Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover Page
Title Page
Copyright Page
Preface
Introduction
About the Authors
Acknowledgments
Chapter 1. Understanding the Digital Forensics Profession and Investigations
Chapter Introduction
An Overview of Digital Forensics
Digital Forensics and Other Related Disciplines
A Brief History of Digital Forensics
Understanding Case Law
Developing Digital Forensics Resources
Preparing for Digital Investigations
Understanding Law Enforcement Agency Investigations
Following Legal Processes
Understanding Private-Sector Investigations
Establishing Company Policies
Displaying Warning Banners
Designating an Authorized Requester
Conducting Security Investigations
Distinguishing Personal and Company Property
Maintaining Professional Conduct
Preparing a Digital Forensics Investigation
An Overview of a Computer Crime
An Overview of a Company Policy Violation
Taking a Systematic Approach
Assessing the Case
Planning Your Investigation
Securing Your Evidence
Procedures for Private-Sector High-Tech Investigations
Employee Termination Cases
Internet Abuse Investigations
E-mail Abuse Investigations
Attorney-Client Privilege Investigations
Industrial Espionage Investigations
Interviews and Interrogations in High-Tech Investigations
Understanding Data Recovery Workstations and Software
Setting Up Your Workstation for Digital Forensics
Conducting an Investigation
Gathering the Evidence
Understanding Bit-stream Copies
Acquiring an Image of Evidence Media
Analyzing Your Digital Evidence
Some Additional Features of Autopsy
Completing the Case
Autopsy’s Report Generator
Critiquing the Case
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 2. The Investigator’s Office and Laboratory
Chapter Introduction
Understanding Forensics Lab Accreditation Requirements
Identifying Duties of the Lab Manager and Staff
Lab Budget Planning
Acquiring Certification and Training
International Association of Computer Investigative Specialists
ISC2 Certified Cyber Forensics Professional
High Tech Crime Network
EnCase Certified Examiner Certification
AccessData Certified Examiner
Other Training and Certifications
Determining the Physical Requirements for a Digital Forensics Lab
Identifying Lab Security Needs
Conducting High-Risk Investigations
Using Evidence Containers
Overseeing Facility Maintenance
Considering Physical Security Needs
Auditing a Digital Forensics Lab
Determining Floor Plans for Digital Forensics Labs
Selecting a Basic Forensic Workstation
Selecting Workstations for a Lab
Selecting Workstations for Private-Sector Labs
Stocking Hardware Peripherals
Maintaining Operating Systems and Software Inventories
Using a Disaster Recovery Plan
Planning for Equipment Upgrades
Building a Business Case for Developing a Forensics Lab
Preparing a Business Case for a Digital Forensics Lab
Justification
Budget Development
Facility Cost
Hardware Requirements
Software Requirements
Miscellaneous Budget Needs
Approval and Acquisition
Implementation
Acceptance Testing
Correction for Acceptance
Production
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 3. Data Acquisition
Chapter Introduction
Understanding Storage Formats for Digital Evidence
Raw Format
Proprietary Formats
Advanced Forensic Format
Determining the Best Acquisition Method
Contingency Planning for Image Acquisitions
Using Acquisition Tools
Mini-WinFE Boot CDs and USB Drives
Acquiring Data with a Linux Boot CD
Using Linux Live CD Distributions
Preparing a Target Drive for Acquisition in Linux
Acquiring Data with dd in Linux
Acquiring Data with dcfldd in Linux
Capturing an Image with AccessData FTK Imager Lite
Validating Data Acquisitions
Linux Validation Methods
Validating dd-Acquired Data
Validating dcfldd-Acquired Data
Windows Validation Methods
Performing RAID Data Acquisitions
Understanding RAID
Acquiring RAID Disks
Using Remote Network Acquisition Tools
Remote Acquisition with ProDiscover
Remote Acquisition with EnCase Enterprise
Remote Acquisition with R-Tools R-Studio
Remote Acquisition with WetStone US-LATT PRO
Remote Acquisition with F-Response
Using Other Forensics Acquisition Tools
PassMark Software ImageUSB
ASR Data SMART
Runtime Software
ILookIX IXImager
SourceForge
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 4. Processing Crime and Incident Scenes
Chapter Introduction
Identifying Digital Evidence
Understanding Rules of Evidence
Collecting Evidence in Private-Sector Incident Scenes
Processing Law Enforcement Crime Scenes
Understanding Concepts and Terms Used in Warrants
Preparing for a Search
Identifying the Nature of the Case
Identifying the Type of OS or Digital Device
Determining Whether You Can Seize Computers and Digital Devices
Getting a Detailed Description of the Location
Determining Who Is in Charge
Using Additional Technical Expertise
Determining the Tools You Need
Preparing the Investigation Team
Securing a Digital Incident or Crime Scene
Seizing Digital Evidence at the Scene
Preparing to Acquire Digital Evidence
Processing Incident or Crime Scenes
Processing Data Centers with RAID Systems
Using a Technical Advisor
Documenting Evidence in the Lab
Processing and Handling Digital Evidence
Storing Digital Evidence
Evidence Retention and Media Storage Needs
Documenting Evidence
Obtaining a Digital Hash
Reviewing a Case
Sample Civil Investigation
An Example of a Criminal Investigation
Reviewing Background Information for a Case
Planning the Investigation
Conducting the Investigation: Acquiring Evidence with OSForensics
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 5. Working with Windows and CLI Systems
Chapter Introduction
Understanding File Systems
Understanding the Boot Sequence
Understanding Disk Drives
Solid-State Storage Devices
Exploring Microsoft File Structures
Disk Partitions
Examining FAT Disks
Deleting FAT Files
Examining NTFS Disks
NTFS System Files
MFT and File Attributes
MFT Structures for File Data
MFT Header Fields
Attribute 0x10: Standard Information
Attribute 0x30: File Name
Attribute 0x40: Object_ID
Attribute 0x80: Data for a Resident File
Attribute 0x80: Data for a Nonresident File
Interpreting a Data Run
NTFS Alternate Data Streams
NTFS Compressed Files
NTFS Encrypting File System
EFS Recovery Key Agent
Deleting NTFS Files
Resilient File System
Understanding Whole Disk Encryption
Examining Microsoft BitLocker
Examining Third-Party Disk Encryption Tools
Understanding the Windows Registry
Exploring the Organization of the Windows Registry
Examining the Windows Registry
Understanding Microsoft Startup Tasks
Startup in Windows 7, Windows 8, and Windows 10
Startup in Windows NT and Later
Startup Files for Windows Vista
Startup Files for Windows XP
Windows XP System Files
Contamination Concerns with Windows XP
Understanding Virtual Machines
Creating a Virtual Machine
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 6. Current Digital Forensics Tools
Chapter Introduction
Evaluating Digital Forensics Tool Needs
Types of Digital Forensics Tools
Hardware Forensics Tools
Software Forensics Tools
Tasks Performed by Digital Forensics Tools
Acquisition
Validation and Verification
Extraction
Reconstruction
Reporting
Tool Comparisons
Other Considerations for Tools
Digital Forensics Software Tools
Command-Line Forensics Tools
Linux Forensics Tools
Smart
Helix 3
Kali Linux
Autopsy and Sleuth Kit
Forcepoint Threat Protection
Other GUI Forensics Tools
Digital Forensics Hardware Tools
Forensic Workstations
Building Your Own Workstation
Using a Write-Blocker
Recommendations for a Forensic Workstation
Validating and Testing Forensics Software
Using National Institute of Standards and Technology Tools
Using Validation Protocols
Digital Forensics Examination Protocol
Digital Forensics Tool Upgrade Protocol
