skip to content
The basics of digital forensics : the primer for getting started in digital forensics Preview this item
ClosePreview this item
Checking...

The basics of digital forensics : the primer for getting started in digital forensics

Author: John Sammons
Publisher: Waltham, MA : Syngress, [2015] ©2015
Edition/Format:   Print book : English : Second editionView all editions and formats
Database:WorldCat
Summary:
Provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussion what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud, and the Internet are discussed.
Rating:

based on 1 rating(s) 0 with reviews - Be the first.

Subjects
More like this

 

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Document Type: Book
All Authors / Contributors: John Sammons
ISBN: 0128016353 9780128016350
OCLC Number: 884864627
Description: xix, 180 pages : illustrations ; 24 cm
Contents: 1. Introduction --
What is forensic science? --
What is digital forensics? --
Uses of digital forensics --
Criminal investigations --
Civil litigation --
Intelligence --
Administrative matters --
The digital forensics process --
Locard's Exchange Principle --
Scientific method --
Organizations of note --
Scientific Working Group of Digital Evidence --
American Academy of Forensic Sciences --
American Society of Crime Laboratory --
Directors/Laboratory Accreditation Board --
National Institute of Standards and Technology --
American Society for Testing and Materials --
Role of the forensic examiner in the Judicial System --
The CSI effect --
2. Key technical concepts --
Bits, bytes, and numbering schemes --
Hexadecimal --
Binary to text : ASCH and Unicode --
File extensions and file signatures --
Storage and memory --
Magnetic disks --
Flash memory --
Optical storage --
Volatile versus nonvolatile memory --
Computing environments --
Cloud computing --
Data types --
Active data --
Latent data --
Archival data --
File systems --
Allocated and unallocated space --
Data persistence --
How magnetic hard drives store data --
3. Labs and tools --
Forensic laboratories --
Virtual labs --
Lab security --
Evidence storage --
Policies and procedures --
Quality assurance --
Tool validation --
Documentation --
Digital forensic tools --
Tool selection --
Hardware --
Software --
Additional resources --
Open source tools --
Alert! : dependence on the tools --
Accreditation --
4. Collecting evidence --
Crime scenes and collecting evidence --
Removable media --
Cell phones --
Alert! : protecting cell phones from network signals --
Alert! : power --
Order of volatility --
Documenting the scene --
Photography --
Notes --
Chain of custody --
Marking evidence --
Cloning --
Purpose of cloning --
The cloning process --
Forensically clean media --
Forensic image formats --
Risks and challenges --
Value in eDiscovery --
Alert! : sanctions in electronic discovery --
Live system versus dead system --
Live acquisition concerns --
More advanced --
Preserving evidence in RAM --
Advantage of live collection --
Principles of live collection --
Alert! : evidence in RAM --
Conducting and documenting a live collection --
Hashing --
Types of hashing algorithms --
Hashing example --
Uses of hashing --
Final report --
5. Windows system artifacts --
Deleted data --
More advanced --
File carving --
Hibernation file (Hiberfile.sys) --
Sleep --
Hibernation --
Hybrid sleep --
Registry --
Registry structure --
Attribution --
External drives --
Print spooling --
Recycle bin --
Alert! : recycle bin function --
More advanced : recycle bin bypass --
Metadata --
Alert! : date and time stamps --
Removing metadata --
Thumbnail cache --
Most recently used --
Restore points and shadow copy --
Prefetch --
Link files --
Installed programs --
6. Anti-forensics --
Hiding data --
Encryption --
What is encryption? --
Early encryption --
Algorithms --
Key space --
Some common types of encryption --
Breaking passwords --
Password attacks --
Brute force attacks --
Password reset --
Dictionary attack --
Additional resources : encryption --
Steganography --
Data destruction --
Drive wiping --
More advanced : defragmentation as anti-forensic technique --
7. Legal --
The Fourth Amendment --
Criminal law : searches without a warrant --
Reasonable expectation of privacy --
Private searches --
E-mail --
The Electronic Communications Privacy Act --
Exceptions to the search warrant requirement --
More advanced : consent forms --
Alert! : cell phone searches, the Supreme Court weighs in --
Searching with a warrant --
Seize the hardware or just the information? --
Particularity --
Establishing need for offsite analysis --
Stored Communications Act --
Electronic discovery --
Duty to preserve --
Private searches in the workplace --
Alert! : international e-Discovery --
Expert testimony --
Additional resources : expert testimony --
8. Internet and e-mail --
Internet overview --
Additional resources : web technology --
Peer-to-Peer (P2P) --
More advanced : Gnutella requests --
The INDEX.DAT file --
Web browsers : Internet Explorer --
Cookies --
Temporary Internet files, a.k.a. Web cache --
Internet history --
More advanced : the NTUSER.DAT file --
Internet Explorer artifacts in the registry --
Chat clients --
Internet relay chat --
"I seek you" --
E-mail --
Accessing e-mail --
E-mail protocols --
E-mail as evidence --
E-mail : covering the trail --
Alert! : shared e-mail accounts --
Tracing e-mail --
Reading e-mail headers --
Social networking sites --
Additional resources : Casey Anthony trial testimony --
9. Network forensics --
Introduction --
Social engineering --
Network fundamentals --
Network types --
Network security tools --
Network attacks --
Alert! : inside threat --
Incident response --
Network evidence and investigations --
Network investigation challenges --
Additional resources : training and research --
10. Mobile device forensics --
Cellular networks --
Cellular network components --
Types of cellular networks --
Operating systems --
Cell phone evidence --
Call detail records --
Collecting and handling cell phone evidence --
Subscriber identity modules --
Cell phone acquisition : physical and logical --
Cell phone forensic tools --
Global positioning systems --
11. Looking ahead : challenges and concerns --
Standards and controls --
Cloud forensics --
What is Cloud computing? --
Additional resources : public clouds --
Benefits of the Cloud --
Cloud forensics and legal concerns --
Alert! : Cloud persistence --
Dropbox --
Solid state drives --
How solid state drives store data --
More advanced : file translation layer --
The problem : taking out the trash --Speed of change --
Additional resources : Twitter.
Other Titles: Primer for getting started in digital forensics
Responsibility: John Sammons.

