Computer Forensics Infosec Pro Guide / Edition 1 available in Paperback, eBook
Computer Forensics Infosec Pro Guide / Edition 1
- ISBN-10:
- 007174245X
- ISBN-13:
- 9780071742450
- Pub. Date:
- 04/12/2013
- Publisher:
- McGraw Hill LLC
- ISBN-10:
- 007174245X
- ISBN-13:
- 9780071742450
- Pub. Date:
- 04/12/2013
- Publisher:
- McGraw Hill LLC
Computer Forensics Infosec Pro Guide / Edition 1
Buy New
$44.00Buy Used
$33.47-
PICK UP IN STORE
Your local store may have stock of this item.
Available within 2 business hours
-
SHIP THIS ITEM
Temporarily Out of Stock Online
Please check back later for updated availability.
Overview
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.
Security Smarts for the Self-Guided IT Professional
Find out how to excel in the field of computer forensics investigations. Learn what it takes to transition from an IT professional to a computer forensic examiner in the private sector. Written by a Certified Information Systems Security Professional, Computer Forensics: InfoSec Pro Guide is filled with real-world case studies that demonstrate the concepts covered in the book.
You’ll learn how to set up a forensics lab, select hardware and software, choose forensic imaging procedures, test your tools, capture evidence from different sources, follow a sound investigative process, safely store evidence, and verify your findings. Best practices for documenting your results, preparing reports, and presenting evidence in court are also covered in this detailed resource.
Computer Forensics: InfoSec Pro Guide features:
- Lingo—Common security terms defined so that you’re in the know on the job
- IMHO—Frank and relevant opinions based on the author’s years of industry experience
- Budget Note—Tips for getting security technologies and processes into your organization’s budget
- In Actual Practice—Exceptions to the rules of security explained in real-world contexts
- Your Plan—Customizable checklists you can use on the job now
- Into Action—Tips on how, why, and when to apply new skills and techniques at work
Product Details
ISBN-13: | 9780071742450 |
---|---|
Publisher: | McGraw Hill LLC |
Publication date: | 04/12/2013 |
Series: | Beginner's Guide Series |
Edition description: | New Edition |
Pages: | 344 |
Product dimensions: | 7.30(w) x 9.00(h) x 0.70(d) |
About the Author
Table of Contents
Acknowledgments xix
Introduction xxi
Part I Getting Started
1 What Is Computer Forensics? 3
What You Can Do with Computer Forensics 4
How People Get Involved in Computer Forensics 5
Law Enforcement 6
Military 6
University Programs 7
IT or Computer Security Professionals 7
Incident Response vs. Computer Forensics 9
How Computer Forensic Tools Work 10
Types of Computer Forensic Tools 10
Professional Licensing Requirements 12
2 Learning Computer Forensics 15
Where and How to Get Training 16
Law Enforcement Training 17
Corporate Training 17
Where and How to Get Certified 18
Vendor Certifications 19
Vendor-Neutral Certifications 20
Staying Current 22
Conferences 23
Blogs 24
Forums 26
Podcasts 26
Associations 27
3 Creating a Lab 29
Choosing Where to Put Your Lab 31
Access Controls 31
Electrical Power 35
Air Conditioning 35
Privacy 37
Gathering the Tools of the Trade 38
Write Blockers 38
Drive Kits 41
External Storage 43
Screwdriver Kits 43
Antistatic Bags 43
Adaptors 44
Forensic Workstation 44
Choosing Forensic Software 45
Open Source Software 46
Commercial Software 47
Storing Evidence 49
Securing Your Evidence 48
Organizing Your Evidence 49
Disposing of Old Evidence 50
Part II Your First Investigation
4 How to Approach a Computer Forensics Investigation 55
The Investigative Process 56
What Are You Being Asked to Find Out? 56
Where Would the Data Exist? 57
What Applications Might Have Been Used in Creating the Data? 57
Should You Request to Go Beyond the Scope of the Investigation? 58
Testing Your Hypothesis 59
Step 1 Define Your Hypothesis 60
Step 2 Determine a Repeatable Test 61
Step 3 Create Your Test Environment 61
Step 4 Document Your Testing 61
The Forensic Data Landscape 62
Active Data 62
Unallocated Space 62
Slack Space 63
Mobile Devices 65
External Storage 66
What Do You Have the Authority to Access 66
Who Hosts the Data? 66
Who Owns the Device? 67
Expectation of Privacy 68
5 Choosing Your Procedures 71
Forensic Imaging 72
Determining Your Comfort Level 73
Forensic Imaging Method Pros and Cons 78
Creating Forms and Your Lab Manual 80
Chain of Custody Forms 80
Request Forms 82
Report Forms 82
Standard Operating Procedures Manual 84
6 Testing Your Tools 85
