Guide to Computer Forensics and Investigations 7th Edition by Bill Nelson, ISBN-13: 978-0357672884

Description

Guide to Computer Forensics and Investigations 7th Edition by Bill Nelson, ISBN-13: 978-0357

[PDF eBook eTextbook] – Available Instantly

• Publisher: ‎ Cengage Learning; 7th edition (April 8, 2024)
• Language: ‎ English
• 768 pages
• ISBN-10: ‎ 0357672887
• ISBN-13: ‎ 978-0357672884

Master the skills you need to conduct a successful digital investigation with Nelson/Phillips/Steuart’s GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS, 7th Edition. Combining the latest advances in computer forensics with all-encompassing topic coverage, authoritative information from seasoned experts and real-world applications, you get the most comprehensive forensics resource available. While other resources offer an overview of the field, the hands-on learning in GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS teaches you the tools and techniques of the trade, introducing you to every step of the digital forensics investigation process, from lab setup to testifying in court. Designed to provide the most modern approach to the ins and outs of the profession of digital forensics investigation, it is appropriate for learners new to the field and an excellent refresher and technology update for current law enforcement, investigations or information security professionals.

Table of Contents:

Cover Page
Title Page
Copyright Page
Introduction
About the Authors
Acknowledgments
Bill Nelson
Amelia Phillips
Christopher K. Steuart
Robert S. Wilson
Module 1. Understanding the Digital Forensics Profession and Investigations
Manage. An Overview of Digital Forensics
Digital Forensics and Other Related Disciplines
A Brief History of Digital Forensics Tools
Understanding Case Law
Developing Digital Forensics Resources
Manage. Preparing for Digital Investigations
Understanding Public-Sector Investigations
Understanding Private-Sector Investigations
Manage. Maintaining Professional Conduct
Manage. Managing a Digital Forensics Investigation
Five Steps of an Investigation
An Overview of a Computer Crime
An Overview of a Company Policy Violation
Taking a Systematic Approach
Examine. Procedures for Private-Sector High-Tech Investigations
Employee Termination Cases
Internet Abuse Investigations
Email Abuse Investigations
Attorney-Client Privilege Investigations
Industrial Espionage Investigations
Interviews and Interrogations in High-Tech Investigations
Analyze. Understanding Data Recovery Workstations and Software
Setting Up Your Workstation for Digital Forensics
Manage. Conducting an Investigation
Gathering the Evidence
Understanding Bit-Stream Copies
Analyzing Your Digital Evidence
Critiquing the Case
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 2. Report Writing and Testimony for Digital Investigations
Manage. Understanding the Importance of Reports with a View to Testifying
Limiting a Report to Specifics
Types of Reports
Analyze. Guidelines for Writing Reports
What to Include in Written Preliminary Reports
Report Structure
Writing Reports Clearly
Designing the Layout and Presentation of Reports
Manage. Generating Report Findings and Writing the Digital Forensics Report
Building Report Resources
Determine Who Will Read the Report
Putting the Digital Forensics Report Together
Examine. Preparing for Testimony
Documenting and Preparing Evidence
Creating and Maintaining Your CV
Preparing Technical Definitions
Preparing to Deal with the News Media
Examine. Testifying in Court and Depositions
Understanding the Trial Process
Providing Qualifications for Your Testimony
General Guidelines on Testifying
Testifying during Direct Examination
Testifying during Cross-Examination
Preparing for a Deposition or Hearing
Guidelines for Testifying at Hearings
Testimony Planning Review
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 3. The Investigator’s Laboratory and Digital Forensics Tools
Manage. Understanding Forensics Lab Accreditation Requirements
Identifying Duties of the Lab Manager and Staff
Lab Budget Planning
Acquiring Certification and Training
Examine. Determining the Physical Requirements for a Digital Forensics Lab
Access and Security
Security for High-Risk Investigations
Evidence Storage Containers
Facility Maintenance
Auditing a Digital Forensics Lab
Floor Plans for Digital Forensics Labs
Manage. Selecting a Basic Forensic Workstation
Selecting Workstations for a Lab
Selecting Workstations for Private-Sector Labs
Stocking Hardware Peripherals
Maintaining Operating Systems and Software Inventories
Using a Disaster Recovery Plan
Planning for Equipment Upgrades
Manage. Building a Business Case for Developing a Forensics Lab
Preparing a Business Case for a Digital Forensics Lab
Analyze. Evaluating Digital Forensics Tools
Types of Digital Forensics Tools
Tasks Performed by Digital Forensics Tools
Tool Comparisons
Other Considerations for Tools
Manage. Digital Forensics Software Tools
Command-Line Forensics Tools
Linux Forensics Tools
Other GUI Forensics Tools
Manage. Digital Forensics Hardware Tools
Forensic Workstations
Using a Write-Blocker
Recommendations for a Forensic Workstation
Analyze. Validating and Testing Forensics Software
Using National Institute of Standards and Technology Tools
Using Validation Protocols
