did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780782144352

EnCase® Computer Forensics: The Official EnCE: EnCase® Certified Examiner Study Guide

by ;
  • ISBN13:

    9780782144352

  • ISBN10:

    0782144357

  • Edition: CD
  • Format: Paperback w/Disk
  • Copyright: 2006-03-01
  • Publisher: Sybex
  • Purchase Benefits
List Price: $69.99

Summary

Guidance Software's EnCase product is the premier computer forensics tool on the market, used in law enforcement labs for digital evidence collection; in commercial settings for incident response and information assurance; and by the FBI and Department of Defense to detect domestic and international threats This guide prepares readers for both the CBT and practical phases of the exam that validates mastery of EnCase Written by two law enforcement professionals who are computer forensics specialists and EnCase trainers Includes the EnCase Legal Journal, essential for forensics investigators who need to be sure they are operating within the law and able to give expert testimony The CD includes tools to help readers prepare for Phase II of the certification, which requires candidates to examine computer evidence, as well as a searchable PDF of the text

Table of Contents

Foreword xv
About the Authors xvii
Introduction xxvii
Assessment Test xxxiii
Computer Hardware
1(28)
Computer Hardware Components
2(14)
The Boot Process
11(5)
Partitions
16(3)
File Systems
19(1)
Summary
20(1)
Exam Essentials
21(1)
Review Questions
22(4)
Answers to Review Questions
26(3)
File Systems
29(48)
FAT Basics
30(20)
The Physical Layout of FAT
31(19)
The Function of FAT
50(15)
NTFS (New Technology File System)
65(3)
CD File Systems
68(1)
Summary
69(1)
Exam Essentials
70(1)
Review Questions
71(4)
Answers to Review Questions
75(2)
First Response
77(26)
Planning and Preparation
78(7)
The Physical Location
79(1)
Personnel
79(1)
Computer Systems
80(2)
Deciding What to Take with You Before You Leave
82(2)
Search Authority
84(1)
Handling Evidence at the Scene
85(10)
Securing the Scene
85(1)
Recording and Photographing the Scene
85(1)
Shutting Down Computers
85(7)
Bagging and Tagging
92(3)
Summary
95(1)
Exam Essentials
95(2)
Review Questions
97(4)
Answers to Review Questions
101(2)
Acquiring Digital Evidence
103(52)
Creating EnCase Forensic Boot Disks
105(2)
Booting a Computer Using the EnCase Boot Disk
107(3)
Steps to Follow
108(2)
Drive-to-Drive DOS Acquisition
110(6)
Steps to Follow
110(4)
Supplemental Information
114(2)
Network and Parallel Cable Acquisitions
116(13)
Steps to Follow
119(10)
FastBloc Acquisitions
129(6)
Steps to Follow
129(6)
LinEn Acquisitions
135(5)
Steps to Follow
137(3)
Enterprise and FIM Acquisitions
140(4)
Helpful Hints
144(1)
Summary
145(1)
Exam Essentials
146(2)
Review Questions
148(4)
Answers to Review Questions
152(3)
EnCase Concepts
155(28)
EnCase Evidence File Format
156(20)
CRC and MD5
157(1)
Evidence File Components and Function
158(3)
Evidence File Verification
161(6)
Hashing Disks and Volumes
167(2)
EnCase Case Files
169(1)
EnCase Backup File (cbak)
170(3)
EnCase Configuration Files
173(3)
Summary
176(1)
Exam Essentials
177(1)
Review Questions
178(4)
Answers to Review Questions
182(1)
EnCase Environment
183(58)
EnCase Layout
184(1)
Creating a Case
185(4)
Tree Pane Navigation
189(5)
Table Pane Navigation
194(15)
Table View Tab
194(8)
Report Tab
202(1)
Gallery Tab
202(2)
Disk Tab
204(2)
Timeline Tab
206(3)
Code Tab
209(1)
View Pane Navigation
209(24)
Text View
209(1)
Hex View
209(2)
Picture View
211(1)
Report View
212(1)
Console View
212(1)
Details View
213(1)
Lock
213(1)
Dixon Box
213(2)
Navigation Data (GPS)
215(1)
Find Feature
216(1)
Other Views
217(1)
Adjusting Panes
218(4)
Other Case-Level Views
222(2)
Global Views
224(4)
EnCase Options
228(5)
Summary
233(1)
Exam Essentials
234(2)
Review Questions
236(3)
Answers to Review Questions
239(2)
Understanding, Searching for, and Bookmarking Data
241(66)
Understanding Data
243(11)
Binary Numbers
243(6)
Hexadecimal
249(3)
Characters
252(1)
ASCII
252(1)
Unicode
253(1)
Searching for Data
254(43)
Creating and Managing Keywords
255(9)
GREP Keywords
264(8)
Starting a Search
272(3)
Viewing Search Hits and Bookmaking your Findings
275(4)
Bookmarking
279(18)
Summary
297(2)
Exam Essentials
299(1)
Review Questions
300(4)
Answers to Review Questions
304(3)
File Signature Analysis and Hash Analysis
307(28)
File Signature Analysis
308(10)
Understanding Application Binding
308(2)
Creating a New File Signature
310(3)
Conducting a File Signature Analysis
313(5)
Hash Analysis
318(10)
MD5' Hash
319(1)
Hash Sets and Hash Libraries
319(3)
Hash Analysis
322(6)
Summary
328(1)
Exam Essentials
329(1)
Review Questions
330(3)
Answers to Review Questions
333(2)
Windows Operating System Artifacts
335(66)
Dates and Times
336(11)
Time Zones
337(1)
Windows 64-Bit Time Stamp
338(4)
Adjusting for Time Zone Offsets
342(5)
Recycle Bin
347(10)
Link Files
357(6)
Windows 2000 and XP Folders
363(3)
Recent Folder
366(1)
Desktop Folder
367(1)
My Documents
368(1)
Send To Folder
368(1)
Temp Folder
369(1)
Favorites Folder
369(2)
Cookies Folder
371(1)
History Folder
372(4)
Temporary Internet Files
376(4)
Swap File
380(1)
Hibernation File
381(1)
Print Spooling
382(4)
Legacy Operating System Artifacts
386(4)
Summary
390(3)
Exam Essentials
393(2)
Review Questions
395(4)
Answers to Review Questions
399(2)
Advanced EnCase
401(84)
Locating and Mounting Partitions
403(9)
Mounting Files
412(5)
Registry
417(20)
Registry History
417(1)
Registry Organization and Terminology
418(5)
Using EnCase to Mount and View the Registry
423(2)
Registry Research Techniques
425(12)
EnScript and Filters
437(5)
EnScript Navigation and Paths
438(1)
Editing, Copying, Moving, and Deleting EnScripts
439(1)
Running EnScripts
440(1)
Filters, Conditions, and Queries
440(2)
E-mail
442(7)
Base64 Encoding
449(7)
EnCase Decryption Suite (EDS)
456(2)
Virtual File System (VFS)
458(4)
Exporting Applications
462(3)
Restoration
465(3)
Physical Disk Emulator (PDE)
468(4)
Putting It All Together
472(3)
Summary
475(3)
Exam Essentials
478(1)
Review Questions
479(4)
Answers to Review Questions
483(2)
Appendix A Creating Paperless Reports 485(14)
Glossary 499(8)
Index 507

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program