Guide to computer forensics and investigations /
Nelson, Bill,
Guide to computer forensics and investigations / Bill Nelson, Amelia Phillips, Chris Steuart. - Sixth edition. - xxx, 738 pages : illustrations ; 24 cm.
"Information security" Book with barcode: 210383, Print Year 2020 as found in title page verso. \5 EG-CaTKH
Includes bibliographical references (pages 685-690) and index.
An Overview of Digital Forensics -- Digital Forensics and Other Related Disciplines -- A Brief History of Digital Forensics -- Understanding Case Law -- Developing Digital Forensics Resources -- Preparing for Digital Investigations -- Understanding Law Enforcement Agency Investigations -- Following Legal Processes -- Understanding Private-Sector Investigations -- Maintaining Professional Conduct -- Preparing a Digital Forensics Investigation -- An Overview of a Computer Crime -- An Overview of a Company Policy Violation -- Taking a Systematic Approach -- Procedures for Private-Sector High-Tech Investigations -- Employee Termination Cases -- Internet Abuse Investigations -- E-mail Abuse Investigations -- Attorney-Client Privilege Investigations -- Industrial Espionage Investigations -- Understanding Data Recovery Workstations and Software -- Setting Up Your Workstation for Digital Forensics -- Conducting an Investigation -- Gathering the Evidence -- Understanding Bit-stream Copies -- Analyzing Your Digital Evidence -- Completing the Case -- Critiquing the Case -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Understanding Forensics Lab Accreditation Requirements -- Identifying Duties of the Lab Manager and Staff -- Lab Budget Planning -- Acquiring Certification and Training -- Determining the Physical Requirements for a Digital Forensics Lab -- Identifying Lab Security Needs -- Conducting High-Risk Investigations -- Using Evidence Containers -- Overseeing Facility Maintenance -- Considering Physical Security Needs -- Auditing a Digital Forensics Lab -- Determining Floor Plans for Digital Forensics Labs -- Selecting a Basic Forensic Workstation -- Selecting Workstations for a Lab -- Selecting Workstations for Private-Sector Labs -- Stocking Hardware Peripherals -- Maintaining Operating Systems and Software Inventories -- Using a Disaster Recovery Plan Planning for Equipment Upgrades -- Building a Business Case for Developing a Forensics Lab -- Preparing a Business Case for a Digital Forensics Lab -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Understanding Storage Formats for Digital Evidence -- Raw Format -- Proprietary Formats -- Advanced Forensic Format -- Determining the Best Acquisition Method -- Contingency Planning for Image Acquisitions -- Using Acquisition Tools -- Mini-WinFE Boot CDs and USB Drives -- Acquiring Data with a Linux Boot CD -- Capturing an Image with AccessData FTK Imager Lite -- Validating Data Acquisitions -- Linux Validation Methods -- Windows Validation Methods -- Performing RAID Data Acquisitions -- Understanding RAID -- Acquiring RAID Disks -- Using Remote Network Acquisition Tools -- Remote Acquisition with ProDiscover -- Remote Acquisition with EnCase Enterprise -- Remote Acquisition with R-Tools R-Studio -- Remote Acquisition with WetStone US-LATT PRO -- Remote Acquisition with F-Response -- Using Other Forensics Acquisition Tools -- PassMark Software ImageUSB -- ASR Data SMART -- Runtime Software -- ILookIX IXImager -- SourceForge -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Identifying Digital Evidence -- Understanding Rules of Evidence -- Collecting Evidence in Private-Sector Incident Scenes -- Processing Law Enforcement Crime Scenes -- Understanding Concepts and Terms Used in Warrants -- Preparing for a Search -- Identifying the Nature of the Case -- Identifying the Type of OS or Digital Device -- Determining Whether You Can Seize Computers and Digital Devices -- Getting a Detailed Description of the Location -- Determining Who Is in Charge -- Using Additional Technical Expertise -- Determining the Tools You Need -- Preparing the Investigation Team -- Securing a Digital Incident or Crime Scene -- Seizing Digital Evidence at the Scene -- Preparing to Acquire Digital Evidence -- Processing Incident or Crime Scenes -- Processing Data Centers with RAID Systems -- Using a Technical Advisor -- Documenting Evidence in the Lab -- Processing