Amazon cover image
Image from Amazon.com

Guide to computer forensics and investigations / Bill Nelson, Amelia Phillips, Christopher Steuart.

By: Contributor(s): Material type: TextTextPublication details: Boston, MA : Course Technology Cengage Learning c2010.Edition: 4th edDescription: xxv, 682 p. : ill. ; 24 cm. + 1 DVD-ROM (4 3/4 in.)ISBN:
  • 9781435498839 (pbk.)
  • 1435498836 (pbk.)
Other title:
  • Computer forensics and investigations
Subject(s): LOC classification:
  • HV8079.C65  G85 2008
Partial contents:
Preface -- Introduction -- 1. Computer forensics and investigations as a profession -- Understanding computer forensics -- Preparing for computer investigations -- Maintaining professional conduct -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 2. Understanding computing investigations -- Preparing a computer investigation -- Taking a systematic approach -- Procedures for corporate high-tech investigations -- Understanding data recovery workstations and software -- Conducting an investigation -- Completing the case -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 3. The investigator's office and laboratory -- Understanding forensics lab certification requirements -- Determining the physical requirements for a computer forensics lab -- Selecting a basic forensic workstation -- Building a business case for developing a forensics lab -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 4. Data acquisition -- Understanding storage formats for digital evidence -- Determining the best acquisition method -- Contingency planning for image acquisitions -- Using acquisition tools -- Validating data acquisitions -- Performing RAID data acquisitions -- Using remote network acquisition tools -- Using other forensics acquisition tools -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects --
5. Processing crime and incident scenes -- Identifying digital evidence -- Collecting evidence in private-sector incident scenes -- Processing law enforcement crime scenes -- Preparing for a search -- Securing a computer incident or crime scene -- Seizing digital evidence at the scene -- Storing digital evidence -- Obtaining a digital hash -- Reviewing a case -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 6. Working with Windows and DOS systems -- Understanding file systems -- Exploring Microsoft file structures -- Examining NTFS disks -- Understanding whole disk encryption -- Understanding the Windows registry -- Understanding Microsoft startup tasks -- Understanding MS-DOS startup tasks -- Understanding virtual machines -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 7. Current computer forensics tools -- Evaluating computer forensics tool needs -- Computer forensics software tools -- Computer forensics hardware tools -- Validating and testing forensics software -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 8. Macintosh and Linux boot processes and file systems -- Understanding the Macintosh file structure and boot process -- Examining UNIX and Linux disk structures and boot processes -- Understanding other disk structures -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects --
9. Computer forensics analysis and validation -- Determining what data to collect and analyze -- Validating forensic data -- Addressing data-hiding techniques -- Performing remote acquisitions -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 10. Recovering graphics files -- Recognizing a graphics file -- Understanding data compression -- Locating and recovering graphics files -- Identifying unknown file formats -- Understanding copyright issues with graphics -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 11. Virtual machines, network forensics, and live acquisitions -- Virtual machines overview -- Network forensics overview -- Performing live acquisitions -- Developing standard procedures for network forensics -- Using network tools -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 12. E-mail investigations -- Exploring the role of e-mail in investigations -- Exploring the roles of the client and server in e-mail -- Investigating e-mail crimes and violations -- Understanding e-mail servers -- Using specialized e-mail forensics tools -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 13. Cell phone and mobile device forensics -- Understanding mobile device forensics -- Understanding acquisition procedures for cell phones and mobile devices -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects --
14. Report writing for high-tech investigations -- Understanding the importance of reports -- Guidelines for writing reports -- Generating report findings with forensics software tools -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 15. Expert testimony in high-tech investigations -- Preparing for testimony -- Testifying in court -- Preparing for a deposition or hearing -- Preparing forensics evidence for testimony -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 16. Ethics for the expert witness -- Applying ethics and codes to expert witnesses -- Organizations with codes of ethics -- Ethical difficulties in expert testimony -- An ethics exercise -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- Appendix A. Certification test references -- NIST computer forensics tool testing -- Types of computer forensics certifications -- Appendix B. Computer forensics references -- Appendix C. Computer forensics lab considerations -- International lab certification -- Considering office ergonomics -- Considering environmental conditions -- Considering structural design factors -- Planning for communications -- Installing fire-suppression systems -- Appendix D. DOS file system and forensics tools -- Overview of FAT directory structures -- Sample DOS scripts -- Creating forensic boot media -- Using MS-DOS acquisition tools -- Quick references for DriveSpy -- Using X-Ways replica -- Glossary -- Index.
List(s) this item appears in: Graphic Design | Graphic Design (Desing)
Tags from this library: No tags from this library for this title. Log in to add tags.
Star ratings
    Average rating: 0.0 (0 votes)
Holdings
Item type Current library Call number Copy number Status Date due Barcode
book MAIN HV8079.C65 G85 2008 (Browse shelf(Opens below)) 1 Available 10032101
book MAIN HV8079.C65 G85 2008 (Browse shelf(Opens below)) 2 Available 10032091
book MAIN HV8079.C65 G85 2008 (Browse shelf(Opens below)) 3 Available 10032111

Accompanying DVD-ROM contains tutorials, project files and software tools.

