Books in Computer forensics

Digital Forensics with Open Source Tools

1st Edition
March 29, 2011
Harlan Carvey + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 5 8 6 8

Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of open source tools on Mac, Linux and Windows systems as a platform for performing computer forensics. Both well-known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts. Written by world-renowned forensic practitioners, this book uses the most current examination and analysis techniques in the field. It consists of 9 chapters that cover a range of topics such as the open source examination platform; disk and file system analysis; Windows systems and artifacts; Linux systems and artifacts; Mac OS X systems and artifacts; Internet artifacts; and automating analysis and extending capabilities. The book lends itself to use by students and those entering the field who do not have means to purchase new tools for different investigations. This book will appeal to forensic practitioners from areas including incident response teams and computer forensic investigators; forensic technicians from legal, audit, and consulting firms; and law enforcement agencies.

Digital Triage Forensics

1st Edition
June 28, 2010
Stephen Pearson + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 5 9 6 7

Digital Triage Forensics: Processing the Digital Crime Scene provides the tools, training, and techniques in Digital Triage Forensics (DTF), a procedural model for the investigation of digital crime scenes including both traditional crime scenes and the more complex battlefield crime scenes. The DTF is used by the U.S. Army and other traditional police agencies for current digital forensic applications. The tools, training, and techniques from this practice are being brought to the public in this book for the first time. Now corporations, law enforcement, and consultants can benefit from the unique perspectives of the experts who coined Digital Triage Forensics. The text covers the collection of digital media and data from cellular devices and SIM cards. It also presents outlines of pre- and post- blast investigations. This book is divided into six chapters that present an overview of the age of warfare, key concepts of digital triage and battlefield forensics, and methods of conducting pre/post-blast investigations. The first chapter considers how improvised explosive devices (IEDs) have changed from basic booby traps to the primary attack method of the insurgents in Iraq and Afghanistan. It also covers the emergence of a sustainable vehicle for prosecuting enemy combatants under the Rule of Law in Iraq as U.S. airmen, marines, sailors, and soldiers perform roles outside their normal military duties and responsibilities. The remaining chapters detail the benefits of DTF model, the roles and responsibilities of the weapons intelligence team (WIT), and the challenges and issues of collecting digital media in battlefield situations. Moreover, data collection and processing as well as debates on the changing role of digital forensics investigators are explored. This book will be helpful to forensic scientists, investigators, and military personnel, as well as to students and beginners in forensics.

Virtualization and Forensics

1st Edition
May 18, 2010
Greg Kipper + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 5 5 7 8

Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments offers an in-depth view into the world of virtualized environments and the implications they have on forensic investigations. Named a 2011 Best Digital Forensics Book by InfoSec Reviews, this guide gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun. It covers technological advances in virtualization tools, methods, and issues in digital forensic investigations, and explores trends and emerging technologies surrounding virtualization technology. This book consists of three parts. Part I explains the process of virtualization and the different types of virtualized environments. Part II details how virtualization interacts with the basic forensic process, describing the methods used to find virtualization artifacts in dead and live environments as well as identifying the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization. This book will be a valuable resource for forensic investigators (corporate and law enforcement) and incident response professionals.

Windows Forensic Analysis DVD Toolkit

2nd Edition
May 28, 2009
Harlan Carvey
English

Windows Forensic Analysis DVD Toolkit, Second Edition, is a completely updated and expanded version of Harlan Carvey's best-selling forensics book on incident response and investigating cybercrime on Windows systems. With this book, you will learn how to analyze data during live and post-mortem investigations.New to this edition is Forensic Analysis on a Budget, which collects freely available tools that are essential for small labs, state (or below) law enforcement, and educational organizations. The book also includes new pedagogical elements, Lessons from the Field, Case Studies, and War Stories that present real-life experiences by an expert in the trenches, making the material real and showing the why behind the how. The companion DVD contains significant, and unique, materials (movies, spreadsheet, code, etc.) not available anyplace else because they were created by the author.This book will appeal to digital forensic investigators, IT security professionals, engineers, and system administrators as well as students and consultants.