and Handling Digital Evidence -- Storing Digital Evidence -- Evidence Retention and Media Storage Needs -- Documenting Evidence -- Obtaining a Digital Hash -- Reviewing a Case -- Sample Civil Investigation -- An Example of a Criminal Investigation -- Reviewing Background Information for a Case -- Planning the Investigation -- Conducting the Investigation: Acquiring Evidence with OSForensics -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Understanding File Systems -- Understanding the Boot Sequence -- Understanding Disk Drives -- Solid-State Storage Devices -- Exploring Microsoft File Structures -- Disk Partitions -- Examining FAT Disks -- Examining NTFS Disks -- NTFS System Files -- MFT and File Attributes -- MFT Structures for File Data -- NTFS Alternate Data Streams -- NTFS Compressed Files -- NTFS Encrypting File System -- EFS Recovery Key Agent -- Deleting NTFS Files -- Resilient File System -- Understanding Whole Disk Encryption -- Examining Microsoft BitLocker -- Examining Third-Party Disk Encryption Tools -- Understanding the Windows Registry -- Exploring the Organization of the Windows Registry -- Examining the Windows Registry -- Understanding Microsoft Startup Tasks -- Startup in Windows 7, Windows 8, and Windows 10 -- Startup in Windows NT and Later -- Understanding Virtual Machines -- Creating a Virtual Machine -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Evaluating Digital Forensics Tool Needs -- Types of Digital Forensics Tools -- Tasks Performed by Digital Forensics Tools -- Tool Comparisons -- Other Considerations for Tools -- Digital Forensics Software Tools -- Command-Line Forensics Tools -- Linux Forensics Tools -- Other GUI Forensics Tools -- Digital Forensics Hardware Tools -- Forensic Workstations -- Using a Write-Blocker -- Recommendations for a Forensic Workstation -- Validating and Testing Forensics Software -- Using National Institute of Standards and Technology Tools -- Using Validation Protocols -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Examining Linux File Structures -- File Structures in Ext4 -- Understanding Macintosh File Structures -- An Overview of Mac File Structures -- Forensics Procedures in Mac -- Using Linux Forensics Tools -- Installing Sleuth Kit and Autopsy -- Examining a Case with Sleuth Kit and Autopsy -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Recognizing a Graphics File -- Understanding Bitmap and Raster Images -- Understanding Vector Graphics -- Understanding Metafile Graphics -- Understanding Graphics File Formats -- Understanding Digital Photograph File Formats -- Understanding Data Compression -- Lossless and Lossy Compression -- Locating and Recovering Graphics Files -- Identifying Graphics File Fragments -- Repairing Damaged Headers -- Searching for and Carving Data from Unallocated Space -- Rebuilding File Headers -- Reconstructing File Fragments -- Identifying Unknown File Formats -- Analyzing Graphics File Headers -- Tools for Viewing Images -- Understanding Steganography in Graphics Files -- Using Steganalysis Tools -- Understanding Copyright Issues with Graphics -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Determining What Data to Collect and Analyze -- Approaching Digital Forensics Cases -- Using Autopsy to Validate Data -- Collecting Hash Values in Autopsy -- Validating Forensic Data -- Validating with Hexadecimal Editors -- Validating with Digital Forensics Tools -- Addressing Data-Hiding Techniques -- Hiding Files by Using the OS -- Hiding Partitions -- Marking Bad Clusters -- Bit-Shifting -- Understanding Steganalysis Methods -- Examining Encrypted Files -- Recovering Passwords -- Chapter Summary -- Key Terms-- Review Questions -- Hands-On Projects -- Case Projects -- An Overview of Virtual Machine Forensics -- Type 2 Hypervisors -- Conducting an Investigation with Type 2 Hypervisors -- Working with Type 1 Hypervisors -- Performing Live Acquisitions -- Performing a Live Acquisition in Windows -- Network Forensics Overview -- The Need for Established Procedures -- Securing a Network -- Developing Procedures for Network Forensics -- Investigating Virtual Networks -- Examining the Honeynet Project -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Exploring the Role of E-mail in Investigations -- Exploring the Roles of the Client and Server in