Atjaunināt sīkdatņu piekrišanu

Digital Forensics in the Era of Artificial Intelligence [Hardback]

5.00/5 (4 ratings by Goodreads)
  • Formāts: Hardback, 236 pages, height x width: 234x156 mm, weight: 476 g, 40 Line drawings, black and white; 134 Halftones, black and white; 174 Illustrations, black and white
  • Izdošanas datums: 18-Jul-2022
  • Izdevniecība: CRC Press
  • ISBN-10: 1032244933
  • ISBN-13: 9781032244938
Citas grāmatas par šo tēmu:
  • Hardback
  • Cena: 117,13 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
Digital Forensics in the Era of Artificial IntelligencePalielināt
  • Formāts: Hardback, 236 pages, height x width: 234x156 mm, weight: 476 g, 40 Line drawings, black and white; 134 Halftones, black and white; 174 Illustrations, black and white
  • Izdošanas datums: 18-Jul-2022
  • Izdevniecība: CRC Press
  • ISBN-10: 1032244933
  • ISBN-13: 9781032244938
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781032244938.html
Keywords:
Digital forensics plays a crucial role in identifying, analysing, and presenting cyber threats as evidence in a court of law. Artificial intelligence, particularly machine learning and deep learning, enables automation of the digital investigation process. This book provides an in-depth look at the fundamental and advanced methods in digital forensics. It also discusses how machine learning and deep learning algorithms can be used to detect and investigate cybercrimes.

This book demonstrates digital forensics and cyber-investigating techniques with real-world applications. It examines hard disk analytics and style architectures, including Master Boot Record and GUID Partition Table as part of the investigative process. It also covers cyberattack analysis in Windows, Linux, and network systems using virtual machines in real-world scenarios.

Digital Forensics in the Era of Artificial Intelligence will be helpful for those interested in digital forensics and using machine learning techniques in the investigation of cyberattacks and the detection of evidence in cybercrimes.

Recenzijas

"Digital forensics is a very important topic. Using Machine Learning for digital forensics will detect cyber-attacks and assist investigators"

-Izhar Ahmed Khan, College of Computer Science & Technology, Nanjing University of Aeronautics and Astronautics, China.

