Home Page Icon
Home Page
Table of Contents for
CHAPTER SUMMARY
Close
CHAPTER SUMMARY
by Chuck Easttom
System Forensics, Investigation, and Response, 3rd Edition
Cover Page
Title Page
Copyright Page
Content
Preface
About the Author
PART I Introduction to Forensics
CHAPTER 1 Introduction to Forensics
What Is Computer Forensics?
Using Scientific Knowledge
Collecting
Analyzing
Presenting
Understanding the Field of Digital Forensics
What Is Digital Evidence?
Scope-Related Challenges to System Forensics
Types of Digital System Forensics Analysis
General Guidelines
Knowledge Needed for Computer Forensics Analysis
Hardware
Software
Networks
Addresses
Obscured Information and Anti-Forensics
The Daubert Standard
U.S. Laws Affecting Digital Forensics
The Federal Privacy Act of 1974
The Privacy Protection Act of 1980
The Communications Assistance for Law Enforcement Act of 1994
The Electronic Communications Privacy Act of 1986
The Computer Security Act of 1987
The Foreign Intelligence Surveillance Act of 1978
The Child Protection and Sexual Predator Punishment Act of 1998
The Children’s Online Privacy Protection Act of 1998
The Communications Decency Act of 1996
The Telecommunications Act of 1996
The Wireless Communications and Public Safety Act of 1999
The USA Patriot Act of 2001
The Sarbanes-Oxley Act of 2002
18 U.S.C. § 1030: Fraud and Related Activity in Connection with Computers
18 U.S.C. § 1020: Fraud and Related Activity in Connection with Access Devices
The Digital Millennium Copyright Act (DMCA) of 1998
18 U.S.C. § 1028A: Identity Theft and Aggravated Identity Theft
18 U.S.C. § 2251: Sexual Exploitation of Children
Warrants
Federal Guidelines
The FBI
The Secret Service
The Regional Computer Forensics Laboratory Program
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 1 ASSESSMENT
CHAPTER 2 Overview of Computer Crime
How Computer Crime Affects Forensics
Identity Theft
Phishing
Spyware
Discarded Information
How Does This Crime Affect Forensics?
Hacking
SQL Injection
Cross-Site Scripting
Ophcrack
Tricking Tech Support
Hacking in General
Cyberstalking and Harassment
Real Cyberstalking Cases
Fraud
Investment Offers
Data Piracy
Non-Access Computer Crimes
Denial of Service
Viruses
Logic Bombs
Cyberterrorism
How Does This Crime Affect Forensics?
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 2 ASSESSMENT
CHAPTER 3 Forensic Methods and Labs
Forensic Methodologies
Handle Original Data as Little as Possible
Comply with the Rules of Evidence
Avoid Exceeding Your Knowledge
Create an Analysis Plan
Technical Information Collection Considerations
Formal Forensic Approaches
Department of Defense Forensic Standards
The Digital Forensic Research Workshop Framework
The Scientific Working Group on Digital Evidence Framework
An Event-Based Digital Forensics Investigation Framework
Documentation of Methodologies and Findings
Disk Structure
File Slack Searching
Evidence-Handling Tasks
Evidence-Gathering Measures
Expert Reports
How to Set Up a Forensic Lab
Equipment
Security
American Society of Crime Laboratory Directors
Common Forensic Software Programs
EnCase
Forensic Toolkit
OSForensics
Helix
Kali Linux
AnaDisk Disk Analysis Tool
CopyQM Plus Disk Duplication Software
The Sleuth Kit
Disk Investigator
Forensic Certifications
EnCase Certified Examiner Certification
AccessData Certified Examiner
OSForensics
Certified Cyber Forensics Professional
EC Council Computer Hacking Forensic Investigator
High Tech Crime Network Certifications
Global Information Assurance Certification Certifications
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 3 ASSESSMENT
PART II Technical Overview: SystemForensics Tools, Techniques, and Methods
CHAPTER 4 Collecting, Seizing, and Protecting Evidence
Proper Procedure
Shutting Down the Computer
Transporting the Computer System to a Secure Location
Preparing the System
Documenting the Hardware Configuration of the System
Mathematically Authenticating Data on All Storage Devices
Handling Evidence
Collecting Data
Documenting Filenames, Dates, and Times
Identifying File, Program, and Storage Anomalies
Evidence-Gathering Measures
Storage Formats
Magnetic Media
Solid-State Drives
Digital Audio Tape Drives
Digital Linear Tape and Super DLT
Optical Media
Using USB Drives
File Formats
Forensic Imaging
Imaging with EnCase
Imaging with the Forensic Toolkit
Imaging with OSForensics
RAID Acquisitions
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 4 ASSESSMENT
CHAPTER LAB
CHAPTER 5 Understanding Techniques for Hiding and Scrambling Information
Steganography
Historical Steganography
Steganophony
Video Steganography
More Advanced Steganography
Steganalysis
Invisible Secrets
MP3Stego
Additional Resources
Encryption
The History of Encryption
Modern Cryptography
Breaking Encryption
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 5 ASSESSMENT
CHAPTER 6 Recovering Data
Undeleting Data
File Systems and Hard Drives
Windows
Forensically Scrubbing a File or Folder
Linux
Macintosh
Recovering Information from Damaged Media
Physical Damage Recovery Techniques
Recovering Data After Logical Damage
File Carving
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 6 ASSESSMENT
CHAPTER 7 Email Forensics
How Email Works
Email Protocols
Faking Email
Email Headers
Getting Headers in Outlook
Getting Headers from Yahoo! Email
Getting Headers from Gmail
