Limited Offer
The Basics of Digital Forensics
The Primer for Getting Started in Digital Forensics
- 1st Edition - February 24, 2012
- Author: John Sammons
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 6 6 1 - 2
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 6 6 2 - 9
The Basics of Digital Forensics provides a foundation for people new to the field of digital forensics. This book teaches you how to conduct examinations by explaining what digi… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteThe Basics of Digital Forensics provides a foundation for people new to the field of digital forensics. This book teaches you how to conduct examinations by explaining what digital forensics is, the methodologies used, key technical concepts and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud, and Internet are discussed. Readers will also learn how to collect evidence, document the scene, and recover deleted data. This is the only resource your students need to get a jump-start into digital forensics investigations.
This book is organized into 11 chapters. After an introduction to the basics of digital forensics, the book proceeds with a discussion of key technical concepts. Succeeding chapters cover labs and tools; collecting evidence; Windows system artifacts; anti-forensics; Internet and email; network forensics; and mobile device forensics. The book concludes by outlining challenges and concerns associated with digital forensics. PowerPoint lecture slides are also available.
This book will be a valuable resource for entry-level digital forensics professionals as well as those in complimentary fields including law enforcement, legal, and general information security.
- Learn all about what Digital Forensics entails
- Build a toolkit and prepare an investigative plan
- Understand the common artifacts to look for during an exam
Entry-level digital forensics professionals, also complimentary fields such as: law enforcement, legal, general information security.
Dedication
Preface
Acknowledgments
About the Author
About the Technical Editor
Chapter 1. Introduction
Introduction
What is Forensic Science?
What is Digital Forensics?
Uses of Digital Forensics
Locard's Exchange Principle
Scientific Method
Organizations of Note
Role of the Forensic Examiner in the Judicial System
Summary
REFERENCES
Chapter 2. Key Technical Concepts
Introduction
Bits, Bytes, and Numbering Schemes
File Extensions and File Signatures
Storage and Memory
Computing Environments
Data Types
File Systems
Allocated and Unallocated Space
How Magnetic Hard Drives Store Data
Basic Computer Function—Putting it All Together
Summary
REFERENCES
Chapter 3. Labs and Tools
Introduction
Forensic Laboratories
Policies and Procedures
Quality Assurance
Digital Forensic Tools
Accreditation
Summary
REFERENCES
Chapter 4. Collecting Evidence
Introduction
Crime Scenes and Collecting Evidence
Documenting the Scene
Chain of Custody
Cloning
Live System versus Dead System
Hashing
Final Report
Summary
REFERENCES
Chapter 5. Windows System Artifacts
Introduction
Deleted Data
Hibernation File (Hiberfile.Sys)
Registry
Print Spooling
Recycle Bin
Metadata
Thumbnail Cache
Most Recently Used (MRU)
Restore Points and Shadow Copy
Prefetch
Link Files
Summary
REFERENCES
Chapter 6. Antiforensics
Introduction
Hiding Data
Password Attacks
Steganography
Data Destruction
Summary
REFERENCES
Chapter 7. Legal
Introduction
The Fourth Amendment
Criminal Law—Searches Without a Warrant
Searching with a Warrant
Electronic Discovery (eDiscovery)
Expert Testimony
Summary
REFERENCES
Chapter 8. Internet and E-Mail
Introduction
Internet Overview
Web Browsers—Internet Explorer
Social Networking Sites
Summary
REFERENCES
Chapter 9. Network Forensics
Introduction
Network Fundamentals
Network Security Tools
Network Attacks
Incident Response
Network Evidence and Investigations
Summary
REFERENCES
Chapter 10. Mobile Device Forensics
Introduction
Cellular Networks
Operating Systems
Cell Phone Evidence
Cell Phone Forensic Tools
Global Positioning Systems (GPS)
Summary
REFERENCES
Chapter 11. Looking Ahead
Introduction
Standards and Controls
Cloud Forensics (Finding/Identifying Potential Evidence Stored In the Cloud)
Solid State Drives (SSD)
Speed of Change
Summary
REFERENCES
Index
- No. of pages: 208
- Language: English
- Edition: 1
- Published: February 24, 2012
- Imprint: Syngress
- Paperback ISBN: 9781597496612
- eBook ISBN: 9781597496629
JS
John Sammons
John is the founder and President of the Appalachian Institute of Digital Evidence. AIDE is a non-profit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement and information security practitioners in the private sector. He is the author of best-selling book, The Basics of Digital Forensics published by Syngress.