Preface xiii
Dedication and Acknowledgment xv
Author xvii
Acronyms xix
1 An Overview of Digital Forensics
1(20)
1.1 Introduction
1(1)
1.2 Practical Exercises Included in This Book
1(1)
1.3 A Brief History of Digital Forensics
2(1)
1.4 What Is Digital Forensics?
3(4)
1.4.1 Identification
5(1)
1.4.2 Collection and Preservation
5(1)
1.4.3 Examination and Analysis
6(1)
1.4.4 Presentation
6(1)
1.5 Artificial Intelligence for Digital Forensics
7(1)
1.6 Digital Forensics and Other Related Disciplines
8(1)
1.7 Different Types of Digital Forensics and How They Are Used
8(3)
1.7.1 Types of Digital Evidence
9(1)
1.7.1.1 Cloud Forensics in IoT
9(2)
1.7.1.2 Digital Forensics and Artificial Intelligence
11(1)
1.8 Understanding Law Enforcement Agency Investigations
11(2)
1.8.1 Understanding Case Law
12(1)
1.9 Significant Areas of Investigation for Digital Forensics
13(1)
1.10 Following Legal Processes
14(1)
1.11 The Cyber Kill Chain
15(2)
1.12 Conclusion
17(4)
Note
18(1)
References
18(3)
2 An Introduction to Machine Learning and Deep Learning for Digital Forensics
21(20)
2.1 Introduction
21(1)
2.2 History of Machine Learning
22(1)
2.3 What Is Machine Learning?
23(7)
2.3.1 Supervised Learning
23(1)
2.3.1.1 Decision Trees
24(1)
2.3.1.2 Support Vector Machine
24(2)
2.3.1.3 K-Nearest Neighbours
26(1)
2.3.1.4 Naive Bayes
27(1)
2.3.1.5 Neural Networks
28(1)
2.3.2 Unsupervised Learning
29(1)
2.4 What Is Deep Learning
30(2)
2.4.1 Discriminative Deep Learning
30(1)
2.4.1.1 Recurrent Neural Network (RNN)
31(1)
2.4.1.2 Convolutional Neural Network (CNN)
31(1)
2.4.2 Generative Deep Learning
32(1)
2.4.2.1 Deep Auto Encoder
32(1)
2.4.2.2 Recurrent Neural Network (RNN)
32(1)
2.5 Evaluation Criteria of Machine and Deep Learning
32(2)
2.6 Case Study of Machine Learning-Based Digital Forensics
34(4)
2.7 Conclusion
38(3)
References
39(2)
3 Digital Forensics and Computer Foundations
41(12)
3.1 Introduction
41(1)
3.2 Digital Investigation Process
41(2)
3.2.1 System Preservation Phase
42(1)
3.2.2 Evidence Searching Phase
42(1)
3.2.3 Evidence Reconstruction Phase
43(1)
3.3 Common Phases of Digital Forensics
43(1)
3.4 Numbering Systems and Formats in Computers
44(4)
3.4.1 Hexadecimal
44(1)
3.4.2 Binary
45(3)
3.5 Data Structures
48(1)
3.5.1 Endianness
48(1)
3.5.2 Character Encoding
49(1)
3.5.2.1 ASCII
49(1)
3.5.2.2 Unicode
49(1)
3.6 Data Nature and State
49(1)
3.6.1 Terms of Data
50(1)
3.7 Conclusion
50(3)
References
50(3)
4 Fundamentals of Hard Disk Analysis
53(20)
4.1 Introduction
53(1)
4.2 Storage Media
53(3)
4.2.1 Rigid Platter Disk Technology
53(2)
4.2.2 Solid State Technology
55(1)
4.3 Hard Disk Forensic Features
56(1)
4.3.1 Garbage Collection
56(1)
4.3.2 TRIM Command
56(1)
4.3.3 Methods of Accessing Hard Disk Addresses
57(1)
4.3.3.1 Cylinder-Head-Sector (CHS)
57(1)
4.3.3.2 Zone-Bit Recording
57(1)
4.3.3.3 Logical Block Addressing (LBA)
57(1)
4.4 Hard Disk Settings
57(5)
4.4.1 Disk Types
58(1)
4.4.2 Partition Architectures
58(1)
4.4.2.1 MBR and GPT
59(1)
4.4.2.2 Primary and Extended Partitions
59(1)
4.4.2.3 Volumes and Partitions
59(1)
4.4.3 File Systems
59(1)
4.4.4 The Boot Process
60(1)
4.4.4.1 Latest BIOS
60(1)
4.4.4.2 BIOS and MBR
61(1)
4.5 Essential Linux Commands for Digital Forensics Basics
62(5)
4.5.1 User Privileges
62(1)
4.5.2 Linux System
62(2)
4.5.3 Data Manipulation
64(1)
4.5.4 Managing Packages and Services
65(1)
4.5.5 Managing Networking
66(1)
4.6 Python Scripts for Digital Forensics Basics
67(1)
4.6.1 Executing a DoS Attack
67(1)
4.7 Conclusion
68(5)
References
68(5)
5 Advanced Hard Disk Analysis
73(18)
5.1 Introduction
73(1)
5.2 Hard Disk Forensic Concepts
73(1)
5.3 DOS-Based Partitions
74(2)
5.3.1 Revisited MBR
75(1)
5.4 GPT Disks
76(2)
5.5 Forensic Implications
78(1)
5.6 Practical Exercises for Computer Foundations (Windows)
79(8)
5.6.1 WinHex Tool
79(4)
5.6.2 Recovering Deleted Partitions
83(2)
5.6.3 Investigating Cyber Threat and Discovering Evidence
