Guide To Computer Forensics And Investigations

Guide%20to%20Computer%20Forensics%20and%20Investigations%20by%20B.%20Nelson%2C%20A.%20Phillips%2C%20C.%20Steuart

User Manual: Pdf

Open the PDF directly: View PDF .
Page Count: 715 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Scroll down to view the document on your mobile browser.

Front Cover
Title Page
Copyright
Brief Table of Contents
TABLE OF CONTENTS
PREFACE
INTRODUCTION
CHAPTER 1: Computer Forensics and Investigations as a Profession
- Understanding Computer Forensics
- Preparing for Computer Investigations
- Maintaining Professional Conduct
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 2: Understanding Computer Investigations
- Preparing a Computer Investigation
  - An Overview of a Computer Crime
  - An Overview of a Company Policy Violation
- Taking a Systematic Approach
- Procedures for Corporate High-Tech Investigations
- Understanding Data Recovery Workstations and Software
  - Setting Up Your Workstation for Computer Forensics
- Conducting an Investigation
- Completing the Case
  - Critiquing the Case
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 3: The Investigator’s Office and Laboratory
- Understanding Forensics Lab Certification Requirements
- Determining the Physical Requirements for a Computer Forensics Lab
- Selecting a Basic Forensic Workstation
- Building a Business Case for Developing a Forensics Lab
  - Preparing a Business Case for a Computer Forensics Lab
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 4: Data Acquisition
- Understanding Storage Formats for Digital Evidence
- Determining the Best Acquisition Method
- Contingency Planning for Image Acquisitions
- Using Acquisition Tools
- Validating Data Acquisitions
  - Linux Validation Methods
  - Windows Validation Methods
- Performing RAID Data Acquisitions
  - Understanding RAID
  - Acquiring RAID Disks
- Using Remote Network Acquisition Tools
- Using Other Forensics Acquisition Tools
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 5: Processing Crime and Incident Scenes
- Identifying Digital Evidence
  - Understanding Rules of Evidence
- Collecting Evidence in Private-Sector Incident Scenes
- Processing Law Enforcement Crime Scenes
  - Understanding Concepts and Terms Used in Warrants
- Preparing for a Search
- Securing a Computer Incident or Crime Scene
- Seizing Digital Evidence at the Scene
- Storing Digital Evidence
  - Evidence Retention and Media Storage Needs
  - Documenting Evidence
- Obtaining a Digital Hash
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 6: Working with Windows and DOS Systems
- Understanding File Systems
  - Understanding the Boot Sequence
  - Understanding Disk Drives
- Exploring Microsoft File Structures
- Examining NTFS Disks
- Understanding Whole Disk Encryption
  - Examining Microsoft BitLocker
  - Examining Third-Party Disk Encryption Tools
- Understanding the Windows Registry
  - Exploring the Organization of the Windows Registry
  - Examining the Windows Registry
- Understanding Microsoft Startup Tasks
  - Startup in Windows NT and Later
  - Startup in Windows 9x/Me
- Understanding MS-DOS Startup Tasks
  - Other Disk Operating Systems
- Understanding Virtual Machines
  - Creating a Virtual Machine
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 7: Current Computer Forensics Tools
- Evaluating Computer Forensics Tool Needs
- Computer Forensics Software Tools
- Computer Forensics Hardware Tools
- Validating and Testing Forensics Software
  - Using National Institute of Standards and Technology (NIST) Tools
  - Using Validation Protocols
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 8: Macintosh and Linux Boot Processes and File Systems
- Understanding the Macintosh File Structure and Boot Process
- Examining UNIX and Linux Disk Structures and Boot Processes
- Understanding Other Disk Structures
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 9: Computer Forensics Analysis and Validation
- Determining What Data to Collect and Analyze
  - Approaching Computer Forensics Cases
  - Using AccessData Forensic Toolkit to Analyze Data
- Validating Forensic Data
  - Validating with Hexadecimal Editors
  - Validating with Computer Forensics Programs
- Addressing Data-Hiding Techniques
- Performing Remote Acquisitions
  - Remote Acquisitions with Runtime Software
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 10: Recovering Graphics Files
- Recognizing a Graphics File
- Understanding Data Compression
  - Lossless and Lossy Compression
- Locating and Recovering Graphics Files
- Identifying Unknown File Formats
- Understanding Copyright Issues with Graphics
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 11: Virtual Machines, Network Forensics, and Live Acquisitions
- Virtual Machines Overview
- Network Forensics Overview
  - Securing a Network
- Performing Live Acquisitions
  - Performing a Live Acquisition in Windows
- Developing Standard Procedures for Network Forensics
  - Reviewing Network Logs
- Using Network Tools
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 12: E-mail Investigations
- Exploring the Role of E-mail in Investigations
- Exploring the Roles of the Client and Server in E-mail
- Investigating E-mail Crimes and Violations
- Understanding E-mail Servers
- Using Specialized E-mail Forensics Tools
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 13: Cell Phone and Mobile Device Forensics
- Understanding Mobile Device Forensics
- Understanding Acquisition Procedures for Cell Phones and Mobile Devices
  - Mobile Forensics Equipment
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 14: Report Writing for High-Tech Investigations
- Understanding the Importance of Reports
  - Limiting a Report to Specifics
  - Types of Reports
- Guidelines for Writing Reports
- Generating Report Findings with Forensics Software Tools
  - Using ProDiscover Basic to Generate Reports
  - Using AccessData FTK to Generate Reports
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 15: Expert Testimony in High-Tech Investigations
- Preparing for Testimony
- Testifying in Court
- Preparing for a Deposition or Hearing
  - Guidelines for Testifying at Depositions
  - Guidelines for Testifying at Hearings
- Preparing Forensics Evidence for Testimony
  - Preparing Explanations of Your Evidence-Collection Methods
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
CHAPTER 16: Ethics for the Expert Witness
- Applying Ethics and Codes to Expert Witnesses
- Organizations with Codes of Ethics
- Ethical Difficulties in Expert Testimony
  - Ethical Responsibilities Owed to You
  - Standard and Personally Created Forensics Tools
- An Ethics Exercise
- Chapter Summary
- Key Terms
- Review Questions
- Hands-On Projects
- Case Projects
APPENDIX A: Certification Test References
- NIST Computer Forensics Tool Testing
- Types of Computer Forensics Certifications
APPENDIX B: Computer Forensics References
- Computer Forensics Reference Books
- MS-DOS Reference Books
- Windows Reference Books
- Linux Reference Books
- Legal Reference Books
- Web Links
- E-mail Lists
- Yahoo! Groups
- Professional Journals
APPENDIX C: Computer Forensics Lab Considerations
- International Lab Certification
- Considering Office Ergonomics
- Considering Environmental Conditions
- Considering Structural Design Factors
  - Determining Electrical Needs
- Planning for Communications
- Installing Fire-Suppression Systems
APPENDIX D: DOS File System and Forensics Tools
- Overview of FAT Directory Structures
- Sample DOS Scripts
  - Setting Up Your Workstation for Computer Forensics
- Creating Forensic Boot Media
  - Assembling Tools for a Forensic Boot Floppy Disk
  - Making an Image of a Floppy Disk in MS-DOS
- Using MS-DOS Acquisition Tools
- Quick References for DriveSpy
  - A Sample Script for DriveSpy
- Using X-Ways Replica
GLOSSARY
INDEX

Guide To Computer Forensics And Investigations

Guide%20to%20Computer%20Forensics%20and%20Investigations%20by%20B.%20Nelson%2C%20A.%20Phillips%2C%20C.%20Steuart

Navigation menu

Versions of this User Manual:

Views

Navigation