did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780619131203

Guide to Computer Forensics and Investigations

by
  • ISBN13:

    9780619131203

  • ISBN10:

    0619131209

  • Edition: CD
  • Format: Paperback
  • Copyright: 2003-09-03
  • Publisher: Cengage Learning
  • View Upgraded Edition
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $133.95

Summary

Guide to Computer Forensics and Investigation presents methods to properly conduct a computer forensics investigation beginning with a discussion of ethics, while mapping to the objectives of the International Association of Computer Investigative Specialists (IACIS) certification.

Table of Contents

Chapter 1 Computer Forensics and Investigations as a Profession 1(28)
Understanding Computer Forensics
2(7)
Comparing Definitions of Computer Forensics
3(2)
Exploring a Brief History of Computer Forensics
5(2)
Developing Computer Forensics Resources
7(2)
Preparing for Computing Investigations
9(11)
Understanding Enforcement Agency Investigations
10(3)
Understanding Corporate Investigations
13(7)
Maintaining Professional Conduct
20(3)
Chapter Summary
23(1)
Key Terms
23(2)
Review Questions
25(2)
Hands-on Projects
27(1)
Case Projects
28(1)
Chapter 2 Understanding Computer Investigations 29(44)
Preparing a Computer Investigation
30(3)
Examining a Computer Crime
30(2)
Examining a Company-Policy Violation
32(1)
Taking a Systematic Approach
33(9)
Assessing the Case
34(2)
Planning Your Investigation
36(4)
Securing Your Evidence
40(2)
Understanding Data-Recovery Workstations and Software
42(7)
Setting Up Your Workstation for Computer Forensics
43(6)
Executing an Investigation
49(12)
Gathering the Evidence
50(1)
Copying the Evidence Disk
51(3)
Analyzing Your Digital Evidence
54(7)
Completing the Case
61(1)
Critiquing the Case
62(1)
Chapter Summary
63(1)
Key Terms
63(1)
Review Questions
64(2)
Hands-on Projects
66(5)
Case Projects
71(2)
Chapter 3 Working with Windows and DOS Systems 73(52)
Understanding File Systems
74(6)
Understanding the Boot Sequence
74(1)
Examining Registry Data
75(1)
Disk Drive Overview
76(4)
Exploring Microsoft File Structures
80(9)
Disk Partition Concerns
80(5)
Boot Partition Concerns
85(1)
Examining FAT Disks
85(4)
Examining NTFS Disks
89(9)
NTFS System Files
91(1)
NTFS Attributes
92(3)
NTFS Data Streams
95(1)
NTFS Compressed Files
95(1)
NTFS Encrypted File Systems (EFS)
95(1)
EFS Recovery Key Agent
96(1)
Deleting NTFS Files
97(1)
Understanding Microsoft Boot Tasks
98(5)
Windows XP, 2000, and NT Startup
98(2)
Windows XP System Files
100(3)
Understanding MS-DOS Startup Tasks
103(10)
Other DOS Operating Systems
104(9)
Chapter Summary
113(1)
Key Terms
114(3)
Review Questions
117(2)
Hands-on Projects
119(4)
Case Projects
123(2)
Chapter 4 Macintosh and Linux Boot Processes and Disk Structures 125(36)
Understanding the Macintosh File Structure
126(3)
Understanding Volumes
127(2)
Exploring Macintosh Boot Tasks
129(1)
Examining UNIX and Linux Disk Structures
130(11)
UNIX and Linux Overview
133(5)
Understanding modes
138(3)
Understanding UNIX and Linux Boot Processes
141(1)
Understanding Linux Loader
142(1)
UNIX and Linux Drives and Partition Scheme
142(1)
Examining Compact Disc Data Structures
142(3)
Understanding Other Disk Structures
145(6)
Examining SCSI Disks
145(1)
Examining IDE/EIDE Devices
146(5)
Chapter Summary
151(1)
Key Terms
152(3)
Review Questions
155(1)
Hands-on Projects
156(2)
Case Projects
158(3)
Chapter 5 The Investigator's Office and Laboratory 161(42)
Understanding Forensic Lab Certification Requirements
162(7)
Identifying Duties of the Lab Manager and Staff
162(1)
Balancing Costs and Needs
163(3)
Acquiring Certification and Training
166(3)
Determining the Physical Layout of a Computer Forensics Lab
169(14)