Includes bibliographical references (p. 607-611) and index.

Preface -- Introduction -- 1. Computer forensics and investigations as a profession -- Understanding computer forensics -- Preparing for computer investigations -- Maintaining professional conduct -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 2. Understanding computing investigations -- Preparing a computer investigation -- Taking a systematic approach -- Procedures for corporate high-tech investigations -- Understanding data recovery workstations and software -- Conducting an investigation -- Completing the case -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 3. The investigator's office and laboratory -- Understanding forensics lab certification requirements -- Determining the physical requirements for a computer forensics lab -- Selecting a basic forensic workstation -- Building a business case for developing a forensics lab -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 4. Data acquisition -- Understanding storage formats for digital evidence -- Determining the best acquisition method -- Contingency planning for image acquisitions -- Using acquisition tools -- Validating data acquisitions -- Performing RAID data acquisitions -- Using remote network acquisition tools -- Using other forensics acquisition tools -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects --

5. Processing crime and incident scenes -- Identifying digital evidence -- Collecting evidence in private-sector incident scenes -- Processing law enforcement crime scenes -- Preparing for a search -- Securing a computer incident or crime scene -- Seizing digital evidence at the scene -- Storing digital evidence -- Obtaining a digital hash -- Reviewing a case -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 6. Working with Windows and DOS systems -- Understanding file systems -- Exploring Microsoft file structures -- Examining NTFS disks -- Understanding whole disk encryption -- Understanding the Windows registry -- Understanding Microsoft startup tasks -- Understanding MS-DOS startup tasks -- Understanding virtual machines -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 7. Current computer forensics tools -- Evaluating computer forensics tool needs -- Computer forensics software tools -- Computer forensics hardware tools -- Validating and testing forensics software -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 8. Macintosh and Linux boot processes and file systems -- Understanding the Macintosh file structure and boot process -- Examining UNIX and Linux disk structures and boot processes -- Understanding other disk structures -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects --

9. Computer forensics analysis and validation -- Determining what data to collect and analyze -- Validating forensic data -- Addressing data-hiding techniques -- Performing remote acquisitions -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 10. Recovering graphics files -- Recognizing a graphics file -- Understanding data compression -- Locating and recovering graphics files -- Identifying unknown file formats -- Understanding copyright issues with graphics -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 11. Virtual machines, network forensics, and live acquisitions -- Virtual machines overview -- Network forensics overview -- Performing live acquisitions -- Developing standard procedures for network forensics -- Using network tools -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 12. E-mail investigations -- Exploring the role of e-mail in investigations -- Exploring the roles of the client and server in e-mail -- Investigating e-mail crimes and violations -- Understanding e-mail servers -- Using specialized e-mail forensics tools -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 13. Cell phone and mobile device forensics -- Understanding mobile device forensics -- Understanding acquisition procedures for cell phones and mobile devices -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects --

14. Report writing for high-tech investigations -- Understanding the importance of reports -- Guidelines for writing reports -- Generating report findings with forensics software tools -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 15. Expert testimony in high-tech investigations -- Preparing for testimony -- Testifying in court -- Preparing for a deposition or hearing -- Preparing forensics evidence for testimony -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- 16. Ethics for the expert witness -- Applying ethics and codes to expert witnesses -- Organizations with codes of ethics -- Ethical difficulties in expert testimony -- An ethics exercise -- Chapter summary -- Key terms -- Review questions -- Hands-on projects -- Case projects -- Appendix A. Certification test references -- NIST computer forensics tool testing -- Types of computer forensics certifications -- Appendix B. Computer forensics references -- Appendix C. Computer forensics lab considerations -- International lab certification -- Considering office ergonomics -- Considering environmental conditions -- Considering structural design factors -- Planning for communications -- Installing fire-suppression systems -- Appendix D. DOS file system and forensics tools -- Overview of FAT directory structures -- Sample DOS scripts -- Creating forensic boot media -- Using MS-DOS acquisition tools -- Quick references for DriveSpy -- Using X-Ways replica -- Glossary -- Index.

System requirements for accompanying DVD-ROM: PC running Windows ; or Macintosh running MAC OS ; Microsoft Word ; Excel ; Video player ; Zip ; DVD-ROM drive.

There are no comments on this title.

to post a comment.

Copyright 2024 © American University in the Emirates. All Rights Reserved.