-day exploits
(c)    Ransomware
(d)   Remote Administration Tool
(e)    Insight into target
(f)    Avoiding detection
(g)   Encrypted data
(h)   Insider access
(i)     Poor security configurations
(j)     SQL injection
(j) Brute Force
(k) Real time case study with POC

Chapter 8: Investigating web attacks

No. of pages: 25

Vulnerabilities in the Internet-connected software run by large organizations create a large security risk. A single successful exploit — which can be as short as a few characters typed in the wrong place — can abuse these flaws and set a breach in motion. Exploits can be leveraged to access corporate databases and other sensitive information, causing financial and reputational damage to the target, system hijacking, theft of intellectual property, and downtime.

(a) Various Network Attacks 
(b) Eavesdropping
(c) Data Modification
(d) Identity Spoofing (IP Address Spoofing)
(e) Password-Based Attacks
(f) Denial-of-Service Attack
(g) Man-in-the-Middle Attack
(h) Compromised-Key Attack
(i) Sniffer Attack
(j) MITM Attack
(k) Exploitation - Example – Metasploit
(l) System Attacks
(m) Mobile Attacks & Wireless Attacks
(n) Web Attacks
(o) SQL Injection
(p) Real time case study with POC

Chapter 9: Investigating email crimes

No. of pages: 20

Scams using emails have grown in frequency and developed in sophistication, and now these are being misused by scammers to frequently launch criminal attacks. By using techniques such as phishing, scammers can make money in a very short time and generally avoid detection.


(a) Anatomy of an Email
(b) Gathering evidences from an Email Server
(c) Exploits in Phishing Emails
(d) Anti-spamming techniques and resources
(e) Case study on e-discovery from Enron corpus with POC

Chapter 10: SSD Forensics

Total Pages: 20

SSDs are direct, plug compatible replacement devices for the spinning hard disk drives that provide most of the persistent storage of data and programs in modern computers at the laptop scale and above. SSDs are faster, lighter, and more reliable than spinning media drives. Spinning disk drives are cheaper and offer more storage in the same package size. Through the use of a separate processor, memory, and software, SSD devices emulate the function of a spinning disk drive to the operating system of a server, desktop or laptop computer. The emulated function of the spinning media drive is provided in the software and solid state hardware of the SSD device.

(a) Spinning Media Drives and File Storage 
(b) Forensic Investigation of Spinning Media Drives
(c) Solid State Disks 
(d) Forensic Investigation of SSD Devices 
(e) Alternative Analysis Methods

Chapter 11: BitCoin Forensics

No. of pages: 20

This chapter focuses on information for investigating cryptocurrencies (and in general BitCoin). The umbrella of Cryptocurrency includes Bitcoin and other alternative crypto currencies. The Blockchain universe forms the base of these public ledger systems and this has begun to change the way data and records (and currency!) are being created and maintained.

(a) Virtual Money and The BlockChain
(b) Anonymity and Cryptocurrencies
(c) Cryptocurrency Investigations
(d) Tracking transactions on the Blockchain
(e) Identifying the owner of a cryptocurrency wallet
(f) Forensic tools and Device forensics (artifacts from Trezor, etc.)
(g) Establishing non-repudiation and Legal issues
(h) Real Time case study

Chapter 12: Investigative Reports and Legal Acceptance

Total No. of pages: 20

Law enforcement agencies face a new challenge in dealing with cyber crimes. Criminal acts are being committed and the evidence of these activities is recorded in electronic form. Besides, crimes are being committed in cyberspace. Evidence in these crimes is almost always recorded in digital fashion. It is important that computer security professionals be aware of some of the requirements of the legal system and understands the developing field of computer forensics. The reality of the information age is having a significant impact on the legal establishment. One major area in which this is being felt is that of the acquisition, authentication, evaluation and legal admissibility of information stored on magnetic and other media. This information can be referred to as digital evidence. Computer forensics is the application of science and engineering to the legal problem of digital evidence. (Theoretical Part)

Chapter 13: Cyber Laws overview

Total number of pages: 20


(a) What Is Cyber Law?
(b) Need for Cyber Law
(c) Evolution of Key Terms and Concepts
(d) Evolution of Cyber Crime

Niranjan has more than ten years of experience in the field of networking and IT security and has executed numerous critical projects. He was awarded the ECCouncil Excellence Global Instructor Award  for 7 years in a row (2009-2015) in South Asia. His articles on forensics and cyber crimes have been featured in publications such as Hakin9 and E-Forensics. Niranjan also possesses a number of security certifications including Certified ECCouncil Instructor (CEI), Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), and EC-Council Certified Security Analyst (ECSA). 
Covers forensics as a service (FraSS)

Includes crypto-currency forensic techniques

Features example cases on web attacks and email crimes