±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 35974
New Yesterday: 1 Visitors: 139

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Watson & Jones: Digital Forensics Processing and Procedures

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

athulin
Senior Member
 

Watson & Jones: Digital Forensics Processing and Procedures

Post Posted: Dec 24, 17 09:06

I just got my hands on this volume ... and I find that it's not a particular quick or easy read, nor do I find the information I would like to find present in the index ... but then I suspect it's more targeted towards management.

Has anyone any reasoned opinions on it?

What prompted me to get it was the 'Meeting the Requirements if ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements' subtitle ... but I'm beginning to regret it: all those appendixes, and the detailed description of possible evidence ("Printer: A method for printing hard copy images" ... and 'order of volatility' including CPU registers, which is true, but not useful)  
 
  

trewmte
Senior Member
 

Re: Watson & Jones: Digital Forensics Processing and Procedu

Post Posted: Dec 24, 17 18:52

Yes I have this book and referred to it on a number of occasions. The description of the book on page XXI is fairly stated. Anyone can learn from the book (not only management), but it doesn't set out how specifically to perform a particular task. It is worth having a copy, but you will still need to develop your own specific written procedures.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

thefuf
Senior Member
 

Re: Watson & Jones: Digital Forensics Processing and Procedu

Post Posted: Dec 24, 17 20:26

Page 392:
All forensic acquisition of media from exhibits must be carried out using approved write blockers wherever possible...


What type of write blockers? Hardware write blockers can write to an evidence drive even without a command from a host. Also, hardware write blockers can block access to some sectors.

Page 393:
Consideration should be given, if a write blocker is not available to using the Linux Dynamic Dump "dd" command as this can prevent writing to the device by default.


Wrong.

The "dd" command cannot prevent writing to a drive. It does not have such functionality.

Linux tools do not need a write blocker, as the disk can be mounted read only...


This is wrong. Again. In order to mount a file system read-only, you need to patch the kernel. Also, the mount process is not the only dangerous action performed by a Linux-based operating system (be sure to activate Linux LVM & Linux RAID volumes in the read-only mode too).

---

When talking about validation, be sure to mention the following topics: extracting firmware from a hardware device, extracting firmware from an update package, unpacking firmware, IDA Pro.

Page 280:

Section 7.5.5.6 describes a typical black-box testing approach. Do not rely on black-box tests only! Why? Read this short paper: github.com/msuhanov/Li...ockers.pdf  
 
  

benfindlay
Senior Member
 

Re: Watson & Jones: Digital Forensics Processing and Procedu

Post Posted: Jan 19, 18 10:58

I just wanted to draw attention to the following, from the Glossary, on page e4:

Browser Short for Web Browser.
A software application used to locate and display Web pages.
The two most popular browsers are Netscape Navigator and Microsoft Internet Explorer.


Shocked
_________________
Ben Findlay. BSc (Hons) MSc PgCLTHE FHEA MBCS MCSFS MIScT MInstISP
Course Leader BSc Computer and Digital Forensics
School of Science, Engineering and Design
Teesside University 
 

Page 1 of 1