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 4. Data Acquisition
Analyze. Understanding Storage Formats for Digital Evidence
Open-Source Imaging Formats
Proprietary Formats
Manage. Acquisition Planning
Developing an Acquisition Action Plan
Determining the Best Acquisition Method
Calculating Acquisition Times
Manage. Contingency Planning for Image Acquisitions
Manage. Using Acquisition Tools
Using Linux Live CD/DVD and USB Distributions
Mini-WinFE Boot CDs and USB Drives
Kali Linux Live Features
FTK Imager Features
Preparing a Target Drive for a Forensic Acquisition
Understanding the Boot Sequence
Using xcopy to Collect Evidence
Using robocopy to Collect Evidence
Analyze. Validating Data Acquisitions
Linux Validation Methods
Windows Validation Methods
Solid-State Drive Concerns
Media Failure Concerns
Using Compare Functions to Validate Data
Manage. Performing RAID Data Acquisitions
Understanding RAID
Acquiring RAID Disks
Manage. Using Other Forensics Acquisition Tools
ASR Data SMART
ILookIX IXImager
PassMark Software OSForensics OSFClone
Runtime Software DiskExplorer
ForensicSoft SAFE Boot Disk
X-Ways Imager
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 5. Processing Crime and Incident Scenes
Manage. Identifying Digital Evidence
Understanding Rules of Evidence
Examine. Collecting Evidence at Private-Sector Incident Scenes
Examine. Processing Law Enforcement Crime Scenes
Understanding Concepts and Terms Used in Warrants
Examine. Preparing for a Search
Identifying the Nature of the Case
Identifying the Type of OS or Digital Device
Determining Whether You Can Seize Computers and Digital Devices
Getting a Detailed Description of the Location
Determining Who Is in Charge
Using Additional Technical Expertise
Determining the Tools You Need
Preparing the Investigation Team
Examine. Securing a Digital Incident or Crime Scene
Manage. Seizing Digital Evidence at the Scene
Preparing to Acquire Digital Evidence
Processing Incident or Crime Scenes
Processing Data Centers with RAID Systems
Using a Technical Advisor
Documenting Evidence in the Lab
Processing and Handling Digital Evidence
Special Situation Needs
Manage. Archival Storage and Transportation of Digital Evidence
Archiving of Digital Evidence
Evidence Retention and Media Storage Needs
Documenting Evidence
Managing Digital Evidence Forms
Transporting Digital Evidence
Analyze. Obtaining a Digital Hash
Manage. Employee Compliance Investigations
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 6. Working with Microsoft File Systems and the Windows Registry
Analyze. Understanding File Systems
Understanding Disk Drives
Examine. Exploring Microsoft File Structures
Disk Partitions
Examine. Examining FAT Disks
FAT Sector and Cluster Configurations
Drive Slack Space
File Fragmentation
Deleting FAT Files
Examine. Exploring NTFS Disks
NTFS System Files
$UsnJrnl System File
Prefetch
NTFS Alternate Data Streams
NTFS Compressed Files
NTFS Encrypting File System
Deleting NTFS Files
Resilient File System Overview
Examine. Understanding Whole Disk Encryption
Examining Microsoft BitLocker
Examining Third-Party Disk Encryption Tools
Examine. Understanding the Windows Registry
Data Types in the Registry
Exploring the Organization of the Windows Registry
Examine. Windows Forensics Artifacts
The hiberfile.sys File
Internet History Files
The pagefile.sys File
The $Recycle.Bin Folder
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 7. Linux and Macintosh File Systems
Examine. Examining Linux File Structures
File Structures in ext4
Inodes
Hard Links and Symbolic Links
Examine. Understanding Macintosh File Structures
An Overview of Mac File Structures
Apple File System
Forensics Procedures in macOS
Acquisition Methods in macOS
Analyze. Using Linux Forensics Tools
Using the dc3dd Command
Using the Kali Linux Forensics Tools
Exploring Sleuth Kit
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 8. Media Files and Digital Forensics
Manage. Media Files
Understanding Digital Photograph File Formats
Understanding Bitmap and Raster Images
Understanding Vector Graphics
Understanding Metafile Graphics Files
Graphics File Formats
Audio and Video File Formats
Viewing and Examining Media Files
Analyze. Data Compression and Obfuscation
Understanding Data Compression
Steganography in Graphics Files
Understanding Copyright Issues with Graphics
Analyze. Additional Data-Hiding Techniques
Bit-Shifting
Encrypted Files
Hiding Data
Marking Bad Clusters in FAT
Using Passwords to Protect Files
Examine. Locating and Recovering Media Files
Identifying Media File Fragments
Determining Unknown File Formats
Repairing Damaged Headers
Searching for and Carving Data
Rebuilding File Headers
Reconstructing File Fragments
Examine. Digital Evidence Validation and Discrimination
Using Hash Values to Discriminate Data
Manage. Examination Planning
Preparing for the Examination
Planning the Examination
Performing the Examination
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 9. Virtual Machine Forensics and Live Acquisitions Forensics
Analyze. An Overview of Virtual Machine Forensics
Investigating Hypervisor Systems
Other VM Examination Methods
Analyze. Performing Live Acquisitions
Performing a Live RAM Acquisition in Windows
Performing a Live Acquisition in Linux
Selective File Live Acquisitions
Manage. Remote Acquisition Tools
Belkasoft Remote Acquisition
F-Response Collect
