Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
What is included with this book?
Preface | p. xv |
Acknowledgments | p. xix |
About The Author | p. xxi |
About The Technical Editor | p. xxiii |
Introduction | p. 1 |
Introduction | p. 1 |
What Is Forensic Science? | p. 2 |
What Is Digital Forensics? | p. 2 |
Uses of Digital Forensics | p. 3 |
Criminal Investigations | p. 3 |
Civil Litigation | p. 4 |
Intelligence | p. 5 |
Administrative Matters | p. 6 |
Locard's Exchange Principle | p. 7 |
Scientific Method | p. 7 |
Organizations of Note | p. 7 |
Scientific Working Group on Digital Evidence | p. 8 |
American Academy of Forensic Sciences | p. 8 |
American Society of Crime Laboratory Directors/Laboratory Accreditation Board | p. 9 |
National Institute of Standards and Technology (NIST) | p. 9 |
American Society for Testing and Materials (ASTM) | p. 9 |
Role of the Forensic Examiner in the Judicial System | p. 10 |
The CSI Effect | p. 10 |
Summary | p. 10 |
References | p. 11 |
Key Technical Concepts | p. 13 |
Introduction | p. 13 |
Bits, Bytes, and Numbering Schemes | p. 13 |
Hexadecimal | p. 14 |
Binary to Text: ASCII and Unicode | p. 14 |
File Extensions and File Signatures | p. 15 |
Storage and Memory | p. 16 |
Magnetic Disks | p. 17 |
Flash Memory | p. IS |
Optical Storage | p. 18 |
Volatile versus Nonvolatile Memory | p. 18 |
Computing Environments | p. 19 |
Cloud Computing | p. 19 |
Data Types | p. 20 |
Active Data | p. 20 |
Latent Data | p. 21 |
Archival Data | p. 21 |
File Systems | p. 21 |
Allocated and Unallocated Space | p. 22 |
Data Persistence | p. 22 |
How Magnetic Hard Drives Store Data | p. 23 |
Page File (or Swap Space) | p. 25 |
Basic Computer Function-Putting it All Together | p. 26 |
Summary | p. 27 |
References | p. 27 |
Labs and Tools | p. 29 |
Introduction | p. 29 |
Forensic Laboratories | p. 29 |
Virtual Labs | p. 30 |
Lab Security | p. 30 |
Evidence Storage | p. 31 |
Policies and Procedures | p. 32 |
Quality Assurance | p. 32 |
Tool Validation | p. 33 |
Documentation | p. 34 |
Digital Forensic Tools | p. 35 |
Tool Selection | p. 36 |
Hardware | p. 36 |
Software | p. 39 |
Accreditation | p. 40 |
Accreditation versus Certification | p. 42 |
Summary | p. 43 |
References | p. 43 |
Collecting Evidence | p. 45 |
Introduction | p. 45 |
Crime Scenes and Collecting Evidence | p. 46 |
Removable Media | p. 46 |
Cell Phones | p. 47 |
Order of Volatility | p. 49 |
Documenting the Scene | p. 49 |
Photography | p. 50 |
Notes | p. 51 |
Chain of Custody | p. 52 |
Marking Evidence | p. 52 |
Cloning | p. 52 |
Purpose of Cloning | p. 54 |
The Cloning Process | p. 54 |
Forensically Clean Media | p. 55 |
Forensic Image Formats | p. 55 |
Risks and Challenges | p. 55 |
Value in eDiscovery | p. 56 |
Live System versus Dead System | p. 56 |
Live Acquisition Concerns | p. 56 |
Advantage of Live Collection | p. 57 |
Principles of Live Collection | p. 58 |
Conducting and Documenting a Live Collection | p. 58 |
Hashing | p. 59 |
Types of Hashing Algorithms | p. 59 |
Hashing Example | p. 59 |
Uses of Hashing | p. 60 |
Final Report | p. 61 |
Summary | p. 61 |
References | p. 62 |
Windows System Artifacts | p. 65 |
Introduction | p. 65 |
Deleted Data | p. 66 |
Hibernation File (Hiberfile.sys) | p. 66 |
Sleep | p. 67 |
Hibernation | p. 67 |
Hybrid Sleep | p. 67 |
Registry | p. 67 |
Registry Structure | p. 68 |
Attribution | p. 69 |
External Drives | p. 70 |
Print Spooling | p. 70 |
Recycle Bin | p. 70 |
Metadata | p. 72 |
Removing Metadata | p. 74 |
Thumbnail Cache | p. 75 |
Most Recently Used (MRU) | p. 76 |