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 7. Linux and Macintosh File Systems
Chapter Introduction
Examining Linux File Structures
File Structures in Ext4
Inodes
Hard Links and Symbolic Links
Understanding Macintosh File Structures
An Overview of Mac File Structures
Forensics Procedures in Mac
Acquisition Methods in macOS
Using Linux Forensics Tools
Installing Sleuth Kit and Autopsy
Examining a Case with Sleuth Kit and Autopsy
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 8. Recovering Graphics Files
Chapter Introduction
Recognizing a Graphics File
Understanding Bitmap and Raster Images
Understanding Vector Graphics
Understanding Metafile Graphics
Understanding Graphics File Formats
Understanding Digital Photograph File Formats
Examining the Raw File Format
Examining the Exchangeable Image File Format
Understanding Data Compression
Lossless and Lossy Compression
Locating and Recovering Graphics Files
Identifying Graphics File Fragments
Repairing Damaged Headers
Searching for and Carving Data from Unallocated Space
Planning Your Examination
Searching for and Recovering Digital Photograph Evidence
Rebuilding File Headers
Reconstructing File Fragments
Identifying Unknown File Formats
Analyzing Graphics File Headers
Tools for Viewing Images
Understanding Steganography in Graphics Files
Using Steganalysis Tools
Understanding Copyright Issues with Graphics
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 9. Digital Forensics Analysis and Validation
Chapter Introduction
Determining What Data to Collect and Analyze
Approaching Digital Forensics Cases
Refining and Modifying the Investigation Plan
Using Autopsy to Validate Data
Installing NSRL Hashes in Autopsy
Collecting Hash Values in Autopsy
Validating Forensic Data
Validating with Hexadecimal Editors
Using Hash Values to Discriminate Data
Validating with Digital Forensics Tools
Addressing Data-Hiding Techniques
Hiding Files by Using the OS
Hiding Partitions
Marking Bad Clusters
Bit-Shifting
Understanding Steganalysis Methods
Examining Encrypted Files
Recovering Passwords
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 10. Virtual Machine Forensics, Live Acquisitions, and Network Forensics
Chapter Introduction
An Overview of Virtual Machine Forensics
Type 2 Hypervisors
Parallels Desktop
KVM
Microsoft Hyper-V
VMware Workstation and Workstation Player
VirtualBox
Conducting an Investigation with Type 2 Hypervisors
Other VM Examination Methods
Using VMs as Forensics Tools
Working with Type 1 Hypervisors
Performing Live Acquisitions
Performing a Live Acquisition in Windows
Network Forensics Overview
The Need for Established Procedures
Securing a Network
Developing Procedures for Network Forensics
Reviewing Network Logs
Using Network Tools
Using Packet Analyzers
Investigating Virtual Networks
Examining the Honeynet Project
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 11. E-mail and Social Media Investigations
Chapter Introduction
Exploring the Role of E-mail in Investigations
Exploring the Roles of the Client and Server in E-mail
Investigating E-mail Crimes and Violations
Understanding Forensic Linguistics
Examining E-mail Messages
Copying an E-mail Message
Viewing E-mail Headers
Examining E-mail Headers
Examining Additional E-mail Files
Tracing an E-mail Message
Using Network E-mail Logs
Understanding E-mail Servers
Examining UNIX E-mail Server Logs
Examining Microsoft E-mail Server Logs
Using Specialized E-mail Forensics Tools
Using Magnet AXIOM to Recover E-mail
Using a Hex Editor to Carve E-mail Messages
Recovering Outlook Files
E-mail Case Studies
Applying Digital Forensics Methods to Social Media Communications
Forensics Tools for Social Media Investigations
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 12. Mobile Device Forensics and the Internet of Anything
Chapter Introduction
Understanding Mobile Device Forensics
Mobile Phone Basics
Inside Mobile Devices