Identifying Lab Security Needs
169(1)
Conducting High-Risk Investigations
170(1)
Considering Office Ergonomics
171(2)
Environmental Conditions
173(1)
Lighting
174(1)
Structural Design Considerations
175(1)
Electrical Needs
176(1)
Communications
176(1)
Fire-suppression Systems
177(1)
Evidence Lockers
178(2)
Facility Maintenance
180(1)
Physical Security Needs
180(1)
Auditing a Computer Forensics Lab
181(1)
Computer Forensics Lab Floor Plan Ideas
181(2)
Selecting a Basic Forensic Workstation
183(4)
Selecting Workstations for Police Labs
184(1)
Selecting Workstations for Private and Corporate Labs
184(1)
Stocking Hardware Peripherals
185(1)
Maintaining Operating Systems and Application Software Inventories
185(1)
Using a Disaster Recovery Plan
186(1)
Planning for Equipment Upgrades
187(1)
Using Laptop Forensic Workstations
187(1)
Building a Business Case for Developing a Forensics Lab
187(2)
Creating a Forensic Boot Floppy Disk
189(7)
Assembling the Tools for a Forensic Boot Floppy Disk
189(7)
Retrieving Evidence Data Using a Remote Network Connection
196(1)
Chapter Summary
197(1)
Key Terms
198(1)
Review Questions
199(1)
Hands-on Projects
200(1)
Case Projects
201(2)
Chapter 6 Current Computer Forensics Tools 203(56)
Evaluating Your Computer Forensics Software Needs
204(14)
Using National Institute of Standards and Technology (NIST) Tools
204(3)
Using National Institute of Justice (NU) Methods
207(1)
Validating Computer Forensics Tools
207(11)
Using Command-Line Forensics Tools
218(6)
Exploring NTI Tools
219(2)
Exploring Ds2dump
221(1)
Reviewing DriveSpy
221(1)
Exploring PDBlock
221(1)
Exploring PDWipe
221(1)
Reviewing Image
222(1)
Exploring Part
222(1)
Exploring SnapBack DatArrest
222(1)
Exploring Byte Back
222(1)
Exploring MaresWare
223(1)
Exploring DIGS Mycroft v3
223(1)
Exploring Graphical User Interface (GUI) Forensics Tools
224(9)
Exploring AccessData Programs
224(1)
Exploring Guidance Software EnCase
225(1)
Exploring Ontrack
225(1)
Using BIAProtect
226(1)
Using LC Technologies Software
227(2)
Exploring WinHex Specialist Edition
229(1)
Exploring DIGS Analyzer Professional Forensic Software
230(1)
Exploring ProDiscover DFT
230(1)
Exploring DataLifter
231(1)
Exploring ASRData
232(1)
Exploring the Internet History Viewer
233(1)
Exploring Other Useful Computer Forensics Tools
233(5)
Exploring LTOOLS
233(1)
Exploring Mtools
233(1)
Exploring R-Tools
234(1)
Using Explore2fs
235(1)
Exploring @stake
235(1)
Exploring TCT and TCTUTILs
236(1)
Exploring ILook
236(1)
Exploring HashKeeper
237(1)
Using Graphic Viewers
237(1)
Exploring Hardware Tools
238(6)
Computing-Investigation Workstations
238(1)
Building Your Own Workstation
238(1)
Using a Write-blocker
239(1)
Using LC Technology International Hardware
239(1)
Forensic Computers
240(1)
DIGS
240(1)
Digital Intelligence
240(2)
Image MASSter Solo
242(1)
FastBloc
243(1)
Acard
243(1)
NoWrite
244(1)
Wiebe Tech Forensic DriveDock
244(1)
Recommendations for a Forensic Workstation
244(1)
Chapter Summary
244(1)
Key Terms
245(1)
Review Questions
246(2)
Hands-On Projects
248(9)
Case Projects
257(2)
Chapter 7 Digital Evidence Controls 259(32)
Identifying Digital Evidence
260(4)
Understanding Evidence Rules
261(3)
Securing Digital Evidence at an Incident Scene
264(4)
Cataloging Digital Evidence
268(3)
Lab Evidence Considerations
270(1)
Processing and Handling Digital Evidence
270(1)
Storing Digital Evidence
271(5)
Evidence Retention and Media Storage Needs
272(2)
Documenting Evidence
274(2)
Obtaining a Digital Signature
276(5)
Chapter Summary
281(1)
Key Terms
282(1)
Review Questions
283(1)
Hands-on Projects
284(5)
Case Projects
289(2)
Chapter 8 Processing Crime and Incident Scenes 291(36)
Processing Private-Sector Incident Scenes
292(5)
Processing Law Enforcement Crime Scenes
