Computer Forensics

ISBN-10: 007174245X

ISBN-13: 9780071742450

Edition: 2013

List price: $24.99 Buy it from $15.79
eBook available
30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy


New Starting from $30.05
eBooks Starting from $40.00
Buy eBooks
what's this?
Rush Rewards U
Members Receive:
You have reached 400 XP and carrot coins. That is the daily max!
Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS PowerPoint® 2010 Online content $4.95 $1.99
Customers also bought

Book details

List price: $24.99
Copyright year: 2013
Publisher: McGraw-Hill Education
Publication date: 5/1/2013
Binding: Paperback
Pages: 512
Size: 7.75" wide x 9.00" long x 0.75" tall
Weight: 1.518
Language: English

Author Profiles Aaron Philippis a Managing Consultant in the D&I practice at Navigant Consulting. In this capacity, he provides consulting services in the fields of Computer Forensics and High-Tech Investigations. He specializes in complex computer forensic techniques such as identification and tracing of IP theft, timeline creation and correlation relating to multi-party fraud and reconstruction of evidence after deliberate data destruction has occurred that would nullify traditional computer forensic methodology. Mr. Philipp was previously the Managing Partner of Affect Computer Forensics, a boutique forensics firm based in Austin, TX with offices in Dallas, TX and Hong Kong. Affect counted as clients the nation�s top law firms, FORTUNE 500 legal departments and government investigatory agencies. In addition, he is a regular speaker at technology and legal conferences around the world. He has been internationally recognized for his work, with citations of merit from the governments of Taiwan and South Africa. Mr. Philipp has a B.S. in Computer Science from the University of Texas at Austin.John Lovelandis a Managing Director in the Disputes & Investigations practice at Navigant Consulting and leads the Mid-Atlantic region Discovery Services practice. He brings over 18 years executive-level management consulting, electronic discovery and computer forensics expertise to the firm. Mr. Loveland specializes in providing strategic advice and expert witness services to counsel on matters related to complex computer forensics issues and managing large end-to-end discovery matters. He also provides pro-active consulting services to companies implementing technology and processes to better prepare for e-discovery. He counts as clients a number of AmLaw 500law firms and Fortune 500 companies and is a frequent speaker and author on computer forensics and e-discovery related topics. Mr. Loveland was a contributing author forHacking Exposed: Computer Forensics, 2nd Edition.

