Hacking Exposed Computer Forensics Computer Forensics Secrets and Solutions

Name: Hacking Exposed Computer Forensics Computer Forensics Secrets and Solutions
Price: 5.6 USD
Availability: InStock
ISBN: 9780072256758

ISBN-10: 0072256753

ISBN-13: 9780072256758

Edition: 2005

Authors: Chris Davis, Aaron Philipp, David Cowen

List price: $52.99

30 day, 100% satisfaction guarantee!

Marketplace

3 new & used from $5.60

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

Whether retracing the steps of a security breech or tracking down high-tech crime, this book demonstrates how to be prepared with both the necessary tools and expert knowledge that ultimately helps the forensics stand up in court.

Book details

List price: $52.99
Copyright year: 2005
Publisher: McGraw-Hill Osborne
Binding: Paperback
Pages: 480
Size: 7.20" wide x 9.00" long x 0.98" tall
Weight: 1.716
Language: English

David Cowen, CISSP, is coauthor of the previous bestselling editions of Hacking Exposed Computer Forensics and Anti-Hacker Toolkit, Third Edition. He is a Partner at G-C Partners, LLC where he provides expert witness services and consulting to Fortune 500 companies nationwide.Chris Davis, CISA, CISSP (Dallas, TX) is a senior IT auditor for Texas Instruments and author of the best-selling Hacking Exposed: Computer Forensics.

Author Profiles Aaron Philippis a Managing Consultant in the D&I practice at Navigant Consulting. In this capacity, he provides consulting services in the fields of Computer Forensics and High-Tech Investigations. He specializes in complex computer forensic techniques such as identification and tracing of IP theft, timeline creation and correlation relating to multi-party fraud and reconstruction of evidence after deliberate data destruction has occurred that would nullify traditional computer forensic methodology. Mr. Philipp was previously the Managing Partner of Affect Computer Forensics, a boutique forensics firm based in Austin, TX with offices in Dallas, TX and Hong Kong. Affect…

Foreword	p. xix
Acknowledgments	p. xxiii
Introduction	p. xvii
Preparing for an Incident
Case Study: Lab Preparations	p. 2
Cashing Out	p. 2
Preparing for a Forensics Operation	p. 2
The Forensics Process	p. 5
Types of Investigations	p. 6
The Role of the Investigator	p. 8
Elements of a Good Process	p. 10
Cross-Validation	p. 11
Proper Evidence Handling	p. 11
Completeness of Investigation	p. 11
Management of Archives	p. 12
Technical Competency	p. 12
Explicit Definition and Justification for the Process	p. 12
Legal Compliance	p. 13
Flexibility	p. 13
Defining a Process	p. 13
Assessment	p. 14
Acquisition	p. 14
Authentication	p. 15
Analysis	p. 16
Articulation	p. 16
Archival	p. 16
Computer Fundamentals	p. 19
The Bottom-Up View of a Computer	p. 20
It's All Just 1s and 0s	p. 20
Learning from the Past: Giving Computers Memory	p. 22
Basic Input and Output System (BIOS)	p. 24
The Operating System	p. 24
The Applications	p. 25
Types of Media	p. 25
Magnetic Media	p. 25
Optical Media	p. 33
Memory Technologies	p. 34
Forensic Lab Environment Preparation	p. 39
The Ultimate Computer Forensic Lab	p. 40
What Is a Computer Forensic Laboratory?	p. 40
Forensic Lab Security	p. 41
Protecting the Forensic Lab	p. 42
Forensic Computers	p. 46
Components of a Forensic Host	p. 46
Commercially Available Hardware Systems	p. 48
Do-It-Yourself Hardware Systems	p. 49
Data Storage	p. 50
Forensic Hardware and Software Tools	p. 51
Using Hardware Tools	p. 51
Using Software Tools	p. 51
Case Management	p. 52
The Flyaway Kit	p. 53
Bonus: Linux or Windows?	p. 54
Collecting the Evidence
Case Study: The Collections Agency	p. 56
Preparations	p. 56
Revelations	p. 56
Collecting Evidence	p. 56
Forensically Sound Evidence Collection	p. 57
Collecting Evidence from a Single System	p. 58
Power Down the Suspect System	p. 59
Remove the Drive(s) from the Suspect System	p. 59
Check for Other Media	p. 60
Record BIOS Information	p. 60
Forensically Image the Drive	p. 60
Record Cryptographic Hashes	p. 77
Bag and Tag	p. 78
Move Forward	p. 78
Common Mistakes in Evidence Collection	p. 80
Remote Investigations and Collections	p. 83
Privacy Issues	p. 84
Remote Investigations	p. 85
Remote Investigation Tools	p. 86
Remote Collections	p. 94
Remote Collection Tools	p. 95
Encrypted Volumes or Drives	p. 105
USB Thumb Drives	p. 107
Forensic Investigation Techniques
Case Study: Analyzing the Data	p. 110
Digging for Clues	p. 110
We're Not Done. Yet	p. 110
Finally	p. 110
Microsoft Windows Systems Analysis	p. 111
Windows File Systems	p. 112
Master Boot Record	p. 112
FAT File System	p. 112
NTFS	p. 116
Recovering Deleted Files	p. 117
Limitations	p. 127
Windows Artifacts	p. 129
Linux Analysis	p. 137
The Linux File System (ext2 and ext3)	p. 138
ext2 Structure	p. 138
ext3 Structure	p. 141
Linux Swap	p. 142
Linux Analysis	p. 142
Macintosh Analysis	p. 151
The Evolution of the Mac OS	p. 152
Looking at a Mac Disk or Image	p. 154
The Apple Partition Map	p. 154
Trees and Nodes	p. 155
Deleted Files	p. 157
Recovering Deleted Files	p. 159
Concatenating Unallocated Space	p. 160
Scavenging for Unindexed Files and Pruned Nodes	p. 161
A Closer Look at Macintosh Files	p. 162
Archives	p. 162
Date and Time Stamps	p. 163
E-mail	p. 163
Graphics	p. 163
Web Browsing	p. 163
Resources	p. 164
Virtual Memory	p. 164
System Log and Other System Files	p. 164
Mac as a Forensics Platform	p. 165
Defeating Anti-Forensic Techniques	p. 167
Obscurity Methods	p. 168
Privacy Measures	p. 175
Encryption	p. 175
The General Solution to Encryption	p. 180
Wiping	p. 181
Enterprise Storage Analysis	p. 185
The Enterprise Data Universe	p. 186
Rebuilding RAIDs in EnCase	p. 187
Rebuilding RAIDs in Linux	p. 187
Working with NAS Systems	p. 188
Working with SAN Systems	p. 188
Working with Tapes	p. 189
Accessing Raw Tapes on Windows	p. 191
Accessing Raw Tapes on UNIX	p. 191
Commercial Tools for Accessing Tapes	p. 192
Collecting Live Data from Windows Systems	p. 194
Full-Text Indexing	p. 194
Mail Servers	p. 197
E-mail Analysis	p. 201
Finding E-mail Artifacts	p. 202
Client-Based E-mail	p. 203
Web-Based E-mail	p. 219
Internet-Hosted Mail	p. 220
Investigating E-mail Headers	p. 226
Tracking User Activity	p. 231
Microsoft Office Forensics	p. 232
Tracking Web Usage	p. 241
Internet Explorer Forensics	p. 241
Mozilla/Firefox Forensics	p. 249
Cell Phone and PDA Analysis	p. 257
Gathering PDA Evidence-the Collection	p. 258
Acquisition with PDA Seizure	p. 260
Analysis with PDA Seizure	p. 263
Acquisition with EnCase	p. 268
Windows CE/Mobile Windows Acquisition with PDA Seizure	p. 270
Windows CE/Mobile Windows Analysis with PDA Seizure	p. 271
E-mail Analysis with Pocket Outlook	p. 279
Investigating Terminal Services in Mobile Windows	p. 283
Investigating MSN Messenger	p. 284
Passwords and Other Security Features You May Encounter	p. 285
Password-Protected Windows Devices	p. 286
Collecting Cell Phone Evidence: Using Cell Seizure	p. 286
Acquisition with Cell Seizure	p. 287
Analysis with Cell Seizure	p. 292
Presenting Your Findings
Case Study: Wrapping Up the Case	p. 296
He Said, She Said...	p. 296
Documenting the Investigation	p. 297
Read Me	p. 298
Internal Report	p. 299
Construction of an Internal Report	p. 300
Declaration	p. 302
Construction of a Declaration	p. 303
Affidavit	p. 306
Expert Report	p. 307
Construction of an Expert Report	p. 308
The Justice System	p. 313
The Criminal Court System	p. 314
Civil Court	p. 315
Investigation	p. 315
Filing of the Lawsuit	p. 316
Discovery	p. 316
The Trial	p. 318
Expert Status	p. 319
Expert Credentials	p. 319
Nontestifying Expert Consultant	p. 319
Testifying Expert Witness	p. 319
Expert for the Court	p. 320
Expert Interaction with the Court	p. 320
Appendixes
Forensic Forms and Checklists	p. 323
Understanding Legal Concerns	p. 337
Zubulake v. UBS Warburg	p. 338
Case Transcription	p. 338
Case Summaries	p. 348
The Digital Evidence Legal Process	p. 349
Federal Rules of Evidence: Overview	p. 350
Federal Rules of Evidence (FRE)	p. 350
General Provisions	p. 350
Judicial Notice	p. 352
Presumptions in Civil Actions and Proceedings	p. 353
Relevancy and its Limits	p. 353
Privileges	p. 354
Witnesses	p. 354
Opinions and Expert Testimony	p. 358
Hearsay	p. 360
Authentication and Identification	p. 366
Contents of Writings, Recordings, and Photographs	p. 369
Miscellaneous Rules	p. 371
Federal Rules of Civil Procedure: Overview	p. 372
Federal Rules of Civil Procedure (FRCP)	p. 373
Scope of Rules-One Form of Action	p. 373
Commencement of Action; Service of Process, Pleadings, Motions, and Orders	p. 373
Depositions and Discovery	p. 376
Trials	p. 392
Judgment	p. 395
Provisional and Final Remedies	p. 401
District Courts and Clerks	p. 402
General Provisions	p. 403
Searching Techniques	p. 407
Regular Expressions	p. 408
Theory and History	p. 408
The Building Blocks	p. 408
Constructing Regular Expressions	p. 409
The Investigator's Toolkit	p. 413
Forensic Toolkits	p. 414
Guidance Software	p. 414
ASR Data	p. 415
Paraben	p. 415
Access Data	p. 416
The Sleuth Kit	p. 417
Glossary	p. 419
Index	p. 423
Table of Contents provided by Ingram. All Rights Reserved.