297(2)
Understanding Concepts and Terms Used in Warrants
298(1)
Preparing for a Search
299(9)
Identifying the Nature of the Case
299(1)
Identifying the Type of Computing System
300(1)
Determining Whether You Can Seize a Computer
300(1)
Obtaining a Detailed Description of the Location
301(3)
Determining Who Is in Charge
304(1)
Using Additional Technical Expertise
304(1)
Determining the Tools You Need
304(4)
Preparing the Investigation Team
308(1)
Securing a Computer Incident or Crime Scene
308(1)
Seizing Digital Evidence at the Scene
309(6)
Processing a Major Incident or Crime Scene
310(2)
Processing Data Centers with an Array of RAIDS
312(1)
Using a Technical Advisor at an Incident or Crime Scene
312(1)
Sample Civil Investigation
312(2)
Sample Criminal Investigation
314(1)
Collecting Digital Evidence
315(1)
Reviewing a Case
316(4)
Identifying the Case Requirements
317(1)
Planning Your Investigation
318(2)
Chapter Summary
320(1)
Key Terms
321(1)
Review Questions
322(2)
Hands-on Projects
324(1)
Case Projects
325(2)
Chapter 9 Data Acquisition 327(50)
Determining the Best Acquisition Method
328(2)
Planning Data Recovery Contingencies
330(1)
Using MS-DOS Acquisition Tools
331(17)
Understanding How DriveSpy Accesses Sector Ranges
331(2)
Data Preservation Commands
333(11)
Using DriveSpy Data Manipulation Commands
344(4)
Using Windows Acquisition Tools
348(7)
AccessData FTK Explorer
349(6)
Acquiring Data on Linux Computers
355(7)
Using Other Forensics Acquisition Tools
362(2)
Exploring SnapBack DatArrest
362(1)
Exploring SafeBack
363(1)
Exploring EnCase
364(1)
Chapter Summary
364(1)
Key Terms
365(1)
Review Questions
365(2)
Hands-On Projects
367(8)
Case Projects
375(2)
Chapter 10 Computer Forensic Analysis 377(62)
Understanding Computer Forensic Analysis
378(1)
Refining the Investigation Plan
378(1)
Using DriveSpy to Analyze Computer Data
379(17)
DriveSpy Command Switches
386(1)
DriveSpy Keyword Searching
386(1)
DriveSpy Scripts
387(2)
DriveSpy Data-Integrity Tools
389(2)
DriveSpy Residual Data Collection Tools
391(1)
Other Useful DriveSpy Command Tools
392(4)
Using Other Digital Intelligence Computer Forensics Tools
396(1)
Using PDBlock and PDWipe
396(1)
Using AccessData's Forensic Toolkit
396(4)
Performing a Computer Forensic Analysis
400(17)
Setting Up Your Forensic Workstation
401(1)
Performing Forensic Analysis on Microsoft File Systems
402(11)
UNIX and Linux Forensic Analysis
413(3)
Macintosh Investigations
416(1)
Addressing Data Hiding Techniques
417(9)
Hiding Partitions
417(2)
Marking Bad Clusters
419(1)
Bit-Shifting
420(4)
Using Steganography
424(2)
Examining Encrypted Files
426(1)
Recovering Passwords
426(1)
Chapter Summary
426(2)
Key Terms
428(1)
Review Questions
429(2)
Hands-On Projects
431(7)
Case Projects
438(1)
Chapter 11 E-mail Investigations 439(48)
Understanding Internet Fundamentals
440(4)
Understanding Internet Protocols
443(1)
Exploring the Roles of the Client and Server in E-mail
444(1)
Investigating E-mail Crimes and Violations
445(18)
Identifying E-mail Crimes and Violations
445(1)
Examining E-mail Messages
446(1)
Copying an E-mail Message
446(2)
Printing an E-mail Message
448(1)
Viewing E-mail Headers
448(10)
Examining an E-mail Header
458(3)
Examining Additional E-mail Files
461(1)
Tracing an E-mail Message
462(1)
Using Network Logs Related to E-mail
462(1)
Understanding E-mail Servers
463(9)
Examining UNIX E-mail Server Logs
465(3)
Examining Microsoft E-mail Server Logs
468(3)
Examining Novell GroupWise E-mail Logs
471(1)
Using Specialized E-mail Forensics Tools
472
Chapter Summary
415(61)
Key Terms
476
Review Questions
471(9)
Hands-on Projects
480(5)
Case Projects
485(2)
Chapter 12 Recovering Image Files 487(54)
Recognizing an Image File
488(3)
