Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover
Title Page
Copyright Page
Contents
About the Author
Acknowledgments
Introduction
Part I Legal and Ethical Principles
Chapter 1 Introduction to Forensics
What Is Cyber Forensics?
Understanding the Science of Forensics
Elements of the Crime
Law
Intent
Burden of Proof
Exculpatory Evidence
Knowledge Base Needed for Cyber Forensics
Hardware
Operating Systems
Networks
The Fundamental Principles of Cyber Forensics
Maintaining Chain of Custody
The Law and Cyber Forensics
General Legal Issues
Discovery
Warrants
Federal Guidelines Forensics Investigators Need to Know
FBI
Secret Service
The Need for Cyber Forensics Certification
Chapter Review
Questions
Answers
References
Chapter 2 The Investigative Process
Chain of Custody
Securing the Scene
Documentation
Authority and Objectives
Examination
Code of Ethics
(ISC)2 Ethics
American Academy of Forensic Science Ethics
ISO Code of Ethics
Ethical Conduct Outside the Investigation
Civil Matters
Criminal Matters
Other Issues
Ethical Investigations
The Chinese Wall
Relevant Regulations for Ethical Investigations
The Evidence
Criminal Investigations
Civil Investigations
Administrative Investigations
Intellectual Property Investigations
The Daubert Standard
The Forensic Investigator as an Expert
Qualities of an Expert
Chapter Review
Questions
Answers
References
Chapter 3 Evidence Management
Evidence Collection
Evidence Documentation
Evidence Preservation
Evidence Transport
Evidence Tracking
Evidence Storage
Environmental Hazards
Unauthorized Access
Electromagnetic Interference
U.S. Army Digital Evidence Storage
Evidence Access Control
Evidence Disposition
Chapter Review
Questions
Answers
References
Part II Forensic Science
Chapter 4 Principles and Methods
Scientific Approach to Forensics
The Scientific Method
The Philosophy of Science
Peer Review
Locard’s Principle of Transference
Inman-Rudin Paradigm
Identify and Classify Evidence
Locations Where Evidence May Reside
Storage Media
Hardware Interfaces
File Systems
File Format
File Types
Header Analysis
Recovering Data
Physical Damage
Logical Damage
File and Metadata Carving
Known File Filtering
Media File Forensic Steps
Running Processes
Netstat
Chapter Review
Questions
Answers
References
Chapter 5 Forensic Analysis
Planning
Collecting the Evidence
Analyze the Evidence
Case Notes and Reports
Case Notes
Reports
Quality Control
Lab Quality
Investigator Quality Control
Examination Quality Control
Chapter Review
Questions
Answers
References
Part III Digital Forensics
Chapter 6 Hardware Forensics
Hard Drive Specifications
General Hard Drive Facts
RAID
Recovering from Damaged Media
CMOS/BIOS
The Swap File
Operating System Specifics
Operating System Essentials
The Kernel
The GUI
Interrupts
API
Extracting Deleted Files
Windows
Windows Tools
Scrubbing Files
Linux
Macintosh
MacKeeper
Encrypted Files
EFS
TrueCrypt
How to Deal with Encrypted Drives and Files
Chapter Review
Questions
Answers
References
Chapter 7 Hidden Files and Antiforensics
Cryptography
The History of Encryption
Modern Cryptography
Symmetric Encryption
Asymmetric Cryptography
Cryptographic Hash
Windows Passwords
Steganography
Historical Steganography
Methods and Tools
Steganalysis
Cryptanalysis
Frequency Analysis
Kasiski
Modern Methods
Log Tampering
Log Deletion
Auditpol
Winzapper
Other Techniques
Onion Routing
Spoofing
Wiping
Tunneling
Chapter Review
Questions
Answers
References
Chapter 8 Network Forensics
Network Packet Analysis
What Is a Packet?
Ports
Network Traffic Analysis
Log Files
Web Traffic
HTTP Sniffer
Web Traffic
Nmap
Snort
Wireless
Network-Related Cybercrimes
Router Forensics
Router Basics
Types of Router Attacks
Getting Evidence from the Router
Firewall Forensics
Firewall Basics
Logs to Examine
Windows Logs
Linux Logs
Operating System Utilities
Netstat
Net sessions
Openfiles
Network Structure
Types of Networks
Network Topology
Shares
Services
P2P Networks and Proxies
SANS
Social Networks
Chapter Review
Questions
Answers
References
Chapter 9 Virtual Systems
Types of Virtual Systems
Virtual Machines
Service-Based Systems
The Cloud
Forensic Issues
Technical Issues
VMware
VirtualBox
Virtual PC
Legal/Procedural Issues
Chapter Review
Questions
Answers
References
Chapter 10 Mobile Forensics
Cellular Device Concepts
The Basics
Networks
Operating Systems
Apps
What Evidence Can You Get from a Mobile Device?
Cell Phone Records
Photos and Videos
GPS Records
Evidence from Apps
What You Should Look For
Device Status
Seizing Evidence from a Phone
Imaging a Phone
Windows 8 Phone
The iPhone
Android Forensics
Embedded Devices
Questions
Answers
References
Part IV Application Forensics and Emerging Technologies
Chapter 11 Application Forensics
File Formats
The Registry
Windows Swap File
Index.dat
Other Files That Provide Evidence
Memory Analysis
Windows File Copying
Web Forensics
Basics of Web Applications
SQL Injection
Cross-Site Scripting
Cookie Manipulation
Forceful Browsing
XML Injection
E-mail Forensics
How E-mail Works
E-mail headers
E-mail Files
Tracing E-mail
E-mail Server Forensics
Database Forensics
Database Types
What to Look For
Record Carving and Database Reconstruction
Chapter Review
Questions
Answers
References
Chapter 12 Malware Forensics
Viruses
How a Virus Spreads
Real-World Cases
Types of Viruses
History of Viruses
Modern Virus Creation
Trojan Horses
Spyware
The Buffer Overflow
Rootkit
Logic Bombs
Ransomware
Advanced Persistent Threats
Malware Analysis
Static Analysis
Dynamic Analysis
Chapter Review
Questions
Answers
References
Chapter 13 New and Emerging Forensics Technology
Social Networks
Types and Applications of Social Networks
Direct Evidence of Crimes
Commission of Crimes
New Devices
Google Glass
Cars
Medical Devices
Control Systems and Infrastructure
Online Gaming
Electronic Discovery
Types of Investigation
Liability and Proof
Relevant Laws
Big Data
Steps in Electronic Data Discover
Disaster Recovery
Chapter Review
Questions
Answers
References
Appendix About the CD-ROM
System Requirements
Total Tester Premium Practice Exam Software
Installing and Running Total Tester Premium Practice Exam Software
PDF Copy of the Book
Technical Support
Total Seminars Technical Support
McGraw-Hill Education Content Support
Glossary
Index
← Prev
Back
Next →
← Prev
Back
Next →