Getting Started
What Is Computer Forensics?
What You Can Do with Computer Forensics
How People Get Involved in Computer Forensics
Law Enforcement
University Programs
IT or Computer Security Professionals
Incident Response vs. Computer Forensics
How Computer Forensic Tools Work
Types of Computer Forensic Tools
Professional Licensing Requirements
Learning Computer Forensics
Where and How to Get Training
Law Enforcement Training
Corporate Training
Where and How to Get Certified
Vendor Certifications
Vendor-Neutral Certifications
Staying Current
Creating a Lab
Choosing Where to Put Your Lab
Access Controls
Electrical Power
Air Conditioning
Gathering the Tools of the Trade
Write Blockers
Drive Kits
External Storage
Screwdriver Kits
Antistatic Bags
Forensic Workstation
Choosing Forensic Software
Open Source Software
Commercial Software
Storing Evidence
Securing Your Evidence
Organizing Your Evidence
Disposing of Old Evidence
Your First Investigation
How to Approach a Computer Forensics Investigation
The Investigative Process
What Are You Being Asked to Find Out?
Where Would the Data Exist?
What Applications Might Have Been Used in Creating the Data?
Should You Request to Go Beyond the Scope of the Investigation?
Testing Your Hypothesis
Define Your Hypothesis
Determine a Repeatable Test
Create Your Test Environment
Document Your Testing
The Forensic Data Landscape
Active Data
Unallocated Space
Slack Space
Mobile Devices
External Storage
What Do You Have the Authority to Access
Who Hosts the Data?
Who Owns the Device?
Expectation of Privacy
Choosing Your Procedures
Forensic Imaging
Determining Your Comfort Level
Forensic Imaging Method Pros and Cons
Creating Forms and Your Lab Manual
Chain of Custody Forms
Request Forms
Report Forms
Standard Operating Procedures Manual
Testing Your Tools
When Do You Need to Test
Collecting Data for Public Research or Presentations
Testing a Forensic Method
Testing a Tool
Where to Get Test Evidence
Raw Images
Creating Your Own Test Images
Forensic Challenges
Learn Forensics with David Cowen on YouTube
Honeynet Project
DC3 Challenge
DFRWS Challenge
SANS Forensic Challenges
High School Forensic Challenge
Collections of Tool Testing Images
Digital Forensic Tool Testing Images
NIST Computer Forensics Reference Data Sets Images
The Hacking Case
NIST Computer Forensics Tool Testing
Live vs. Postmortem Forensics
Live Forensics
When Live Forensics Is the Best Option
Tools for Live Forensics
Postmortem Forensics
Postmortem Memory Analysis
Capturing Evidence
Creating Forensic Images of Internal Hard Drives
FTK Imager with a Hardware Write Blocker
FTK Imager with a Software Write Blocker
Creating Forensic Images of External Drives
FTK Imager with a USB Write Blocker
FTK Imager with a Software Write Blocker
Software Write Blocking on Linux Systems
Creating Forensic Images of Network Shares
Capturing a Network Share with FTK Imager
Mobile Devices
Nontraditional Digital Forensics
Breaking the Rules: Nontraditional Digital Forensic Techniques
Volatile Artifacts
Encrypted File Systems
Challenges to Accessing Encrypted Data
Mobile Devices: Smart Phones and Tablets
Solid State Drives
Virtual Machines
Case Examples: How to Work a Case
Establishing the Investigation Type and Criteria
Determining What Type of Investigation Is Required
Human Resources Cases
Administrator Abuse
Stealing Information
Internal Leaks
Keyloggers and Malware
What to Do When Criteria Causes an Overlap
What to Do When No Criteria Matches
Where Should the Evidence Be?
Did This Occur over the Network?
Nothing Working? Create a Super Timeline
Human Resources Cases
Results of a Human Resource Case
How to Work a Pornography Case
Pornography Case Study
How to Investigate a Pornography Case
How to Work a Productivity Waste Case
Administrator Abuse
The Abuse of Omniscience
Scenario 1: Administrator Runs a Pornographic Site Using Company Resources
Beginning an Investigation
The Web Server's Role in the Network
Virtual Servers
Virtual Directories
Scenario 2: Exploiting Insider Knowledge Against an Ex-employer
A Private Investigator Calls
As if They're Reading Our Minds…
What a Network Vulnerability Assessment Can Reveal
E-mail Data Review and Server Restoration
Stepping Up Your Game: Knowledge Meets Creativity
Stealing Information
What Are We Looking For?
Determining Where the Data Went
LNK Files
Scenario: Recovering Log Files to Catch a Thief
Internal Leaks
Why Internal Leaks Happen
Investigating Internal Leaks
Reviewing the Registry Files
Identifying LNK Files
Wrapping Up the Investigation
Using File System Meta-data to Track Leaked or Printed Materials
Keyloggers and Malware
Denning Keyloggers and Malware
How to Detect Keyloggers and Malware
Registry Files
Prefetch Files
Keyword Searches
Handling Suspicious Files
Determining How an Infection Occurred
What We Know About This Infection
What We Know About the Keylogger
Identifying What Data Was Captured
Finding Information About the Attacker
What We Know About the Attacker
Where to Find More About the Attacker
Defending Your Work
Documenting Your Findings with Reports
Documenting Your Findings
Who Asked You to Undertake the Investigation
What You Were Asked to Do
What You Reviewed
What You Found
What Your Findings Mean
Types of Reports
Informal Report
Incident Report
Internal Report
Explaining Your Work
Define Technical Terms
Provide Examples in Layperson Terms
Explain Artifacts
Litigation and Reports for Court and Exhibits
Important Legal Terms
What Type of Witness Are You?
Fact Witness
Expert Consultant
Expert Witness
Special Master
Writing Reports for Court
Declarations in Support of Motions
Expert Reports
Creating Exhibits
Working with Forensic Artifacts
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.