Restore Points and Shadow Copy | p. 76 |
Restore Points | p. 76 |
Shadow Copies | p. 77 |
Prefetch | p. 78 |
Link Files | p. 78 |
Installed Programs | p. 79 |
Summary | p. 79 |
References | p. 80 |
Antiforensics | p. 81 |
Introduction | p. 81 |
Hiding Data | p. 83 |
Encryption | p. 83 |
What Is Encryption? | p. 83 |
Early Encryption | p. 84 |
Algorithms | p. 85 |
Key Space | p. 86 |
Some Common Types of Encryption | p. 86 |
Breaking Passwords | p. 88 |
Password Attacks | p. 89 |
Brute Force Attacks | p. 89 |
Password Reset | p. 90 |
Dictionary Attack | p. 90 |
Steganography | p. 92 |
Data Destruction | p. 94 |
Drive Wiping | p. 94 |
Summary | p. 100 |
References | p. 100 |
Legal | p. 103 |
Introduction | p. 103 |
The Fourth Amendment | p. 104 |
Criminal Law-Searches without a Warrant | p. 104 |
Reasonable Expectation of Privacy | p. 104 |
Private Searches | p. 105 |
p. 105 | |
The Electronic Communications Privacy Act (ECPA) | p. 105 |
Exceptions to the Search Warrant Requirement | p. 105 |
Searching with a Warrant | p. 108 |
Seize the Hardware or Just the Information? | p. 109 |
Particularity | p. 109 |
Establishing Need for Off-Site Analysis | p. 109 |
Stored Communications Act | p. 110 |
Electronic Discovery (eDiscovery) | p. 111 |
Duty to Preserve | p. 111 |
Private Searches in the Workplace | p. 112 |
Expert Testimony | p. 113 |
Summary | p. 114 |
References | p. 115 |
Internet and E-Mail | p. 117 |
Introduction | p. 117 |
Internet Overview | p. 117 |
Peer-to-Peer (P2P) | p. 119 |
The INDEX.DAT File | p. 120 |
Web Browsers-Internet Explorer | p. 120 |
Cookies | p. 120 |
Temporary Internet Files, a.k.a. web Cache | p. 121 |
Internet History | p. 122 |
Internet Explorer Artifacts in the Registry | p. 123 |
Chat Clients | p. 124 |
Internet Relay Chat (IRC) | p. 125 |
ICQ "I Seek You" | p. 125 |
p. 126 | |
Accessing E-mail | p. 126 |
E-mail Protocols | p. 126 |
E-mail as Evidence | p. 126 |
E-mail-Covering the Trail | p. 127 |
Tracing E-mail | p. 127 |
Reading E-mail Headers | p. 128 |
Social Networking Sites | p. 129 |
Summary | p. 129 |
References | p. 130 |
Network Forensics | p. 131 |
Introduction | p. 131 |
Social Engineering | p. 132 |
Network Fundamentals | p. 132 |
Network Types | p. 133 |
Network Security Tools | p. 135 |
Network Attacks | p. 135 |
Incident Response | p. 137 |
Network Evidence and Investigations | p. 139 |
Network Investigation Challenges | p. 141 |
Summary | p. 141 |
References | p. 142 |
Mobile Device Forensics | p. 145 |
Introduction | p. 145 |
Cellular Networks | p. 146 |
Cellular Network Components | p. 147 |
Types of Cellular Networks | p. 148 |
Operating Systems | p. 149 |
Cell Phone Evidence | p. 150 |
Call Detail Records | p. 151 |
Collecting and Handling Cell Phone Evidence | p. 152 |
Subscriber Identity Modules | p. 154 |
Cell Phone Acquisition: Physical and Logical | p. 155 |
Cell Phone Forensic Tools | p. 155 |
Global Positioning Systems (GPS) | p. 157 |
Summary | p. 161 |
References | p. 161 |
Looking Ahead: Challenges and Concerns | p. 163 |
Introduction | p. 163 |
Standards and Controls | p. 164 |
Cloud Forensics (Finding/Identifying Potential Evidence Stored in the Cloud) | p. 165 |
What Is Cloud Computing? | p. 165 |
The Benefits of the Cloud | p. 166 |
Cloud Forensics and Legal Concerns | p. 166 |
Solid State Drives (SSD) | p. 167 |
How Solid State Drives Store Data | p. 167 |
The Problem: Taking out the Trash | p. 168 |
Speed of Change | p. 169 |
Summary | p. 170 |
References | p. 171 |
Index | p. 173 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.