Computer Forensics JumpStart

by ; ;
  • ISBN13:


  • ISBN10:


  • Edition: 1st
  • Format: Paperback
  • Copyright: 2004-12-10
  • Publisher: Wiley

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $29.99 Save up to $15.74
  • Rent Book $19.49
    Add to Cart Free Shipping


Supplemental Materials

What is included with this book?

  • The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
  • The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.


Launch Your Career in Computer ForensicsQuickly and EffectivelyWritten by a team of computer forensics experts, Computer Forensics JumpStart provides all the core information you need to launch your career in this fast-growing field: Conducting a computer forensics investigation Examining the layout of a network Finding hidden data Capturing images Identifying, collecting, and preserving computer evidence Understanding encryption and examining encrypted files Documenting your case Evaluating common computer forensic tools Presenting computer evidence in court as an expert witness

Author Biography

Neil Broom is the President of the Technical Resource Center in Atlanta, Georgia, and is also the Lead Instructor and Developer of the Computer Forensics and Cyber Investigations course and the Certified Cyber Crime Examiner C+¥superscript 3-¿E) certification.

Table of Contents

Introductionp. xvii
The Need for Computer Forensicsp. 1
Defining Computer Forensicsp. 2
Real-Life Examples of Computer Crimep. 4
Hacker Pleads Guilty to Illegally Accessing New York Times Computer Networkp. 4
Man Pleads Guilty to Hacking Intrusion and Theft of Data Costing Company $5.8 Millionp. 5
Three Men Indicted for Hacking into Lowe's Companies' Computers with Intent to Steal Credit Card Informationp. 6
Former Chief Computer Network Program Designer Arraigned for Alleged $10 Million Computer Software Bombp. 7
Juvenile Computer Hacker Sentenced to Six Months in Detention Facilityp. 8
Corporate versus Law Enforcement Concernsp. 9
Corporate Concerns Focus on Detection and Preventionp. 9
Law Enforcement Focuses on Prosecutionp. 11
Russian Computer Hacker Indicted in California for Breaking into Computer Systems and Extorting Victim Companiesp. 11
Trainingp. 13
Practitionersp. 13
End Usersp. 15
What Are Your Organization's Needs?p. 18
Terms to Knowp. 19
Review Questionsp. 20
Preparation-What to Do Before You Startp. 21
Know Your Hardwarep. 22
What I/O Devices Are Used?p. 22
Check Computers for Unauthorized Hardwarep. 28
Keep Up to Date with New I/O Trendsp. 32
Know Your Operating Systemp. 35
Different Operating Systemsp. 35
Know What Filesystems Are in Usep. 38
Maintain Tools and Procedures for Each Operating System and Filesystemp. 40
Preinstalled Tools Make Forensics Easierp. 41
Know Your Limitsp. 42
Legal Organizational Rights and Limitsp. 43
Search and Seizure Guidelinesp. 44
Will This End Up in Court?p. 45
Develop Your Incident Response Teamp. 45
Organize the Teamp. 46
State Clear Processesp. 46
Coordinate with Local Law Enforcementp. 47
Terms to Knowp. 48
Review Questionsp. 49
Computer Evidencep. 51
What Is Computer Evidence?p. 52
Incidents and Computer Evidencep. 52
Types of Evidencep. 52
Search and Seizurep. 58
Voluntary Surrenderp. 58
Subpoenap. 59
Search Warrantp. 59
Chain of Custodyp. 60
Definitionp. 60
Controlsp. 61
Documentationp. 64
Evidence Admissibility in a Court of Lawp. 66
Relevance and Admissibilityp. 66
Techniques to Ensure Admissibilityp. 67
Leave No Tracep. 68
Read-Only Imagep. 68
Software Write Blockerp. 69
Hardware Write Blockerp. 69
Terms to Knowp. 70
Review Questionsp. 71
Common Tasksp. 73
Evidence Identificationp. 74
Physical Hardwarep. 75
Removable Storagep. 78
Documentsp. 79
Evidence Preservationp. 80
Pull the Plug or Shut It Down?p. 81
Supply Power As Neededp. 82
Provide Evidence of Initial Statep. 83
Evidence Analysisp. 85
Knowing Where to Lookp. 85
Wading through the Sea of Datap. 87
Sampling Datap. 88
Evidence Presentationp. 88
Know Your Audiencep. 89
Organization of Presentationp. 91
Keep It Simplep. 92
Terms to Knowp. 93
Review Questionsp. 94
Capturing the Data Imagep. 95
Full Volume Imagesp. 96
Evidence Collection Orderp. 96
Preparing Media and Toolsp. 97
Collecting the Volatile Datap. 100
Creating a Duplicate of the Hard Diskp. 103