When Do You Need to Test 86
Collecting Data for Public Research or Presentations 87
Testing a Forensic Method 87
Testing a Tool 87
Where to Get Test Evidence 88
Raw Images 89
Creating Your Own Test Images 89
Forensic Challenges 91
Learn Forensics with David Cowen on YouTube 91
Honeynet Project 91
DC3 Challenge 92
DFRWS Challenge 92
SANS Forensic Challenges 93
High School Forensic Challenge 93
Collections of Tool Testing Images 93
Digital Forensic Tool Testing Images 93
NIST Computer Forensics Reference Data Sets Images 94
The Hacking Case 94
NIST Computer Forensics Tool Testing 94
7 Live vs. Postmortem Forensics 97
Live Forensics 99
When Live Forensics Is the Best Option 100
Tools for Live Forensics 103
Postmortem Forensics 106
Postmortem Memory Analysis 106
8 Capturing Evidence 109
Creating Forensic Images of Internal Hard Drives 110
FTK Imager with a Hardware Write Blocker 111
FTK Imager with a Software Write Blocker 120
Creating Forensic Images of External Drives 123
FTK Imager with a USB Write Blocker 124
FTK Imager with a Software Write Blocker 125
Software Write Blocking on Linux Systems 125
Creating Forensic Images of Network Shares 128
Capturing a Network Share with FTK Imager 129
Mobile Devices 133
Servers 133
9 Nontraditional Digital Forensics 135
Breaking the Rules: Nontraditional Digital Forensic Techniques 137
Volatile Artifacts 138
Malware 139
Encrypted File Systems 141
Challenges to Accessing Encrypted Data 144
Mobile Devices: Smart Phones and Tablets 145
Solid State Drives 147
Virtual Machines 149
Part III Case Examples: How to Work a Case
10 Establishing the Investigation Type and Criteria 153
Determining What Type of Investigation Is Required 154
Human Resources Cases 154
Administrator Abuse 156
Stealing Information 158
Internal Leaks 158
Keyloggers and Malware 159
What to Do When Criteria Causes an Overlap 161
What to Do When No Criteria Matches 161
Where Should the Evidence Be? 162
Did This Occur over the Network? 162
Nothing Working? Create a Super Timeline 163
11 Human Resources Cases 167
Results of a Human Resource Case 168
How to Work a Pornography Case 169
Pornography Case Study 169
How to Investigate a Pornography Case 174
How to Work a Productivity Waste Case 179
12 Administrator Abuse 185
The Abuse of Omniscience 186
Scenario 1: Administrator Runs a Pornographic Site Using Company Resources 188
Beginning an Investigation 189
The Web Server's Role in the Network 190
Directories 193
Virtual Servers 194
Virtual Directories 194
Scenario 2: Exploiting Insider Knowledge Against an Ex-employer 196
A Private Investigator Calls 197
As if They're Reading Our Minds… 197
What a Network Vulnerability Assessment Can Reveal 198
E-mail Data Review and Server Restoration 200
Stepping Up Your Game: Knowledge Meets Creativity 201
13 Stealing Information 205
What Are We Looking For? 206
Determining Where the Data Went 209
LNK Files 209
Shellbags 212
Scenario: Recovering Log Files to Catch a Thief 214
14 Internal Leaks 217
Why Internal Leaks Happen 218
Investigating Internal Leaks 220
Reviewing the Registry Files 221
Identifying LNK Files 226
Wrapping Up the Investigation 231
Using File System Meta-data to Track Leaked or Printed Materials 232
15 Keyloggers and Malware 235
Denning Keyloggers and Malware 236
How to Detect Keyloggers and Malware 237
Registry Files 238
Prefetch Files 242
Keyword Searches 242
Handling Suspicious Files 243
Determining How an Infection Occurred 243
What We Know About This Infection 247
What We Know About the Keylogger 247
Identifying What Data Was Captured 249
Finding Information About the Attacker 251
What We Know About the Attacker 252
Where to Find More About the Attacker 252
Part IV Defending Your Work
16 Documenting Your Findings with Reports 257
Documenting Your Findings 258
Who Asked You to Undertake the Investigation 259
What You Were Asked to Do 259
What You Reviewed 260
What You Found 261
What Your Findings Mean 262
Types of Reports 263
Informal Report 263
Incident Report 263
Internal Report 265
Declaration 265
Affidavit 267
Explaining Your Work 268
Define Technical Terms 268
Provide Examples in Layperson Terms 268
Explain Artifacts 269
17 Litigation and Reports for Court and Exhibits 271
Important Legal Terms 272
What Type of Witness Are You? 273
Fact Witness 274
Expert Consultant 275
Expert Witness 275
Special Master 276
Neutral 277
Writing Reports for Court 277
Declarations in Support of Motions 278
Expert Reports 279
Creating Exhibits 279
Working with Forensic Artifacts 281
Glossary 283
Index 303