E-mail -- Investigating E-mail Crimes and Violations -- Understanding Forensic Linguistics -- Examining E-mail Messages -- Viewing E-mail Headers -- Examining E-mail Headers -- Examining Additional E-mail Files -- Tracing an E-mail Message -- Using Network E-mail Logs -- Understanding E-mail Servers -- Examining UNIX E-mail Server Logs -- Examining Microsoft E-mail Server Logs -- Using Specialized E-mail Forensics Tools -- Using Magnet AXIOM to Recover E-mail -- Using a Hex Editor to Carve E-mail Messages -- Recovering Outlook Files -- E-mail Case Studies -- Applying Digital Forensics Methods to Social Media Communications -- Social Media Forensics on Mobile Devices -- Forensics Tools for Social Media Investigations -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Understanding Mobile Device Forensics -- Mobile Phone Basics -- Inside Mobile Devices -- Understanding Acquisition Procedures for Mobile Devices -- Mobile Forensics Equipment -- Using Mobile Forensics Tools -- Understanding Forensics in the Internet of Anything -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- An Overview of Cloud Computing -- History of the Cloud -- Cloud Service Levels and Deployment Methods -- Cloud Vendors--Note continued: Basic Concepts of Cloud Forensics -- Legal Challenges in Cloud Forensics -- Service Level Agreements -- Jurisdiction Issues -- Accessing Evidence in the Cloud -- Technical Challenges in Cloud Forensics -- Architecture -- Analysis of Cloud Forensic Data -- Anti-Forensics -- Incident First Responders -- Role Management -- Standards and Training -- Acquisitions in the Cloud -- Encryption in the Cloud -- Conducting a Cloud Investigation -- Investigating CSPs -- Investigating Cloud Customers -- Understanding Prefetch Files -- Examining Stored Cloud Data on a PC -- Windows Prefetch Artifacts -- Tools for Cloud Forensics -- Forensic Open-Stack Tools -- F-Response for the Cloud -- Magnet AXIOM Cloud -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Understanding the Importance of Reports -- Limiting a Report to Specifics -- Types of Reports -- Guidelines for Writing Reports -- What to Include in Written Preliminary Reports -- Report Structure -- Writing Reports Clearly -- Designing the Layout and Presentation of Reports -- Generating Report Findings with Forensics Software Tools -- Using Autopsy to Generate Reports -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Preparing for Testimony -- Documenting and Preparing Evidence -- Reviewing Your Role as a Consulting Expert or an Expert Witness -- Creating and Maintaining Your CV -- Preparing Technical Definitions -- Preparing to Deal with the News Media -- Testifying in Court -- Understanding the Trial Process -- Providing Qualifications for Your Testimony -- General Guidelines on Testifying -- Testifying During Direct Examination -- Testifying During Cross-Examination -- Preparing for a Deposition or Hearing -- Guidelines for Testifying at Depositions -- Guidelines for Testifying at Hearings -- Preparing Forensics Evidence for Testimony -- Preparing a Defense of Your Evidence-Collection Methods -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Applying Ethics and Codes to Expert Witnesses -- Forensics Examiners' Roles in Testifying -- Considerations in Disqualification -- Traps for Unwary Experts -- Determining Admissibility of Evidence -- Organizations with Codes of Ethics -- International Society of Forensic Computer Examiners -- International High Technology Crime Investigation Association -- International Association of Computer Investigative Specialists -- American Bar Association -- American Psychological Association -- Ethical Difficulties in Expert Testimony -- Ethical Responsibilities Owed to You -- Standard Forensics Tools and Tools You Create -- An Ethics Exercise -- Performing a Cursory Exam of a Forensic Image -- Performing a Detailed Exam of a Forensic Image -- Performing the Exam -- Interpreting Attribute ox8o Data Runs -- Carving Data Run Clusters Manually -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects.
Master the skills necessary to launch and complete a successful computer investigation with the sixth edition of 'Guide to Computer Forensics and Investigations'.
9781337568944 1337568945
2018936389
Computer crimes--Investigation.
Computer security.
Digital forensic science.
