The State of the Art in Digital Forensics - Advances in Computers

Information Technology Reference

In-Depth Information

5.5. SecSyslog: Proposal for a Syslog Daemon Using Covert Channels ...... 287

5.6.WhyUseDNSCovertChannels?......................... 288

5.7. Suggested Implementation ............................ 289

5.8.AuthenticationofClients ............................. 290

5.9.AuthenticityandIntegrityofMessages...................... 290

5.10.HowCommunicationWorks ........................... 291

6.TheStateoftheArtinResearch;SolvingEmergingIssues .............. 293

6.1.AntiForensicTools ................................ 297

6.2.DeviceConfigurationOverlay(DCO) ...................... 298

7.Conclusions........................................ 298

FurtherReading...................................... 299

1.

Introduction

We find ourselves at a juncture where interest in digital forensics is skyrocketing.

This is essentially due to a series of high profile court cases and the enactment of

some quite important legislation (such as the Sarbanes-Oxley Act) that are bringing

digital forensics into mainstream and obligatory use. It has become a crucial tool

for coping with the continual changes in the nature of the objects of its investiga-

tions. Using Digital Forensic, as basic part of an incident response procedure, will

also help companies to be ready to deal with attackers, Trojan horses, frauds and so

on. Furthermore, an effective forensic analysis will help companies to not repeat IT

Management Mistakes.

Before starting with the chapter, I would like to give some definition about the

topic we are gonna talk about.

- Forensics —The recreation of a crime scene after a crime has been committed

in order to determine what happened so that the evidence can be used in a court

of law.

- Digital forensics —When a crime has been committed using a computer, recre-

ating the evidence on the computer.

1 . 1

S o m e B a s i c s o f D i g i t a l F o r e n s i c s

The principles that comprise forensic operations are essentially platform inde-

pendent, though some file systems are not. In keeping with the rules of due dili-

gence contained in the IACIS (International Association of Computer Investigative

Specialists— http://www.cops.org ) code of ethics, it is important to clarify what is

Search WWH ::

Custom Search

Home