| Description |
1 online resource. |
|
text file |
| Series |
InfoSec Pro guide
|
| Summary |
Security Smarts for the Self-Guided IT Professional Find out how to excel in the field of computer forensics investigations. Learn what it takes to transition from an IT professional to a computer forensic examiner in the private sector. Written by a Certified Information Systems Security Professional, Computer Forensics: InfoSec Pro Guide is filled with real-world case studies that demonstrate the concepts covered in the book. You'll learn how to set up a forensics lab, select hardware and software, choose forensic imaging procedures, test your tools, capture evidence from different sources, |
| Bibliography |
Includes bibliographical references. |
| Contents |
Cover -- About the Author -- Title Page -- Copyright Page -- Contents at a Glance -- Contents -- Acknowledgments -- Introduction -- Who Should Read This Book -- What This Book Covers -- How to Use This Book -- How Is This Book Organized? -- About the Series -- Lingo -- IMHO -- Budget Note -- In Actual Practice -- Your Plan -- Into Action -- Part I: Getting Started -- Chapter 1: What Is Computer Forensics? -- What You Can Do with Computer Forensics -- How People Get Involved in Computer Forensics -- Law Enforcement -- Military -- University Programs -- IT or Computer Security Professionals -- Incident Response vs. Computer Forensics -- How Computer Forensic Tools Work -- Types of Computer Forensic Tools -- Professional Licensing Requirements -- Chapter 2: Learning Computer Forensics -- Where and How to Get Training -- Law Enforcement Training -- Corporate Training -- Where and How to Get Certified -- Vendor Certifications -- Vendor-Neutral Certifications -- Staying Current -- Conferences -- Blogs -- Forums -- Podcasts -- Associations -- Chapter 3: Creating a Lab -- Choosing Where to Put Your Lab -- Access Controls -- Electrical Power -- Air Conditioning -- Privacy -- Gathering the Tools of the Trade -- Write Blockers -- Drive Kits -- External Storage -- Screwdriver Kits -- Antistatic Bags -- Adaptors -- Forensic Workstation -- Choosing Forensic Software -- Open Source Software -- Commercial Software -- Storing Evidence -- Securing Your Evidence -- Organizing Your Evidence -- Disposing of Old Evidence -- Part II: Your First Investigation -- Chapter 4: How to Approach a Computer Forensics Investigation -- The Investigative Process -- What Are You Being Asked to Find Out? -- Where Would the Data Exist? -- What Applications Might Have Been Used in Creating the Data? -- Should You Request to Go Beyond the Scope of the Investigation?. |
|
Testing Your Hypothesis -- Step 1. Define Your Hypothesis -- Step 2. Determine a Repeatable Test -- Step 3. Create Your Test Environment -- Step 4. Document Your Testing -- The Forensic Data Landscape -- Active Data -- Unallocated Space -- Slack Space -- Mobile Devices -- External Storage -- What Do You Have the Authority to Access -- Who Hosts the Data? -- Who Owns the Device? -- Expectation of Privacy -- Chapter 5: Choosing Your Procedures -- Forensic Imaging -- Determining Your Comfort Level -- Forensic Imaging Method Pros and Cons -- Creating Forms and Your Lab Manual -- Chain of Custody Forms -- Request Forms -- Report Forms -- Standard Operating Procedures Manual -- Chapter 6: Testing Your Tools -- When Do You Need to Test -- Collecting Data for Public Research or Presentations -- Testing a Forensic Method -- Testing a Tool -- Where to Get Test Evidence -- Raw Images -- Creating Your Own Test Images -- Forensic Challenges -- Learn Forensics with David Cowen on YouTube -- Honeynet Project -- DC3 Challenge -- DFRWS Challenge -- SANS Forensic Challenges -- High School Forensic Challenge -- Collections of Tool Testing Images -- Digital Forensic Tool Testing Images -- NIST Computer Forensics Reference Data Sets Images -- The Hacking Case -- NIST Computer Forensics Tool Testing -- Chapter 7: Live vs. Postmortem Forensics -- Live Forensics -- When Live Forensics Is the Best Option -- Tools for Live Forensics -- Postmortem Forensics -- Postmortem Memory Analysis -- Chapter 8: Capturing Evidence -- Creating Forensic Images of Internal Hard Drives -- FTK Imager with a Hardware Write Blocker -- FTK Imager with a Software Write Blocker -- Creating Forensic Images of External Drives -- FTK Imager with a USB Write Blocker -- FTK Imager with a Software Write Blocker -- Software Write Blocking on Linux Systems -- Creating Forensic Images of Network Shares. |
