You are previewing The Basics of Digital Forensics, 2nd Edition.
O'Reilly logo
The Basics of Digital Forensics, 2nd Edition

Book Description

The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered.

The new Second Edition of this book provides you with completely up-to-date real-world examples and all the key technologies used in digital forensics, as well as new coverage of network intrusion response, how hard drives are organized, and electronic discovery. You'll also learn how to incorporate quality assurance into an investigation, how to prioritize evidence items to examine (triage), case processing, and what goes into making an expert witness.

The Second Edition also features expanded resources and references, including online resources that keep you current, sample legal documents, and suggested further reading.



  • Learn what Digital Forensics entails
  • Build a toolkit and prepare an investigative plan
  • Understand the common artifacts to look for in an exam
  • Second Edition features all-new coverage of hard drives, triage, network intrusion response, and electronic discovery; as well as updated case studies, expert interviews, and expanded resources and references

Table of Contents

  1. Cover
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Preface
  7. Acknowledgments
  8. Chapter 1: Introduction
    1. Abstract
    2. Introduction
    3. What is forensic science?
    4. What is digital forensics?
    5. Uses of digital forensics
    6. The digital forensics process
    7. Locard’s exchange principle
    8. Scientific method
    9. Organizations of note
    10. Role of the forensic examiner in the judicial system
    11. Summary
  9. Chapter 2: Key technical concepts
    1. Abstract
    2. Introduction
    3. Bits, bytes, and numbering schemes
    4. File extensions and file signatures
    5. Storage and memory
    6. Computing environments
    7. Data types
    8. File systems
    9. Allocated and unallocated space
    10. How magnetic hard drives store data
    11. Summary
  10. Chapter 3: Labs and tools
    1. Abstract
    2. Introduction
    3. Forensic laboratories
    4. Policies and procedures
    5. Quality assurance
    6. Digital forensic tools
    7. Additional resources
    8. Alert!
    9. Accreditation
    10. Summary
  11. Chapter 4: Collecting evidence
    1. Abstract
    2. Introduction
    3. Crime scenes and collecting evidence
    4. Alert!
    5. Alert!
    6. Documenting the scene
    7. Chain of custody
    8. Cloning
    9. Alert!
    10. Live system versus dead system
    11. More advanced
    12. Alert!
    13. Hashing
    14. Final report
    15. Summary
  12. Chapter 5: Windows system artifacts
    1. Abstract
    2. Introduction
    3. Deleted data
    4. More advanced
    5. Hibernation file (hiberfile.sys)
    6. Registry
    7. Print spooling
    8. Recycle bin
    9. Alert!
    10. More advanced
    11. Metadata
    12. Alert!
    13. Thumbnail cache
    14. Most recently used
    15. Restore points and shadow copy
    16. Prefetch
    17. Link files
    18. Summary
  13. Chapter 6: Anti-forensics
    1. Abstract
    2. Introduction
    3. Hiding data
    4. Password attacks
    5. Additional resources
    6. Steganography
    7. Data destruction
    8. More advanced
    9. Summary
  14. Chapter 7: Legal
    1. Abstract
    2. Introduction
    3. The fourth amendment
    4. Criminal law—searches without a warrant
    5. More advanced
    6. Alert!
    7. Searching with a warrant
    8. Electronic discovery
    9. Alert!
    10. Expert testimony
    11. Additional resources
    12. Summary
  15. Chapter 8: Internet and e-mail
    1. Abstract
    2. Introduction
    3. Internet overview
    4. Additional resources
    5. More advanced
    6. Web browsers—Internet Explorer
    7. More advanced
    8. E-mail
    9. Alert!
    10. Social networking sites
    11. Additional resources
    12. Summary
  16. Chapter 9: Network forensics
    1. Abstract
    2. Introduction
    3. Network fundamentals
    4. Network security tools
    5. Network attacks
    6. Alert!
    7. Incident response
    8. Network evidence and investigations
    9. Additional resources
    10. Summary
  17. Chapter 10: Mobile device forensics
    1. Abstract
    2. Introduction
    3. Cellular networks
    4. Operating systems
    5. Cell phone evidence
    6. Cell phone forensic tools
    7. Global positioning systems
    8. Summary
  18. Chapter 11: Looking ahead: challenges and concerns
    1. Abstract
    2. Introduction
    3. Standards and controls
    4. Cloud forensics
    5. Additional resources
    6. Alert!
    7. Solid state drives
    8. More advanced
    9. Speed of change
    10. Additional resources
    11. Summary
  19. Index