Computer Forensics JumpStart

D

data. See also extracting information from data

collecting volatile, 100-103

credibility and authenticity of, 53

extraction from PDAs, 107-108

recovery, 2-3

sampling, 88

Data Encryption Standard (DES), 149

key length, 153

Data Recon LLC, 250

data unit layer, Sleuth Kit and, 180

date stamps, 7, 203

dcalc tool (Sleuth Kit), 180

dcat tool (Sleuth Kit), 180

dd utility, 112, 164 , 164 , 268

Declasfy utility, 177

decrypting , 146, 268

brute force attack, 158

chosen plaintext attack, 158-159

known plaintext attack, 158

real world scenario, 157-158

Decryption Collection, 178

deducing passwords, 142-143

Defense Threat Reduction Agency (DTRA), 8

deleted files, 126-127

demonstrative evidence, 57-58

denial of service (DoS) attack, 130

deoxyribonucleic acid (DNA), 268

Department of Public Safety, 12

deposition, 56-57, 224

desktop, 23, 268

Deutch, John, 24

diagrams, in analysis report, 198-199

DIBS group , 251

computer forensic training courses, 14

dictionary attack, 145, 268

Digital Disclosure, Inc., 250

digital evidence, search for, 56

Digital Forensic Research Workshop, 249

Digital Intelligence, 251

Forensic Recovery of Evidence Device (F.R.E.D), 188-189

Digital Investigation, 249

Digital Mountain, Inc., 250

digital photographs, value of, 53-54

direct examination, 224, 268

disaster recovery, 8, 268

disk drives , proper handling, 61-62

disk imaging and validation tools, 162-172 , 268

ByteBack, 113, 163 , 163

dd utility, 112, 164 , 164 , 268

DriveSpy, 165 , 185

EnCase, 165-166 . See also EnCase

Forensic Replicator, 166 , 166-167 , 178

FTK Imager, 167 , 167-168

Norton Ghost, 104, 168 , 250

ProDiscover, 168-169 , 169 , 182 , 182

SafeBack, 113, 170

SMART, 170 , 170-171 , 250

WinHex, 98, 105 , 112, 171-172 , 251, 273

DiskJockey File Viewer, 185 , 251

distributed denial of service (DDoS) attack, 74, 268

dlc tool (Sleuth Kit), 180

DNA analysis, 225

documentary evidence, 55-56 , 268

identification, 79-80

documentation, 64-65 . See also report on investigation

chain of custody, 60

explaining in court , 230

for gathered evidence, 201-204

image and tool, 108-109

importance to jury, 230

of investigation, 56

with photographs, 74

Domain Name Service (DNS), 125

DOS (Disk Operating System), 37

dress, for court appearance, 226

DriveLock, 70

DriveSpy, 165 , 185

DSL modem, 28

dstat tool (Sleuth Kit), 180

dtSearch, 185-186 , 250

dual-boot system, 134, 268

duplication, hard disk drives, 103-107