|
Capturing a Network Share with FTK Imager -- Mobile Devices -- Servers -- Chapter 9: Nontraditional Digital Forensics -- Breaking the Rules: Nontraditional Digital Forensic Techniques -- Volatile Artifacts -- Malware -- Encrypted File Systems -- Challenges to Accessing Encrypted Data -- Mobile Devices: Smart Phones and Tablets -- Solid State Drives -- Virtual Machines -- Part III: Case Examples: How to Work a Case -- Chapter 10: Establishing the Investigation Type and Criteria -- Determining What Type of Investigation Is Required -- Human Resources Cases -- Administrator Abuse -- Stealing Information -- Internal Leaks -- Keyloggers and Malware -- What to Do When Criteria Causes an Overlap -- What to Do When No Criteria Matches -- Where Should the Evidence Be? -- Did This Occur over the Network? -- Nothing Working? Create a Super Timeline -- Chapter 11: Human Resources Cases -- Results of a Human Resource Case -- How to Work a Pornography Case -- Pornography Case Study -- How to Investigate a Pornography Case -- How to Work a Productivity Waste Case -- Chapter 12: Administrator Abuse -- The Abuse of Omniscience -- Scenario 1: Administrator Runs a Pornographic Site Using Company Resources -- Beginning an Investigation -- The Web Server's Role in the Network -- Directories -- Virtual Servers -- Virtual Directories -- Scenario 2: Exploiting Insider Knowledge Against an Ex-employer -- A Private Investigator Calls... -- As if They're Reading Our Minds... -- What a Network Vulnerability Assessment Can Reveal -- E-mail Data Review and Server Restoration -- Stepping Up Your Game: Knowledge Meets Creativity -- Chapter 13: Stealing Information -- What Are We Looking For? -- Determining Where the Data Went -- LNK Files -- Shellbags -- Scenario: Recovering Log Files to Catch a Thief -- Chapter 14: Internal Leaks -- Why Internal Leaks Happen. |
|
Investigating Internal Leaks -- Reviewing the Registry Files -- Identifying LNK Files -- Wrapping Up the Investigation -- Using File System Meta-data to Track Leaked or Printed Materials -- Chapter 15: Keyloggers and Malware -- Defining Keyloggers and Malware -- How to Detect Keyloggers and Malware -- Registry Files -- Prefetch Files -- Keyword Searches -- Handling Suspicious Files -- Determining How an Infection Occurred -- What We Know About This Infection -- What We Know About the Keylogger -- Identifying What Data Was Captured -- Finding Information About the Attacker -- What We Know About the Attacker -- Where to Find More About the Attacker -- Part IV: Defending Your Work -- Chapter 16: Documenting Your Findings with Reports -- Documenting Your Findings -- Who Asked You to Undertake the Investigation -- What You Were Asked to Do -- What You Reviewed -- What You Found -- What Your Findings Mean -- Types of Reports -- Informal Report -- Incident Report -- Internal Report -- Declaration -- Affidavit -- Explaining Your Work -- Define Technical Terms -- Provide Examples in Layperson Terms -- Explain Artifacts -- Chapter 17: Litigation and Reports for Court and Exhibits -- Important Legal Terms -- What Type of Witness Are You? -- Fact Witness -- Expert Consultant -- Expert Witness -- Special Master -- Neutral -- Writing Reports for Court -- Declarations in Support of Motions -- Expert Reports -- Creating Exhibits -- Working with Forensic Artifacts -- InfoSec Pro Series: Glossary -- Index. |
| Language |
English. |
| Subject |
Computer crimes -- Investigation.
|
|
Computer security.
|
|
Forensic sciences.
|
|
Computer Security |
|
Forensic Sciences |
|
Sécurité informatique. |
|
Criminalistique. |
|
Criminalité informatique -- Enquêtes. |
|
forensic science. |
|
Computer crimes -- Investigation |
|
Computer security |
|
Forensic sciences |
| Other Form: |
Print version: Cowen, David. Computer forensics. New York : McGraw-Hill, [2013] 9780071742450 (DLC) 2013010672 (OCoLC)836748319 |
| ISBN |
9780071742467 (electronic bk.) |
|
0071742468 (electronic bk.) |
|
More Resources