The basics of digital forensics : the primer for getting started in digital forensics

The basics of digital forensics the primer for getting started in digital forensics

Mostrar otras versiones (1)

The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digi...

Descripción completa

Detalles Bibliográficos
Otros Autores: Sammons, John, author (author)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Amsterdam : Syngress [2015]
Edición:Second edition
Colección:Basics.
Materias:
Computer crimes.
Electronics in criminal investigation.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629483306719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright Page
  • Dedication
  • Contents
  • Preface
  • Intended audience
  • Organization of this book
  • Chapter 1-Introduction
  • Chapter 2-Key technical concepts
  • Chapter 3-Labs and tools
  • Chapter 4-Collecting evidence
  • Chapter 5-Windows system artifacts
  • Chapter 6-Anti-forensics
  • Chapter 7-Legal
  • Chapter 8-Internet and e-mail
  • Chapter 9-Network forensics
  • Chapter 10-Mobile device forensics
  • Chapter 11-Looking ahead: challenges and concerns
  • Acknowledgments
  • Chapter 1 - Introduction
  • Information in This Chapter:
  • Introduction
  • What is forensic science?
  • What is digital forensics?
  • Uses of digital forensics
  • Criminal investigations
  • Bind, torture, kill
  • Civil litigation
  • Intelligence
  • Moussaoui and 9-11
  • Administrative matters
  • Securities and Exchange Commission
  • The digital forensics process
  • Locard's exchange principle
  • Scientific method
  • Organizations of note
  • Scientific Working Group on Digital Evidence
  • American Academy of Forensic Sciences
  • American Society of Crime Laboratory Directors/Laboratory Accreditation Board
  • National Institute of Standards and Technology
  • American Society for Testing and Materials
  • Role of the forensic examiner in the judicial system
  • The CSI effect
  • Summary
  • References
  • Chapter 2 - Key technical concepts
  • Information in This Chapter:
  • Introduction
  • Bits, bytes, and numbering schemes
  • Hexadecimal
  • Binary to text: ASCII and Unicode
  • File extensions and file signatures
  • Storage and memory
  • Magnetic disks
  • Flash memory
  • Optical Storage
  • Volatile versus nonvolatile memory
  • Computing environments
  • Cloud computing
  • IaaS
  • PaaS
  • SaaS
  • Data types
  • Active data
  • Latent data
  • Archival data
  • File systems
  • Allocated and unallocated space
  • Data persistence.
  • How magnetic hard drives store data
  • Summary
  • References
  • Chapter 3 - Labs and tools
  • Information in This Chapter:
  • Introduction
  • Forensic laboratories
  • Virtual labs
  • Lab security
  • Evidence storage
  • Policies and procedures
  • Quality assurance
  • Tool validation
  • Documentation
  • Forms
  • Examiner notes
  • Examiner's final report
  • Digital forensic tools
  • Tool selection
  • Hardware
  • Other equipment
  • Software
  • Additional resources
  • Open source tools
  • Alert!
  • Dependence on the tools
  • Accreditation
  • American Society for Testing and Materials
  • Accreditation versus certification
  • Summary
  • References
  • Chapter 4 - Collecting evidence
  • Information in This Chapter:
  • Introduction
  • Crime scenes and collecting evidence
  • Removable media
  • Removable storage media
  • Cell phones
  • Alert!
  • Protecting cell phones from network signals
  • Alert!
  • Power
  • Order of volatility
  • Documenting the scene
  • Photography
  • Notes
  • Chain of custody
  • Marking evidence
  • Cloning
  • Purpose of cloning
  • The cloning process
  • Forensically clean media
  • Forensic image formats
  • Risks and challenges
  • Value in eDiscovery
  • Alert!
  • Sanctions in electronic discovery
  • Live system versus dead system
  • Live acquisition concerns
  • More advanced
  • Preserving evidence in RAM
  • Advantage of live collection
  • Principles of live collection
  • Alert!
  • Evidence in RAM
  • Conducting and documenting a live collection
  • Hashing
  • Types of hashing algorithms
  • Hashing example
  • Uses of hashing
  • Final report
  • Summary
  • References
  • Chapter 5 - Windows system artifacts
  • Information in This Chapter:
  • Introduction
  • Deleted data
  • More advanced
  • File carving
  • Hibernation file (hiberfile.sys)
  • Sleep
  • Hibernation
  • Hybrid sleep
  • Registry
  • Registry structure.
  • From the case files: the Windows registry
