Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

Defning Computer Forensics
Computer Crime in Real Life
Corporate versus Law Enforcement Concerns
Corporate Concerns: Detection and Prevention
Law Enforcement Concerns: Prosecution
Forensic Practitioners
End Users
What Are Your Organization’s Needs?
Terms to Know
Review Questions
Know Your Hardware
What I/O Devices Are Used?
Check for Unauthorized Hardware
Keep Up with I/O Trends
Know Your Operating System
Commonly Encountered Operating Systems
Know Your Local File Systems
Know Your Limits
Legal Organizational Rights and Limits
Search and Seizure Guidelines
Will This End Up in Court?
Develop Your Incident Response Team
Organize the Team
State Clear Processes
Coordinate with Local Law Enforcement
What Is Computer Evidence?
Incidents and Computer Evidence
Types of Evidence
Search and Seizure
Voluntary Surrender
voluntary surrender
Admissibility of Evidence in a Court of Law
Relevance and Admissibility
Techniques to Ensure Admissibility
Leave No Trace
Read-Only Image
Software Write Blocker
software write blocker
Hardware Write Blocker
hardware write blocker
Evidence Identifcation
Physical Hardware
Removable Storage
Evidence Preservation
Pull the Plug or Shut It Down?
Supply Power As Needed
Provide Evidence of Initial State
Evidence Analysis
Knowing Where to Look
Wading through a Sea of Data
Sampling Data
Evidence Presentation
Know Your Audience
Organization of Presentation
The Imaging Process
Evidence Collection Order
Evidence Collection Methods to Avoid
Preparing Media and Tools
Collecting the Volatile Data
Creating a Duplicate Hard Disk
Extracting Data from Personal Portable Devices
Image and Tool Documentation
Partial Volume Images
Working with Virtual Machines
Imaging/Capture Tools
Commercial Software
PDA, Mobile Phone, and Portable Device Tools
What Are You Looking For?
Discovering Evidence Using Connectors
Network Activity Files
Activity Log Files
E-mail Headers
e-mail header
Deleted Files
Attempts at Password Cracking
How People Think
Picking the Low-Hanging Fruit
Hidden Evidence
HTML Documents
Hidden Disk Partitions
Covert Channels and Other Hiding Places
Trace Evidence
trace evidence
1. Find passwords
Finding Passwords
Deducing Passwords
Cracking Passwords
password cracking
Encryption Basics
Common Encryption Practices
Private, or Symmetric, Key Algorithms
Public, or Asymmetric, Key Algorithms
Decrypting Files
Disk Imaging and Validation Tools
Forensic Replicator
FTK Imager
Norton Ghost
SMART Acquisition Workshop (SAW)
Software Suites
Miscellaneous Software Tools
Your Forensic Toolkit
Each Organization Is Different
Most Examiners Use Overlapping Tools
Creating Easy-to-Use Reports
Document Everything, Assume Nothing
Interviews and Diagrams
Videotapes and Photographs
Transporting the Evidence
Documenting Gathered Evidence
Additional Documentation
Formulating the Report
Sample Analysis Reports
Sample Report for Copyright Piracy Case
Additional Report Subsections
Using Software to Generate Reports
Preparation Is Everything
Understand the Case
Understand the Strategy
Understand Your Job
Appearance Matters
What Matters Is What They Hear
Words Matter
Know Your Forensic Process and Tools
Best Practices
Your Process and Documentation
Say Only What You Must
Be Complete, But Not Overly Elaborate
Remember Your Audience
Keep It Simple
Explaining Technical Concepts
Use Presentation Aids When Needed
Watch for Feedback
Be Ready to Justify Every Step
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
AccessData Certifed Examiner (ACE)
Advanced Information Security (AIS)
Certifed Computer Examiner (CCE)
Certifed Hacking Forensic Investigator (CHFI)
Certifed Forensic Computer Examiner (CFCE)
Certifed Information Systems Auditor (CISA)
Certifed ProDiscover Examiner (CPE)
EnCase Certifed Examiner Program
GIAC Certifed Forensic Analyst (GCFA)
GIAC Certifed Forensics Examiner (GCFE)
Professional Certifed Investigator (PCI)
ASCLD/LAB Accreditation
Forensic Tool Suites
Password-Cracking Utilities
CD Analysis Utilities
Metadata Viewer Utility
Miscellaneous Utilities
WetStone Technologies, Inc
XRY Complete
Forensic Hardware Devices
Computer Forensic Training
0 of .
Results for:
No results containing your search query
P. 1
Computer Forensics

Computer Forensics

Ratings: (0)|Views: 891|Likes:
Published by verai1131
This book covers the basic elements, concepts, tools, and common activities to
equip you with a solid understanding of the field of computer forensics
This book covers the basic elements, concepts, tools, and common activities to
equip you with a solid understanding of the field of computer forensics

More info:

Published by: verai1131 on Jan 25, 2013
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Pages 7 to 85 are not shown in this preview.
You're Reading a Free Preview
Pages 92 to 187 are not shown in this preview.
You're Reading a Free Preview
Pages 194 to 254 are not shown in this preview.
You're Reading a Free Preview
Pages 261 to 331 are not shown in this preview.
You're Reading a Free Preview
Page 338 is not shown in this preview.

Activity (43)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
sankumi liked this
smidgeon liked this
sbikmm liked this
sbikmm liked this
jkl316 liked this
zahrul azha liked this
Joseph Andy liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->