Welcome to Francis Light Library | francislightlibrary@peninsulamalaysia.edu.my | +604-545 600 EXt:8004

Fundamentals of Digital Forensics: (Record no. 536)

MARC details
000 -LEADER
fixed length control field 05935aam a22004571a 4500
001 - CONTROL NUMBER
control field 019814023
003 - CONTROL NUMBER IDENTIFIER
control field PCN
005 - DATE AND TIME OF LATEST TRANSACTION
control field 20211114184255.0
006 - FIXED-LENGTH DATA ELEMENTS--ADDITIONAL MATERIAL CHARACTERISTICS
fixed length control field m || d |
007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION
fixed length control field cr |||||||||||
008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION
fixed length control field 200530s2020 sz o 000 0 eng d
020 ## - INTERNATIONAL STANDARD BOOK NUMBER
International Standard Book Number 9783030389543
Qualifying information (electronic bk.)
International Standard Book Number 3030389545
Qualifying information (electronic bk.)
International Standard Book Number 9783030389536
Qualifying information paperback
024 8# - OTHER STANDARD IDENTIFIER
Standard number or code 10.1007/978-3-030-38
040 ## - CATALOGING SOURCE
Original cataloging agency EBLCP
Language of cataloging eng
Transcribing agency EBLCP
Modifying agency LQU
-- GW5XE
-- EBLCP
-- N$T
-- DKU
-- Uk
042 ## - AUTHENTICATION CODE
Authentication code ukblsr
050 #4 - LIBRARY OF CONGRESS CALL NUMBER
Classification number HV8079.C65
082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER
Classification number 005.8
100 1# - MAIN ENTRY--PERSONAL NAME
Personal name Kävrestad, Joakim.
Relator term author
245 10 - TITLE STATEMENT
Title Fundamentals of Digital Forensics:
Remainder of title Theory, Methods, and Real-Life Applications /
Statement of responsibility, etc. Joakim Kävrestad.
250 ## - EDITION STATEMENT
Edition statement 2nd ed.
260 ## - PUBLICATION, DISTRIBUTION, ETC.
Place of publication, distribution, etc. Cham :
Name of publisher, distributor, etc. Springer,
Date of publication, distribution, etc. 2020.
300 ## - PHYSICAL DESCRIPTION
Extent xiii, 268p :
Other physical details illustrations (color) ;
Dimensions 24cm.
336 ## - CONTENT TYPE
Content type term text
Source rdacontent
337 ## - MEDIA TYPE
Source rdamedia
338 ## - CARRIER TYPE
Source rdacarrier
500 ## - GENERAL NOTE
General note 14.7 Analyzing Compound Files
504 ## - BIBLIOGRAPHY, ETC. NOTE
Bibliography, etc. note Includes bibliographical references and index.
505 0# - FORMATTED CONTENTS NOTE
Formatted contents note Intro -- Preface -- Overview and Audience -- Motivation and Features -- Contents -- Part I: Theory -- 1: What Is Digital Forensics? -- 1.1 A Forensic Examination -- 1.2 How Forensics Has Been Used -- 1.3 Questions and Tasks -- References -- 2: Ethics and Integrity -- 2.1 Tracing Online Users -- 2.2 Key Disclosure Law(s) -- 2.3 Police Hacking -- 2.4 Ethical Guidelines -- 2.5 Questions and Tasks -- References -- 3: Computer Theory -- 3.1 Secondary Storage Media -- 3.2 The NTFS File Systems -- 3.3 File Structure -- 3.4 Data Representation -- 3.5 User Accounts in Windows 10
Formatted contents note 3.6 Windows Registry -- 3.7 Encryption and Hashing -- 3.8 SQLite Databases -- 3.9 Memory and Paging -- 3.10 Questions and Tasks -- References -- 4: Notable Artifacts -- 4.1 Metadata -- 4.2 EXIF Data -- 4.3 Prefetch -- 4.4 Shellbags -- 4.5 .LNK Files -- 4.6 MRU-Stuff -- 4.7 Thumbcache -- 4.8 Windows Event Viewer -- 4.9 Program Log Files -- 4.10 USB Device History -- 4.11 Questions and Tasks -- References -- 5: Decryption and Password Enforcing -- 5.1 Password Theory -- 5.2 Decryption Attacks -- 5.3 Password Guessing Attacks -- 5.4 Questions and Tasks -- References -- Part II: The Forensic Process