  • From the case files: the Windows registry and USBStor
  • Attribution
  • External drives
  • Print spooling
  • Recycle bin
  • Alert!
  • Recycle bin function
  • More advanced
  • Recycle bin bypass
  • Metadata
  • Alert!
  • Date and time stamps
  • Removing metadata
  • From the case files: metadata
  • Thumbnail cache
  • Most recently used
  • Restore points and shadow copy
  • Restore points
  • From the case files: Internet history and restore points
  • Shadow copies
  • From the case files: restore points, shadow copies, and anti-forensics
  • Prefetch
  • Link files
  • Installed programs
  • Summary
  • References
  • Chapter 6 - Anti-forensics
  • Information in This Chapter:
  • Introduction
  • Hiding data
  • Encryption
  • What is encryption?
  • Early encryption
  • Algorithms
  • Algorithms: it's no secret
  • Key space
  • Some common types of encryption
  • Encrypting file system
  • Bitlocker
  • Apple Filevault
  • Truecrypt
  • Breaking passwords
  • Password attacks
  • Brute force attacks
  • Password reset
  • Dictionary attack
  • Additional resources
  • Encryption
  • Steganography
  • Data destruction
  • Drive wiping
  • More advanced
  • Defragmentation as anti-forensic technique
  • Summary
  • References
  • Chapter 7 - Legal
  • Information in This Chapter:
  • Introduction
  • The fourth amendment
  • Criminal law-searches without a warrant
  • Reasonable expectation of privacy
  • Private searches
  • E-mail
  • The Electronic Communications Privacy Act
  • Exceptions to the search warrant requirement
  • More advanced
  • Consent forms
  • Alert!
  • Cell phone searches: the Supreme Court weighs in
  • Searching with a warrant
  • Seize the hardware or just the information?
  • Particularity
  • Establishing need for offsite analysis
  • Stored Communications Act
  • Electronic discovery
  • Duty to preserve.
  • Private searches in the workplace
  • Alert!
  • International e-Discovery
  • Expert testimony
  • Additional resources
  • Expert testimony
  • Summary
  • References
  • Chapter 8 - Internet and e-mail
  • Information in This Chapter:
  • Introduction
  • Internet overview
  • Additional resources
  • Web technology
  • Peer-to-peer (P2P)
  • More advanced
  • Gnutella requests
  • The index.dat file
  • Web browsers-Internet Explorer
  • Cookies
  • Temporary Internet Files, a.k.a. web Cache
  • Internet history
  • More advanced
  • The ntuser.dat file
  • Internet Explorer artifacts in the registry
  • Chat clients
  • Internet Relay Chat
  • "I seek you"
  • E-mail
  • Accessing e-mail
  • E-mail protocols
  • E-mail as evidence
  • E-mail-covering the trail
  • Alert!
  • Shared e-mail accounts
  • Tracing e-mail
  • Reading e-mail headers
  • Social networking sites
  • Additional resources
  • Casey Anthony trial testimony
  • Summary
  • References
  • Chapter 9 - Network forensics
  • Information in This Chapter:
  • Introduction
  • Social engineering
  • Network fundamentals
  • Network types
  • Network security tools
  • Network attacks
  • Alert!
  • Inside threat
  • Incident response
  • Network evidence and investigations
  • Log files
  • Network investigative tools
  • Network investigation challenges
  • Additional resources
  • Training and research
  • Summary
  • References
  • Chapter 10 - Mobile device forensics
  • Information in This Chapter:
  • Introduction
  • Cellular networks
  • Cellular network components
  • Types of cellular networks
  • Code division multiple access
  • Global system for mobile communication
  • Integrated digitally enhanced network
  • Prepaid cell phones
  • Operating systems
  • Cell phone evidence
  • Call detail records
  • Collecting and handling cell phone evidence
  • Subscriber identity modules
  • Cell phone acquisition: physical and logical.
  • Cell phone forensic tools
  • Global positioning systems
  • Summary
  • References
  • Chapter 11 - Looking ahead: challenges and concerns
  • Information in This Chapter:
  • Introduction
  • Standards and controls
  • Cloud forensics
  • What Is cloud computing?
  • Additional resources
  • Public clouds
  • Benefits of the cloud
  • Cloud forensics and legal concerns
  • Alert!
  • Cloud persistence-Dropbox
  • Solid state drives
  • How solid state drives store data
  • More advanced
  • File translation layer
  • The problem: taking out the trash
  • Speed of change
  • Additional resources
  • Twitter
  • Summary
  • References
  • Index.

Ejemplares similares