Cyber Crime and Cyber Terrorism

79
 
Ram analysis
that the evidence found is without bias, and that it is found independently of case 
specifics (see Chapter 8).
While the focus of the forensic investigation will be governed by the remit pre-
sented, in most cases the digital evidence collected will be composed of one or more 
of the artifacts listed in 
Table 7.1
.
The methods for how these artifacts are discovered will be discussed in the fol-
lowing sections.
ANTI-FORENSICS
Malicious hackers are becoming increasingly aware of forensic analysis methods. 
As a result they often implement counter measures to prevent an investigator har-
vesting useful evidence. This practice is referred to as anti-forensics, or sometimes 
counter forensics. In essence the practice involves eliminating or obfuscating evi-
dence relating to criminal activity or malicious intent. With this in mind, the pri-
mary focus of this section is to discuss hard disk media storage forensics, with a 
focus on identifying where to uncover evidence stored in obscurely formatted areas 
of the media; areas which are either immune to anti-forensics or which simply may 
not have been considered by the suspect. Typical forensic analysis techniques are 
also discussed briefly in this section, and due to the increasing tolerance of courts 
in accepting RAM analysis as admissible, this too is discussed (see Chapter 8).
RAM ANALYSIS
If a RAM dump was taken from the image then it should be analyzed on a separate 
machine to avoid evidence contamination. There are many tools which can be used 
for RAM analysis; worthy of note is the tool Volatility, which is gaining a reputation 

Download 5,67 Mb.

Do'stlaringiz bilan baham: