Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover
Contents
Title
Copyright
Dedication
Preface
Acknowledgments
Chapter One: The Fundamentals of Data
Base 2 Numbering System: Binary and Character Encoding
Communication in a Two-State Universe
Electricity and Magnetism
Building Blocks: The Origins of Data
Growing the Building Blocks of Data
Moving Beyond Base 2
American Standard Code for Information Interchange
Character Codes: The Basis for Processing Textual Data
Extended ASCII and Unicode
Summary
Notes
Chapter Two: Binary to Decimal
American Standard Code for Information Interchange
Computer as a Calculator
Why is this Important in Forensics?
Data Representation
Converting Binary to Decimal
Conversion Analysis
A Forensic Case Example: An Application of the Math
Decimal to Binary: Recap for Review
Summary
Chapter Three: The Power of HEX: Finding Slivers of Data
What the HEX?
Bits and Bytes and Nibbles
Nibbles and Bits
Binary to HEX Conversion
Binary (HEX) Editor
The Needle within the Haystack
Summary
Notes
Chapter Four: Files
Opening
Files, File Structures, and File Formats
File Extensions
Changing a File’s Extension to Evade Detection
Files and the HEX Editor
File Signature
ASCII is not Text or HEX
Value of File Signatures
Complex Files: Compound, Compressed, and Encrypted Files
Why do Compound Files Exist?
Compressed Files
Forensics and Encrypted Files
The Structure of Ciphers
Summary
Notes
Appendix 4A: Common File Extensions
Appendix 4B: File Signature Database
Appendix 4C: Magic Number Definition
Appendix 4D: Compound Document Header
Chapter Five: The Boot Process and the Master Boot Record (MBR)
Booting Up
Primary Functions of the Boot Process
Forensic Imaging and Evidence Collection
Summarizing the BIOS
BIOS Setup Utility: Step by Step
The Master Boot Record (MBR)
Partition Table
Hard Disk Partition
Summary
Notes
Chapter Six: Endianness and the Partition Table
The Flavor of Endianness
Endianness
The Origins of Endian
Partition Table within the Master Boot Record
Summary
Notes
Chapter Seven: Volume versus Partition
Tech Review
Cylinder, Head, Sector, and Logical Block Addressing
Volumes and Partitions
Summary
Notes
Chapter Eight: File Systems—FAT 12/16
Tech Review
File Systems
Metadata
File Allocation Table (FAT) File System
Slack
HEX Review Note
Directory Entries
File Allocation Table (FAT)
How is Cluster Size Determined?
Expanded Cluster Size
Directory Entries and the FAT
FAT Filing System Limitations
Directory Entry Limitations
Summary
Appendix 8A: Partition Table Fields
Appendix 8B: File Allocation Table Values
Appendix 8C: Directory Entry Byte Offset Description
Appendix 8D: FAT 12/16 Byte Offset Values
Appendix 8E: FAT 32 Byte Offset Values
Appendix 8F: The Power of 2
Chapter Nine: File Systems—NTFS and Beyond
New Technology File System
Partition Boot Record
Master File Table
NTFS Summary
exFAT
Alternative Filing System Concepts
Summary
Notes
Appendix 9A: Common NTFS System Defined Attributes
Chapter Ten: Cyber Forensics: Investigative Smart Practices
The Forensic Process
Forensic Investigative Smart Practices
Time
Summary
Note
Chapter Eleven: Time and Forensics
What is Time?
Network Time Protocol
Timestamp Data
Keeping Track of Time
Clock Models and Time Bounding: The Foundations of Forensic Time
MS-DOS 32-Bit Timestamp: Date and Time
Date Determination
Time Determination
Time Inaccuracy
Summary
Notes
Chapter Tweleve: Investigation: Incident Closure
Forensic Investigative Smart Practices
Step 5: Investigation (Continued)
Step 6: Communicate Findings
Characteristics of a Good Cyber Forensic Report
Report Contents
Step 7: Retention and Curation of Evidence
Step 8: Investigation Wrap-Up and Conclusion
Investigator’s Role as an Expert Witness
Summary
Notes
Chapter Thirteen: A Cyber Forensic Process Summary
Binary
Binary—Decimal—ASCII
Data Versus Code
HEX
From Raw Data to Files
Accessing Files
Endianness
Partitions
File Systems
Time
The Investigation Process
Summary
Appendix
Glossary
About the Authors
Index
← Prev
Back
Next →
← Prev
Back
Next →