Magnet AXIOM Cyber – Remote Acquisition
Analyze. Using Microsoft’s File System Utility Command
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 10. Network Forensics
Manage. Network Forensics Overview
Manage. Network Forensics Standard Procedures
Securing a Network
Developing Procedures and Models for Network Forensics
Effectively Reading Network Logs
Examine. Exploring Common Network Forensics Tools
Packet Analyzers
Intrusion Detection and Intrusion Prevention Tools
Manage. Investigating Virtual Networks
Manage. Researching and Investigating Types of Attacks
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 11. Cloud Forensics and the Internet of Anything
Manage. An Overview of Cloud Computing
History of the Cloud
Cloud Service Levels and Deployment Methods
Cloud Vendors
Basic Concepts of Cloud Forensics
Manage. Legal Challenges in Cloud Forensics
Service-Level Agreements
Jurisdiction Issues
Accessing Evidence in the Cloud
Analyze. Technical Challenges in Cloud Forensics
Architecture
Analysis of Cloud Forensic Data
Anti-Forensics
Incident First Responders
Role Management
Standards and Training
Acquisitions in the Cloud
Analyze. Conducting a Cloud Investigation
Investigating CSPs
Investigating Cloud Customers
Understanding Prefetch Files and Artifacts
Examining Stored Cloud Data on a PC
Using Cloud Forenics Tools
Manage. An Overview of the Internet of Things, the Internet of Anything, and the Internet of Everything
Technologies Supporting the Growth of the Internet of Things
Manage. Categories of the Internet of Anything
Consumer Internet of Things
Commercial Internet of Things
Industrial Internet of Things
Infrastructure Internet of Things
Internet of Military Things
Analyze. Forensics of the Internet of Anything
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 12. Mobile Device Forensics
Manage. Understanding Mobile Devices and Cellular Networks
Types of Mobile Devices
Cellular Networks
Cell Phone Tower Communications
Cell Phone Tracking
Cell Phone Data Logs
Examine. Mobile Device Evidence Sources
Inside Mobile Devices
Mobile Device Data
Apple Advanced Data Protection
SQLite Databases
Examine. Mobile Device Security
Mobile Device Management
Apple Lost Mode
File System Encryption
Manage. Seizing and Securing Mobile Devices
Isolating the Mobile Device
Protecting the Mobile Device’s Data
Analyze. Mobile Device Evidence Extraction and Examination
Preparing for an Acquisition
Perform the Extraction
Apple iOS Encrypted Backup
Common Extraction Methods
Advanced Extraction Methods
Workflow Documentation and Verification
Analyze. Mobile Device Forensics Tools
Andriller CE
Belkasoft
Cellebrite
CellHawk
DataPilot
FQLite
Magnet Forensics
Micro Systemation AB
MOBILedit Forensic
Oxygen Forensics
Paraben Software
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 13. Email and Social Media Investigations
Manage. Exploring the Role of Email in Investigations
Manage. Exploring the Client and Server Roles in Email
Examine. Investigating Email Crimes and Violations
Understanding Forensic Linguistics
Examining Email Messages
Copying an Email Message
Viewing Email Headers
Examining Email Headers
Examining Additional Email Files
Tracing an Email Message
Using Network Email Logs
Manage. Understanding Email Servers and Server Logs
Examining UNIX/Linux Email Server Logs
Examining Microsoft Email Server Logs
Examine. Using Specialized Email Forensics Tools
Using a Hex Editor to Carve Email Messages
Recovering Outlook Files
Email Case Studies
Examine. Applying Digital Forensics Methods to Social Media Communications and Channel-Based Messaging Tools
Social Media Forensics on Mobile Devices
Forensics Tools for Social Media Investigations
Investigating Channel-Based Messaging Tools
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 14. e-Discovery
Manage. Overview of e-Discovery, Rules, and Policies
The Relationship between e-Discovery and Digital Forensics
Rules, Laws, and Regulations Impacting e-Discovery
Manage. The Impact of Case Law on e-Discovery
Case Law in the United States
Enron e-Discovery
Manage. EDRM and e-Discovery Case Flow
Information Governance Reference Model
Stages of the ERDM
Analyze. Common e-Discovery Tools
Module Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Module 15. Ethics and Professional Responsibilities
Analyze. Applying Ethics and Codes to Expert Witnesses
Forensics Examiners’ Roles in Testifying
Considerations in Disqualification
Factors to Consider for All Cases
Determining Admissibility of Evidence
Manage. Organizations with Codes of Ethics
International Society of Forensic Computer Examiners
International High Technology Crime Investigation Association
International Association of Computer Investigative Specialists
American Bar Association
American Psychological Association
Analyze. Dealing with Ethical Challenges
Ethical Responsibilities Owed to You
Standard Forensics Tools and Tools You Create
Using an Intake Form
Analysis. Performing Peer Reviews for Digital Forensics
How to Peer-Review a Case
Writing a Peer Review
Module Summary
Key Terms
Review Questions
Case Projects
Appendix A. Certification Testing References
Appendix B. Digital Forensics References
Appendix C. Digital Forensics Lab Considerations
Appendix D. Legacy File Systems
Appendix E. NICE Framework and CAE Knowledge Units
Appendix F. Shell Command Examples