85(1)
5.6.4 Hard Disk Analysis
85(1)
5.6.4.1 Logical Access to C Drive
86(1)
5.6.4.2 Accessing Drive as Physical Media
87(1)
5.7 Conclusion
87(4)
References
88(3)
6 File System Analysis (Windows)
91(16)
6.1 Introduction
91(1)
6.2 What Is a File System?
91(5)
6.2.1 File System Reference Model
93(1)
6.2.2 Slack Space
94(1)
6.2.3 Free and Inter-Partition Space
94(1)
6.2.4 Content Analysis
95(1)
6.3 Methods for Recovering Data from Deleted Files
96(2)
6.3.1 Data Carving and Gathering Text
96(1)
6.3.2 Metadata Category Analysis
97(1)
6.3.3 File Name and Application Category Analysis
98(1)
6.4 Practices for Using Hashing and Data Acquisition
98(7)
6.4.1 Prerequisite Steps for Doing the Following Practical Exercises
99(1)
6.4.2 Data Acquisition
99(1)
6.4.2.1 The FTK Imager Tool
99(3)
6.4.2.2 Hard Disk Analysis Using the Autopsy Tool
102(3)
6.5 Conclusion
105(2)
References
105(2)
7 Digital Forensics Requirements and Tools
107(14)
7.1 Introduction
107(1)
7.2 Computer Forensic Requirements
107(1)
7.3 Evaluating Needs for Digital Forensics Tools
108(3)
7.3.1 Types of Digital Forensics Tools
108(1)
7.3.2 Tasks Performed by Digital Forensics Tools
109(1)
7.3.3 Data Acquisition Tools and Formats
110(1)
7.4 Anti-Forensics
111(1)
7.5 Evidence Processing Guidelines
112(1)
7.6 Implementation of Data Validation and Acquisition Phases
113(5)
7.6.1 Hash Functions
114(1)
7.6.2 Authentication and Validation in Digital Forensics
114(1)
7.6.2.1 Python Scripts for Hashing
115(1)
7.6.2.2 MD5
115(1)
7.6.2.3 SHA1
116(1)
7.6.2.4 Example of Hashing Passwords
116(1)
7.6.3 Hashing and Data Acquisition
117(1)
7.6.3.1 Data Acquisition Using WinHexs
117(1)
7.7 Conclusion
118(3)
References
119(2)
8 File Allocation Table (FAT) File System
121(16)
8.1 Introduction
121(1)
8.2 File Allocation Table (FAT)
121(2)
8.2.1 Common Types of FAT
122(1)
8.2.2 FAT Layout
122(1)
8.3 FAT Layout Analysis
123(7)
8.3.1 FAT Analysis
126(2)
8.3.2 Disk Editor for FAT Analysis
128(1)
8.3.3 WinHex Tool for FAT Analysis
129(1)
8.4 Implementation of Data Acquisition and Analysis in Windows
130(5)
8.4.1 Prerequisites for Doing These Exercises
130(1)
8.4.2 Data Acquisition and Analysis of FAT
130(1)
8.4.2.1 The FTK Imager Tool
131(2)
8.4.2.2 The Autopsy Tool
133(2)
8.5 Conclusion
135(2)
References
135(2)
9 NTFS File System
137(14)
9.1 Introduction
137(1)
9.2 New Technology File System (NTFS)
137(1)
9.3 NTFS Architecture
138(6)
9.3.1 Master File Table (MFT)
139(5)
9.4 NTFS Analytical Implications
144(1)
9.5 Analysis and Presentation of NTFS Partition
145(4)
9.5.1 Disk Editor for NTFS Analysis
145(1)
9.5.2 WinHex Tool for NTFS Analysis
145(1)
9.5.3 The Autopsy Tool for FAT and NTFS Analysis
146(3)
9.6 Conclusion
149(2)
References
149(2)
10 FAT and NTFS Recovery
151(14)
10.1 Introduction
151(1)
10.2 FAT and NTFS File Recovery
151(3)
10.2.1 Deleting and Recovering Files in FAT File System
152(2)
10.2.2 Deleting and Recovering Files in NTFS File System
154(1)
10.3 Recycle Bin and Forensics Insights
154(4)
10.4 Mounting Partitions Using SMB over Network
158(1)
10.5 File Recovery and Data Carving Tools for File Systems
159(4)
10.5.1 Foremost Tool
159(1)
10.5.2 Scalpel Tool
159(3)
10.5.3 Bulk Extractor Tool
162(1)
10.6 Conclusion
163(2)
References
163(2)
11 Basic Linux for Forensics
165(18)
11.1 Introduction
165(1)
11.2 Overview of Linux Operating System
165(1)
11.3 Linux Kernel
166(1)
11.4 Linux File System
167(4)
11.4.1 Linux Hard Drives and Styles
169(2)
11.5 Hard Disk Analysis in Linux
171(3)
11.5.1 Hard Disk Analysis Using wxHexEditor
171(1)
11.5.2 Crime Investigation: Adding/Changing Files' Content Using wxHexEditor
172(2)
11.5.3 Analysis of Hard Disk Using the Disk Editor Tool
174(1)
11.6 Mount File Systems in Linux
174(4)
11.6.1 Remote Connection Using SSHFS
175(1)
11.6.2 Remote Connection Using SSH
176(1)
11.6.3 Sharing and Mounting Files/Images between Various Virtual Machines
177(1)
11.7 Data Acquisition in Linux
