You are previewing CCFP Certified Cyber Forensics Professional All-in-One Exam Guide.
O'Reilly logo
CCFP Certified Cyber Forensics Professional All-in-One Exam Guide

Book Description

Get complete coverage of all six CCFP exam domains developed by the International Information Systems Security Certification Consortium (ISC)2. Written by a leading computer security expert, this authoritative guide fully addresses cyber forensics techniques, standards, technologies, and legal and ethical principles. You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.

COVERS ALL SIX EXAM DOMAINS:
Legal and ethical principles
Investigations
Forensic science
Digital forensics
Application forensics
Hybrid and emerging technologies

ELECTRONIC CONTENT INCLUDES:

  • 250 practice exam questions
  • Test engine that provides full-length practice exams and customized quizzes by chapter or by exam domain
  • PDF copy of the book

    Table of Contents

    1. Cover
    2. Title Page
    3. Copyright Page
    4. Contents
    5. About the Author
    6. Acknowledgments
    7. Introduction
    8. Part I Legal and Ethical Principles
      1. Chapter 1 Introduction to Forensics
        1. What Is Cyber Forensics?
        2. Understanding the Science of Forensics
        3. Elements of the Crime
          1. Law
          2. Intent
          3. Burden of Proof
          4. Exculpatory Evidence
        4. Knowledge Base Needed for Cyber Forensics
          1. Hardware
          2. Operating Systems
          3. Networks
        5. The Fundamental Principles of Cyber Forensics
          1. Maintaining Chain of Custody
        6. The Law and Cyber Forensics
          1. General Legal Issues
          2. Discovery
          3. Warrants
        7. Federal Guidelines Forensics Investigators Need to Know
          1. FBI
          2. Secret Service
        8. The Need for Cyber Forensics Certification
        9. Chapter Review
        10. Questions
        11. Answers
        12. References
      2. Chapter 2 The Investigative Process
        1. Chain of Custody
        2. Securing the Scene
        3. Documentation
        4. Authority and Objectives
        5. Examination
        6. Code of Ethics
          1. (ISC)2 Ethics
          2. American Academy of Forensic Science Ethics
          3. ISO Code of Ethics
        7. Ethical Conduct Outside the Investigation
          1. Civil Matters
          2. Criminal Matters
          3. Other Issues
        8. Ethical Investigations
          1. The Chinese Wall
          2. Relevant Regulations for Ethical Investigations
        9. The Evidence
          1. Criminal Investigations
          2. Civil Investigations
          3. Administrative Investigations
          4. Intellectual Property Investigations
          5. The Daubert Standard
        10. The Forensic Investigator as an Expert
          1. Qualities of an Expert
          2. Chapter Review
        11. Questions
        12. Answers
        13. References
      3. Chapter 3 Evidence Management
        1. Evidence Collection
          1. Evidence Documentation
          2. Evidence Preservation
        2. Evidence Transport
          1. Evidence Tracking
        3. Evidence Storage
          1. Environmental Hazards
          2. Unauthorized Access
          3. Electromagnetic Interference
          4. U.S. Army Digital Evidence Storage
        4. Evidence Access Control
        5. Evidence Disposition
        6. Chapter Review
        7. Questions
        8. Answers
        9. References
    9. Part II Forensic Science
      1. Chapter 4 Principles and Methods
        1. Scientific Approach to Forensics
          1. The Scientific Method
          2. The Philosophy of Science
          3. Peer Review
          4. Locard’s Principle of Transference
          5. Inman-Rudin Paradigm
        2. Identify and Classify Evidence
        3. Locations Where Evidence May Reside
          1. Storage Media
          2. Hardware Interfaces
          3. File Systems
          4. File Format
          5. File Types
          6. Header Analysis
        4. Recovering Data
          1. Physical Damage
          2. Logical Damage
          3. File and Metadata Carving
          4. Known File Filtering
        5. Media File Forensic Steps
          1. Running Processes
          2. Netstat
        6. Chapter Review
        7. Questions
        8. Answers
        9. References
      2. Chapter 5 Forensic Analysis
        1. Planning
          1. Collecting the Evidence
          2. Analyze the Evidence
        2. Case Notes and Reports
          1. Case Notes
          2. Reports
        3. Quality Control
          1. Lab Quality
          2. Investigator Quality Control
          3. Examination Quality Control
        4. Chapter Review
        5. Questions
        6. Answers
        7. References
    10. Part III Digital Forensics
      1. Chapter 6 Hardware Forensics
        1. Hard Drive Specifications
          1. General Hard Drive Facts
          2. RAID
        2. Recovering from Damaged Media
          1. CMOS/BIOS
          2. The Swap File
        3. Operating System Specifics
          1. Operating System Essentials
          2. The Kernel
          3. The GUI
          4. Interrupts
          5. API
        4. Extracting Deleted Files
          1. Windows
          2. Windows Tools
          3. Scrubbing Files
          4. Linux
          5. Macintosh
          6. MacKeeper
        5. Encrypted Files
          1. EFS
          2. TrueCrypt
          3. How to Deal with Encrypted Drives and Files
        6. Chapter Review