Cisco Router and Switch Forensics

1st Edition
April 28, 2009
Dale Liu
English
Paperback
9 7 8 1 5 9 7 4 9 4 1 8 2

Cisco IOS (the software that runs the vast majority of Cisco routers and all Cisco network switches) is the dominant routing platform on the Internet and corporate networks. This widespread distribution, as well as its architectural deficiencies, makes it a valuable target for hackers looking to attack a corporate or private network infrastructure. Compromised devices can disrupt stability, introduce malicious modification, and endanger all communication on the network. For security of the network and investigation of attacks, in-depth analysis and diagnostics are critical, but no book currently covers forensic analysis of Cisco network devices in any detail. Cisco Router and Switch Forensics is the first book devoted to criminal attacks, incident response, data collection, and legal testimony on the market leader in network devices, including routers, switches, and wireless access points. Why is this focus on network devices necessary? Because criminals are targeting networks, and network devices require a fundamentally different approach than the process taken with traditional forensics. By hacking a router, an attacker can bypass a network's firewalls, issue a denial of service (DoS) attack to disable the network, monitor and record all outgoing and incoming traffic, or redirect that communication anywhere they like. But capturing this criminal activity cannot be accomplished with the tools and techniques of traditional forensics. While forensic analysis of computers or other traditional media typically involves immediate shut-down of the target machine, creation of a duplicate, and analysis of static data, this process rarely recovers live system data. So, when an investigation focuses on live network activity, this traditional approach obviously fails. Investigators must recover data as it is transferred via the router or switch, because it is destroyed when the network device is powered down. In this case, following the traditional approach outlined in books on general computer forensics techniques is not only insufficient, but also essentially harmful to an investigation.Jargon buster: A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). A router is a more sophisticated network device that joins multiple wired or wireless networks together.

Virtualization for Security

1st Edition
December 1, 2008
John Hoopes
English
Paperback
9 7 8 1 5 9 7 4 9 3 0 5 5
eBook
9 7 8 0 0 8 0 8 7 9 3 5 2

One of the biggest buzzwords in the IT industry for the past few years, virtualization has matured into a practical requirement for many best-practice business scenarios, becoming an invaluable tool for security professionals at companies of every size. In addition to saving time and other resources, virtualization affords unprecedented means for intrusion and malware detection, prevention, recovery, and analysis. Taking a practical approach in a growing market underserved by books, this hands-on title is the first to combine in one place the most important and sought-after uses of virtualization for enhanced security, including sandboxing, disaster recovery and high availability, forensic analysis, and honeypotting.Already gaining buzz and traction in actual usage at an impressive rate, Gartner research indicates that virtualization will be the most significant trend in IT infrastructure and operations over the next four years. A recent report by IT research firm IDC predicts the virtualization services market will grow from $5.5 billion in 2006 to $11.7 billion in 2011. With this growth in adoption, becoming increasingly common even for small and midsize businesses, security is becoming a much more serious concern, both in terms of how to secure virtualization and how virtualization can serve critical security objectives. Titles exist and are on the way to fill the need for securing virtualization, but security professionals do not yet have a book outlining the many security applications of virtualization that will become increasingly important in their job requirements. This book is the first to fill that need, covering tactics such as isolating a virtual environment on the desktop for application testing, creating virtualized storage solutions for immediate disaster recovery and high availability across a network, migrating physical systems to virtual systems for analysis, and creating complete virtual systems to entice hackers and expose potential threats to actual production systems.About the TechnologiesA sandbox is an isolated environment created to run and test applications that might be a security risk. Recovering a compromised system is as easy as restarting the virtual machine to revert to the point before failure. Employing virtualization on actual production systems, rather than just test environments, yields similar benefits for disaster recovery and high availability. While traditional disaster recovery methods require time-consuming reinstallation of the operating system and applications before restoring data, backing up to a virtual machine makes the recovery process much easier, faster, and efficient. The virtual machine can be restored to same physical machine or an entirely different machine if the original machine has experienced irreparable hardware failure. Decreased downtime translates into higher availability of the system and increased productivity in the enterprise.Virtualiz... has been used for years in the field of forensic analysis, but new tools, techniques, and automation capabilities are making it an increasingly important tool. By means of virtualization, an investigator can create an exact working copy of a physical computer on another machine, including hidden or encrypted partitions, without altering any data, allowing complete access for analysis. The investigator can also take a live ?snapshot? to review or freeze the target computer at any point in time, before an attacker has a chance to cover his tracks or inflict further damage.A honeypot is a system that looks and acts like a production environment but is actually a monitored trap, deployed in a network with enough interesting data to attract hackers, but created to log their activity and keep them from causing damage to the actual production environment. A honeypot exposes new threats, tools, and techniques used by hackers before they can attack the real systems, which security managers patch based on the information gathered. Before virtualization became mainstream, setting up a machine or a whole network (a honeynet) for research purposes only was prohibitive in both cost and time management. Virtualization makes this technique more viable as a realistic approach for companies large and small.

