Foreword
Rob Lee
Director, MANDIANT, Inc. Digital Forensic Curriculum Lead and Faculty Fellow, The SANS Institute
Everywhere around you, you can find a digital storage device within arm's reach. We have “Electronic Attention Deficit Disorder:” our concentration being pulled from one device to another.
You use a mobile device where you make your phone calls, send text messages, post on Twitter, all while surfing the web. You use a computer to communicate, pay bills, order groceries, or even watch television. You probably also use one or more of the following devices on a daily basis: GPS, video game system, eReader, MP3 player, digital video recorder, or more.
For better or worse, our lives—our personal/private data—are recorded on these devices moment-by-moment. As a result, we are seeing the rise in crimes, civil litigation cases, and computer security incidents that exploit your data found on these devices. This Handbook is a powerful resource for investigating these cases and analyzing evidence on computers, networks, mobile devices and other embedded systems.
The demand for digital forensic professionals to analyze these devices has increased due to the sheer number of cases that organizations now face. Major incidents such as TJX, Heartland, and Hannaford may have drawn the most media attention, but attacks against small, medium, and large businesses that include data breaches, fund transfers, and intellectual property theft are no longer rare. And these security breaches are costing organizations millions of dollars. For the digital forensic investigator, he or she must be able to effectively respond, investigate, and ultimately answer difficult questions. As criminal cases continue collecting a subject's or victim's cell phone, computer, and other electronic devices to solve a crime, and as civil lawsuits introduce electronically stored evidence, the investigator's role is crucial.
For all of us, the digital forensic profession grows more challenging. We no longer analyze just a desktop system for evidence. In many cases, we examine an enterprise network with more than 1,000 nodes, a mobile device, or even a portable game system. The skills and the knowledge required to meet the increasing demands placed on a digital forensic investigator today are immense. That is why this Handbook helps us all. It sets the mark for an in-depth examination of the diversity that encompasses today's digital forensic field.
Digital Forensics is undergoing a transition from a perceived ad hoc field into a scientific one that requires detailed analysis combined with a variety of sound and proven methods. One of the main themes that struck me while reading this Handbook is the strong case made for why a scientific foundation is crucial to analyze a case successfully. The Handbook is organized by the old and new disciplines in the digital forensic field where the new breakthroughs are occurring daily. From network and mobile device forensics to traditional forensics using the latest techniques against UNIX, Apple Macintosh, and Microsoft Windows operating systems, this Handbook offers details that are extremely cutting edge and provides new approaches to digital based investigations—from data theft breaches to intellectual property theft. I particularly enjoy the sections that provide detailed explanations in straightforward terms; they offer good ideas that I hope to use in my own forensic reports.
When I first picked up the Handbook, I was impressed with the depth and scope of expertise of the assembled author team. Many led the investigations noted above and those that made national headlines in the past ten years. If you had the ability to truly call a digital forensic “A-Team” together to help with a case, these authors would comprise the majority of that team. We are fortunate that they bring their hard-core practical experiences to each and every chapter.
It is clear that this Handbook will become a must read for new and seasoned investigators alike.
I urge you to read and understand the principles presented in the following pages. True scientific analyses that use the techniques presented here will allow you to solve your cases. I hope you enjoy the Handbook as much as I have. My hat is off to the authors for their continued contributions to the digital forensic field and for coming together to produce this Handbook.

Bio:

Rob Lee is a Director for MANDIANT (http://www.mandiant.com), a leading provider of information security consulting services and software to Fortune 500 organizations and the U.S. Government. Rob is also the Curriculum Lead for Digital Forensic Training at the SANS Institute (http://forensics.sans.org). Rob has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. After graduating from the U.S. Air Force Academy, he served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he served as a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, Rob worked directly with a variety of U.S. government agencies in the law enforcement, Department of Defense, and intelligence communities. He provided the technical lead for a vulnerability discovery and exploit development team, ran a cyber forensics branch, and led a computer forensic and security software development team. Rob is coauthor of the bestselling book, Know Your Enemy, 2nd Edition, and was named “Digital Forensic Examiner of the Year” by the Forensic 4Cast 2009 Awards. Rob holds a bachelor's degree from the U.S. Air Force Academy and his MBA from Georgetown University.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset