Contents
PART I Introduction to Forensics
CHAPTER 1 Introduction to Forensics
Understanding the Field of Digital Forensics
Scope-Related Challenges to System Forensics
Types of Digital System Forensics Analysis
Knowledge Needed for Computer Forensics Analysis
Obscured Information and Anti-Forensics
U.S. Laws Affecting Digital Forensics
The Federal Privacy Act of 1974
The Privacy Protection Act of 1980
The Communications Assistance for Law Enforcement Act of 1994
The Electronic Communications Privacy Act of 1986
The Computer Security Act of 1987
The Foreign Intelligence Surveillance Act of 1978
The Child Protection and Sexual Predator Punishment Act of 1998
The Children’s Online Privacy Protection Act of 1998
The Communications Decency Act of 1996
The Telecommunications Act of 1996
The Wireless Communications and Public Safety Act of 1999
The Sarbanes-Oxley Act of 2002
18 U.S.C. § 1030: Fraud and Related Activity in Connection with Computers
18 U.S.C. § 1020: Fraud and Related Activity in Connection with Access Devices
The Digital Millennium Copyright Act (DMCA) of 1998
18 U.S.C. § 1028A: Identity Theft and Aggravated Identity Theft
18 U.S.C. § 2251: Sexual Exploitation of Children
The Regional Computer Forensics Laboratory Program
CHAPTER 2 Overview of Computer Crime
How Computer Crime Affects Forensics
How Does This Crime Affect Forensics?
How Does This Crime Affect Forensics?
CHAPTER 3 Forensic Methods and Labs
Handle Original Data as Little as Possible
Comply with the Rules of Evidence
Avoid Exceeding Your Knowledge
Technical Information Collection Considerations
Department of Defense Forensic Standards
The Digital Forensic Research Workshop Framework
The Scientific Working Group on Digital Evidence Framework
An Event-Based Digital Forensics Investigation Framework
Documentation of Methodologies and Findings
American Society of Crime Laboratory Directors
Common Forensic Software Programs
CopyQM Plus Disk Duplication Software
EnCase Certified Examiner Certification
Certified Cyber Forensics Professional
EC Council Computer Hacking Forensic Investigator
High Tech Crime Network Certifications
Global Information Assurance Certification Certifications
PART II Technical Overview: System
Forensics Tools, Techniques, and Methods
CHAPTER 4 Collecting, Seizing, and Protecting Evidence
Transporting the Computer System to a Secure Location
Documenting the Hardware Configuration of the System
Mathematically Authenticating Data on All Storage Devices
Documenting Filenames, Dates, and Times
Identifying File, Program, and Storage Anomalies
Digital Linear Tape and Super DLT
Imaging with the Forensic Toolkit
CHAPTER 5 Understanding Techniques for Hiding and Scrambling Information
Forensically Scrubbing a File or Folder
Recovering Information from Damaged Media
Physical Damage Recovery Techniques
Recovering Data After Logical Damage
Getting Headers from Yahoo! Email
The Fourth Amendment to the U.S. Constitution
The Electronic Communications Privacy Act
The Communication Assistance to Law Enforcement Act
The Foreign Intelligence Surveillance Act
Tracking Word Documents in the Registry
K Desktop Environment (KDE)/Plasma
CHAPTER 10 Macintosh Forensics
The /Users/<user>/.bash_history Log
The /Users/<user>/Library/Preferences/ Folder
The /Library/Preferences/SystemConfiguration/dom.apple.preferences.plist File
What Evidence You Can Get from a Cell Phone
Seizing Evidence from a Mobile Device
CHAPTER 12 Performing Network Analysis
Network Traffic Analysis Tools
Getting Evidence from the Router
PART III Incident Response and Resources
CHAPTER 13 Incident and Intrusion Response
Adding Forensics to Incident Response
CHAPTER 14 Trends and Future Directions
What Impact Does This Have on Forensics?
What Impact Does Cloud Computing Have on Forensics?
CHAPTER 15 System Forensics Resources
ASR Data Acquisition & Analysis
International Association of Computer Investigative Specialists
EnCase Certified Examiner Certification
Certified Hacking Forensic Investigator
Certified Cyber Forensics Professional
American Academy of Forensic Sciences
The Electronic Communications Privacy Act of 1986
The Communications Assistance to Law Enforcement Act of 1996
The Health Insurance Portability and Accountability Act of 1996