Muutke küpsiste eelistusi

Digital Forensics, Investigation, and Response 4th edition [Pehme köide]

3.78/5 (36 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 424 pages, kaal: 737 g
  • Ilmumisaeg: 24-Aug-2021
  • Kirjastus: Jones and Bartlett Publishers, Inc
  • ISBN-10: 1284226069
  • ISBN-13: 9781284226065
Teised raamatud teemal:
Digital Forensics, Investigation, and Response 4th editionSuurem pilt
  • Formaat: Paperback / softback, 424 pages, kaal: 737 g
  • Ilmumisaeg: 24-Aug-2021
  • Kirjastus: Jones and Bartlett Publishers, Inc
  • ISBN-10: 1284226069
  • ISBN-13: 9781284226065
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781284226065.html
Märksõnad:
Digital Forensics, Investigation, and Response, Fourth Edition begins by examining the fundamentals of system forensics: what forensics is, an overview of computer crime, the challenges of system forensics, and forensics methods and labs. The second part of this book addresses the tools, techniques, and methods used to perform computer forensics and investigation. These include collecting evidence, investigating information hiding, recovering data, and scrutinizing email. It also discusses how to perform forensics in Windows, Linux, Macintosh operating systems, mobile devices, and networks. Finally, the third part explores incident and intrusion response, emerging technologies and future directions of this field, and additional system forensics resources.Each new print copy includes Navigate eBook Access enabling you to read your digital textbook online or offline from your computer, tablet, or mobile device.Want to learn more about using this book and its Cloud Labs in your class? Check out what Art McFadden, Digital Forensics Instructor in Kentucky, has to say about his experience with the Digital Forensics, Investigation, and Response, Fourth Edition book and Cloud Labs in this blog post.
Preface xv
Dedication xvii
About the Author xix
PART I Introduction to Forensics
1(88)
Chapter 1 Introduction to Forensics
3(36)
What Is Computer Forensics?
4(1)
Using Scientific Knowledge
5(1)
Collecting
6(1)
Analyzing
6(1)
Presenting
6(4)
Understanding the Field of Digital Forensics
10(1)
What Is Digital Evidence?
11(1)
Scope-Related Challenges to System Forensics
12(3)
Types of Digital System Forensics Analysis
15(1)
General Guidelines
16(1)
Knowledge Needed for Computer Forensics Analysis
17(1)
Hardware
17(3)
Software
20(2)
Networks
22(1)
Addresses
23(3)
Obscured Information and Anti-Forensics
26(2)
The Daubert Standard
28(1)
U.S. Laws Affecting Digital Forensics
29(1)
The Federal Privacy Act of 1974
29(1)
The Privacy Protection Act of 1980
29(1)
The Communications Assistance to Law Enforcement Act of 1994
29(1)
Unlawful Access to Stored Communications: 18 U.S.C. § 2701
29(1)
The Electronic Communications Privacy Act of 1986
30(1)
The Computer Security Act of 1987
30(1)
The Foreign Intelligence Surveillance Act of 1978
30(1)
The Child Protection and Sexual Predator Punishment Act of 1998
30(1)
The Children's Online Privacy Protection Act of 1998
30(1)
The Communications Decency Act of 1996
31(1)
The Telecommunications Act of 1996
31(1)
The Wireless Communications and Public Safety Act of 1999
31(1)
The USA PATRIOT Act
31(1)
The Sarbanes-Oxley Act of 2002
31(1)
18 USC 1030 Fraud and Related Activity in Connection with Computers
31(1)
18 USC 1020 Fraud and Related Activity in Connection with Access Devices
31(1)
The Digital Millennium Copyright Act (DMCA)
31(1)
18 USC § 1028A Identity Theft and Aggravated Identity Theft
32(1)
18 USC § 2251 Sexual Exploitation of Children
32(1)
Warrants
32(1)
Federal Guidelines
33(1)
The FBI
33(1)
The Secret Service
34(1)
The Regional Computer Forensics Laboratory Program
35(1)
Chapter Summary
35(1)
Key Concepts and Terms
35(1)
Chapter 1 Assessment
36(1)
References
36(3)
Chapter 2 Overview of Computer Crime
39(26)
How Computer Crime Affects Forensics
40(1)
Identity Theft
41(1)
Phishing
42(1)
Spyware
43(1)
Discarded Information
44(1)
How Does This Crime Affect Forensics?
45(1)
Hacking
45(1)
Structured Query Language Injection
45(2)
Cross-Site Scripting
47(1)
Ophcrack
48(2)
Tricking Tech Support
50(1)
Hacking in General
50(1)
Cyberstalking and Harassment
51(1)
Real Cyberstalking Cases
52(2)
Fraud
54(1)
Investment Offers
54(1)
Data Piracy
55(1)
Non-Access Computer Crimes
55(1)
Denial of Service
56(2)
Viruses
58(2)
Logic Bombs
60(1)
Cyberterrorism
61(1)
How Does This Crime Affect Forensics?
62(1)
Chapter Summary
62(1)
Key Concepts and Terms
63(1)
Chapter 2 Assessment
63(2)
Chapter 3 Forensic Methods and Labs
65(24)
Forensic Methodologies
66(1)
Handle Original Data as Little as Possible
66(1)
Comply with the Rules of Evidence
66(2)
Avoid Exceeding Your Knowledge
68(1)
Create an Analysis Plan
69(1)
Technical Information Collection Considerations
70(1)
Formal Forensic Approaches
71(1)
DoD Forensic Standards
71(1)
The DFRWS Framework
71(1)
The SWGDE Framework
72(1)
An Event-Based Digital Forensics Investigation Framework
72(1)
Documentation of Methodologies and Findings
72(1)
Disk Structure
73(1)
File Slack Searching
73(1)
Evidence-Handling Tasks
73(1)
Evidence-Gathering Measures
74(1)
Expert Reports
74(1)
How to Set Up a Forensics Lab
75(1)
Equipment
75(1)
Security
75(1)
American Society of Crime Laboratory Directors
76(1)
Common Forensic Software Programs
77(1)
EnCase
77(3)
Forensic Toolkit
80(1)
OSForensics
81(1)
Helix
81(1)
Kali Linux
81(1)
AnaDisk Disk Analysis Tool
82(1)
CopyQM Plus Disk Duplication Software
82(1)
The Sleuth Kit
82(1)
Disk Investigator
83(1)
Forensic Certifications
83(2)
EnCase Certified Examiner Certification
85(1)
AccessData Certified Examiner
85(1)
OSForensics
85(1)
EC Council Certified Hacking Forensic Investigator
85(1)
GIAC Certifications
85(1)
Chapter Summary
86(1)
Key Concepts and Terms
86(1)
Chapter 3 Assessment
86(1)
References
87(2)
PART II Forensics Tools, Techniques, and Methods
89(102)
Chapter 4 Collecting, Seizing, and Protecting Evidence
91(28)
Proper Procedure
92(1)
Shutting Down the Computer
92(3)
Transporting the Computer System to a Secure Location
95(1)
Preparing the System
95(3)
Documenting the Hardware Configuration of the System
98(1)
Mathematically Authenticating Data on All Storage Devices
98(1)
Handling Evidence
99(1)
Collecting Data
99(1)
Documenting Filenames, Dates, and Times
100(1)
Identifying File, Program, and Storage Anomalies
100(1)
Evidence-Gathering Measures
101(1)
What to Examine
102(3)
Storage Formats
105(1)
Magnetic Media
105(1)
Solid-State Drives
106(1)
Digital Audio Tape Drives
107(1)
Digital Linear Tape and Super DLT
107(1)
Optical Media
107(1)
Using USB Drives
108(1)
File Formats
108(1)
Forensic Imaging
109(1)
Imaging with EnCase
110(2)
Imaging with the Forensic Toolkit
112(3)
Imaging with OSForensics
115(1)
RAID Acquisitions
116(1)
Chapter Summary
