My Account Details
ISBN10: 007174245X | ISBN13: 9780071742450
ISBN10: 007174245X
ISBN13: 9780071742450
Step 1 . Download Adobe Digital Editions to your PC or Mac desktop/laptop.
Step 2. Register and authorize your Adobe ID (optional). To access your eBook on multiple devices, first create an Adobe ID at account.adobe.com. Then, open Adobe Digital Editions, go to the Help menu, and select "Authorize Computer" to link your Adobe ID.
Step 3. Open Your eBook. Use Adobe Digital Editions to open the file. If the eBook doesn’t open, contact customer service for assistance.
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Security Smarts for the Self-Guided IT Professional Find out how to excel in the field of computer forensics investigations. Learn what it takes to transition from an IT professional to a computer forensic examiner in the private sector. Written by a Certified Information Systems Security Professional, Computer Forensics: InfoSec Pro Guide is filled with real-world case studies that demonstrate the concepts covered in the book. You’ll learn how to set up a forensics lab, select hardware and software, choose forensic imaging procedures, test your tools, capture evidence from different sources, follow a sound investigative process, safely store evidence, and verify your findings. Best practices for documenting your results, preparing reports, and presenting evidence in court are also covered in this detailed resource. Computer Forensics: InfoSec Pro Guide features: Lingo—Common security terms defined so that you’re in the know on the job IMHO—Frank and relevant opinions based on the author’s years of industry experience Budget Note—Tips for getting security technologies and processes into your organization’s budget In Actual Practice—Exceptions to the rules of security explained in real-world contexts Your Plan—Customizable checklists you can use on the job now Into Action—Tips on how, why, and when to apply new skills and techniques at work
Introduction
PART I: Getting Started
Chapter 1: What Is Computer Forensics?
What You Can Do with Computer Forensics
How People Get Involved in Computer Forensics
Law Enforcement
Military
University Programs
IT or Computer Security Professionals
Incident Response vs. Computer Forensics
How Computer Forensic Tools Work
Types of Computer Forensic Tools
Professional Licensing Requirements
Chapter 2: Learning Computer Forensics
Where and How to Get Training
Law Enforcement Training
Corporate Training
Where and How to Get Certified
Vendor Certifications
Vendor-Neutral Certifications
Staying Current
Conferences
Blogs
Forums
Podcasts
Associations
Chapter 3: Creating a Lab
Choosing Where to Put Your Lab
Access Controls
Electrical Power
Air Conditioning
Privacy
Gathering the Tools of the Trade
Write Blockers
Drive Kits
External Storage
Screwdriver Kits
Antistatic Bags
Adaptors
Forensic Workstation
Choosing Forensic Software
Open Source Software
Commercial Software
Storing Evidence
Securing Your Evidence
Organizing Your Evidence
Disposing of Old Evidence
PART II: Your First Investigation
Chapter 4: How to Approach a Computer Forensics Investigation
The Investigative Process
What Are You Being Asked to Find Out?
Where Would the Data Exist?
What Applications Might Have Been Used in Creating the Data?
Should You Request to Go Beyond the Scope of the Investigation?
Testing Your Hypothesis
Step 1. Define Your Hypothesis
Step 2. Determine a Repeatable Test
Step 3. Create Your Test Environment
Step 4. Document Your Testing
The Forensic Data Landscape
Active Data
Unallocated Space
Slack Space
Mobile Devices
External Storage
What Do You Have the Authority to Access
Who Hosts the Data?
Who Owns the Device?
Expectation of Privacy
Chapter 5: Choosing Your Procedures
Forensic Imaging
Determining Your Comfort Level
Forensic Imaging Method Pros and Cons
Creating Forms and Your Lab Manual
Chain of Custody Forms
Request Forms
Report Forms
Standard Operating Procedures Manual
Chapter 6: Testing Your Tools
When Do You Need to Test
Collecting Data for Public Research or Presentations
Testing a Forensic Method
Testing a Tool
Where to Get Test Evidence
Raw Images
Creating Your Own Test Images
Forensic Challenges
Learn Forensics with David Cowen on YouTube
Honeynet Project
DC3 Challenge
DFRWS Challenge
SANS Forensic Challenges
High School Forensic Challenge
Collections of Tool Testing Images
Digital Forensic Tool Testing Images
NIST Computer Forensics Reference Data Sets Images
The Hacking Case
NIST Computer Forensics Tool Testing
Chapter 7: Live vs. Postmortem Forensics
Live Forensics
When Live Forensics Is the Best Option
Tools for Live Forensics
Postmortem Forensics
Postmortem Memory Analysis
Chapter 8: Capturing Evidence
Creating Forensic Images of Internal Hard Drives
FTK Imager with a Hardware Write Blocker
FTK Imager with a Software Write Blocker
Creating Forensic Images of External Drives
FTK Imager with a USB Write Blocker
FTK Imager with a Software Write Blocker
Software Write Blocking on Linux Systems
Creating Forensic Images of Network Shares
Capturing a Network Share with FTK Imager
Mobile Devices
Servers
Chapter 9: Nontraditional Digital Forensics
Breaking the Rules: Nontraditional Digital Forensic Techniques
Volatile Artifacts
Malware
Encrypted File Systems
Challenges to Accessing Encrypted Data
Mobile Devices: Smart Phones and Tablets
Solid State Drives
Virtual Machines
PART III: Case Examples: How to Work a Case
Chapter 10: Establishing the Investi
PART I: Getting Started
Chapter 1: What Is Computer Forensics?
