Step-by-Step Computer Investigation Process in Digital Forensics | Chapter 5 from Learn Computer Forensics by William Oettinger

Step-by-Step Computer Investigation Process in Digital Forensics | Chapter 5 from Learn Computer Forensics by William Oettinger

Digital forensics is not just about recovering data—it's about telling the story behind the data. In Chapter 5 of Learn Computer Forensics (Second Edition), William Oettinger guides readers through the full lifecycle of a computer-based investigation, from planning and acquisition to deep analysis and timeline reconstruction. This chapter gives both aspiring and seasoned investigators a structured approach to uncovering the truth from digital evidence.

📺 Watch the complete chapter breakdown here:

Planning the Investigation

The chapter begins with a discussion on how to approach an investigation:

  • Kitchen sink approach: Collect everything, analyze broadly
  • Targeted approach: Focus on known scope, specific artifacts, or timeframe

Proper planning helps manage resources, avoid evidence spoliation, and prioritize relevant findings.

Timeline Analysis: Reconstructing Events

Oettinger introduces timeline analysis as a core technique in forensic investigations. This involves:

  • Using MAC times (Modified, Accessed, Created) to map user activity
  • Creating super timelines that compile multiple data sources for a chronological narrative
  • Leveraging tools like X-Ways Forensics, Plaso/log2timeline, and Timeline Explorer

Data sources such as event logs, browser histories, registry hives, and file system logs are key to validating timelines and pinpointing suspicious behavior.

Media Analysis: Digging Through Storage Devices

Oettinger walks through how to examine different forms of media:

  • Traditional HDDs, SSDs, USB drives, and optical discs
  • Allocated space: Currently used data blocks
  • Unallocated space: Previously deleted data that can still be recovered
  • Slack space: Unused areas within file clusters that may contain remnants of prior data
  • Bad sectors: Potential hiding spots for tampered or hidden data

Keyword Identification Using String Search and Regex

Investigators can extract meaningful patterns and content using:

  • String search: Simple keyword-based examination of media
  • Regular expressions (regex): Pattern-matching for emails, credit cards, IP addresses, and more

Tools like Autopsy and Plaso help automate and validate these searches.

Recovering Deleted Files: Data Carving Techniques

Oettinger explains how data carving allows forensic analysts to reconstruct deleted or fragmented files:

  • Understand allocated vs. unallocated clusters in FAT and NTFS
  • Use tools like Plaso and its commands (pinfo, psort, psteal) for timeline extraction
  • Recover file fragments from slack space and previously deleted partitions

This process can reveal images, documents, or malware that the suspect attempted to erase.

Book cover

Real-World Application of the Investigation Process

Oettinger supports his methodology with case examples and tool demonstrations. By the end of the chapter, the reader understands how to:

  • Plan and scope an investigation
  • Create and analyze forensic timelines
  • Search, filter, and extract meaningful evidence from complex file systems
  • Use open-source and professional tools to generate admissible reports

Conclusion

Chapter 5 emphasizes that digital investigations are only as strong as their methodology. By combining timeline analysis, media evaluation, and file recovery techniques, forensic investigators can reconstruct digital events with clarity and confidence.

🎓 To see how it all connects, watch the full video summary and learn how to apply these tools in real-world scenarios.

📘 Want more chapters like this? Dive into the full Learn Computer Forensics YouTube playlist from Last Minute Lecture.

If you found this breakdown helpful, be sure to subscribe to Last Minute Lecture for more chapter-by-chapter textbook summaries and academic study guides.

Comments

Post a Comment

Popular posts from this blog

Cognitive & Rational-Emotive Therapies — Chapter 10 Summary from Systems of Psychotherapy

Image
Cognitive & Rational-Emotive Therapies — Chapter 10 Summary from Systems of Psychotherapy Chapter 10 of Systems of Psychotherapy: A Transtheoretical Analysis explores the evolution and techniques of Cognitive Therapy (CT) and Rational-Emotive Behavior Therapy (REBT). Developed by Aaron Beck and Albert Ellis, these therapies target the root of emotional distress by challenging and changing maladaptive thought patterns. This in-depth summary, based on our podcast breakdown of Chapter 10 , explains the major concepts, therapeutic techniques, and clinical impact of these cognitive-based approaches. Watch the chapter summary above and subscribe to Last Minute Lecture for expert textbook guides and psychology study resources! The Foundations of Cognitive Therapy & REBT Cognitive therapies emerged in response to limitations of psychoanalysis and behaviorism, emphasizing the role of thoughts in shaping emotions and behaviors. Aaron Beck’s Cognitive Therapy and Albert E...
Read more

Behavior Therapies & Evidence-Based Practice — Chapter 9 Summary from Systems of Psychotherapy

Image
Behavior Therapies & Evidence-Based Practice — Chapter 9 Summary from Systems of Psychotherapy Chapter 9 of Systems of Psychotherapy: A Transtheoretical Analysis explores the robust field of behavior therapies, which focus on changing maladaptive behaviors through practical, empirical methods. These approaches, grounded in learning theory and continuous assessment, have become foundational in treating a range of psychological conditions. This expanded summary, based on our podcast-style breakdown of Chapter 9 , highlights the key techniques, theoretical foundations, and clinical applications of behavior therapy. Want a concise video guide? Watch the chapter summary above and subscribe to Last Minute Lecture for more psychology study resources! The Foundations of Behavior Therapy Behavior therapy focuses on observable, measurable changes in behavior rather than probing unconscious processes. Using empirical methods, therapists continuously assess and adjust treatmen...
Read more

The Chromosomal Basis of Inheritance — Sex-Linked Traits, Linked Genes, and Genetic Disorders Explained | Chapter 15 of Campbell Biology

Image
The Chromosomal Basis of Inheritance — Sex-Linked Traits, Linked Genes, and Genetic Disorders Explained | Chapter 15 of Campbell Biology Welcome to Last Minute Lecture! This post covers the chromosomal basis of inheritance, connecting Mendel’s laws to the behavior of chromosomes as described in Chapter 15 of Campbell Biology . Discover how genes are located on chromosomes, how sex-linked traits and linked genes are inherited, and how chromosomal alterations can result in genetic disorders. Watch the full video summary below and subscribe for clear, chapter-by-chapter genetics insights! Introduction: Chromosomes as the Carriers of Genetic Information The chromosome theory of inheritance links Mendel’s discoveries to chromosome behavior during meiosis, explaining how genes are transmitted from parents to offspring. Chromosomes segregate and assort independently, underlying the patterns of inheritance observed by Mendel. Sex-Linked Inheritance Sex-Linked Genes: Located ...
Read more