did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780619217068

Guide to Computer Forensics and Investigations

by
  • ISBN13:

    9780619217068

  • ISBN10:

    0619217065

  • Edition: 2nd
  • Format: Paperback
  • Copyright: 2005-03-03
  • Publisher: Cengage Learning
  • View Upgraded Edition
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $162.95

Summary

This text offers a disciplined approach to implementing a comprehensive accident-response plan with a focus on being able to detect intruders, discover what damage they did and discover their identities.

Table of Contents

Computer Forensics and Investigations as a Profession
1(28)
Understanding Computer Forensics
2(7)
Computer Forensics Versus Other Related Disciplines
3(2)
A Brief History of Computer Forensics
5(3)
Developing Computer Forensics Resources
8(1)
Preparing for Computer Investigations
9(11)
Understanding Enforcement Agency Investigations
10(4)
Understanding Corporate Investigations
14(6)
Maintaining Professional Conduct
20(1)
Chapter Summary
21(1)
Key Terms
22(2)
Review Questions
24(1)
Hands-on Projects
25(1)
Case Projects
26(3)
Understanding Computer Investigations
29(50)
Preparing a Computer Investigation
30(2)
Examining a Computer Crime
30(2)
Examining a Company Policy Violation
32(1)
Taking a Systematic Approach
32(8)
Assessing the Case
34(1)
Planning Your Investigation
35(4)
Securing Your Evidence
39(1)
Understanding Data-Recovery Workstations and Software
40(6)
Setting Up Your Workstation for Computer Forensics
42(4)
Conducting an Investigation
46(2)
Gathering the Evidence
47(1)
Creating a Forensic Boot Floppy Disk
48(19)
Assembling the Tools for a Forensic Boot Floppy Disk
49(5)
Retrieving Evidence Data Using a Remote Network Connection
54(1)
Copying the Evidence Disk
54(4)
Creating a Bit-stream Image with FTK Imager
58(1)
Analyzing Your Digital Evidence
58(9)
Completing the Case
67(1)
Critiquing the Case
68(1)
Chapter Summary
69(1)
Key Terms
69(1)
Review Questions
70(2)
Hands-on Projects
72(5)
Case Projects
77(2)
The Investigator's Office and Laboratory
79(38)
Understanding Forensic Lab Certification Requirements
80(7)
Identifying Duties of the Lab Manager and Staff
80(1)
Lab Budget Planning
81(3)
Acquiring Certification and Training
84(3)
Determining the Physical Layout of a Computer Forensics Lab
87(13)
Identifying Lab Security Needs
88(1)
Conducting High-risk Investigations
88(1)
Considering Office Ergonomics
89(2)
Considering Environmental Conditions
91(1)
Considering Structural Design Factors
92(1)
Determining Electrical Needs
93(1)
Planning for Communications
94(1)
Installing Fire-Suppression Systems
94(1)
Using Evidence Containers
95(2)
Overseeing Facility Maintenance
97(1)
Considering Physical Security Needs
97(1)
Auditing a Computer Forensics Lab
97(1)
Determining Floor Plans for Computer Forensics Labs
98(2)
Selecting a Basic Forensic Workstation
100(4)
Selecting Workstations for Police Labs
101(1)
Selecting Workstations for Private and Corporate Labs
101(1)
Stocking Hardware Peripherals
102(1)
Maintaining Operating Systems and Application Software Inventories
102(1)
Using a Disaster Recovery Plan
103(1)
Planning for Equipment Upgrades
104(1)
Using Laptop Forensic Workstations
104(1)
Building a Business Case for Developing a Forensics Lab
104(6)
Preparing a Business Case for a Computer Forensics Lab
106(4)
Chapter Summary
110(1)
Key Terms
111(1)
Review Questions
112(1)
Hands-on Projects
113(1)
Case Projects
114(3)