Extracting Data from PDAsp. 107
Image and Tool Documentationp. 108
Partial Volume Imagep. 109
Imaging/Capture Toolsp. 111
Utilitiesp. 112
Commercial Softwarep. 113
PDA Toolsp. 115
Terms to Knowp. 115
Review Questionsp. 116
Extracting Information from Datap. 117
What Are You Looking For?p. 118
Internet Filesp. 118
E-mail Headersp. 122
Deleted Filesp. 126
Passwordsp. 127
How People Thinkp. 129
Picking the Low-Hanging Fruitp. 130
Hidden Evidencep. 131
Trace Evidencep. 135
Terms to Knowp. 137
Review Questionsp. 138
Passwords and Encryptionp. 139
Passwordsp. 140
Finding Passwordsp. 141
Deducing Passwordsp. 142
Cracking Passwordsp. 143
Encryption Basicsp. 146
Common Encryption Practicesp. 147
Private Key Algorithmsp. 148
Public Key Algorithmsp. 150
Steganographyp. 151
Strengths and Weaknesses of Encryptionp. 152
Key Lengthp. 153
Key Managementp. 153
Handling Encrypted Datap. 154
Identifying Encrypted Filesp. 154
Decrypting Filesp. 155
Terms to Knowp. 159
Review Questionsp. 160
Common Forensics Toolsp. 161
Disk Imaging and Validation Toolsp. 162
ByteBackp. 163
ddp. 164
DriveSpyp. 165
EnCasep. 165
Forensic Replicatorp. 166
FTK Imagerp. 167
Norton Ghostp. 168
ProDiscoverp. 168
SafeBackp. 170
SMARTp. 170
WinHexp. 171
Forensics Toolsp. 172
Software Suitesp. 172
Miscellaneous Software Toolsp. 184
Hardwarep. 187
Your Forensics Toolkitp. 190
Each Organization Is Differentp. 192
Most Examiners Use Overlapping Toolsp. 192
Terms to Knowp. 192
Review Questionsp. 193
Pulling It All Togetherp. 195
Begin with a Concise Summaryp. 196
Document Everything, Assume Nothingp. 197
Interviews and Diagramsp. 198
Videotapes and Photographsp. 200
Transporting the Evidencep. 201
Documenting Gathered Evidencep. 201
Additional Documentationp. 204
Formulating the Reportp. 205
Sample Analysis Reportsp. 206
Case #234-NextGard Technology Copyright Piracy Summaryp. 207
Additional Report Subsectionsp. 213
Using Software to Generate Reportsp. 214
Terms to Knowp. 218
Review Questionsp. 219
How to Testify in Courtp. 221
Preparation Is Everythingp. 222
Understand the Casep. 224
Understand the Strategyp. 225
Understand Your Jobp. 225
Appearance Mattersp. 226
Clothingp. 226
Groomingp. 226
Attitudep. 227
What Matters Is What They Hearp. 227
Listeningp. 228
Tonep. 228
Vocabularyp. 229
Know Your Forensics Process and Toolsp. 229
Best Practicesp. 230
Your Process and Documentationp. 230
Your Forensic Toolkitp. 231
Say Only What Is Necessaryp. 231
Be Complete, But Not Overly Elaboratep. 231
Remember Your Audiencep. 232
Keep It Simplep. 234
Explaining Technical Conceptsp. 234
Use Presentation Aids When Neededp. 234
Watch for Feedbackp. 235
Be Ready to Justify Every Stepp. 235
Summaryp. 236
Terms to Knowp. 236
Review Questionsp. 237
Answers to Review Questionsp. 239
Chapter 1p. 239
Chapter 2p. 240
Chapter 3p. 240
Chapter 4p. 241
Chapter 5p. 242
Chapter 6p. 243
Chapter 7p. 244
Chapter 8p. 245
Chapter 9p. 246
Chapter 10p. 247
Forensics Resourcesp. 249
Informationp. 249
Organizationsp. 249
Publicationsp. 249
Servicesp. 250
Softwarep. 250
Trainingp. 251
Forensics Certificationsp. 253
Advanced Information Security (AIS)p. 254
Certified Computer Examiner (CCE)p. 254
Certified Cyber-Crime Expert (C[superscript 3]E)p. 255
Certified Information Forensics Investigator (CIFI)p. 255
Certified Computer Crime Investigator (CCCI)p. 256
Certified Computer Forensic Technician (CCFT)p. 256
Certified Forensic Computer Examiner (CFCE)p. 257
Certified Information Systems Auditor (CISA)p. 257
EnCase Certified Examiner Programp. 258
GIAC Certified Forensic Analyst (GCFA)p. 258
Professional Certified Investigator (PCI)p. 258
Forensics Toolsp. 261
Forensics Tool Suitesp. 261
Ultimate Toolkitp. 261
Mareswarep. 261
X-Ways Forensicsp. 262
Forensicwarep. 262
Password-Cracking Utilitiesp. 262
Passwarep. 262
ElcomSoftp. 263
CD Analysis Utilitiesp. 263
IsoBusterp. 263
CD/DVD Inspectorp. 264
Metadata Viewer Utilityp. 264
Metadata Assistantp. 264
Graphic Viewing Utilityp. 265
Quick View Plusp. 265
Forensics Hardware Devicesp. 265
Intelligent Computer Solutionsp. 265
Computer Forensics Trainingp. 266
Intense School Computer Forensics Training Classp. 266
Glossaryp. 267
Indexp. 274
Table of Contents provided by Ingram. All Rights Reserved.

Rewards Program

Write a Review