117(1)
Key Concepts and Terms
117(1)
Chapter 4 Assessment
118(1)
CHAPTER LAB
118(1)
Chapter 5 Understanding Techniques for Hiding and Scrambling Information
119(32)
Steganography
120(2)
Historical Steganography
122(1)
Steganophony
122(1)
Video Steganography
122(1)
More Advanced Steganography
122(1)
Steganalysis
123(1)
Invisible Secrets
124(3)
MP3Stego
127(1)
Deep Sound
127(1)
Additional Resources
127(1)
Encryption
128(1)
The History of Encryption
128(7)
Modern Cryptography
135(8)
Breaking Encryption
143(3)
Quantum Computing and Cryptography
146(1)
Chapter Summary
147(1)
Key Concepts and Terms
147(1)
Chapter 5 Assessment
148(1)
References
149(2)
Chapter 6 Recovering Data
151(22)
Undeleting Data
151(1)
File Systems and Hard Drives
152(1)
Windows
152(3)
Forensically Scrubbing a File or Folder
155(7)
Linux
162(3)
Mac OS
165(1)
Recovering Information from Damaged Media
166(1)
Physical Damage Recovery Techniques
167(1)
Recovering Data After Logical Damage
167(2)
File Carving
169(1)
Chapter Summary
170(1)
Key Concepts and Terms
170(1)
Chapter 6 Assessment
170(1)
References
171(2)
Chapter 7 Incident Response
173(18)
Disaster Recovery
174(1)
ISO 27001
175(1)
NIST 800-34
175(1)
NFPA 1600
176(1)
Business Impact Analysis
176(2)
Describing the Incident
178(1)
Common Vulnerability Scoring System
178(2)
Dread
180(1)
Hmun
180(1)
Mean Squared Deviation
181(1)
Mean Percentage Error
181(1)
Ishikawa Diagram
181(1)
The Recovery Plan
182(1)
The Post Recovery Follow-Up
183(1)
Incident Response
183(1)
Detection
184(1)
Containment
184(1)
Eradication
184(1)
Recovery
185(1)
Follow-Up
185(1)
Preserving Evidence
186(1)
Adding Forensics to Incident Response
187(1)
Forensic Resources
187(1)
Forensics and Policy
188(1)
Chapter Summary
188(1)
Key Concepts and Terms
188(1)
Chapter 7 Assessment
189(1)
Reference
189(2)
PART III Branches of Digital Forensics
191(17)
Chapter 8 Windows Forensics
193(30)
Windows Details
194(1)
Windows History
194(2)
64-Bit Processing
196(1)
The Boot Process
196(1)
Important Files
197(2)
Volatile Data
199(1)
Tools
200(4)
Windows Swap File
204(1)
Volume Shadow Copy
204(1)
Windows Logs
204(2)
Windows Directories
206(1)
UserAssist
206(1)
Unallocated/Slack Space
206(1)
Alternate Data Streams
207(2)
Index.dat 208(167)
Windows Files and Permissions
209(1)
MAC
209(1)
The Registry
210(2)
USB Information
212(1)
Wireless Networks
212(1)
Tracking Word Documents in the Registry
213(1)
Malware in the Registry
213(1)
Uninstalled Software
213(1)
Passwords
214(1)
ShellBag
214(1)
Shimcache
215(1)
Amcache
215(1)
Prefetch
216(1)
SRUM
217(1)
BAM and DAM
217(1)
Recycle Bin
217(1)
The $130 Attribute
218(1)
PowerShell Forensics
219(2)
Chapter Summary
221(1)
Key Concepts and Terms
221(1)
Chapter 8 Assessment
221(1)
References
222(1)
Chapter 9 Linux Forensics
223(30)
Linux and Forensics
224(1)
Linux Basics
224(1)
Linux History
224(1)
Linux Shells
225(3)
Graphical User Interface
228(1)
Linux Boot Process
229(2)
Logical Volume Management
231(1)
Linux Distributions
232(1)
Linux File Systems
232(1)
Ext
232(1)
The Reiser File System
233(1)
The Berkeley Fast File System
233(1)
Linux Logs
233(1)
The /var/log/faillog Log
233(1)
The /var/log/kern.log Log
233(1)
The /var/log/lpr.log Log
233(1)
The /var/log/mail.* Log
234(1)
The /var/log/mysql.* Log
234(1)
The /var/log/apache2/* Log
234(1)
The /var/log/lighttpd/* Log
234(1)
The /var/log/apport. log Log
234(1)
Other Logs
235(1)
Viewing Logs
235(1)
Linux Directories
235(1)
The /root Directory
235(1)
The /bin Directory
235(1)
The/sbin Directory
236(1)
The /etc Folder
236(1)
The /etc/inittab File
236(1)
The /dev Directory
237(1)
The /mnt Directory
237(1)
The /boot Directory
237(1)
The /usr Directory
237(1)
The /tmp Directory
237(1)
The /var Directory
237(1)
The /proc Directory
238(1)
The /run Directory
238(1)
Tmpfs
239(1)
Shell Commands for Forensics
239(1)
The dmesg Command
239(1)
The fsck Command
239(1)
The grep Command
240(1)
The history Command
241(1)
The mount Command
241(1)
The ps Command
241(1)
The pstree Command
242(1)
The pgrep Command
242(1)
The top Command
242(1)
The kill Command
243(1)
The file Command
243(1)
The su Command
243(1)
The who Command
243(1)
The finger Command
244(1)
The dd Command
244(1)
The ls Command
244(1)
Find Executables
244(1)
Checking Scheduled Tasks
244(1)
Finding Oddities
245(1)
Can You Undelete in Linux?
245(1)
Manual Method
245(1)
Kali Linux Forensics
246(4)
Forensics Tools for Linux
250(1)
More Linux Forensics
250(1)
Documenting
251(1)
Advanced Commands
251(1)
Chapter Summary
251(1)
Key Concepts and Terms
252(1)
Chapter 9 Assessment
252(1)
Reference
252(1)
Chapter 10 Mac OS Forensics
253(18)
Mac Basics
254(1)
Apple History
254(3)
Mac File Systems
257(2)
Partition Types
259(1)
Boot Camp Assistant
259(1)
Mac OS Logs
260(1)
The /var/log Log
260(1)
The /var/spool/cups Folder
260(1)
The /private/var/audit Logs
260(1)
The /private/var/VM Folder
260(1)
The /Library/Receipts Folder
260(1)
/Library/Mobile Documents
261(1)
The /Users/<user>/.bash_history Log
261(1)
The var/vm Folder
261(1)
The /Users/ Directory
261(1)
The /Users/<user>/Library/Preferences Folder
261(1)
Directories
261(1)
The /Volumes Directory
261(1)
The /Users Directory
262(1)
The /Applications Directory
262(1)
The /Network Directory
262(1)
The /etc Directory
262(1)
The /Library/Preferences/SystemConfiguration/dom.apple.preferences.plist File
262(1)
Mac OS Forensic Techniques
262(1)
Target Disk Mode
262(1)
Searching Virtual Memory
263(1)
Shell Commands
263(1)
How to Examine an Apple Device
264(1)
MacQuisition
264(1)
Reading Apple Drives
265(1)
Can You Undelete in Mac OS?