HV8079.C65 / N45 2019
005.8 NE.G 2019
Guide to computer forensics and investigations / Bill Nelson, Amelia Phillips, Chris Steuart. - Sixth edition. - xxx, 738 pages : illustrations ; 24 cm.
"Information security" Book with barcode: 210383, Print Year 2020 as found in title page verso. \5 EG-CaTKH
Includes bibliographical references (pages 685-690) and index.
An Overview of Digital Forensics -- Digital Forensics and Other Related Disciplines -- A Brief History of Digital Forensics -- Understanding Case Law -- Developing Digital Forensics Resources -- Preparing for Digital Investigations -- Understanding Law Enforcement Agency Investigations -- Following Legal Processes -- Understanding Private-Sector Investigations -- Maintaining Professional Conduct -- Preparing a Digital Forensics Investigation -- An Overview of a Computer Crime -- An Overview of a Company Policy Violation -- Taking a Systematic Approach -- Procedures for Private-Sector High-Tech Investigations -- Employee Termination Cases -- Internet Abuse Investigations -- E-mail Abuse Investigations -- Attorney-Client Privilege Investigations -- Industrial Espionage Investigations -- Understanding Data Recovery Workstations and Software -- Setting Up Your Workstation for Digital Forensics -- Conducting an Investigation -- Gathering the Evidence -- Understanding Bit-stream Copies -- Analyzing Your Digital Evidence -- Completing the Case -- Critiquing the Case -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Understanding Forensics Lab Accreditation Requirements -- Identifying Duties of the Lab Manager and Staff -- Lab Budget Planning -- Acquiring Certification and Training -- Determining the Physical Requirements for a Digital Forensics Lab -- Identifying Lab Security Needs -- Conducting High-Risk Investigations -- Using Evidence Containers -- Overseeing Facility Maintenance -- Considering Physical Security Needs -- Auditing a Digital Forensics Lab -- Determining Floor Plans for Digital Forensics Labs -- Selecting a Basic Forensic Workstation -- Selecting Workstations for a Lab -- Selecting Workstations for Private-Sector Labs -- Stocking Hardware Peripherals -- Maintaining Operating Systems and Software Inventories -- Using a Disaster Recovery Plan Planning for Equipment Upgrades -- Building a Business Case for Developing a Forensics Lab -- Preparing a Business Case for a Digital Forensics Lab -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Understanding Storage Formats for Digital Evidence -- Raw Format -- Proprietary Formats -- Advanced Forensic Format -- Determining the Best Acquisition Method -- Contingency Planning for Image Acquisitions -- Using Acquisition Tools -- Mini-WinFE Boot CDs and USB Drives -- Acquiring Data with a Linux Boot CD -- Capturing an Image with AccessData FTK Imager Lite -- Validating Data Acquisitions -- Linux Validation Methods -- Windows Validation Methods -- Performing RAID Data Acquisitions -- Understanding RAID -- Acquiring RAID Disks -- Using Remote Network Acquisition Tools -- Remote Acquisition with ProDiscover -- Remote Acquisition with EnCase Enterprise -- Remote Acquisition with R-Tools R-Studio -- Remote Acquisition with WetStone US-LATT PRO -- Remote Acquisition with F-Response -- Using Other Forensics Acquisition Tools -- PassMark Software ImageUSB -- ASR Data SMART -- Runtime Software -- ILookIX IXImager -- SourceForge -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Identifying Digital Evidence -- Understanding Rules of Evidence -- Collecting Evidence in Private-Sector Incident Scenes -- Processing Law Enforcement Crime Scenes -- Understanding Concepts and Terms Used in Warrants -- Preparing for a Search -- Identifying the Nature of the Case -- Identifying the Type of OS or Digital Device -- Determining Whether You Can Seize Computers and Digital Devices -- Getting a Detailed Description of the Location -- Determining Who Is in Charge -- Using Additional Technical Expertise -- Determining the Tools You Need -- Preparing the Investigation Team -- Securing a Digital Incident or Crime Scene -- Seizing Digital Evidence at the Scene -- Preparing to Acquire Digital Evidence -- Processing Incident or Crime Scenes -- Processing Data Centers with RAID Systems -- Using a Technical Advisor -- Documenting Evidence in the Lab -- Processing and Handling Digital Evidence -- Storing