Handbook of Digital Forensics and Investigation (Google eBook)
This completely revised reference work will concentrate on providing specific practical information in a well organized format. Each chapter will have a consistent structure, covering similar aspects of different systems when appropriate. In order to provide readers with the knowledge they will need, and to create a thorough understanding of how to utilize the widest range of digital evidence in vastly varying situations, this work is divided into two parts: Investigative Methodology and Forensic Analysis.
The Investigative Methodology section will provide guidance in how to conduct three distinct types of digital investigations: forensic analysis, e-discovery, intrusion investigation. This section will end with an objective discussion of the tools, describing tool evaluation and noting the limitations of forensic software.
The Forensic Analysis section will provide in-depth technical descriptions of digital evidence analysis in commonly encountered situations, starting with computers, moving on to networks, and culminating with embedded systems. This section will demonstrate how forensic science is applied in different technological contexts, providing investigators with technical information and guidance they can use at the crime scene. These technical chapters will focus on the recovery and analysis of digital evidence.
*Demonstrates how computer system usage leaves traces that are useful in investigations, how to locate digital evidence, how that evidence is created and what it means
*Furnishes forensic examiners with a range of tools to verify results
*Case examples in every chapter convey complex concepts, giving readers a sense of the technical, legal, and practical challenges that arise in real investigations
What people are saying - Write a review
Handbook of Computer Crime Investigation: Forensic Tools and Technology
Limited preview - 2001
Other editions - View all
activities application artifacts authentication backup bytes chapter client computer forensics configuration connected contain copy created custodian d/drwx database date-time stamps default deleted files deleted-realloc digital evidence digital forensic digital investigators disk documents e-discovery e-mail electronic discovery embedded systems encrypted entries event logs example extract file system fileís flash memory folder forensic analysis forensic examiners forensic tools format hard drive hash identify inode interception interface Internet intrusion investigation investigation scenario IP address keyword Linux log files Mac OS X malware memory messages metadata Microsoft mobile device mobile phone NetFlow network traffic NTFS operating system packet password praCtItIonerís tIp preservation protocol record registry router server shown in Figure Skype specific Splunk SQLite storage stored target tcpdump timestamps tion Unix updated user account userís Vista Windows Windows Vista Wireshark wtmp