Abstract:

Provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussion what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud, and the Internet are discussed.

Reviews

Editorial reviews

Publisher Synopsis

"... this book is well named. It is an entry-level primer to digital forensics, and could be used as an introductory book in a beginning computer forensics course." --Journal of Digital Forensics, Read more...

 
User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


Primary Entity

<http://www.worldcat.org/oclc/884864627> # The basics of digital forensics : the primer for getting started in digital forensics
    a schema:CreativeWork, schema:Book ;
   library:oclcnum "884864627" ;
   library:placeOfPublication <http://id.loc.gov/vocabulary/countries/mau> ;
   schema:about <http://experiment.worldcat.org/entity/work/data/1013043151#Topic/criminal_investigation> ; # Criminal investigation
   schema:about <http://experiment.worldcat.org/entity/work/data/1013043151#Topic/forensic_sciences> ; # Forensic sciences
   schema:about <http://experiment.worldcat.org/entity/work/data/1013043151#Topic/computer_crimes_investigation> ; # Computer crimes--Investigation
   schema:about <http://dewey.info/class/363.25/e23/> ;
   schema:about <http://experiment.worldcat.org/entity/work/data/1013043151#Topic/crime_laboratories> ; # Crime laboratories
   schema:alternateName "Primer for getting started in digital forensics" ;
   schema:author <http://experiment.worldcat.org/entity/work/data/1013043151#Person/sammons_john> ; # John Sammons
   schema:bookEdition "Second edition." ;
   schema:bookFormat bgn:PrintBook ;
   schema:copyrightYear "2015" ;
   schema:datePublished "2015" ;
   schema:description "6. Anti-forensics -- Hiding data -- Encryption -- What is encryption? -- Early encryption -- Algorithms -- Key space -- Some common types of encryption -- Breaking passwords -- Password attacks -- Brute force attacks -- Password reset -- Dictionary attack -- Additional resources : encryption -- Steganography -- Data destruction -- Drive wiping -- More advanced : defragmentation as anti-forensic technique -- 7. Legal -- The Fourth Amendment -- Criminal law : searches without a warrant -- Reasonable expectation of privacy -- Private searches -- E-mail -- The Electronic Communications Privacy Act -- Exceptions to the search warrant requirement -- More advanced : consent forms -- Alert! : cell phone searches, the Supreme Court weighs in -- Searching with a warrant -- Seize the hardware or just the information? -- Particularity -- Establishing need for offsite analysis -- Stored Communications Act -- Electronic discovery -- Duty to preserve -- Private searches in the workplace -- Alert! : international e-Discovery -- Expert testimony -- Additional resources : expert testimony -- 8. Internet and e-mail -- Internet overview -- Additional resources : web technology -- Peer-to-Peer (P2P) -- More advanced : Gnutella requests -- The INDEX.DAT file -- Web browsers : Internet Explorer -- Cookies -- Temporary Internet files, a.k.a. Web cache -- Internet history -- More advanced : the NTUSER.DAT file -- Internet Explorer artifacts in the registry -- Chat clients -- Internet relay chat -- "I seek you" -- E-mail -- Accessing e-mail -- E-mail protocols -- E-mail as evidence -- E-mail : covering the trail -- Alert! : shared e-mail accounts -- Tracing e-mail -- Reading e-mail headers -- Social networking sites -- Additional resources : Casey Anthony trial testimony -- 9. Network forensics -- Introduction -- Social engineering -- Network fundamentals -- Network types -- Network security tools -- Network attacks -- Alert! : inside threat -- Incident response -- Network evidence and investigations -- Network investigation challenges -- Additional resources : training and research -- 10. Mobile device forensics -- Cellular networks -- Cellular network components -- Types of cellular networks -- Operating systems -- Cell phone evidence -- Call detail records -- Collecting and handling cell phone evidence -- Subscriber identity modules -- Cell phone acquisition : physical and logical -- Cell phone forensic tools -- Global positioning systems -- 11. Looking ahead : challenges and concerns -- Standards and controls -- Cloud forensics -- What is Cloud computing? -- Additional resources : public clouds -- Benefits of the Cloud -- Cloud forensics and legal concerns -- Alert! : Cloud persistence -- Dropbox -- Solid state drives -- How solid state drives store data -- More advanced : file translation layer -- The problem : taking out the trash --Speed of change -- Additional resources : Twitter."@en ;