Digital Evidence -- Evidence Retention and Media Storage Needs -- Documenting Evidence -- Obtaining a Digital Hash -- Reviewing a Case -- Sample Civil Investigation -- An Example of a Criminal Investigation -- Reviewing Background Information for a Case -- Planning the Investigation -- Conducting the Investigation: Acquiring Evidence with OSForensics -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Understanding File Systems -- Understanding the Boot Sequence -- Understanding Disk Drives -- Solid-State Storage Devices -- Exploring Microsoft File Structures -- Disk Partitions -- Examining FAT Disks -- Examining NTFS Disks -- NTFS System Files -- MFT and File Attributes -- MFT Structures for File Data -- NTFS Alternate Data Streams -- NTFS Compressed Files -- NTFS Encrypting File System -- EFS Recovery Key Agent -- Deleting NTFS Files -- Resilient File System -- Understanding Whole Disk Encryption -- Examining Microsoft BitLocker -- Examining Third-Party Disk Encryption Tools -- Understanding the Windows Registry -- Exploring the Organization of the Windows Registry -- Examining the Windows Registry -- Understanding Microsoft Startup Tasks -- Startup in Windows 7, Windows 8, and Windows 10 -- Startup in Windows NT and Later -- Understanding Virtual Machines -- Creating a Virtual Machine -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Evaluating Digital Forensics Tool Needs -- Types of Digital Forensics Tools -- Tasks Performed by Digital Forensics Tools -- Tool Comparisons -- Other Considerations for Tools -- Digital Forensics Software Tools -- Command-Line Forensics Tools -- Linux Forensics Tools -- Other GUI Forensics Tools -- Digital Forensics Hardware Tools -- Forensic Workstations -- Using a Write-Blocker -- Recommendations for a Forensic Workstation -- Validating and Testing Forensics Software -- Using National Institute of Standards and Technology Tools -- Using Validation Protocols -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Examining Linux File Structures -- File Structures in Ext4 -- Understanding Macintosh File Structures -- An Overview of Mac File Structures -- Forensics Procedures in Mac -- Using Linux Forensics Tools -- Installing Sleuth Kit and Autopsy -- Examining a Case with Sleuth Kit and Autopsy -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Recognizing a Graphics File -- Understanding Bitmap and Raster Images -- Understanding Vector Graphics -- Understanding Metafile Graphics -- Understanding Graphics File Formats -- Understanding Digital Photograph File Formats -- Understanding Data Compression -- Lossless and Lossy Compression -- Locating and Recovering Graphics Files -- Identifying Graphics File Fragments -- Repairing Damaged Headers -- Searching for and Carving Data from Unallocated Space -- Rebuilding File Headers -- Reconstructing File Fragments -- Identifying Unknown File Formats -- Analyzing Graphics File Headers -- Tools for Viewing Images -- Understanding Steganography in Graphics Files -- Using Steganalysis Tools -- Understanding Copyright Issues with Graphics -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Determining What Data to Collect and Analyze -- Approaching Digital Forensics Cases -- Using Autopsy to Validate Data -- Collecting Hash Values in Autopsy -- Validating Forensic Data -- Validating with Hexadecimal Editors -- Validating with Digital Forensics Tools -- Addressing Data-Hiding Techniques -- Hiding Files by Using the OS -- Hiding Partitions -- Marking Bad Clusters -- Bit-Shifting -- Understanding Steganalysis Methods -- Examining Encrypted Files -- Recovering Passwords -- Chapter Summary -- Key Terms-- Review Questions -- Hands-On Projects -- Case Projects -- An Overview of Virtual Machine Forensics -- Type 2 Hypervisors -- Conducting an Investigation with Type 2 Hypervisors -- Working with Type 1 Hypervisors -- Performing Live Acquisitions -- Performing a Live Acquisition in Windows -- Network Forensics Overview -- The Need for Established Procedures -- Securing a Network -- Developing Procedures for Network Forensics -- Investigating Virtual Networks -- Examining the Honeynet Project -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Exploring the Role of E-mail in Investigations -- Exploring the Roles of the Client and Server in E-mail -- Investigating E-mail Crimes and Violations -- Understanding