Table of Contents

Acknowledgments

About the Author

About the Technical Editor

Chapter 1. Introduction

What is Forensic Science?

What is Digital Forensics?

Uses of Digital Forensics

Locard's Exchange Principle

Scientific Method

Organizations of Note

Role of the Forensic Examiner in the Judicial System

Chapter 2. Key Technical Concepts

Bits, Bytes, and Numbering Schemes

File Extensions and File Signatures

Storage and Memory

Computing Environments

Allocated and Unallocated Space

How Magnetic Hard Drives Store Data

Basic Computer Function—Putting it All Together

Chapter 3. Labs and Tools

Forensic Laboratories

Policies and Procedures

Quality Assurance

Digital Forensic Tools

Chapter 4. Collecting Evidence

Crime Scenes and Collecting Evidence

Documenting the Scene

Chain of Custody

Live System versus Dead System

Chapter 5. Windows System Artifacts

Hibernation File (Hiberfile.Sys)

Thumbnail Cache

Most Recently Used (MRU)

Restore Points and Shadow Copy

Chapter 6. Antiforensics

Password Attacks

Data Destruction

Chapter 7. Legal

The Fourth Amendment

Criminal Law—Searches Without a Warrant

Searching with a Warrant

Electronic Discovery (eDiscovery)

Expert Testimony

Chapter 8. Internet and E-Mail

Internet Overview

Web Browsers—Internet Explorer

Social Networking Sites

Chapter 9. Network Forensics

Network Fundamentals

Network Security Tools

Network Attacks

Incident Response

Network Evidence and Investigations

Chapter 10. Mobile Device Forensics

Cellular Networks

Operating Systems

Cell Phone Evidence

Cell Phone Forensic Tools

Global Positioning Systems (GPS)

Chapter 11. Looking Ahead

Standards and Controls

Cloud Forensics (Finding/Identifying Potential Evidence Stored In the Cloud)

Solid State Drives (SSD)

Speed of Change