   schema:description "1. Introduction -- What is forensic science? -- What is digital forensics? -- Uses of digital forensics -- Criminal investigations -- Civil litigation -- Intelligence -- Administrative matters -- The digital forensics process -- Locard's Exchange Principle -- Scientific method -- Organizations of note -- Scientific Working Group of Digital Evidence -- American Academy of Forensic Sciences -- American Society of Crime Laboratory -- Directors/Laboratory Accreditation Board -- National Institute of Standards and Technology -- American Society for Testing and Materials -- Role of the forensic examiner in the Judicial System -- The CSI effect -- 2. Key technical concepts -- Bits, bytes, and numbering schemes -- Hexadecimal -- Binary to text : ASCH and Unicode -- File extensions and file signatures -- Storage and memory -- Magnetic disks -- Flash memory -- Optical storage -- Volatile versus nonvolatile memory -- Computing environments -- Cloud computing -- Data types -- Active data -- Latent data -- Archival data -- File systems -- Allocated and unallocated space -- Data persistence -- How magnetic hard drives store data -- 3. Labs and tools -- Forensic laboratories -- Virtual labs -- Lab security -- Evidence storage -- Policies and procedures -- Quality assurance -- Tool validation -- Documentation -- Digital forensic tools -- Tool selection -- Hardware -- Software -- Additional resources -- Open source tools -- Alert! : dependence on the tools -- Accreditation -- 4. Collecting evidence -- Crime scenes and collecting evidence -- Removable media -- Cell phones -- Alert! : protecting cell phones from network signals -- Alert! : power -- Order of volatility -- Documenting the scene -- Photography -- Notes -- Chain of custody -- Marking evidence -- Cloning -- Purpose of cloning -- The cloning process -- Forensically clean media -- Forensic image formats -- Risks and challenges -- Value in eDiscovery -- Alert! : sanctions in electronic discovery -- Live system versus dead system -- Live acquisition concerns -- More advanced -- Preserving evidence in RAM -- Advantage of live collection -- Principles of live collection -- Alert! : evidence in RAM -- Conducting and documenting a live collection -- Hashing -- Types of hashing algorithms -- Hashing example -- Uses of hashing -- Final report -- 5. Windows system artifacts -- Deleted data -- More advanced -- File carving -- Hibernation file (Hiberfile.sys) -- Sleep -- Hibernation -- Hybrid sleep -- Registry -- Registry structure -- Attribution -- External drives -- Print spooling -- Recycle bin -- Alert! : recycle bin function -- More advanced : recycle bin bypass -- Metadata -- Alert! : date and time stamps -- Removing metadata -- Thumbnail cache -- Most recently used -- Restore points and shadow copy -- Prefetch -- Link files -- Installed programs --"@en ;
   schema:description "Provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussion what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud, and the Internet are discussed."@en ;
   schema:exampleOfWork <http://worldcat.org/entity/work/id/1013043151> ;
   schema:inLanguage "en" ;
   schema:name "The basics of digital forensics : the primer for getting started in digital forensics"@en ;
   schema:productID "884864627" ;
   schema:workExample <http://worldcat.org/isbn/9780128016350> ;
   wdrs:describedby <http://www.worldcat.org/title/-/oclc/884864627> ;
    .


Related Entities

<http://experiment.worldcat.org/entity/work/data/1013043151#Person/sammons_john> # John Sammons
    a schema:Person ;
   schema:familyName "Sammons" ;
   schema:givenName "John" ;
   schema:name "John Sammons" ;
    .

<http://experiment.worldcat.org/entity/work/data/1013043151#Topic/computer_crimes_investigation> # Computer crimes--Investigation
    a schema:Intangible ;
   schema:name "Computer crimes--Investigation"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/1013043151#Topic/criminal_investigation> # Criminal investigation
    a schema:Intangible ;
   schema:name "Criminal investigation"@en ;
    .

<http://worldcat.org/isbn/9780128016350>
    a schema:ProductModel ;
   schema:isbn "0128016353" ;
   schema:isbn "9780128016350" ;
    .

<http://www.worldcat.org/title/-/oclc/884864627>
    a genont:InformationResource, genont:ContentTypeGenericResource ;
   schema:about <http://www.worldcat.org/oclc/884864627> ; # The basics of digital forensics : the primer for getting started in digital forensics
   schema:dateModified "2016-05-09" ;
   void:inDataset <http://purl.oclc.org/dataset/WorldCat> ;
    .


Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.