Introduction As an auditor as well as researcher and author, I realize and value the importance of timely, well−focused, accurate information. It is with this philosophy in mind that the development of this project was undertaken. To the reader, a note of explanation…. This is not a text, but rather a field manual. It has been written — better yet, compiled — and edited in a manner that will allow you to rapidly access a specific area of interest or concern and not be forced to sequentially wade through an entire text, chapter by chapter, to get to what is important to you. In the true sense of a field manual, each "chapter" (and we use that term loosely) stands on its own and presents focused, timely information on a specific topic related to cyber forensics. The author of each "chapter" was selected for his or her expertise in a specific area within the very broad field of cyber forensics. Often a limiting aspect of most projects, especially those written on emerging technical topics, is the inability to cover every aspect of the topic in a single all−inclusive text. This truth befalls this field manual that you are about to use. Initial research into this growing discipline proved that it would be next to impossible to include all the areas of both interest and importance in the field of cyber forensics that would be needed and required by all potential readers and users in a single text. Thus, this field manual presents specific and selected topics in the discipline of cyber forensics, and addresses critical issues facing the reader who is engaged in or who soon will be (and you will!) engaged in the preservation, identification, extraction, and documentation of computer evidence. As a user of this field manual, you will see that this manual's strength lies with the inclusion of an exhaustive set of chapters covering a broad variety of forensic subjects. Each chapter was thoroughly investigated; examined for accuracy, completeness, and appropriateness to the study of cyber forensics; reviewed by peers; and then compiled in a comprehensive, concise format to present critical topics of interest to professionals working in the growing field of cyber forensics. We finally had to select several key areas and put pen to paper, entice several colleagues to share their ideas, and resign ourselves to the fact that we cannot say all that needs to be said in one text, book, or manual. We trust the material we have included will serve as a starting point for the many professionals who are beginning their journey into this exciting discipline. We begin our journey into the realm of this relatively new discipline by opening with a brief discussion as to the current state of the environment relating to the need for this new field of forensics and then a brief examination of the origins of cyber forensics. Along the way, we will establish several basic definitions designed to assist the reader in moving easily through what could be difficult and confusing terrain. Although e−mail is becoming more mission−critical for enterprises, it also has the ability to haunt a company in times of trouble, because records of e−mail messages remain in the company systems after deletion — a feature highlighted during the Microsoft anti−trust trial. The case has featured critical testimony derived from old Microsoft e−mail messages. —InfoWorld, 10/25/99 7 Background The ubiquitous use of computers and other electronic devices is creating a rapidly rising wave of new and stored digital information. The massive proliferation of data creates ever−expanding digital information risks for organizations and individuals. Electronic information is easy to create, inexpensive to store, and virtually effortless to replicate. As a result, increasingly vast quantities of digital information reside on mass storage devices located within and without corporate information systems. Information risks associated with this data are many. For example, electronic data can often show — with a high degree of reliability — who said, knew, took, shared, had and did what, and who else might be involved in the saying, knowing, taking, sharing, having, and doing. For the corporation, the free flow of digital information means that the backdoor is potentially always open to loss. To put the explosive growth of electronic data in perspective, consider that Americans were expected to send and receive approximately 6.8 trillion e−mail messages in 2000 — or about 2.2 billion messages per day. [1] Although some of this e−mail is sent and received by individuals, most of it is being created by and sent from corporate mail servers. In 2000, the World Wide Web consisted of 21 terabytes of static HTML pages and is growing at a rate of 100 percent per year. [2] There are now about 2.5 billion indexed Web pages, increasing at the rate of 7.3 million pages per day. Demand for digital storage is expected to grow by more than 1800 percent between 1998 and 2003. A midrange estimate of the amount of data currently stored on magnetic tape is 2.5 exabytes (an exabyte is 1 million terabytes), with another 2.5 exabytes stored on computer hard drives. [3] Contrasting the growth of paper pages and electronic documents adds additional perspective. The growth of recorded information doubles every three to four years. Over 93 percent of all information produced in 1999 was in digital format. About 80 percent of corporate information currently exists in digital form. Companies are expected to generate some 17.5 trillion electronic documents by 2005, up from approximately 135 billion in 1995. [4] Some 550 billion documents now exist online. There is more to this explosive growth than just "documents." Additional forms of electronic data originate from: Internet−based electronic commerce, online banking, and stock trading • Corporate use and storage of phone mail messages and electronic logs • Personal organizers, such as the Palm Pilot (worldwide PDA sales were expected to total about 6 million units in 2000 rising to 17 million in 2004.) • Wireless devices such as cell phones and pagers with contacts and task list storage (worldwide mobile phone sales were expected to total about 400 million in 2000, rising to 560 million in 2004 [5] ) • Digital cameras • Corporate use and storage of graphic images, audio, and video • These are several of the factors now at work in corporations that increase the risk of litigation and loss of confidential corporate data (from www.fiosinc.com/digital_risk.html, Fios, Inc. (877) 700−3467, 921 S.W. Washington Street, Suite 850, Portland, Oregon 97205) It is best to state up−front that the emphasis in any cyber forensic examination must be on the forensic element, and it is vital to understand that forensic computing, cyber forensics, or computer forensics is not solely about computers. It is about rules of evidence, legal processes, the integrity 8 and continuity of evidence, the clear and concise reporting of factual information to a court of law, and the provision of expert opinion concerning the provenance of that evidence: Companies are very concerned about the notion that anything they write electronically can be used again at any time. If you have to discipline yourself to think, "can this be misconstrued?" that greatly hampers your ability to communicate and introduces a huge level of inefficiency. —David Ferris, president of Ferris Research (San Francisco) [1] University of California at Berkeley, School of Information Management and Systems, October 2000, http://www.sims.berkeley.edu/how−much−info/. [2] University of California at Berkeley, School of Information Management and Systems, October 2000, http://www.sims.berkeley.edu/how−much−info/. [3] University of California at Berkeley, School of Information Management and Systems, October 2000, http://www.sims.berkeley.edu/how−much−info/. [4] Designing a Document Strategy: Documents…Technology…People. Craine, K., MC2 Books, 2000. [5] University of California at Berkeley, School of Informatio
- 1
- 粉丝: 172
- 资源: 2138
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助