Introduction
This book was written to help those of you already working in IT to cross over to a career in computer forensics without failing horribly. This book contains the lessons learned from 14 years of experience performing computer forensics and running a private computer forensics lab.
Who Should Read This Book
This book is meant for those already in the IT field who have a working technical knowledge of computers, including how they work and how to repair them. I expect you to know what a hard drive is, how to remove a hard drive, what a serial number is, and the basics of modern operating systems.
What This Book Covers
This book will walk you through the following:
 
image   Investigating a career in computer forensics
image   Getting trained and keeping current in computer forensics
image   Starting a forensic lab
image   Preserving evidence
image   How to approach investigations
image   How to investigate the most common kinds of cases
image   Documenting your findings and presenting them
How to Use This Book
This book is meant to be read from start to finish, as the lessons and knowledge builds with each chapter. To supplement the book and keep it current, I created a web site, www.learndfir.com, where you can access the documents and tools discussed in this book. In addition, I am making video tutorials and example images for each of the investigation chapters for you to download and try at home. This book is meant to be used in conjunction with these online resources so the information won’t get stale.
How Is This Book Organized?
This book is organized into the following parts.
Part I: Getting Started   Part I of the book tells you what you need to know before you try to do any evidence preservation and analysis. Starting with an introduction of what computer forensics is and how to get started, this part continues with how to go about learning computer forensic techniques and how to build your first forensic lab.
Part II: Your First Investigation   Part II covers evidence preservation, forensic procedures, tool testing, and the other fundamental parts of computer forensics that you should understand before you start your first examination.
Part III: Case Examples: How to Work a Case   Part III discusses the five most common forensic investigations encountered by most first-time examiners. It lays out how to work through the investigation and what artifacts to look for, and it provides practical advice in understanding what happened. It also helps you figure out how to determine what kind of investigation you’re facing.
Part IV: Defending Your Work   Part IV ends the book with two chapters covering how to document and present your findings. You’ll learn how to write reports for your employer and what details should be included, with templates showing how to provide those items. The last chapter offers a quick primer of how you, as an examiner, fit into the legal system and important report requirements.
About the Series
I worked with the publisher to develop several special editorial elements for this series, which I hope you’ll find helpful while navigating the book—and furthering your career.
Lingo
The Lingo boxes are designed to help you familiarize yourself with common security terminology so that you’re never held back by an unfamiliar word or expression.
IMHO
When you come across IMHO (In My Humble Opinion), you’ll be reading my frank, personal opinions based on my experiences in the security industry.
Budget Note
The Budget Notes are designed to help increase your ease while discussing security budget needs within your organization. They also provide tips and ideas for initiating successful, informed conversations about budgets.
In Actual Practice
Theory might teach us smart tactics for business, but there are in-the-trenches exceptions to every rule. The In Actual Practice feature highlights how things actually get done in the real world at times—exceptions to the rule—and why.
Your Plan
The Your Plan feature offers strategic ideas that can be helpful to review as you get into planning mode, as you refine a plan outline, and you embark on a final course of action.
Into Action
The Into Action lists are “get-going” tips to support you in taking action on the job. These lists contain steps, tips, and ideas to help you plan, prioritize, and work as effectively as possible.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.146.35.72