The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics

by ;
  • ISBN13:


  • ISBN10:


  • Format: Paperback
  • Copyright: 2/24/2012
  • Publisher: Syngress Media Inc

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping On Orders Over $59!
    Your order must be $59 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $29.95 Save up to $15.72
  • Rent Book $17.97
    Add to Cart Free Shipping


Supplemental Materials

What is included with this book?

  • The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
  • The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.


The Basics of Digital Forensics will provide a foundation for people new to the digital forensics field.This book will teach people how to condusct examiniations by discussing what Digital Forensics is, the methodologies used, and the tools needed to perform examinations. The audience will learn how to prepare an investigative plan, as well as how to prepare for courtroom testimony. Learn all about what Digital Forensics entails Build a toolkit and prepare an investigative plan Understand the common artifacts to look for during an exam

Author Biography

John Sammons is an Assistant Professor at Marshall University in Huntington, West Virginia. John teaches digital forensics, electronic discovery, information security and technology in the Department of Integrated Science and Technology. He's also adjunct faculty with the Marshall University graduate forensic science program. He is the founder and Director of the Appalachian Institute of Digital Evidence. John, a former police officer, is also an investigator with the Cabell County Prosecuting Attorney's Office and a member of the FBI's West Virginia Cybercrime Task Force.