        7. Questions
        8. Answers
        9. References
      2. Chapter 7 Hidden Files and Antiforensics
        1. Cryptography
          1. The History of Encryption
          2. Modern Cryptography
          3. Symmetric Encryption
          4. Asymmetric Cryptography
          5. Cryptographic Hash
          6. Windows Passwords
        2. Steganography
          1. Historical Steganography
          2. Methods and Tools
          3. Steganalysis
        3. Cryptanalysis
          1. Frequency Analysis
          2. Kasiski
          3. Modern Methods
        4. Log Tampering
          1. Log Deletion
          2. Auditpol
          3. Winzapper
        5. Other Techniques
          1. Onion Routing
          2. Spoofing
          3. Wiping
          4. Tunneling
        6. Chapter Review
        7. Questions
        8. Answers
        9. References
      3. Chapter 8 Network Forensics
        1. Network Packet Analysis
          1. What Is a Packet?
          2. Ports
          3. Network Traffic Analysis
          4. Log Files
          5. Web Traffic
          6. HTTP Sniffer
          7. Web Traffic
          8. Nmap
          9. Snort
        2. Wireless
          1. Network-Related Cybercrimes
        3. Router Forensics
          1. Router Basics
          2. Types of Router Attacks
          3. Getting Evidence from the Router
        4. Firewall Forensics
          1. Firewall Basics
        5. Logs to Examine
          1. Windows Logs
          2. Linux Logs
        6. Operating System Utilities
          1. Netstat
          2. Net sessions
          3. Openfiles
        7. Network Structure
          1. Types of Networks
          2. Network Topology
          3. Shares
          4. Services
          5. P2P Networks and Proxies
          6. SANS
          7. Social Networks
          8. Chapter Review
          9. Questions
          10. Answers
          11. References
      4. Chapter 9 Virtual Systems
        1. Types of Virtual Systems
          1. Virtual Machines
          2. Service-Based Systems
          3. The Cloud
        2. Forensic Issues
          1. Technical Issues
          2. VMware
          3. VirtualBox
          4. Virtual PC
          5. Legal/Procedural Issues
        3. Chapter Review
        4. Questions
        5. Answers
        6. References
      5. Chapter 10 Mobile Forensics
        1. Cellular Device Concepts
          1. The Basics
          2. Networks
          3. Operating Systems
          4. Apps
        2. What Evidence Can You Get from a Mobile Device?
          1. Cell Phone Records
          2. Photos and Videos
          3. GPS Records
          4. Evidence from Apps
          5. What You Should Look For
          6. Device Status
        3. Seizing Evidence from a Phone
          1. Imaging a Phone
          2. Windows 8 Phone
          3. The iPhone
          4. Android Forensics
          5. Embedded Devices
        4. Questions
        5. Answers
        6. References
    11. Part IV Application Forensics and Emerging Technologies
      1. Chapter 11 Application Forensics
        1. File Formats
          1. The Registry
          2. Windows Swap File
          3. Index.dat
          4. Other Files That Provide Evidence
          5. Memory Analysis
        2. Windows File Copying
        3. Web Forensics
          1. Basics of Web Applications
          2. SQL Injection
          3. Cross-Site Scripting
          4. Cookie Manipulation
          5. Forceful Browsing
          6. XML Injection
        4. E-mail Forensics
          1. How E-mail Works
          2. E-mail headers
          3. E-mail Files
          4. Tracing E-mail
          5. E-mail Server Forensics
        5. Database Forensics
          1. Database Types
          2. What to Look For
          3. Record Carving and Database Reconstruction
        6. Chapter Review
        7. Questions
        8. Answers
        9. References
      2. Chapter 12 Malware Forensics
        1. Viruses
          1. How a Virus Spreads
          2. Real-World Cases
          3. Types of Viruses
          4. History of Viruses
          5. Modern Virus Creation
        2. Trojan Horses
        3. Spyware
        4. The Buffer Overflow
        5. Rootkit
        6. Logic Bombs
        7. Ransomware
        8. Advanced Persistent Threats
        9. Malware Analysis
          1. Static Analysis
          2. Dynamic Analysis
        10. Chapter Review
        11. Questions
        12. Answers
        13. References
      3. Chapter 13 New and Emerging Forensics Technology
        1. Social Networks
          1. Types and Applications of Social Networks
          2. Direct Evidence of Crimes
          3. Commission of Crimes
        2. New Devices
          1. Google Glass
          2. Cars
          3. Medical Devices
        3. Control Systems and Infrastructure
        4. Online Gaming
        5. Electronic Discovery
          1. Types of Investigation
          2. Liability and Proof
          3. Relevant Laws
          4. Big Data
          5. Steps in Electronic Data Discover
          6. Disaster Recovery
        6. Chapter Review
        7. Questions
        8. Answers
        9. References
    12. Appendix About the CD-ROM
      1. System Requirements
      2. Total Tester Premium Practice Exam Software
      3. Installing and Running Total Tester Premium Practice Exam Software
      4. PDF Copy of the Book
      5. Technical Support
        1. Total Seminars Technical Support
        2. McGraw-Hill Education Content Support
    13. Glossary
    14. Index