SIM Cards
Understanding Acquisition Procedures for Mobile Devices
Mobile Forensics Equipment
SIM Card Readers
Mobile Phone Forensics Tools and Methods
Using Mobile Forensics Tools
Understanding Forensics in the Internet of Anything
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 13. Cloud Forensics
Chapter Introduction
An Overview of Cloud Computing
History of the Cloud
Cloud Service Levels and Deployment Methods
Cloud Vendors
Basic Concepts of Cloud Forensics
Legal Challenges in Cloud Forensics
Service Level Agreements
Policies, Standards, and Guidelines for CSPs
CSP Processes and Procedures
Jurisdiction Issues
Accessing Evidence in the Cloud
Search Warrants
Subpoenas and Court Orders
Technical Challenges in Cloud Forensics
Architecture
Analysis of Cloud Forensic Data
Anti-Forensics
Incident First Responders
Role Management
Standards and Training
Acquisitions in the Cloud
Encryption in the Cloud
Conducting a Cloud Investigation
Investigating CSPs
Investigating Cloud Customers
Understanding Prefetch Files
Examining Stored Cloud Data on a PC
Dropbox
Google Drive
OneDrive
Windows Prefetch Artifacts
Tools for Cloud Forensics
Forensic Open-Stack Tools
F-Response for the Cloud
Magnet AXIOM Cloud
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 14. Report Writing for High-Tech Investigations
Chapter Introduction
Understanding the Importance of Reports
Limiting a Report to Specifics
Types of Reports
Guidelines for Writing Reports
What to Include in Written Preliminary Reports
Report Structure
Writing Reports Clearly
Considering Writing Style
Including Signposts
Designing the Layout and Presentation of Reports
Providing Supporting Material
Formatting Consistently
Explaining Examination and Data Collection Methods
Including Calculations
Providing for Uncertainty and Error Analysis
Explaining Results and Conclusions
Providing References
Including Appendixes
Generating Report Findings with Forensics Software Tools
Using Autopsy to Generate Reports
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 15. Expert Testimony in Digital Investigations
Chapter Introduction
Preparing for Testimony
Documenting and Preparing Evidence
Reviewing Your Role as a Consulting Expert or an Expert Witness
Creating and Maintaining Your CV
Preparing Technical Definitions
Preparing to Deal with the News Media
Testifying in Court
Understanding the Trial Process
Providing Qualifications for Your Testimony
General Guidelines on Testifying
Using Graphics During Testimony
Avoiding Testimony Problems
Understanding Prosecutorial Misconduct
Testifying During Direct Examination
Testifying During Cross-Examination
Preparing for a Deposition or Hearing
Guidelines for Testifying at Depositions
Recognizing Deposition Problems
Guidelines for Testifying at Hearings
Preparing Forensics Evidence for Testimony
Preparing a Defense of Your Evidence-Collection Methods
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 16. Ethics for the Expert Witness
Chapter Introduction
Applying Ethics and Codes to Expert Witnesses
Forensics Examiners’ Roles in Testifying
Considerations in Disqualification
Traps for Unwary Experts
Determining Admissibility of Evidence
Organizations with Codes of Ethics
International Society of Forensic Computer Examiners
International High Technology Crime Investigation Association
International Association of Computer Investigative Specialists
American Bar Association
American Psychological Association
Ethical Difficulties in Expert Testimony
Ethical Responsibilities Owed to You
Standard Forensics Tools and Tools You Create
An Ethics Exercise
Performing a Cursory Exam of a Forensic Image
Performing a Detailed Exam of a Forensic Image
Performing the Exam
Preparing for an Examination
Interpreting Attribute 0x80 Data Runs
Finding Attribute 0x80 an MFT Record
Configuring Data Interpreter Options in WinHex
Calculating Data Runs
Carving Data Run Clusters Manually