Building a Digital Forensic Laboratory

1st Edition
October 2, 2008
Andrew Jones + 1 more
English
Paperback
9 7 8 1 8 5 6 1 7 5 1 0 4
eBook
9 7 8 0 0 8 0 9 4 9 5 3 6

The need to professionally and successfully conduct computer forensic investigations of incidents and crimes has never been greater. This has caused an increased requirement for information about the creation and management of computer forensic laboratories and the investigations themselves. This includes a great need for information on how to cost-effectively establish and manage a computer forensics laboratory. This book meets that need: a clearly written, non-technical book on the topic of computer forensics with emphasis on the establishment and management of a computer forensics laboratory and its subsequent support to successfully conducting computer-related crime investigations.

The Best Damn Cybercrime and Digital Forensics Book Period

1st Edition
November 26, 2007
Anthony Reyes + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 2 2 8 7
eBook
9 7 8 0 0 8 0 5 5 6 0 8 6

Electronic discovery refers to a process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a legal case. Computer forensics is the application of computer investigation and analysis techniques to perform an investigation to find out exactly what happened on a computer and who was responsible. IDC estimates that the U.S. market for computer forensics will be grow from $252 million in 2004 to $630 million by 2009. Business is strong outside the United States, as well. By 2011, the estimated international market will be $1.8 billion dollars. The Techno Forensics Conference has increased in size by almost 50% in its second year; another example of the rapid growth in the market. This book is the first to combine cybercrime and digital forensic topics to provides law enforcement and IT security professionals with the information needed to manage a digital investigation. Everything needed for analyzing forensic data and recovering digital evidence can be found in one place, including instructions for building a digital forensics lab.

TechnoSecurity's Guide to E-Discovery and Digital Forensics

1st Edition
October 9, 2007
Jack Wiles
English
eBook
9 7 8 0 0 8 0 5 5 8 8 1 3

TechnoSecurity's Guide to E-Discovery and Digital Forensics provides IT security professionals with the information (hardware, software, and procedural requirements) needed to create, manage and sustain a digital forensics lab and investigative team that can accurately and effectively analyze forensic data and recover digital evidence, while preserving the integrity of the electronic evidence for discovery and trial.

Investigating Child Exploitation and Pornography

1st Edition
October 7, 2004
Monique M. Ferraro + 1 more
English
Hardback
9 7 8 0 1 2 1 6 3 1 0 5 5
eBook
9 7 8 0 0 8 0 4 7 8 7 6 0

Investigating Child Exploitation and Pornography provides the historical, legal, technical, and social background for the laws prohibiting child exploitation, in particular, child pornography. It offers a history of child exploitation cases and studies, outlining the roles of technology in this type of crime and the evidence they can contain, and documenting new research performed by the authors. It details how successful undercover Internet operations are conducted, how the associated evidence is collected, and how to use the evidence to locate and apprehend the offender. The heart of this work is a legal section, detailing all of the legal issues that arise in Internet child exploitation cases. A forensic examination section presents evidentiary issues from a technical perspective and describes how to conduct a forensic examination of digital evidence gathered in the investigative and probative stages of a child exploitation case. The book will become an indispensable resource for those involved in the investigation, prosecution, and study of computer-assisted child sexual exploitation.

Life Sciences

Physical Sciences & Engineering

Social Sciences & Humanities

Health