Current Computer Forensics Tools
117(34)
Computer Forensics Software Needs
118(11)
Types of Computer Forensics Tools
118(1)
Tasks Performed by Computer Forensics Tools
119(8)
Tool Comparisons
127(1)
Other Considerations for Tools
128(1)
Computer Forensics Software
129(2)
Command-line Forensic Tools
129(1)
Unix/Linux Command-line Forensic Tools
130(1)
GUI Forensic Tools
130(1)
Computer Hardware Tools
131(3)
Computer Investigation Workstations
131(3)
Validating and Testing Forensic Software
134(4)
Using National Institute of Standards and Technology (NIST) Tools
134(2)
The Validation Protocols
136(2)
Chapter Summary
138(1)
Key Terms
138(1)
Review Questions
139(2)
Hands-on Projects
141(8)
Case Projects
149(2)
Processing Crime and Incident Scenes
151(46)
Collecting Evidence in Private-Sector Incident Scenes
152(5)
Processing Law Enforcement Crime Scenes
157(2)
Understanding Concepts and Terms Used in Warrants
158(1)
Preparing for a Search
159(6)
Identifying the Nature of the Case
159(1)
Identifying the Type of Computing System
160(1)
Determining Whether You Can Seize a Computer
160(1)
Obtaining a Detailed Description of the Location
160(1)
Determining Who Is in Charge
161(1)
Using Additional Technical Expertise
161(1)
Determining the Tools You Need
162(2)
Preparing the Investigation Team
164(1)
Securing a Computer Incident or Crime Scene
165(1)
Seizing Digital Evidence at the Scene
166(7)
Processing a Major Incident or Crime Scene
166(3)
Processing Data Centers with an Array of RAIDs
169(1)
Using a Technical Advisor at an Incident or Crime Scene
169(1)
Sample Civil Investigation
170(2)
Sample Criminal Investigation
172(1)
Reviewing a Case
173(16)
Identifying the Case Requirements
174(1)
Planning Your Investigation
175(14)
Chapter Summary
189(2)
Key Terms
191(1)
Review Questions
192(1)
Hands-on Projects
193(1)
Case Projects
194(3)
Digital Evidence Controls
197(26)
Identifying Digital Evidence
198(4)
Understanding Evidence Rules
198(4)
Securing Digital Evidence at an Incident Scene
202(1)
Cataloging Digital Evidence
203(3)
Lab Evidence Considerations
205(1)
Processing and Handling Digital Evidence
205(1)
Storing Digital Evidence
206(3)
Evidence Retention and Media Storage Needs
207(1)
Documenting Evidence
208(1)
Obtaining a Digital Hash
209(5)
Chapter Summary
214(1)
Key Terms
215(1)
Review Questions
215(2)
Hands-on Projects
217(4)
Case Projects
221(2)
Working with Windows and DOS Systems
223(44)
Understanding File Systems
224(4)
Understanding the Boot Sequence
224(1)
Understanding Disk Drives
225(3)
Exploring Microsoft File Structures
228(8)
Disk Partitions
228(2)
Master Boot Record
230(2)
Examining FAT Disks
232(4)
Examining NTFS Disks
236(8)
NTFS System Files
237(1)
NTFS Attributes
238(3)
NTFS Data Streams
241(1)
NTFS Compressed Files
241(1)
NTFS Encrypted File System (EFS)
242(1)
EFS Recovery Key Agent
242(1)
Deleting NTFS Files
243(1)
Understanding the Windows Registry
244(3)
Windows 9x Registry
244(1)
Windows 2000 and XP Registry
245(2)
Understanding Microsoft Boot Tasks
247(4)
Windows XP, 2000, and NT Startup
247(2)
Windows XP System Files
249(1)
Windows 9x and Me Startup
249(2)
Understanding MS-DOS Startup Tasks
251(5)
Other Disk Operating Systems
252(1)
DOS Commands and Batch Files
252(4)
Chapter Summary
256(1)
Key Terms
257(3)
Review Questions
260(1)
Hands-on Projects
261(5)
Case Projects
266(1)
Macintosh and Linux Boot Processes and File Systems
267(34)
Understanding the Macintosh File Structure
268(3)
Understanding Volumes
268(3)
