Forensic Computing

Mohamed Hamdi, National Digital Certification Agency, Tunisia

Noureddine Boudriga, National Digital Certification Agency and University of Carthage, Tunisia

M. S. Obaidat, Monmouth University

Introduction and Foundations of Computer Forensics


Computer Forensic Process

Computer Evidence Requirements

Disk Forensics

Storing Data in Computers

Hiding and Recovering Information from Hard Disks

Cryptanalysis: Breaking Attackers' Ciphers and Codes

Steganography and Digital Watermarking

Identifying the Source of Network Attacks

Computer Network Attack Features

IP Marking Approaches

Edge Sampling Algorithm and Fragment Marking Scheme

Advanced and Authenticated Marking Schemes

Deterministic Packet Marking

Hash-Based IP Trace-Back

Connection Chain Identification

Thumb Printing

Interpacket Delay-Based Tracing

Discovering Attack Steps

Statistical Computer Forensics

Computer Forensics and Artificial Intelligence

Legal Issues

Enhancing the Existing Infrastructure

Improving Standards, Protocols, and Regulation

Improving Theory

Improving Industry Support

Improving Human Skills

Concluding Remarks

Cross References



In this section, we present the main concepts, background information, and foundations of computer forensics.


In 2001, computer forensics was defined as “the use of scientifically derived and proved methods toward the preservation, collection, validation, identification, analysis, interpretation, ...

Get Handbook of Information Security: Information Warfare, Social, Legal, and International Issues and Security Foundations, Volume 2 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.