178(2)
11.7.1 The dd Command
178(1)
11.7.2 The dcfldd Command
179(1)
11.8 Conclusion
180(3)
References
181(2)
12 Advanced Linux Forensics
183(20)
12.1 Introduction
183(1)
12.2 Examining File Structures in Linux
183(1)
12.3 Generic Linux File System Layout (EXT2, 3, 4)
184(1)
12.4 Accessing Block Group Information in Linux
185(3)
12.5 EXT File System Versions and Characteristics
188(2)
12.5.1 EXT2 File System
188(1)
12.5.2 EXT3 File System
189(1)
12.5.3 EXT4 File Systems
190(1)
12.6 Forensic Implications of EXT File Systems
190(2)
12.6.1 Case Study: Linux's Accounts
191(1)
12.7 Data Analysis and Presentation in Linux
192(5)
12.7.1 Examining Superblock and Inode Information in Disk Editor
192(1)
12.7.2 Data Preparation Using Autopsy
193(1)
12.7.2.1 Create a New Case in Autopsy Browser
193(4)
12.8 Case Analysis Using Autopsy
197(4)
12.8.1 Sorting Files
199(2)
12.9 Conclusion
201(2)
References
201(2)
13 Network Forensics
203(16)
13.1 Introduction
203(1)
13.2 What Is Network Forensics?
203(3)
13.2.1 Benefits and Challenges of Network Forensics
204(2)
13.3 Networking Basics
206(3)
13.3.1 Open System Interconnection (OSI) Model
206(2)
13.3.2 TCP/IP Protocol Stack
208(1)
13.4 Network Forensic Investigations
209(3)
13.4.1 Practical TCP/IP Analysis
211(1)
13.5 Levels of Network Traffic Capture for Forensics Analysis
212(1)
13.6 NetworkMiner Tool for Network Forensics
213(4)
13.6.1 Applying the Network Forensic Investigation Process
213(1)
13.6.2 Examples of Network Forensic Investigation
213(4)
13.7 Conclusion
217(2)
References
218(1)
14 Machine Learning Trends for Digital Forensics
219(16)
14.1 Introduction
219(1)
14.2 Why Do We Need Artificial Intelligence in Digital Forensics?
219(5)
14.2.1 Artificial Intelligence for Digital Forensics
220(2)
14.2.2 Machine Learning for Digital Forensics
222(1)
14.2.3 Machine Learning Basics
223(1)
14.3 Machine Learning Process
224(4)
14.3.1 Data Collection and Pre-Processing
224(2)
14.3.2 Training and Testing Phases
226(2)
14.4 Applications of Machine Learning Models
228(1)
14.4.1 Machine Learning Types
228(1)
14.5 Case Study: Using the TON_IoT Dataset for Forensics
229(4)
14.6 Conclusion
233(2)
References
233(2)
Index 235
Dr Nour Moustafa is currently Senior Lecturer and leader of Intelligent Security Group at the School of Engineering & Information Technology, University of New South Wales (UNSW Canberra), Australia. He is also Strategic Advisor (AI-SME) at the DXC Technology, Canberra, Australia. He was a Post-doctoral Fellow at UNSW Canberra from June 2017 to December 2018. He received his PhD degree in Computing from UNSW, Australia, in 2017. He obtained his Bachelor and Master degree in Computer Science in 2009 and 2014, respectively, from the Faculty of Computer and Information, Helwan University, Egypt. His areas of interest include Cyber Security, particularly network security, IoT security, intrusion detection systems, statistics, deep learning and machine learning techniques. He has several research grants from industry and defence sponsors, such as Australia's Cyber Security Cooperative Defence Centre, Australian Defence Science and Technology Group, and the Canadian Department of National Defence. He has been awarded the 2020 prestigious Australian Spitfire Memorial Defence Fellowship award. He is also a Senior IEEE Member, ACM Distinguished Speaker, and Spitfire Fellow. He has served his academic community as the guest associate editor of multiple journals, such as IEEE Transactions on Industrial Informatics, IEEE Systems, IEEE IoT Journal, IEEE Access, Ad Hoc Networks, and the Journal of Parallel and Distributed Computing. He has also served over seven leadership conferences, including as vice-chair, session chair, Technical Program Committee (TPC) member and proceedings chair, including for the 20202021 IEEE TrustCom and 2020 33rd Australasian Joint Conference on Artificial Intelligence.