The Basics of Digital Forensics will provide a foundation for people new to the digital forensics field.This book will teach people how to condusct examiniations by discussing what Digital Forensics is, the methodologies used, and the tools needed to perform examinations. The audience will learn how to prepare an investigative plan, as well as how to prepare for courtroom testimony. Learn all about what Digital Forensics entails Build a toolkit and prepare an investigative plan Understand the common artifacts to look for during an exam

John Sammons is an Assistant Professor at Marshall University in Huntington, West Virginia. John teaches digital forensics, electronic discovery, information security and technology in the Department of Integrated Science and Technology. He's also adjunct faculty with the Marshall University graduate forensic science program. He is the founder and Director of the Appalachian Institute of Digital Evidence. John, a former police officer, is also an investigator with the Cabell County Prosecuting Attorney's Office and a member of the FBI's West Virginia Cybercrime Task Force.

Preface	p. xv
Acknowledgments	p. xix
About The Author	p. xxi
About The Technical Editor	p. xxiii
Introduction	p. 1
Introduction	p. 1
What Is Forensic Science?	p. 2
What Is Digital Forensics?	p. 2
Uses of Digital Forensics	p. 3
Criminal Investigations	p. 3
Civil Litigation	p. 4
Intelligence	p. 5
Administrative Matters	p. 6
Locard's Exchange Principle	p. 7
Scientific Method	p. 7
Organizations of Note	p. 7
Scientific Working Group on Digital Evidence	p. 8
American Academy of Forensic Sciences	p. 8
American Society of Crime Laboratory Directors/Laboratory Accreditation Board	p. 9
National Institute of Standards and Technology (NIST)	p. 9
American Society for Testing and Materials (ASTM)	p. 9
Role of the Forensic Examiner in the Judicial System	p. 10
The CSI Effect	p. 10
Summary	p. 10
References	p. 11
Key Technical Concepts	p. 13
Introduction	p. 13
Bits, Bytes, and Numbering Schemes	p. 13
Hexadecimal	p. 14
Binary to Text: ASCII and Unicode	p. 14
File Extensions and File Signatures	p. 15
Storage and Memory	p. 16
Magnetic Disks	p. 17
Flash Memory	p. IS
Optical Storage	p. 18
Volatile versus Nonvolatile Memory	p. 18
Computing Environments	p. 19
Cloud Computing	p. 19
Data Types	p. 20
Active Data	p. 20
Latent Data	p. 21
Archival Data	p. 21
File Systems	p. 21
Allocated and Unallocated Space	p. 22
Data Persistence	p. 22
How Magnetic Hard Drives Store Data	p. 23
Page File (or Swap Space)	p. 25
Basic Computer Function-Putting it All Together	p. 26
Summary	p. 27
References	p. 27
Labs and Tools	p. 29
Introduction	p. 29
Forensic Laboratories	p. 29
Virtual Labs	p. 30
Lab Security	p. 30
Evidence Storage	p. 31
Policies and Procedures	p. 32
Quality Assurance	p. 32
Tool Validation	p. 33
Documentation	p. 34
Digital Forensic Tools	p. 35
Tool Selection	p. 36
Hardware	p. 36
Software	p. 39
Accreditation	p. 40
Accreditation versus Certification	p. 42
Summary	p. 43
References	p. 43
Collecting Evidence	p. 45
Introduction	p. 45
Crime Scenes and Collecting Evidence	p. 46
Removable Media	p. 46
Cell Phones	p. 47
Order of Volatility	p. 49
Documenting the Scene	p. 49
Photography	p. 50
Notes	p. 51
Chain of Custody	p. 52
Marking Evidence	p. 52
Cloning	p. 52
Purpose of Cloning	p. 54
The Cloning Process	p. 54
Forensically Clean Media	p. 55
Forensic Image Formats	p. 55
Risks and Challenges	p. 55
Value in eDiscovery	p. 56
Live System versus Dead System	p. 56
Live Acquisition Concerns	p. 56
Advantage of Live Collection	p. 57
Principles of Live Collection	p. 58
Conducting and Documenting a Live Collection	p. 58
Hashing	p. 59
Types of Hashing Algorithms	p. 59
Hashing Example	p. 59
Uses of Hashing	p. 60
Final Report	p. 61
Summary	p. 61
References	p. 62
