Home Page Icon
Home Page
Table of Contents for
cover
Close
cover
by William Oettinger
Learn Computer Forensics
Learn Computer Forensics
Why subscribe?
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Section 1: Acquiring Evidence
Chapter 1: Types of Computer-Based Investigations
Differences in computer-based investigations
Criminal investigations
First responders
Corporate investigations
Employee misconduct
Corporate espionage
Insider threat
Summary
Questions
Further reading
Chapter 2: The Forensic Analysis Process
Pre-investigation considerations
The forensic workstation
The response kit
Forensic software
Forensic investigator training
Understanding case information and legal issues
Understanding data acquisition
Chain of custody
Understanding the analysis process
Dates and time zones
Hash analysis
File signature analysis
Antivirus
Reporting your findings
Details to include in your report
Document facts and circumstances
The report conclusion
Summary
Questions
Further reading
Chapter 3: Acquisition of Evidence
Exploring evidence
Understanding the forensic examination environment
Tool validation
Creating sterile media
Understanding write blocking
Defining forensic imaging
DD image
EnCase evidence file
SSD device
Imaging tools
Summary
Questions
Further reading
Chapter 4: Computer Systems
Understanding the boot process
Forensic boot media
Hard drives
MBR (Master Boot Record) partitions
GPT partitions
Host Protected Area (HPA) and Device Configuration Overlays (DCO)
Understanding filesystems
The FAT filesystem
Data area
Long filenames
Recovering deleted files
Slack space
Understanding the NTFS filesystem
Summary
Questions
Further reading
Section 2: Investigation
Chapter 5: Computer Investigation Process
Timeline analysis
X-Ways
Media analysis
String search
Recovering deleted data
Summary
Questions
Further reading
Chapter 6: Windows Artifact Analysis
Understanding user profiles
Understanding Windows Registry
Determining account usage
Last login/last password change
Determining file knowledge
Exploring the thumbcache
Exploring Microsoft browsers
Determining most recently used/recently used
Looking into the Recycle Bin
Understanding shortcut (LNK) files
Deciphering JumpLists
Opening shellbags
Understanding prefetch
Identifying physical locations
Determining time zones
Exploring network history
Understanding the WLAN event log
Exploring program execution
Determining UserAssist
Exploring Shimcache
Understanding USB/attached devices
Summary
Questions
Further reading
Chapter 7: RAM Memory Forensic Analysis
Fundamentals of memory
Random access memory?
Identifying sources of memory
Capturing RAM
Preparing the capturing device
Exploring RAM capture tools
Exploring RAM analyzing tools
Using Bulk Extractor
Summary
Questions
Further reading
Chapter 8: Email Forensics – Investigation Techniques
Understanding email protocols
Understanding SMTP – Simple Mail Transfer Protocol
Understanding the Post Office Protocol
IMAP – Internet Message Access Protocol
Understanding web-based email
Decoding email
Understanding the email message format
Email attachments
Understanding client-based email analysis
Exploring Microsoft Outlook/Outlook Express
Exploring Microsoft Windows Live Mail
Mozilla Thunderbird
Understanding WebMail analysis
Summary
Questions
Further reading
Chapter 9: Internet Artifacts
Understanding browsers
Exploring Google Chrome
Exploring Internet Explorer/Microsoft Edge
Exploring Firefox
Social media
Facebook
Twitter
Service provider
Peer-to-Peer file sharing
Ares
eMule
Shareaza
Cloud computing
Summary
Questions
Further reading
Section 3: Reporting
Chapter 10: Report Writing
Effective note taking
Writing the report
Evidence analyzed
Acquisition details
Analysis details
Exhibits/technical details
Summary
Questions
Further reading
Chapter 11: Expert Witness Ethics
Understanding the types of proceedings
Beginning the preparation phase
Understanding the curriculum vitae
Understanding testimony and evidence
Understanding the importance of ethical behavior
Summary
Questions
Further reading
Assessments
Chapter 01
Chapter 02
Chapter 03
Chapter 04
Chapter 05
Chapter 06
Chapter 07
Chapter 08
Chapter 09
Chapter 10
Chapter 11
Other Books You May Enjoy
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Learn Computer Forensics
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset