You are previewing Computer Forensics JumpStart, Second Edition.
O'Reilly logo
Computer Forensics JumpStart, Second Edition

Book Description

Essential reading for launching a career in computer forensics

Internet crime is on the rise, catapulting the need for computer forensics specialists. This new edition presents you with a completely updated overview of the basic skills that are required as a computer forensics professional. The author team of technology security veterans introduces the latest software and tools that exist and they review the available certifications in this growing segment of IT that can help take your career to a new level. A variety of real-world practices take you behind the scenes to look at the root causes of security attacks and provides you with a unique perspective as you launch a career in this fast-growing field.

  • Explores the profession of computer forensics, which is more in demand than ever due to the rise of Internet crime

  • Details the ways to conduct a computer forensics investigation

  • Highlights tips and techniques for finding hidden data, capturing images, documenting your case, and presenting evidence in court as an expert witness

  • Walks you through identifying, collecting, and preserving computer evidence

  • Explains how to understand encryption and examine encryption files

Computer Forensics JumpStart is the resource you need to launch a career in computer forensics.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Dear Reader,
  5. Dedication
  6. Acknowledgments
  7. About the Authors
  8. Introduction
    1. Who Should Read This Book
    2. What This Book Covers
    3. How to Contact the Authors
  9. Chapter 1: The Need for Computer Forensics
    1. Defining Computer Forensics
    2. Computer Crime in Real Life
    3. Corporate versus Law Enforcement Concerns
    4. Training
    5. What Are Your Organization’s Needs?
    6. Terms to Know
    7. Review Questions
  10. Chapter 2: Preparation—What to Do Before You Start
    1. Know Your Hardware
    2. Know Your Operating System
    3. Know Your Limits
    4. Develop Your Incident Response Team
    5. Terms to Know
    6. Review Questions
  11. Chapter 3: Computer Evidence
    1. What Is Computer Evidence?
    2. Search and Seizure
    3. Chain of Custody
    4. Admissibility of Evidence in a Court of Law
    5. Leave No Trace
    6. Terms to Know
    7. Review Questions
  12. Chapter 4: Common Tasks
    1. Evidence Identification
    2. Evidence Preservation
    3. Evidence Analysis
    4. Evidence Presentation
    5. Terms to Know
    6. Review Questions
  13. Chapter 5: Capturing the Data Image
    1. The Imaging Process
    2. Partial Volume Images
    3. Working with Virtual Machines
    4. Imaging/Capture Tools
    5. Terms to Know
    6. Review Questions
  14. Chapter 6: Extracting Information from Data
    1. What Are You Looking For?
    2. How People Think
    3. Picking the Low-Hanging Fruit
    4. Hidden Evidence
    5. Trace Evidence
    6. Terms to Know
    7. Review Questions
  15. Chapter 7: Passwords and Encryption
    1. Passwords
    2. Encryption Basics
    3. Common Encryption Practices
    4. Strengths and Weaknesses of Encryption
    5. Handling Encrypted Data
    6. Terms to Know
    7. Review Questions
  16. Chapter 8: Common Forensic Tools
    1. Disk Imaging and Validation Tools
    2. Forensic Tools
    3. Your Forensic Toolkit
    4. Terms to Know
    5. Review Questions
  17. Chapter 9: Pulling It All Together
    1. Creating Easy-to-Use Reports
    2. Document Everything, Assume Nothing
    3. Formulating the Report
    4. Sample Analysis Reports
    5. Using Software to Generate Reports
    6. Terms to Know
    7. Review Questions
  18. Chapter 10: How to Testify in Court
    1. Preparation Is Everything
    2. Appearance Matters
    3. What Matters Is What They Hear
    4. Know Your Forensic Process and Tools
    5. Say Only What You Must
    6. Keep It Simple
    7. Be Ready to Justify Every Step
    8. Summary
    9. Terms to Know
    10. Review Questions
  19. Appendix A: Answers to Review Questions
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
    10. Chapter 10
  20. Appendix B: Forensic Resources
    1. Information
    2. Organizations
    3. Publications
    4. Services
    5. Software
    6. Hardware
    7. Training
  21. Appendix C: Forensic Certifications and More
    1. AccessData Certified Examiner (ACE)
    2. Advanced Information Security (AIS)
    3. Certified Computer Examiner (CCE)
    4. Certified Hacking Forensic Investigator (CHFI)
    5. Certified Forensic Computer Examiner (CFCE)
    6. Certified Information Systems Auditor (CISA)
    7. Certified ProDiscover Examiner (CPE)
    8. EnCase Certified Examiner Program
    9. GIAC Certified Forensic Analyst (GCFA)
    10. GIAC Certified Forensics Examiner (GCFE)
    11. Professional Certified Investigator (PCI)
    12. ASCLD/LAB Accreditation
    13. Licensure
  22. Appendix D: Forensic Tools
    1. Forensic Tool Suites
    2. Password-Cracking Utilities
    3. CD Analysis Utilities
    4. Metadata Viewer Utility
    5. Miscellaneous Utilities
    6. Forensic Hardware Devices
    7. Computer Forensic Training
  23. Glossary
  24. Index