The intent is to cover the theory, research, development, and applications of Big Data, as embedded in the fields of engineering, computer science, physics, economics and life sciences.
Studies in Big Data 116 Nhien-An Le-Khac Kim-Kwang Raymond Choo A Practical Hands-on Approach to Database Forensics Studies in Big Data Volume 116 Series Editor Janusz Kacprzyk, Polish Academy of Sciences, Warsaw, Poland The series “Studies in Big Data” (SBD) publishes new developments and advances in the various areas of Big Data- quickly and with a high quality.
Table of contents : Foreword Acknowledgements Contents About the Authors 1 Databases in Digital Forensics 1.1 Introduction 1.2 Organization of This Book References 2 Database Forensics 2.1 Introduction to Databases 2.1.1 What Is a Database? 2.1.2 Database Management System (DBMS) 2.1.3 Database Types and Users 2.2 Relational Databases 2.2.1 Basic Concepts 2.2.2 Database Design 2.3 Structured Query Language (SQL) 2.3.1 SQL and SQLite 2.3.2 SQLite Basic Commands 2.4 Database Forensics 2.5 Examples 2.5.1 IOS Database Investigation 2.5.2 WhatsApp Database Forensics 2.6 Summary References 3 Signal Instant Messenger Forensics 3.1 Introduction 3.2 Basic Features 3.2.1 Signal Messenger 3.2.2 Disappearing Messages 3.2.3 Delete for Everyone 3.2.4 View-Once Media 3.2.5 Mark as Unread 3.2.6 Show in Suggestions 3.2.7 Backup and Restore Messages 3.3 Related Work 3.4 Forensic Methods 3.4.1 Experimental Platforms 3.4.2 Datasets 3.4.3 Forensic Scenarios 3.4.4 Forensic Acquisition and Analysis of Signal 3.4.5 Forensic Analysis 3.5 Findings and Discussion 3.5.1 Signal Account Take Over 3.5.2 Signal Activity Monitoring with Linked Device 3.5.3 Signal Group Chat 3.5.4 Use Signal as Source of OSINT 3.5.5 Forensic Acquisition and Analysis of Signal 3.6 Discussion 3.6.1 General Process to Handle Signal 3.6.2 Signal Data and Database 3.6.3 Signal Investigation Without Physical Devices 3.7 Summary References 4 Forensic Analysis of the qTox Messenger Databases 4.1 Introduction 4.2 Background Concepts 4.2.1 QTox Client 4.2.2 The Tox ID 4.3 Related Work 4.4 Why qTox Database Forensics? 4.5 Methodology 4.5.1 Artifact Definitions 4.5.2 Experimental Environments 4.5.3 Data Population 4.5.4 Acquisition of Data 4.5.5 Forensic Analysis of Data 4.6 Findings and Discussions 4.6.1 Recovered Artifacts Found in the Image Files 4.6.2 Recovered Artifacts Found in the Memory Dump 4.6.3 Recovered Artifacts Found in the Database Files 4.6.4 Discussion 4.7 Summary References 5 PyBit Forensic Investigation 5.1 Introduction 5.2 Basic Features 5.2.1 Bitmessage Concept 5.2.2 Data Encryption 5.2.3 BitMessage Networking Concept 5.2.4 BitMessage Implementations and Applications 5.3 Criminal Usage of the BitMessage System and Investigation Challenges 5.3.1 Illegal Transactions 5.3.2 Blackmailing of Politicians and Celebrities 5.3.3 Command and Control Communication of the Chimera Malware 5.3.4 Investigation Issues 5.4 Adopted Approach 5.4.1 Identification of Recipients 5.4.2 Network Surveillance 5.4.3 Forensic Information Gathering 5.5 Summary References 6 Database Forensics for Analyzing Data Loss in Delayed Extraction Cases 6.1 Introduction 6.2 Background 6.2.1 iOS SQLite Databases 6.2.2 SQLite Vacuuming 6.3 Methodology 6.4 Database Analyzing of iOS 6.4.1 iPhones for Conducting the Research 6.4.2 Platforms and Forensic Tools 6.4.3 Extraction Phase and Timeline 6.4.4 Artifacts of Interest 6.4.5 Analysis Approaches 6.5 Experiments and Findings 6.5.1 iOS Application and Database Analysis 6.5.2 Timeline and iOS Analysis 6.6 Discussion and Analysis 6.6.1 Comparison Analysis 6.6.2 iOS Application and Database Analysis 6.6.3 Timeline and iOS Analysis 6.7 Summary References 7 IoT Database Forensics-A Case Study with Video Door Bell Analysis 7.1 Introduction 7.2 Related Work 7.3 Why Video Doorbell Analysis? 7.4 Methodology 7.5 Experiments and Evaluation 7.5.1 Experimental Platforms 7.5.2 Investigation of the Video Doorbell 7.5.3 Network Examination 7.5.4 Smartphone Application 7.5.5 Securing Data 7.5.6 Law and Guidelines 7.6 Conclusion References 8 Web Browser Forensics-A Case Study with Chrome Browser 8.1 Introduction 8.1.1 Web Browser Forensics 8.1.2 Google Chrome 8.1.3 Forensic Tool Gone Wrong 8.1.4 Environment Variables 8.1.5 Epoch Time or WebKit Time 8.2 Chrome Artifacts Folder 8.3 Profiles 8.4 User Profile Preferences 8.5 Analyzing SQLite Files 8.5.1 Secure_Delete 8.5.2 Analysis Tools 8.6 History and Typed URLs 8.6.1 SQLite Tables of Interest 8.7 Downloads 8.8 Search Terms 8.9 Form Data 8.10 Bookmarks 8.11 Other 8.12 Summary References Recommend Papers