Computer Forensics: A Pocket Guide

How would your organisation cope with a cyber attack? Pinpoint and close vulnerabilities using effective computer forensics!

The primary purpose of computer forensics is to enable organisations to pinpoint where the malware has infected their computer systems and which files have been infected, so that they can close the vulnerability. More and more organisations have realised that they need to acquire a forensic capability to ensure they are ready to cope with an information security incident.

This pocket guide illustrates the technical complexities involved in computer forensics, and shows managers what makes the discipline relevant to their organisation. For technical staff, the book offers an invaluable insight into the key processes and procedures that are required.

Benefits to business include:

• Defend your company effectively against attacks: By developing a computer forensic capability, your organisation will be better prepared to defend itself in the event of a cyber attack. Surveys of the threat landscape have indicated a significant upswing of insider activity. Forensics within the organisation can be used to identify possible insider misuse of systems or information. In addition, this pocket guide looks at how you can optimise your IT infrastructure so as to enhance the efficiency of incident analysis. This will also minimise the operational impact on your computer systems in the event that a forensic analysis is required.
• Be proactive: Being proactive does not just mean making sure your organisation’s IT infrastructure is one that can support forensic analysis of incidents. Forensics is now no longer merely a tool to identify what has gone wrong: it can also be used as a mechanism for alerting you to the fact that something has gone wrong. Being proactive therefore implies stepping up your organisation’s ability to detect attacks. Detection of attacks is an extremely useful attribute for your organisation to have: the sooner you know about the problem, the sooner you can begin to deal with it.
• Secure evidence that will stand up in court: Undertaking forensics is not a simple task. It is not always possible to understand the true consequences of insider misuse until after completion of the investigation. Once the extent of the damage becomes clear, you may want to exercise the option of taking legal action against the perpetrator. This means that it is essential for you to follow correct procedure, so as to safeguard any evidence gathered. This book explains the key steps you need to take to maintain the integrity of the investigation and preserve the evidence.
• Counter encryption: Encryption is a double-edged sword. Encryption has a legitimate purpose as a tool deployed by information security professionals. However, the opportunity to conceal data has obvious attractions for the criminal, meaning that encryption is also a technique widely used by hackers. This book looks at how encryption is used to impede a forensic investigation, and examines ways of solving the problem. The most effective tactic for countering encryption is to locate the key material and crack the password that protects it, using a password cracker such as Cain & Abel.

About the Author

Dr. Nathan Clarke is a senior lecturer at the Centre for Security, Communications and Network Research at the University of Plymouth and an adjunct lecturer with Edith Cowan University in Western Australia. He has been active in research since 2000, with interests in biometrics, mobile security, intrusion detection, digital forensics and information security awareness. Dr Clarke is also the undergraduate and postgraduate Programme Manager for information security courses at the University of Plymouth. During his academic career, Dr Clarke has authored over 50 publications in referred international journals and conferences. He is the current co-chair of the Workshop on Digital Forensics & Incident Analysis (WDFIA) and of the Human Aspects of Information Security & Assurance (HAISA) symposium. Dr Clarke has also served on over 40 international conference events and regularly acts as a reviewer for numerous journals, including Computers & Security, IEEE Transactions on Information Forensics and Security, The Computer Journal and Security and Communication Networks. Dr Clarke is a Chartered Engineer, a member of the Institution of Engineering and Technology (IET) and British Computer Society, and is active as a UK representative in International Federation for Information Processing (IFIP) working groups relating to Information Security Management, Information Security Education and Identity Management.