Understanding Bitmap and Raster Images
488(2)
Understanding Vector Images
490(1)
Metafle Graphics
490(1)
Understanding Image File Formats
490(1)
Understanding Data Compression
491(2)
Reviewing Lossless and Lossy Compression
492(1)
Locating and Recovering Image Files
493(24)
Identifying Image File Fragments
493(1)
Repairing Damaged Headers
494(11)
Reconstructing File Fragments
505(11)
Identifying Unknown File Formats
516(1)
Analyzing Image File Headers
517(8)
Tools for Viewing Images
520(1)
Understanding Steganography in Image Files
521(3)
Using Steganalysis Tools
524(1)
Identifying Copyright Issues with Graphics
525(2)
Chapter Summary
527(2)
Key Terms
529(1)
Review Questions
529(2)
Hands-on Projects
531(7)
Case Projects
538(3)
Chapter 13 Writing Investigation Reports 541(46)
Understanding the Importance of Reports
542(5)
Limiting the Report to Specifics
543(1)
Types of Reports
543(4)
Expressing an Opinion
547(10)
Designing the Layout and Presentation
551(1)
Litigation Support Reports versus Technical Reports
552(1)
Writing Clearly
553(1)
Providing Supporting Material
553(1)
Formatting Consistently
553(1)
Explaining Methods
554(1)
Data Collection
554(1)
Including Calculations
554(1)
Providing for Uncertainty and Error Analysis
554(1)
Explaining Results
555(1)
Discussing Results and Conclusions
555(1)
Providing References
555(2)
Including Appendices
557(1)
Providing Acknowledgments
557(1)
Formal Report Format
557(1)
Writing the Report
557(23)
Using FTK Demo Version
558(22)
Chapter Summary
580(1)
Key Terms
581(1)
Review Questions
581(3)
Hands-on Projects
584(1)
Case Projects
585(2)
Chapter 14 Becoming an Expert Witness 587(34)
Comparing Technical and Scientific Testimony
588(1)
Preparing for Testimony
588(4)
Documenting and Preparing Evidence
589(1)
Keeping Consistent Work Habits
589(1)
Processing Evidence
590(1)
Serving as a Consulting Expert or an Expert Witness
590(1)
Creating and Maintaining Your CV
591(1)
Preparing Technical Definitions
592(1)
Testifying in Court
592(7)
Understanding the Trial Process
592(1)
Qualifying Your Testimony and Voir Dire
593(1)
Addressing Potential Problems
594(1)
Testifying in General
594(1)
Presenting Your Evidence
594(2)
Using Graphics in Your Testimony
596(1)
Helping Your Attorney
596(1)
Avoiding Testimony Problems
596(1)
Testifying During Direct Examination
597(1)
Using Graphics During Testimony
598(1)
Testifying During Cross-Examination
599(5)
Exercising Ethics When Testifying
602(1)
Understanding Prosecutorial Misconduct
603(1)
Preparing for a Deposition
604(2)
Guidelines for Testifying at a Deposition
604(1)
Recognizing Deposition Problems
605(1)
Public Release: Dealing with Reporters
606(1)
Forming an Expert Opinion
606(2)
Determining the Origin of a Floppy Disk
606(2)
Chapter Summary
608(1)
Key Terms
608(1)
Review Questions
609(3)
Hands-on Projects
612(7)
Case Projects
619(2)
Appendix A Certification Test References 621(4)
IACIS Certification
621(1)
IACIS Computer Forensics Skills Expections
622(1)
Looking Up URLs
622(3)
Appendix B Computer Forensics References 625(14)
Quick References for Computing Investigators
625(4)
UNIX and Linux Common Shell Commands
627(2)
Sample Script for DriveSpy
629(1)
Overview of FAT Directory Structures
630(6)
Computer Forensics References
636(3)
Appendix C Procedures for Corporate High-Technology Investigations 639(10)
Procedures for Investigations
639(1)
Employee Termination Cases
639(2)
Internet Web Abuse Investigations
639(2)
E-mail Abuse Investigations
641(1)
Attorney-Client Privileged Investigations
641(2)
Media Leak Investigations
643(2)
Industrial Espionage Investigations
645(2)
Interviews and Interrogration in High-Technology Investigations
647(2)
Glossary 649(12)
Index 661

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program