Windows System Artifacts	p. 65
Introduction	p. 65
Deleted Data	p. 66
Hibernation File (Hiberfile.sys)	p. 66
Sleep	p. 67
Hibernation	p. 67
Hybrid Sleep	p. 67
Registry	p. 67
Registry Structure	p. 68
Attribution	p. 69
External Drives	p. 70
Print Spooling	p. 70
Recycle Bin	p. 70
Metadata	p. 72
Removing Metadata	p. 74
Thumbnail Cache	p. 75
Most Recently Used (MRU)	p. 76
Restore Points and Shadow Copy	p. 76
Restore Points	p. 76
Shadow Copies	p. 77
Prefetch	p. 78
Link Files	p. 78
Installed Programs	p. 79
Summary	p. 79
References	p. 80
Antiforensics	p. 81
Introduction	p. 81
Hiding Data	p. 83
Encryption	p. 83
What Is Encryption?	p. 83
Early Encryption	p. 84
Algorithms	p. 85
Key Space	p. 86
Some Common Types of Encryption	p. 86
Breaking Passwords	p. 88
Password Attacks	p. 89
Brute Force Attacks	p. 89
Password Reset	p. 90
Dictionary Attack	p. 90
Steganography	p. 92
Data Destruction	p. 94
Drive Wiping	p. 94
Summary	p. 100
References	p. 100
Legal	p. 103
Introduction	p. 103
The Fourth Amendment	p. 104
Criminal Law-Searches without a Warrant	p. 104
Reasonable Expectation of Privacy	p. 104
Private Searches	p. 105
E-mail	p. 105
The Electronic Communications Privacy Act (ECPA)	p. 105
Exceptions to the Search Warrant Requirement	p. 105
Searching with a Warrant	p. 108
Seize the Hardware or Just the Information?	p. 109
Particularity	p. 109
Establishing Need for Off-Site Analysis	p. 109
Stored Communications Act	p. 110
Electronic Discovery (eDiscovery)	p. 111
Duty to Preserve	p. 111
Private Searches in the Workplace	p. 112
Expert Testimony	p. 113
Summary	p. 114
References	p. 115
Internet and E-Mail	p. 117
Introduction	p. 117
Internet Overview	p. 117
Peer-to-Peer (P2P)	p. 119
The INDEX.DAT File	p. 120
Web Browsers-Internet Explorer	p. 120
Cookies	p. 120
Temporary Internet Files, a.k.a. web Cache	p. 121
Internet History	p. 122
Internet Explorer Artifacts in the Registry	p. 123
Chat Clients	p. 124
Internet Relay Chat (IRC)	p. 125
ICQ "I Seek You"	p. 125
E-Mail	p. 126
Accessing E-mail	p. 126
E-mail Protocols	p. 126
E-mail as Evidence	p. 126
E-mail-Covering the Trail	p. 127
Tracing E-mail	p. 127
Reading E-mail Headers	p. 128
Social Networking Sites	p. 129
Summary	p. 129
References	p. 130
Network Forensics	p. 131
Introduction	p. 131
Social Engineering	p. 132
Network Fundamentals	p. 132
Network Types	p. 133
Network Security Tools	p. 135
Network Attacks	p. 135
Incident Response	p. 137
Network Evidence and Investigations	p. 139
Network Investigation Challenges	p. 141
Summary	p. 141
References	p. 142
Mobile Device Forensics	p. 145
Introduction	p. 145
Cellular Networks	p. 146
Cellular Network Components	p. 147
Types of Cellular Networks	p. 148
Operating Systems	p. 149
Cell Phone Evidence	p. 150
Call Detail Records	p. 151
Collecting and Handling Cell Phone Evidence	p. 152
Subscriber Identity Modules	p. 154
Cell Phone Acquisition: Physical and Logical	p. 155
Cell Phone Forensic Tools	p. 155
Global Positioning Systems (GPS)	p. 157
Summary	p. 161
References	p. 161
Looking Ahead: Challenges and Concerns	p. 163
Introduction	p. 163
Standards and Controls	p. 164
Cloud Forensics (Finding/Identifying Potential Evidence Stored in the Cloud)	p. 165
What Is Cloud Computing?	p. 165
The Benefits of the Cloud	p. 166
Cloud Forensics and Legal Concerns	p. 166
Solid State Drives (SSD)	p. 167
How Solid State Drives Store Data	p. 167
The Problem: Taking out the Trash	p. 168
Speed of Change	p. 169
Summary	p. 170
References	p. 171
Index	p. 173
Table of Contents provided by Ingram. All Rights Reserved.

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Amazon no longer offers textbook rentals. We do!

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics

9781597496612

1597496618

Supplemental Materials

Summary

Author Biography

Table of Contents

Supplemental Materials

Rewards Program