Finding Evidence in Memory
Attackers generally realize that their activities are illegal and, most presumably, prefer not to go to prison for their crimes. Therefore, hackers attempt to hide the evidence of their activities on their victims’ systems. To facilitate such covert behavior, hacker chat rooms and forums frequently have postings regarding the methods used by law enforcement to gather computer forensic evidence. Hackers post fairly accurate summaries of generally accepted forensic techniques and point out the vulnerabilities of those techniques—in effect hacking our procedures as well as their victims’ technology. One of the most common points made in these hacker discussions is the traditional focus of law-enforcement forensics on looking ...
Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.