Bill Nelson has worked for two global Fortune 100 companies in information technologies for over 32 years, including 18-plus years in corporate digital forensics and information security. In addition, he has taught digital forensics classes at the City University of Seattle and the University of Washington’s Professional and Continuing Education Department for 10 years. He also has experience in Automated Fingerprint Identification System software engineering and reserve police work. A former president and vice president for Computer Technology Investigators Northwest, he routinely lectures at several colleges and universities in the Pacific Northwest.

Amelia Phillips is a tenured faculty member at Highline College in Seattle, Washington. After serving as an engineer at the Jet Propulsion Laboratory, she worked with e-commerce websites and began training in computer forensics to prevent credit card numbers from being stolen from sensitive e-commerce databases. Dr. Phillips designed certificate and AAS programs for community colleges in e-commerce, network security, computer forensics and data recovery. She designed the Bachelor of Applied Science in Cybersecurity and Forensics, which was approved in 2014. A Fulbright Scholar, Dr. Phillips taught at Polytechnic of Namibia in 2005 and 2006 and continues her work with developing nations, traveling there frequently. She earned BS degrees in astronautical engineering and archaeology and an MBA in technology management from the Massachusetts Institute of Technology, and an interdisciplinary Ph.D. in computer security from the University of Alaska, Fairbanks.

Christopher K. Steuart is a practicing attorney maintaining a general litigation practice, with experience in information systems security for a Fortune 50 company and the U.S. Army. He is also an honorary life member and the former general counsel for Computer Technology Investigators Northwest. He has presented computer forensics seminars in regional and national forums, including the American Society for Industrial Security, Agora, Northwest Computer Technology Crime Analysis Seminar and CTIN.

What makes us different?

• Instant Download

• Always Competitive Pricing

• 100% Privacy

• FREE Sample Available

• 24-7 LIVE Customer Support

672884