Forensic Linguistics -- Examining E-mail Messages -- Viewing E-mail Headers -- Examining E-mail Headers -- Examining Additional E-mail Files -- Tracing an E-mail Message -- Using Network E-mail Logs -- Understanding E-mail Servers -- Examining UNIX E-mail Server Logs -- Examining Microsoft E-mail Server Logs -- Using Specialized E-mail Forensics Tools -- Using Magnet AXIOM to Recover E-mail -- Using a Hex Editor to Carve E-mail Messages -- Recovering Outlook Files -- E-mail Case Studies -- Applying Digital Forensics Methods to Social Media Communications -- Social Media Forensics on Mobile Devices -- Forensics Tools for Social Media Investigations -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Understanding Mobile Device Forensics -- Mobile Phone Basics -- Inside Mobile Devices -- Understanding Acquisition Procedures for Mobile Devices -- Mobile Forensics Equipment -- Using Mobile Forensics Tools -- Understanding Forensics in the Internet of Anything -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- An Overview of Cloud Computing -- History of the Cloud -- Cloud Service Levels and Deployment Methods -- Cloud Vendors--Note continued: Basic Concepts of Cloud Forensics -- Legal Challenges in Cloud Forensics -- Service Level Agreements -- Jurisdiction Issues -- Accessing Evidence in the Cloud -- Technical Challenges in Cloud Forensics -- Architecture -- Analysis of Cloud Forensic Data -- Anti-Forensics -- Incident First Responders -- Role Management -- Standards and Training -- Acquisitions in the Cloud -- Encryption in the Cloud -- Conducting a Cloud Investigation -- Investigating CSPs -- Investigating Cloud Customers -- Understanding Prefetch Files -- Examining Stored Cloud Data on a PC -- Windows Prefetch Artifacts -- Tools for Cloud Forensics -- Forensic Open-Stack Tools -- F-Response for the Cloud -- Magnet AXIOM Cloud -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Understanding the Importance of Reports -- Limiting a Report to Specifics -- Types of Reports -- Guidelines for Writing Reports -- What to Include in Written Preliminary Reports -- Report Structure -- Writing Reports Clearly -- Designing the Layout and Presentation of Reports -- Generating Report Findings with Forensics Software Tools -- Using Autopsy to Generate Reports -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Preparing for Testimony -- Documenting and Preparing Evidence -- Reviewing Your Role as a Consulting Expert or an Expert Witness -- Creating and Maintaining Your CV -- Preparing Technical Definitions -- Preparing to Deal with the News Media -- Testifying in Court -- Understanding the Trial Process -- Providing Qualifications for Your Testimony -- General Guidelines on Testifying -- Testifying During Direct Examination -- Testifying During Cross-Examination -- Preparing for a Deposition or Hearing -- Guidelines for Testifying at Depositions -- Guidelines for Testifying at Hearings -- Preparing Forensics Evidence for Testimony -- Preparing a Defense of Your Evidence-Collection Methods -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects -- Applying Ethics and Codes to Expert Witnesses -- Forensics Examiners' Roles in Testifying -- Considerations in Disqualification -- Traps for Unwary Experts -- Determining Admissibility of Evidence -- Organizations with Codes of Ethics -- International Society of Forensic Computer Examiners -- International High Technology Crime Investigation Association -- International Association of Computer Investigative Specialists -- American Bar Association -- American Psychological Association -- Ethical Difficulties in Expert Testimony -- Ethical Responsibilities Owed to You -- Standard Forensics Tools and Tools You Create -- An Ethics Exercise -- Performing a Cursory Exam of a Forensic Image -- Performing a Detailed Exam of a Forensic Image -- Performing the Exam -- Interpreting Attribute ox8o Data Runs -- Carving Data Run Clusters Manually -- Chapter Summary -- Key Terms -- Review Questions -- Hands-On Projects -- Case Projects.
Master the skills necessary to launch and complete a successful computer investigation with the sixth edition of 'Guide to Computer Forensics and Investigations'.
9781337568944 1337568945
2018936389
Computer crimes--Investigation.
Computer security.
Digital forensic science.
HV8079.C65 / N45 2019
005.8 NE.G 2019