Exploring Macintosh Boot Tasks
271(1)
Using Macintosh Forensic Software
272(1)
Examining UNIX and Linux Disk Structures
272(11)
UNIX and Linux Overview
276(4)
Understanding Inodes
280(3)
Understanding UNIX and Linux Boot Processes
283(2)
Understanding Linux Loader and GRUB
284(1)
UNIX and Linux Drives and Partition Schemes
284(1)
Examining CD Data Structures
285(2)
Understanding Other Disk Structures
287(6)
Examining SCSI Disks
287(1)
Examining IDE/EIDE Devices
288(5)
Chapter Summary
293(1)
Key Terms
294(2)
Review Questions
296(2)
Hands-on Projects
298(2)
Case Projects
300(1)
Data Acquisition
301(42)
Determining the Best Acquisition Method
302(2)
Planning Data Recovery Contingencies
304(1)
Using MS-DOS Acquisition Tools
304(14)
Understanding How DriveSpy Accesses Sector Ranges
305(2)
Using DriveSpy Data-Preservation Commands
307(7)
Using DriveSpy Data-Manipulation Commands
314(4)
Using Windows Acquisition Tools
318(5)
AccessData FTK Imager
319(4)
Using X-Ways Replica
323(2)
Using Replica
323(2)
PDA Data Acquisitions
325(4)
General Considerations for PDA Investigations
327(2)
Using Other Forensics-Acquisition Tools
329(2)
Exploring SnapBack DatArrest
329(1)
Exploring SafeBack
329(1)
Exploring EnCase
330(1)
Chapter Summary
331(1)
Key Terms
332(1)
Review Questions
332(2)
Hands-on Projects
334(7)
Case Projects
341(2)
Computer Forensics Analysis
343(64)
Understanding Computer Forensics Analysis
344(1)
Refining the Investigation Plan
344(1)
Using DriveSpy to Analyze Computer Data
345(14)
DriveSpy Command Switches
352(1)
DriveSpy Keyword Searching
352(1)
DriveSpy Scripts
353(2)
DriveSpy Data Integrity Tools
355(2)
DriveSpy Residual Data Collection Tools
357(1)
Other Useful DriveSpy Command Tools
358(1)
Using Other Digital Intelligence Computer Forensics Tools
359(1)
Using PDBlock and PDWipe
359(1)
Using AccessData's Forensic Toolkit
360(6)
Using Guidance Software's EnCase
366(6)
Approaching Computer Forensics Cases
372(1)
Performing a Computer Forensics Analysis
373(13)
Setting Up Your Forensic Workstation
374(1)
Performing Forensic Analysis on Microsoft File Systems
375(8)
UNIX and Linux Forensic Analysis
383(3)
Macintosh Investigations
386(1)
Addressing Data-hiding Techniques
386(9)
Hiding Partitions
387(2)
Marking Bad Clusters
389(1)
Bit-shifting
389(4)
Using Steganography
393(1)
Examining Encrypted Files
394(1)
Recovering Passwords
394(1)
Chapter Summary
395(1)
Key Terms
396(1)
Review Questions
397(1)
Hands-on Projects
398(7)
Case Projects
405(2)
Recovering Image Files
407(44)
Recognizing an Image File
408(3)
Understanding Bitmap and Raster Images
408(1)
Understanding Vector Images
409(1)
Understanding Metafile Graphics
409(1)
Understanding Image File Formats
410(1)
Understanding Data Compression
411(1)
Reviewing Lossless and Lossy Compression
411(1)
Locating and Recovering Image Files
412(20)
Identifying Image File Fragments
412(1)
Repairing Damaged Headers
413(1)
Carving Data from Unallocated Space
413(6)
Rebuilding File Headers
419(3)
Reconstructing File Fragments
422(9)
Identifying Unknown File Formats
431(1)
Analyzing Image File Headers
432(7)
Tools for Viewing Images
434(1)
Understanding Steganography in Image Files
435(4)
Using Steganalysis Tools
439(1)
Identifying Copyright Issues with Graphics
439(1)
Chapter Summary
440(2)
Key Terms
442(1)
Review Questions
443(2)
Hands-on Projects
445(4)
Case Projects
449(2)
Network Forensics
451(26)
Understanding Internet Fundamentals
452(1)
Internet Protocols
452(1)
Understanding Network Basics