Table of Contents

Prefacep. xv
Acknowledgmentsp. xix
About The Authorp. xxi
About The Technical Editorp. xxiii
Introductionp. 1
Introductionp. 1
What Is Forensic Science?p. 2
What Is Digital Forensics?p. 2
Uses of Digital Forensicsp. 3
Criminal Investigationsp. 3
Civil Litigationp. 4
Intelligencep. 5
Administrative Mattersp. 6
Locard's Exchange Principlep. 7
Scientific Methodp. 7
Organizations of Notep. 7
Scientific Working Group on Digital Evidencep. 8
American Academy of Forensic Sciencesp. 8
American Society of Crime Laboratory Directors/Laboratory Accreditation Boardp. 9
National Institute of Standards and Technology (NIST)p. 9
American Society for Testing and Materials (ASTM)p. 9
Role of the Forensic Examiner in the Judicial Systemp. 10
The CSI Effectp. 10
Summaryp. 10
Referencesp. 11
Key Technical Conceptsp. 13
Introductionp. 13
Bits, Bytes, and Numbering Schemesp. 13
Hexadecimalp. 14
Binary to Text: ASCII and Unicodep. 14
File Extensions and File Signaturesp. 15
Storage and Memoryp. 16
Magnetic Disksp. 17
Flash Memoryp. IS
Optical Storagep. 18
Volatile versus Nonvolatile Memoryp. 18
Computing Environmentsp. 19
Cloud Computingp. 19
Data Typesp. 20
Active Datap. 20
Latent Datap. 21
Archival Datap. 21
File Systemsp. 21
Allocated and Unallocated Spacep. 22
Data Persistencep. 22
How Magnetic Hard Drives Store Datap. 23
Page File (or Swap Space)p. 25
Basic Computer Function-Putting it All Togetherp. 26
Summaryp. 27
Referencesp. 27
Labs and Toolsp. 29
Introductionp. 29
Forensic Laboratoriesp. 29
Virtual Labsp. 30
Lab Securityp. 30
Evidence Storagep. 31
Policies and Proceduresp. 32
Quality Assurancep. 32
Tool Validationp. 33
Documentationp. 34
Digital Forensic Toolsp. 35
Tool Selectionp. 36
Hardwarep. 36
Softwarep. 39
Accreditationp. 40
Accreditation versus Certificationp. 42
Summaryp. 43
Referencesp. 43
Collecting Evidencep. 45
Introductionp. 45
Crime Scenes and Collecting Evidencep. 46
Removable Mediap. 46
Cell Phonesp. 47
Order of Volatilityp. 49
Documenting the Scenep. 49
Photographyp. 50
Notesp. 51
Chain of Custodyp. 52
Marking Evidencep. 52
Cloningp. 52
Purpose of Cloningp. 54
The Cloning Processp. 54
Forensically Clean Mediap. 55
Forensic Image Formatsp. 55
Risks and Challengesp. 55
Value in eDiscoveryp. 56
Live System versus Dead Systemp. 56
Live Acquisition Concernsp. 56
Advantage of Live Collectionp. 57
Principles of Live Collectionp. 58
Conducting and Documenting a Live Collectionp. 58
Hashingp. 59
Types of Hashing Algorithmsp. 59
Hashing Examplep. 59
Uses of Hashingp. 60
Final Reportp. 61
Summaryp. 61
Referencesp. 62
Windows System Artifactsp. 65
Introductionp. 65
Deleted Datap. 66
Hibernation File (Hiberfile.sys)p. 66
Sleepp. 67
Hibernationp. 67
Hybrid Sleepp. 67
Registryp. 67
Registry Structurep. 68
Attributionp. 69
External Drivesp. 70
Print Spoolingp. 70
Recycle Binp. 70
Metadatap. 72
Removing Metadatap. 74
Thumbnail Cachep. 75
Most Recently Used (MRU)p. 76
Restore Points and Shadow Copyp. 76
Restore Pointsp. 76
Shadow Copiesp. 77
Prefetchp. 78
Link Filesp. 78
Installed Programsp. 79
Summaryp. 79
Referencesp. 80
Antiforensicsp. 81
Introductionp. 81
Hiding Datap. 83
Encryptionp. 83
What Is Encryption?p. 83
Early Encryptionp. 84
Algorithmsp. 85
Key Spacep. 86
Some Common Types of Encryptionp. 86
Breaking Passwordsp. 88
Password Attacksp. 89
Brute Force Attacksp. 89
Password Resetp. 90
Dictionary Attackp. 90
Steganographyp. 92
Data Destructionp. 94
Drive Wipingp. 94
Summaryp. 100
Referencesp. 100
Legalp. 103
Introductionp. 103
The Fourth Amendmentp. 104
Criminal Law-Searches without a Warrantp. 104
Reasonable Expectation of Privacyp. 104
Private Searchesp. 105
E-mailp. 105
The Electronic Communications Privacy Act (ECPA)p. 105
Exceptions to the Search Warrant Requirementp. 105
Searching with a Warrantp. 108
Seize the Hardware or Just the Information?p. 109
Particularityp. 109
Establishing Need for Off-Site Analysisp. 109
Stored Communications Actp. 110
Electronic Discovery (eDiscovery)p. 111
Duty to Preservep. 111
Private Searches in the Workplacep. 112
Expert Testimonyp. 113
Summaryp. 114
Referencesp. 115
Internet and E-Mailp. 117
Introductionp. 117
Internet Overviewp. 117
Peer-to-Peer (P2P)p. 119
The INDEX.DAT Filep. 120
Web Browsers-Internet Explorerp. 120
Cookiesp. 120
Temporary Internet Files, a.k.a. web Cachep. 121
Internet Historyp. 122
Internet Explorer Artifacts in the Registryp. 123
Chat Clientsp. 124
Internet Relay Chat (IRC)p. 125
ICQ "I Seek You"p. 125
E-Mailp. 126
Accessing E-mailp. 126
E-mail Protocolsp. 126
E-mail as Evidencep. 126
E-mail-Covering the Trailp. 127
Tracing E-mailp. 127
Reading E-mail Headersp. 128
Social Networking Sitesp. 129
Summaryp. 129
Referencesp. 130
Network Forensicsp. 131
Introductionp. 131
Social Engineeringp. 132
Network Fundamentalsp. 132
Network Typesp. 133
Network Security Toolsp. 135
Network Attacksp. 135
Incident Responsep. 137
Network Evidence and Investigationsp. 139
Network Investigation Challengesp. 141
Summaryp. 141
Referencesp. 142
Mobile Device Forensicsp. 145
Introductionp. 145
Cellular Networksp. 146
Cellular Network Componentsp. 147
Types of Cellular Networksp. 148
Operating Systemsp. 149
Cell Phone Evidencep. 150
Call Detail Recordsp. 151
Collecting and Handling Cell Phone Evidencep. 152
Subscriber Identity Modulesp. 154
Cell Phone Acquisition: Physical and Logicalp. 155
Cell Phone Forensic Toolsp. 155
Global Positioning Systems (GPS)p. 157
Summaryp. 161
Referencesp. 161
Looking Ahead: Challenges and Concernsp. 163
Introductionp. 163
Standards and Controlsp. 164
Cloud Forensics (Finding/Identifying Potential Evidence Stored in the Cloud)p. 165
What Is Cloud Computing?p. 165
The Benefits of the Cloudp. 166
Cloud Forensics and Legal Concernsp. 166
Solid State Drives (SSD)p. 167
How Solid State Drives Store Datap. 167
The Problem: Taking out the Trashp. 168
Speed of Changep. 169
Summaryp. 170
Referencesp. 171
Indexp. 173
Table of Contents provided by Ingram. All Rights Reserved.

Rewards Program

Write a Review