Chapter Review
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Lab Manual for Guide to Computer Forensics and Investigations
Introduction
Chapter 1. Understanding the Digital Forensics Profession and Investigations
Chapter Introduction
Lab 1.1. Installing Autopsy for Windows
Objectives
Materials Required
Activity
Review Questions
Lab 1.2. Downloading FTK Imager Lite
Objectives
Materials Required
Activity
Review Questions
Lab 1.3. Downloading WinHex
Objectives
Materials Required
Activity
Review Questions
Lab 1.4. Using Autopsy for Windows
Objectives
Materials Required
Activity
Review Questions
Chapter 2. The Investigator’s Office and Laboratory
Chapter Introduction
Lab 2.1. Wiping a USB Drive Securely
Objectives
Materials Required
Activity
Review Questions
Lab 2.2. Using Directory Snoop to Image a USB Drive
Objectives
Materials Required
Activity
Review Questions
Lab 2.3. Converting a Raw Image to an .E01 Image
Objectives
Materials Required
Activity
Review Questions
Lab 2.4. Imaging Evidence with FTK Imager Lite
Objectives
Materials Required
Activity
Review Questions
Lab 2.5. Viewing Images in FTK Imager Lite
Objectives
Materials Required
Activity
Review Questions
Chapter 3. Data Acquisition
Chapter Introduction
Lab 3.1. Creating a DEFT Zero Forensic Boot CD and USB Drive
Objectives
Materials Required
Activity
Creating a DEFT Zero Boot CD
Creating a Bootable USB DEFT Zero Drive
Learning DEFT Zero Features
Review Questions
Lab 3.2. Examining a FAT Image
Objectives
Materials Required
Activity
Review Questions
Lab 3.3. Examining an NTFS Image
Objectives
Materials Required
Activity
Review Questions
Lab 3.4. Examining an HFS+ Image
Objectives
Materials Required
Activity
Review Questions
Chapter 4. Processing Crime and Incident Scenes
Chapter Introduction
Lab 4.1. Creating a Mini-WinFE Boot CD
Objectives
Materials Required
Activity
Setting Up Mini-WinFE
Creating a Mini-WinFE ISO Image
Review Questions
Lab 4.2. Using Mini-WinFE to Boot and Image a Windows Computer
Objectives
Materials Required
Activity
Review Questions
Lab 4.3. Testing the Mini-WinFE Write-Protection Feature
Objectives
Materials Required
Activity
Review Questions
Lab 4.4. Creating an Image with Guymager
Objectives
Materials Required
Activity
Review Questions
Chapter 5. Working with Windows and CLI Systems
Chapter Introduction
Lab 5.1. Using DART to Export Windows Registry Files
Objectives
Materials Required
Activity
Review Questions
Lab 5.2. Examining the SAM Hive
Objectives
Materials Required
Activity
Review Questions
Lab 5.3. Examining the SYSTEM Hive
Objectives
Materials Required
Activity
Review Questions
Lab 5.4. Examining the ntuser.dat Registry File
Objectives
Materials Required
Activity
Review Questions
Chapter 6. Current Digital Forensics Tools
Chapter Introduction
Lab 6.1. Using Autopsy 4.7.0 to Search an Image File
Objectives
Materials Required
Activity
Installing Autopsy 4.7.0
Searching E-mail in Autopsy 4.7.0
Review Questions
Lab 6.2. Using OSForensics to Search an Image of a Hard Drive
Objectives
Materials Required
Activity
Review Questions
Lab 6.3. Examining a Corrupt Image File with FTK Imager Lite, Autopsy, and WinHex
Objectives
Materials Required
Activity
Testing an Image File in Autopsy 4.3.0
Examining Image Files in WinHex
Review Questions
Chapter 7. Linux and Macintosh File Systems
Chapter Introduction
Lab 7.1. Using Autopsy to Process a Mac OS X Image
Objectives
Materials Required
Activity
Review Questions
Lab 7.2. Using Autopsy to Process a Mac OS 9 Image
Objectives
Materials Required
Activity
Review Questions
Lab 7.3. Using Autopsy to Process a Linux Image
Objectives
Materials Required
Activity
Review Questions
Chapter 8. Recovering Graphics Files
Chapter Introduction
Lab 8.1. Using Autopsy to Analyze Multimedia Files
Objectives
Materials Required
Activity
Review Questions
Lab 8.2. Using OSForensics to Analyze Multimedia Files