What You Can Do with Computer Forensics
How People Get Involved in Computer Forensics
Law Enforcement
Military
University Programs
IT or Computer Security Professionals
Incident Response vs. Computer Forensics
How Computer Forensic Tools Work
Types of Computer Forensic Tools
Professional Licensing Requirements
Chapter 2: Learning Computer Forensics
Where and How to Get Training
Law Enforcement Training
Corporate Training
Where and How to Get Certified
Vendor Certifications
Vendor-Neutral Certifications
Staying Current
Conferences
Blogs
Forums
Podcasts
Associations
Chapter 3: Creating a Lab
Choosing Where to Put Your Lab
Access Controls
Electrical Power
Air Conditioning
Privacy
Gathering the Tools of the Trade
Write Blockers
Drive Kits
External Storage
Screwdriver Kits
Antistatic Bags
Adaptors
Forensic Workstation
Choosing Forensic Software
Open Source Software
Commercial Software
Storing Evidence
Securing Your Evidence
Organizing Your Evidence
Disposing of Old Evidence
PART II: Your First Investigation
Chapter 4: How to Approach a Computer Forensics Investigation
The Investigative Process
What Are You Being Asked to Find Out?
Where Would the Data Exist?
What Applications Might Have Been Used in Creating the Data?
Should You Request to Go Beyond the Scope of the Investigation?
Testing Your Hypothesis
Step 1. Define Your Hypothesis
Step 2. Determine a Repeatable Test
Step 3. Create Your Test Environment
Step 4. Document Your Testing
The Forensic Data Landscape
Active Data
Unallocated Space
Slack Space
Mobile Devices
External Storage
What Do You Have the Authority to Access
Who Hosts the Data?
Who Owns the Device?
Expectation of Privacy
Chapter 5: Choosing Your Procedures
Forensic Imaging
Determining Your Comfort Level
Forensic Imaging Method Pros and Cons
Creating Forms and Your Lab Manual
Chain of Custody Forms
Request Forms
Report Forms
Standard Operating Procedures Manual
Chapter 6: Testing Your Tools
When Do You Need to Test
Collecting Data for Public Research or Presentations
Testing a Forensic Method
Testing a Tool
Where to Get Test Evidence
Raw Images
Creating Your Own Test Images
Forensic Challenges
Learn Forensics with David Cowen on YouTube
Honeynet Project
DC3 Challenge
DFRWS Challenge
SANS Forensic Challenges
High School Forensic Challenge
Collections of Tool Testing Images
Digital Forensic Tool Testing Images
NIST Computer Forensics Reference Data Sets Images
The Hacking Case
NIST Computer Forensics Tool Testing
Chapter 7: Live vs. Postmortem Forensics
Live Forensics
When Live Forensics Is the Best Option
Tools for Live Forensics
Postmortem Forensics
Postmortem Memory Analysis
Chapter 8: Capturing Evidence
Creating Forensic Images of Internal Hard Drives
FTK Imager with a Hardware Write Blocker
FTK Imager with a Software Write Blocker
Creating Forensic Images of External Drives
FTK Imager with a USB Write Blocker
FTK Imager with a Software Write Blocker
Software Write Blocking on Linux Systems
Creating Forensic Images of Network Shares
Capturing a Network Share with FTK Imager
Mobile Devices
Servers
Chapter 9: Nontraditional Digital Forensics
Breaking the Rules: Nontraditional Digital Forensic Techniques
Volatile Artifacts
Malware
Encrypted File Systems
Challenges to Accessing Encrypted Data
Mobile Devices: Smart Phones and Tablets
Solid State Drives
Virtual Machines
PART III: Case Examples: How to Work a Case
Chapter 10: Establishing the Investi
Need support? We're here to help - Get real-world support and resources every step of the way.
Top