Other Email Clients
Email Files
Paraben’s Email Examiner
ReadPST
Tracing Email
Email Server Forensics
Email and the Law
The Fourth Amendment to the U.S. Constitution
The Electronic Communications Privacy Act
The CAN-SPAM Act
18 U.S.C. 2252B
The Communication Assistance to Law Enforcement Act
The Foreign Intelligence Surveillance Act
The USA Patriot Act
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 7 ASSESSMENT
CHAPTER 8 Windows Forensics
Windows Details
Windows History
64-Bit
The Boot Process
Important Files
Volatile Data
Tools
Windows Swap File
Windows Logs
Windows Directories
UserAssist
Unallocated/Slack Space
Alternate Data Streams
Index.dat
Windows Files and Permissions
MAC
The Registry
USB Information
Wireless Networks
Tracking Word Documents in the Registry
Malware in the Registry
Uninstalled Software
Passwords
ShellBag
Prefetch
Volume Shadow Copy
Memory Forensics
Volatility
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 8 ASSESSMENT
CHAPTER 9 Linux Forensics
Linux and Forensics
Linux Basics
Linux History
Linux Shells
Graphical User Interface
K Desktop Environment (KDE)/Plasma
Linux Boot Process
Logical Volume Manager
Linux Distributions
Linux File Systems
Ext
The Reiser File System
The Berkeley Fast File System
Linux Logs
The /var/log/faillog Log
The /var/log/kern.log Log
The /var/log/lpr.log Log
The /var/log/mail.* Log
The /var/log/mysql.* Log
The /var/log/apache2/* Log
The /var/log/lighttpd/* Log
The /var/log/apport.log Log
Other Logs
Viewing Logs
Linux Directories
The /root Directory
The /bin Directory
The /sbin Directory
The /etc Folder
The /etc/inittab File
The /dev Directory
The /mnt Directory
The /boot Directory
The /usr Directory
The /var Directory
The /var/spool Directory
The /proc Directory
Shell Commands for Forensics
The dmesg Command
The fsck Command
The grep Command
The history Command
The mount Command
The ps Command
The pstree Command
The pgrep Command
The top Command
The kill Command
The file Command
The su Command
The who Command
The finger Command
The dd Command
The ls Command
Can You Undelete in Linux?
Manual Method
Kali Linux Forensics
Forensics Tools for Linux
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 9 ASSESSMENT
CHAPTER 10 Macintosh Forensics
Mac Basics
Mac History
Mac File Systems
Partition Types
Macintosh Logs
The /var/log Log
The /var/spool/cups Folder
The /Library/Receipts Folder
The /Users/<user>/.bash_history Log
The /var/vm Folder
The /Users/ Directory
The /Users/<user>/Library/Preferences/ Folder
Directories
The /Volumes Directory
The /Users Directory
The /Applications Directory
The /Network Directory
The /etc Directory
The /Library/Preferences/SystemConfiguration/dom.apple.preferences.plist File
Macintosh Forensic Techniques
Target Disk Mode
Searching Virtual Memory
Shell Commands
How to Examine a Mac
Can You Undelete in Mac?
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 10 ASSESSMENT
CHAPTER 11 Mobile Forensics
Cellular Device Concepts
Terms
Operating Systems
The BlackBerry
What Evidence You Can Get from a Cell Phone
Types of Investigations
Phone states
Seizing Evidence from a Mobile Device
The iPhone
BlackBerry
JTAG
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 11 ASSESSMENT
CHAPTER 12 Performing Network Analysis
Network Packet Analysis
Network Packets
Network Attacks
Network Traffic Analysis Tools
Network Traffic Analysis
Using Log Files as Evidence
Wireless
Router Forensics
Router Basics
Types of Router Attacks
Getting Evidence from the Router
Firewall Forensics
Firewall Basics
Collecting Data
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 12 ASSESSMENT
PART III Incident Response and Resources
CHAPTER 13 Incident and Intrusion Response
Disaster Recovery
Incident Response Plan
Incident Response
Preserving Evidence
Adding Forensics to Incident Response
Forensic Resources
Forensics and Policy
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 13 ASSESSMENT
CHAPTER 14 Trends and Future Directions
Technical Trends
What Impact Does This Have on Forensics?
Software as a Service
The Cloud
What Impact Does Cloud Computing Have on Forensics?
Legal and Procedural Trends
Changes in the Law
The USA Patriot Act
Private Labs
International Issues
Techniques
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 14 ASSESSMENT
CHAPTER 15 System Forensics Resources
Tools to Use
ASR Data Acquisition & Analysis
AccessData Forensic Toolkit
OSForensics
ComputerCOP
Digital Detective
Digital Intelligence
Disk Investigator
EnCase
X-Ways Software Technology AG
Other Tools
Resources
International Association of Computer Investigative Specialists
EnCase Certified Examiner Certification
AccessData Certified Examiner
Certified Hacking Forensic Investigator
Certified Cyber Forensics Professional
SANS Institute
American Academy of Forensic Sciences
Websites
Journals
Conferences
Laws
The USA Patriot Act
The Electronic Communications Privacy Act of 1986
The Communications Assistance to Law Enforcement Act of 1996
The Health Insurance Portability and Accountability Act of 1996
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 15 ASSESSMENT
APPENDIX A Answer Key
APPENDIX B Standard Acronyms
Glossary of Key Terms
References
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Can You Undelete in Mac?
Next
Next Chapter
KEY CONCEPTS AND TERMS
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset