Skip to content

Hacking Exposed Computer Forensics

Spend $50 to get a free DVD!

ISBN-10: 0072256753

ISBN-13: 9780072256758

Edition: 2005

Authors: Chris Davis, Aaron Philipp, David Cowen

List price: $52.99
Blue ribbon 30 day, 100% satisfaction guarantee!
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Description:

Whether retracing the steps of a security breech or tracking down high-tech crime, this book demonstrates how to be prepared with both the necessary tools and expert knowledge that ultimately helps the forensics stand up in court.
Customers also bought

Book details

List price: $52.99
Copyright year: 2005
Publisher: McGraw-Hill Osborne
Binding: Mixed Media
Pages: 480
Size: 7.50" wide x 9.25" long x 1.25" tall
Weight: 1.694
Language: English

Forewordp. xix
Acknowledgmentsp. xxiii
Introductionp. xvii
Preparing for an Incident
Case Study: Lab Preparationsp. 2
Cashing Outp. 2
Preparing for a Forensics Operationp. 2
The Forensics Processp. 5
Types of Investigationsp. 6
The Role of the Investigatorp. 8
Elements of a Good Processp. 10
Cross-Validationp. 11
Proper Evidence Handlingp. 11
Completeness of Investigationp. 11
Management of Archivesp. 12
Technical Competencyp. 12
Explicit Definition and Justification for the Processp. 12
Legal Compliancep. 13
Flexibilityp. 13
Defining a Processp. 13
Assessmentp. 14
Acquisitionp. 14
Authenticationp. 15
Analysisp. 16
Articulationp. 16
Archivalp. 16
Computer Fundamentalsp. 19
The Bottom-Up View of a Computerp. 20
It's All Just 1s and 0sp. 20
Learning from the Past: Giving Computers Memoryp. 22
Basic Input and Output System (BIOS)p. 24
The Operating Systemp. 24
The Applicationsp. 25
Types of Mediap. 25
Magnetic Mediap. 25
Optical Mediap. 33
Memory Technologiesp. 34
Forensic Lab Environment Preparationp. 39
The Ultimate Computer Forensic Labp. 40
What Is a Computer Forensic Laboratory?p. 40
Forensic Lab Securityp. 41
Protecting the Forensic Labp. 42
Forensic Computersp. 46
Components of a Forensic Hostp. 46
Commercially Available Hardware Systemsp. 48
Do-It-Yourself Hardware Systemsp. 49
Data Storagep. 50
Forensic Hardware and Software Toolsp. 51
Using Hardware Toolsp. 51
Using Software Toolsp. 51
Case Managementp. 52
The Flyaway Kitp. 53
Bonus: Linux or Windows?p. 54
Collecting the Evidence
Case Study: The Collections Agencyp. 56
Preparationsp. 56
Revelationsp. 56
Collecting Evidencep. 56
Forensically Sound Evidence Collectionp. 57
Collecting Evidence from a Single Systemp. 58
Power Down the Suspect Systemp. 59
Remove the Drive(s) from the Suspect Systemp. 59
Check for Other Mediap. 60
Record BIOS Informationp. 60
Forensically Image the Drivep. 60
Record Cryptographic Hashesp. 77
Bag and Tagp. 78
Move Forwardp. 78
Common Mistakes in Evidence Collectionp. 80
Remote Investigations and Collectionsp. 83
Privacy Issuesp. 84
Remote Investigationsp. 85
Remote Investigation Toolsp. 86
Remote Collectionsp. 94
Remote Collection Toolsp. 95
Encrypted Volumes or Drivesp. 105
USB Thumb Drivesp. 107
Forensic Investigation Techniques
Case Study: Analyzing the Datap. 110
Digging for Cluesp. 110
We're Not Done. Yetp. 110
Finallyp. 110
Microsoft Windows Systems Analysisp. 111
Windows File Systemsp. 112
Master Boot Recordp. 112
FAT File Systemp. 112
NTFSp. 116
Recovering Deleted Filesp. 117
Limitationsp. 127
Windows Artifactsp. 129
Linux Analysisp. 137
The Linux File System (ext2 and ext3)p. 138
ext2 Structurep. 138
ext3 Structurep. 141
Linux Swapp. 142
Linux Analysisp. 142
Macintosh Analysisp. 151
The Evolution of the Mac OSp. 152
Looking at a Mac Disk or Imagep. 154
The Apple Partition Mapp. 154
Trees and Nodesp. 155
Deleted Filesp. 157
Recovering Deleted Filesp. 159
Concatenating Unallocated Spacep. 160
Scavenging for Unindexed Files and Pruned Nodesp. 161
A Closer Look at Macintosh Filesp. 162
Archivesp. 162
Date and Time Stampsp. 163
E-mailp. 163
Graphicsp. 163
Web Browsingp. 163
Resourcesp. 164
Virtual Memoryp. 164
System Log and Other System Filesp. 164
Mac as a Forensics Platformp. 165
Defeating Anti-Forensic Techniquesp. 167
Obscurity Methodsp. 168
Privacy Measuresp. 175
Encryptionp. 175
The General Solution to Encryptionp. 180
Wipingp. 181
Enterprise Storage Analysisp. 185
The Enterprise Data Universep. 186
Rebuilding RAIDs in EnCasep. 187
Rebuilding RAIDs in Linuxp. 187
Working with NAS Systemsp. 188
Working with SAN Systemsp. 188
Working with Tapesp. 189
Accessing Raw Tapes on Windowsp. 191
Accessing Raw Tapes on UNIXp. 191
Commercial Tools for Accessing Tapesp. 192
Collecting Live Data from Windows Systemsp. 194
Full-Text Indexingp. 194
Mail Serversp. 197
E-mail Analysisp. 201
Finding E-mail Artifactsp. 202
Client-Based E-mailp. 203
Web-Based E-mailp. 219
Internet-Hosted Mailp. 220
Investigating E-mail Headersp. 226
Tracking User Activityp. 231
Microsoft Office Forensicsp. 232
Tracking Web Usagep. 241
Internet Explorer Forensicsp. 241
Mozilla/Firefox Forensicsp. 249
Cell Phone and PDA Analysisp. 257
Gathering PDA Evidence-the Collectionp. 258
Acquisition with PDA Seizurep. 260
Analysis with PDA Seizurep. 263
Acquisition with EnCasep. 268
Windows CE/Mobile Windows Acquisition with PDA Seizurep. 270
Windows CE/Mobile Windows Analysis with PDA Seizurep. 271
E-mail Analysis with Pocket Outlookp. 279
Investigating Terminal Services in Mobile Windowsp. 283
Investigating MSN Messengerp. 284
Passwords and Other Security Features You May Encounterp. 285
Password-Protected Windows Devicesp. 286
Collecting Cell Phone Evidence: Using Cell Seizurep. 286
Acquisition with Cell Seizurep. 287
Analysis with Cell Seizurep. 292
Presenting Your Findings
Case Study: Wrapping Up the Casep. 296
He Said, She Said...p. 296
Documenting the Investigationp. 297
Read Mep. 298
Internal Reportp. 299
Construction of an Internal Reportp. 300
Declarationp. 302
Construction of a Declarationp. 303
Affidavitp. 306
Expert Reportp. 307
Construction of an Expert Reportp. 308
The Justice Systemp. 313
The Criminal Court Systemp. 314
Civil Courtp. 315
Investigationp. 315
Filing of the Lawsuitp. 316
Discoveryp. 316
The Trialp. 318
Expert Statusp. 319
Expert Credentialsp. 319
Nontestifying Expert Consultantp. 319
Testifying Expert Witnessp. 319
Expert for the Courtp. 320
Expert Interaction with the Courtp. 320
Appendixes
Forensic Forms and Checklistsp. 323
Understanding Legal Concernsp. 337
Zubulake v. UBS Warburgp. 338
Case Transcriptionp. 338
Case Summariesp. 348
The Digital Evidence Legal Processp. 349
Federal Rules of Evidence: Overviewp. 350
Federal Rules of Evidence (FRE)p. 350
General Provisionsp. 350
Judicial Noticep. 352
Presumptions in Civil Actions and Proceedingsp. 353
Relevancy and its Limitsp. 353
Privilegesp. 354
Witnessesp. 354
Opinions and Expert Testimonyp. 358
Hearsayp. 360
Authentication and Identificationp. 366
Contents of Writings, Recordings, and Photographsp. 369
Miscellaneous Rulesp. 371
Federal Rules of Civil Procedure: Overviewp. 372
Federal Rules of Civil Procedure (FRCP)p. 373
Scope of Rules-One Form of Actionp. 373
Commencement of Action; Service of Process, Pleadings, Motions, and Ordersp. 373
Depositions and Discoveryp. 376
Trialsp. 392
Judgmentp. 395
Provisional and Final Remediesp. 401
District Courts and Clerksp. 402
General Provisionsp. 403
Searching Techniquesp. 407
Regular Expressionsp. 408
Theory and Historyp. 408
The Building Blocksp. 408
Constructing Regular Expressionsp. 409
The Investigator's Toolkitp. 413
Forensic Toolkitsp. 414
Guidance Softwarep. 414
ASR Datap. 415
Parabenp. 415
Access Datap. 416
The Sleuth Kitp. 417
Glossaryp. 419
Indexp. 423
Table of Contents provided by Ingram. All Rights Reserved.