did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9781118273661

Cyber Forensics From Data to Digital Evidence

by ;
  • ISBN13:

    9781118273661

  • ISBN10:

    1118273664

  • Edition: 1st
  • Format: Hardcover
  • Copyright: 2012-05-01
  • Publisher: Wiley

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $80.00 Save up to $28.00
  • Rent Book $52.00
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 24-48 HOURS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

An explanation of the basic principles of data This book explains the basic principles of data as building blocks of electronic evidential matter, which are used in a cyber forensics investigations. The entire text is written with no reference to a particular operation system or environment, thus it is applicable to all work environments, cyber investigation scenarios, and technologies. The text is written in a step-by-step manner, beginning with the elementary building blocks of data progressing upwards to the representation and storage of information. It inlcudes practical examples and illustrations throughout to guide the reader.

Author Biography

Albert J. Marcella, Jr., PhD, CISA, CISM, is President of Business Automation Consultants, LLC, a global information technology and management consulting firm providing IT management consulting, audit and security reviews, and training. He is an internationally recognized public speaker, researcher, workshop and seminar leader, and an author of numerous articles and books on various IT, audit, and security related subjects.

Frederic Guillossou, CISSP, CCE, is an Information Security Analyst with TALX, a division of Equifax. He regularly trains on intrusion prevention systems and has successfully led a number of forensic investigations in the field.

Table of Contents

Prefacep. xiii
Acknowledgmentsp. xvii
The Fundamentals of Datap. 1
Base 2 Numbering System: Binary and Character Encodingp. 2
Communication in a Two-State Universep. 3
Electricity and Magnetismp. 3
Building Blocks: The Origins of Datap. 4
Growing the Building Blocks of Datap. 5
Moving Beyond Base 2p. 7
American Standard Code for Information Interchangep. 7
Character Codes: The Basis for Processing Textual Datap. 10
Extended ASCII and Unicodep. 10
Summaryp. 12
Notesp. 13
Binary to Decimalp. 15
American Standard Code for Information Interchangep. 16
Computer as a Calculatorp. 16
Why Is This Important in Forensics?p. 18
Data Representationp. 18
Converting Binary to Decimalp. 19
Conversion Analysisp. 20
A Forensic Case Example: An Application of the Mathp. 20
Decimal to Binary: Recap for Reviewp. 22
Summaryp. 23
The Power of HEX: Finding Slivers of Datap. 25
What the HEX?p. 26
Bits and Bytes and Nibblesp. 27
Nibbles and Bitsp. 29
Binary to HEX Conversionp. 30
Binary (HEX) Editorp. 34
The Needle within the Haystackp. 39
Summaryp. 41
Notesp. 42
Filesp. 43
Openingp. 44
Files, File Structures, and File Formatsp. 44
File Extensionsp. 45
Changing a File's Extension to Evade Detectionp. 47
Files and the HEX Editorp. 53
Files Signaturep. 55
ASCII Is Not Text or HEXp. 57
Value of File Signaturesp. 58
Complex Files: Compound, Compressed, and Encrypted Filesp. 59
Why Do Compound Files Exist?p. 60
Compressed Filesp. 61
Forensics and Encrypted Filesp. 64
The Structure of Ciphersp. 65
Summaryp. 66
Notesp. 67
Common File Extensionsp. 68
Files Signature Databasep. 73
Magic Number Definitionp. 77
Compound Document Headerp. 79
The Boot Process and the Master Boot Record (MBR)p. 85
Booting Upp. 87
Primary Functions of the Boot Processp. 87
Forensic Imaging and Evidence Collectionp. 90
Summarizing the BIOSp. 92
BIOS Setup Utility: Step by Stepp. 92
The Master Boot Record (MBR)p. 96
Partition Tablep. 102
Hard Disk Partitionp. 103
Summaryp. 110
Notesp. 111
Endianness and the Partition Tablep. 113
The Flavor of Endiannessp. 114
Endiannessp. 116
The Origins of Endianp. 117
Partition Table within the Master Boot Recordp. 117
Summaryp. 125
Notesp. 127
Volume versus Partitionp. 129
Tech Reviewp. 130
Cylinder, Head, Sector, and Logical Block Addressingp. 132
Volumes and Partitionsp. 138
Summaryp. 142
Notesp. 144
File Systems-FAT 12/16p. 145
Tech Reviewp. 145
File Systemsp. 147
Metadatap. 149
File Allocation Table (FAT) File Systemp. 153
Slackp. 157
HEX Review Notep. 160
Directory Entriesp. 161
File Allocation Table (FAT)p. 163
How Is Cluster Size Determined?p. 167
Expanded Cluster Sizep. 169
Directory Entries and the FATp. 170
FAT Filing System Limitationsp. 174
Directory Entry Limitationsp. 176
Summaryp. 177
Partition Table Fieldsp. 179
File Allocation Table Valuesp. 180
Directory Entry Byte Offset Descriptionp. 181
FAT 12/16 Byte Offset Valuesp. 182
FAT 32 Byte Offset Valuesp. 184
The Power of 2p. 186
File Systems-NTFS and Beyondp. 189
New Technology File Systemp. 189
Partition Boot Recordp. 190
Master File Tablep. 191
NTFS Summaryp. 195
exFATp. 196
Alternative Filing System Conceptsp. 196
Summaryp. 203
Notesp. 204
Common NTFS Systems Defined Attributesp. 205
Cyber Forensics: Investigative Smart Practicesp. 207
The Forensic Processp. 209
Forensic Investigative Smart Practicesp. 211
The Initial Contact, the Requestp. 211
Evidence Handlingp. 216
Acquisition of Evidencep. 221
Data Preparationp. 229
Timep. 238
Summaryp. 239
Notep. 240
Time and Forensicsp. 241
What Is Time?p. 241
Network Time Protocolp. 243
Timestamp Datap. 244
Keeping Track of Timep. 245
Clock Models and Time Bounding: The Foundations of Forensic Timep. 247
MS-DOS 32-Bit Timestamp: Date and Timep. 248
Date Determinationp. 250
Time Determinationp. 254
Time Inaccuracyp. 258
Summaryp. 259
Notesp. 260
Investigation: Incident Closurep. 263
Forensic Investigative Smart Practicesp. 264
Investigation (Continued)p. 264
Communicate Findingsp. 265
Characteristics of a Good Cyber Forensic Reportp. 266
Report Contentsp. 268
Retention and Curation of Evidencep. 269
Investigation Wrap-Up and Conclusionp. 273
Investigator's Role as an Expert Witnessp. 273
Summaryp. 279
Notesp. 280
A Cyber Forensic Process Summaryp. 283
Binaryp. 284
Binary-Decimal-ASCIIp. 285
Data Versus Codep. 287
HEXp. 288
From Raw Data to Filesp. 288
Accessing Filesp. 289
Endiannessp. 290
Partitionsp. 291
File Systemsp. 291
Timep. 292
The Investigation Processp. 292
Summaryp. 295
Appendix: Forensic Investigations, ABC Inc.p. 297
Glossaryp. 303
About the Authorsp. 327
Indexp. 329
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program