Objectives
Materials Required
Activity
Review Questions
Lab 8.3. Using WinHex to Analyze Multimedia Files
Objectives
Materials Required
Activity
Review Questions
Chapter 9. Digital Forensics Analysis and Validation
Chapter Introduction
Lab 9.1. Using Autopsy to Search for Keywords in an Image
Objectives
Materials Required
Activity
Review Questions
Lab 9.2. Validating File Hash Values with FTK Imager Lite
Objectives
Materials Required
Activity
Review Questions
Lab 9.3. Validating File Hash Values with WinHex
Objectives
Materials Required:
Activity
Review Questions
Chapter 10. Virtual Machine Forensics, Live Acquisitions, and Network Forensics
Chapter Introduction
Lab 10.1. Analyzing a Forensic Image Hosting a Virtual Machine
Objectives
Materials Required
Activity
Installing MD5 Hashes in Autopsy
Analyzing a Windows Image Containing a Virtual Machine
Review Questions
Lab 10.2. Conducting a Live Acquisition
Objectives
Materials Required
Activity
Installing Tools for Live Acquisitions
Exploring Tools for Live Acquisitions
Capturing Data in a Live Acquisition
Review Questions
Lab 10.3. Using Kali Linux for Network Forensics
Objectives
Materials Required
Activity
Installing Kali Linux
Mounting Drives in Kali Linux
Identifying Open Ports and Making a Screen Capture
Review Questions
Chapter 11. E-mail and Social Media Investigations
Chapter Introduction
Lab 11.1. Using OSForensics to Search for E-mails and Mailboxes
Objectives
Materials Required
Activity
Review Questions
Lab 11.2. Using Autopsy to Search for E-mails and Mailboxes
Objectives
Materials Required
Activity
Review Questions
Lab 11.3. Finding Google Searches and Multiple E-mail Accounts
Objectives
Materials Required
Activity
Review Questions
Chapter 12. Mobile Device Forensics
Chapter Introduction
Lab 12.1. Examining Cell Phone Storage Devices
Objectives
Materials Required
Activity
Review Questions
Lab 12.2. Using FTK Imager Lite to View Text Messages, Phone Numbers, and Photos
Objectives
Materials Required
Activity
Review Questions
Lab 12.3. Using Autopsy to Search Cloud Backups of Mobile Devices
Objectives
Materials Required
Activity
Review Questions
Chapter 13. Cloud Forensics
Chapter Introduction
Lab 13.1. Examining Dropbox Cloud Storage
Objectives
Materials Required
Activity
Review Questions
Lab 13.2. Examining Google Drive Cloud Storage
Objectives
Materials Required
Activity
Review Questions
Lab 13.3. Examining OneDrive Cloud Storage
Objectives
Materials Required
Activity
Review Questions
Chapter 14. Report Writing for High-Tech Investigations
Chapter Introduction
Lab 14.1. Investigating Corporate Espionage
Objectives
Materials Required
Activity
Review Questions
Lab 14.2. Adding Evidence to a Case
Objectives
Materials Required
Activity
Review Questions
Lab 14.3. Preparing a Report
Objectives
Materials Required
Activity
Review Questions
Chapter 15. Expert Testimony in Digital Investigations
Chapter Introduction
Lab 15.1. Conducting a Preliminary Investigation
Objectives
Materials Required
Activity
Review Questions
Lab 15.2. Investigating an Arsonist
Objectives
Materials Required
Activity
Review Questions
Lab 15.3. Recovering a Password from Password-Protected Files
Objectives
Materials Required
Activity
Verifying the Existence of a Warning Banner
Recovering a Password from Password-Protected Files
Review Questions
Chapter 16. Ethics for the Expert Witness
Chapter Introduction
Lab 16.1. Rebuilding an MFT Record from a Corrupt Image
Objectives
Materials Required
Activity
Creating a Duplicate Forensic Image
Determining the Offset Byte Address of the Corrupt MFT Record
Copying the Corrected MFT Record
Extracting Additional Evidence
Review Questions
Appendix A. Certification Test References
Appendix B. Digital Forensics References
Appendix C. Digital Forensics Lab Considerations
Appendix D. Legacy File System and Forensics Tools
← Prev
Back
Next →
← Prev
Back
Next →