266(2)
Mac OS Password Recovery
268(2)
Chapter Summary
270(1)
Key Concepts and Terms
270(1)
Chapter 10 Assessment
270(1)
Chapter 11 Email Forensics
271(20)
How Email Works
272(1)
Email Protocols
273(1)
Faking Email
274(1)
Email Headers
275(1)
Getting Headers in Outlook 2019
276(1)
Getting Headers from Yahoo! Email
277(2)
Getting Headers from Gmail
279(1)
Other Email Clients
280(1)
Email Files
281(1)
Paraben's Email Examiner
282(1)
ReadPST
283(1)
Tracing Email
284(1)
Email Server Forensics
284(1)
Email and the Law
285(1)
The Fourth Amendment to the U.S. Constitution
285(1)
The Electronic Communications Privacy Act
285(1)
The CAN-SPAM Act
286(1)
18 U.S.C. 2252B
287(1)
The Communication Assistance to Law Enforcement Act
287(1)
The Foreign Intelligence Surveillance Act
287(1)
The USA PATRIOT Act
288(1)
Chapter Summary
288(1)
Key Concepts and Terms
288(1)
Chapter 11 Assessment
289(2)
Chapter 12 Mobile Forensics
291(22)
Cellular Device Concepts
292(1)
Terms
292(1)
Networks
293(1)
Operating Systems
294(10)
Evidence You Can Get from a Cell Phone
304(1)
SWGDE Guidelines
305(1)
Types of Investigations
306(1)
Types of Information
306(1)
Seizing Evidence from a Mobile Device
306(2)
SQLite
308(1)
The iPhone
309(2)
Chapter Summary
311(1)
Key Concepts and Terms
311(1)
Chapter 12 Assessment
312(1)
References
312(1)
Network Forensics
313(1)
Chapter 13 Network Basics
313(30)
IP Addresses and MAC Addresses
314(4)
Open Systems Interconnection Model
318(3)
Network Packet Analysis
321(1)
Network Packets
321(1)
Packet Headers
321(4)
Network Attacks
325(3)
Network Traffic Analysis Tools
328(1)
Wireshark
328(3)
Nmap
331(1)
Tcpdump
331(1)
Snort
332(1)
NetWitness
332(1)
Network Traffic Analysis
332(1)
Using Log Files as Evidence
332(1)
Wireless
333(1)
Wi-Fi Security
334(1)
Other Wireless Protocols
335(1)
Router Forensics
336(1)
Router Basics
336(2)
Types of Router Attacks
338(1)
Getting Evidence from the Router
338(2)
Firewall Forensics
340(1)
Firewall Basics
340(1)
Packet Filer
340(1)
Stateful Packet Inspection
340(1)
Collecting Data
340(1)
Chapter Summary
341(1)
Key Concepts and Terms
341(1)
Chapter 13 Assessment
342(1)
Chapter 14 Memory Forensics
343(18)
How Computer Memory Works
344(1)
Stack Versus Heap
344(1)
Paging
345(1)
Capturing Memory
345(2)
Analyzing Memory with Volatility
347(5)
Analyzing Memory with OSForensics
352(1)
Understanding the Output
352(2)
Putting It All Together
354(1)
Malware Techniques
355(1)
Viruses
355(1)
Worms
356(1)
Spyware
356(1)
Logic Bomb
356(1)
Trojan Horse
356(1)
Malware Hiding Techniques
357(1)
Density Scout
358(2)
Chapter Summary
360(1)
Key Concepts and Terms
360(1)
Chapter 14 Assessment
360(1)
Chapter 15 Trends and Future Directions
361(14)
Technical Trends
362(1)
What Impact Does This Have on Forensics?
363(1)
Software as a Service
363(1)
The Cloud
364(3)
New Devices
367(4)
Legal and Procedural Trends
371(1)
Changes in the Law
372(1)
Private Labs
372(1)
International Issues
373(1)
Techniques
373(1)
Chapter Summary
373(1)
Key Concepts and Terms
373(1)
Chapter 15 Assessment
374(1)
References
374(1)
Appendix A Answer Key 375(2)
Appendix B Standard Acronyms 377(4)
Glossary of Key Terms 381(6)
Index 387
Dr. Chuck Easttom is the author of 32' books, including several on computer security, forensics, and cryptography.' He has also authored scientific papers on digital forensics, cyber warfare, machine learning, cryptography, and applied mathematics. He is an inventor with 22 computer science patents.'He holds a Doctor of Science (D.Sc.) in cyber security, a Ph.D. in nanotechnology, a Ph.D. in computer science,'and three masters degrees (one in applied computer science, one in education,'and one in systems engineering). He is a senior member of both the IEEE and the ACM. He is also a Distinguished Speaker of the ACM and a Distinguished Visitor of the IEEE.He also holds 55 industry certifications including many cyber security and digital forensics certifications. He has both academic and hands on forensics experience. He has served as an expert witness in U.S. court cases since 2004.' He is currently an adjunct lecturer for Georgetown University where he teaches cyber security, systems engineer, and cryptography and an adjunct professor for University of Dallas where he teaches a graduate course in digital forensics.'