453(1)
Acquiring Data on Linux Computers
454(8)
Understanding Network Forensics
462(3)
Approach to Network Forensics
462(1)
Network Logs
463(2)
Using Network Tools
465(6)
UNIX/Linux Tools
466(3)
Network Sniffers
469(2)
The Honeynet Project
471(1)
Chapter Summary
472(1)
Key Terms
473(1)
Review Questions
473(2)
Hands-on Projects
475(1)
Case Projects
476(1)
E-mail Investigations
477(40)
Exploring the Roles of the Client and Server in E-mail
478(1)
Investigating E-mail Crimes and Violations
479(17)
Identifying E-mail Crimes and Violations
479(1)
Examining E-mail Messages
480(2)
Viewing E-mail Headers
482(9)
Examining E-mail Headers
491(2)
Examining Additional E-mail Files
493(1)
Tracing an E-mail Message
494(1)
Using Network Logs Related to E-mail
495(1)
Understanding E-mail Servers
496(8)
Examining UNIX E-mail Server Logs
498(2)
Examining Microsoft E-mail Server Logs
500(3)
Examining Novell GroupWise E-mail Logs
503(1)
Using Specialized E-mail Forensics Tools
504(3)
Chapter Summary
507(1)
Key Terms
508(1)
Review Questions
508(2)
Hands-on Projects
510(4)
Case Projects
514(3)
Becoming an Expert Witness and Reporting Results of Investigations
517(54)
Understanding the Importance of Reports
518(4)
Limiting the Report to Specifics
519(1)
Types of Reports
519(3)
Guidelines for Writing Reports
522(9)
Report Structure
523(2)
Writing Reports Clearly
525(1)
Designing the Layout and Presentation of Reports
526(5)
Generating Report Findings with Forensic Software Tools
531(12)
Using FTK Demo Version
531(10)
Forming an Expert Opinion
541(2)
Preparing for Testimony
543(4)
Documenting and Preparing Evidence
544(1)
Processing Evidence
545(1)
Serving as a Consulting Expert or an Expert Witness
545(1)
Creating and Maintaining Your CV
546(1)
Preparing Technical Definitions
547(1)
Testifying in Court
547(9)
Understanding the Trial Process
547(1)
Qualifying Your Testimony and Voir Dire
548(1)
Addressing Potential Problems
548(1)
Testifying in General
548(2)
Presenting Your Evidence
550(1)
Helping Your Attorney
551(1)
Avoiding Testimony Problems
551(1)
Testifying During Direct Examination
551(1)
Using Graphics During Testimony
552(1)
Testifying During Cross-examination
553(3)
Exercising Ethics When Testifying
556(1)
Understanding Prosecutorial Misconduct
556(1)
Preparing for a Deposition
556(3)
Guidelines for Testifying at a Deposition
557(1)
Recognizing Deposition Problems
558(1)
Public Release: Dealing with Reporters
558(1)
Chapter Summary
559(1)
Key Terms
560(1)
Review Questions
561(3)
Hands-on Projects
564(4)
Case Projects
568(3)
APPENDIX A Certification Test References
571(4)
IACIS Certification
572(1)
IACIS Expectations for Computer Forensics Skills
573(1)
Looking Up URLs
573(2)
APPENDIX B Computer Forensics References
575(18)
Quick References for Computing Investigators
576(3)
DriveSpy Command Switch References
576(2)
UNIX and Linux Common Shell Commands
578(1)
Sample Script for DriveSpy
579(2)
Overview of FAT Directory Structures
581(5)
Sample DOS Scripts
586(5)
Computer Forensics References
591(2)
MS-DOS Reference Books
592(1)
APPENDIX C Procedures for Corporate High-Technology Investigations
593(10)
Procedures for Investigations
594(7)
Employee Termination Cases
594(2)
Attorney-Client Privileged Investigations
596(2)
Media Leak Investigations
598(1)
Industrial Espionage Investigations
599(2)
Interviews and Interrogations in High-Technology Investigations
601(2)
Glossary 603(12)
Index 615

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program