Formatted contents note 6: Cybercrime, Cyber Aided Crime, and Digital Evidence -- 6.1 Cybercrime -- 6.2 Cyber Aided Crime -- 6.3 Crimes with Digital Evidence -- 6.4 Questions and Tasks -- References -- 7: Incident Response -- 7.1 Why and When? -- 7.2 Establishing Capabilities -- 7.3 Incident Handling -- 7.4 Questions and Tasks -- References -- 8: Collecting Evidence -- 8.1 When the Device Is Off -- 8.2 When the Device Is On -- 8.3 Live Investigation: Preparation -- 8.4 Live Investigation: Conducting -- 8.5 Live Investigation: Afterthoughts -- 8.6 Questions and Tasks -- References -- 9: Triage
Formatted contents note 9.1 Specific Examinations -- 9.2 White and Blacklisting -- 9.3 Automated Analysis -- 9.4 Field Triage -- 9.5 Questions and Tasks -- References -- 10: Analyzing Data and Writing Reports -- 10.1 Setting the Stage -- 10.2 Forensic Analysis -- 10.3 Reporting -- 10.3.1 Case Data -- 10.3.2 Purpose of Examination -- Summary -- 10.3.3 Findings -- Findings -- 10.3.4 Conclusions -- Conclusions -- 10.4 Final Remarks -- 10.5 Questions and Tasks -- Part III: Get Practical -- 11: Collecting Data -- 11.1 Imaging -- 11.2 Collecting Memory Dumps -- 11.3 Collecting Registry Data -- 11.4 Collecting Network Data
Formatted contents note 11.5 Collecting Video from Surveillance -- 11.6 Process of a Live Examination -- 11.7 Questions and Tasks -- References -- 12: Indexing and Searching -- 12.1 Indexing -- 12.2 Searching -- 12.2.1 Questions and Tasks -- 13: Cracking -- 13.1 Password Cracking Using PRTK -- 13.2 Password Cracking Using Hashcat -- 13.3 Questions and Tasks -- 14: Finding Artifacts -- 14.1 Install Date -- 14.2 Time Zone Information -- 14.3 Users in the System -- 14.4 Registered Owner -- 14.5 Partition Analysis and Recovery -- 14.6 Deleted Files -- 14.6.1 Recovering Files Deleted from MFT -- 14.6.2 File Carving
520 ## - SUMMARY, ETC.
Summary, etc. This practical and accessible textbook/reference describes the theory and methodology of digital forensic examinations, presenting examples developed in collaboration with police authorities to ensure relevance to real-world practice. The coverage includes discussions on forensic artifacts and constraints, as well as forensic tools used for law enforcement and in the corporate sector. Emphasis is placed on reinforcing sound forensic thinking, and gaining experience in common tasks through hands-on exercises. This enhanced second edition has been expanded with new material on incident response tasks and computer memory analysis. Topics and features: Outlines what computer forensics is, and what it can do, as well as what its limitations are Discusses both the theoretical foundations and the fundamentals of forensic methodology Reviews broad principles that are applicable worldwide Explains how to find and interpret several important artifacts Describes free and open source software tools, along with the AccessData Forensic Toolkit Features exercises and review questions throughout, with solutions provided in the appendices Includes numerous practical examples, and provides supporting video lectures online This easy-to-follow primer is an essential resource for students of computer forensics, and will also serve as a valuable reference for practitioners seeking instruction on performing forensic examinations. Joakim Kävrestad is a lecturer and researcher at the University of Skövde, Sweden, and an AccessData Certified Examiner. He also serves as a forensic consultant, with several years of experience as a forensic expert with the Swedish police.
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM
Topical term or geographic name entry element Digital forensic science.
Topical term or geographic name entry element Computer crimes.
General subdivision investigation.
Topical term or geographic name entry element Computer Forensics.
655 #4 - INDEX TERM--GENRE/FORM
Genre/form data or focus term Electronic books.
942 ## - ADDED ENTRY ELEMENTS (KOHA)
Source of classification or shelving scheme Dewey Decimal Classification
Koha item type ACADEMIC
Holdings
Withdrawn status Lost status Source of classification or shelving scheme Damaged status Not for loan Home library Current library Shelving location Date acquired Source of acquisition Cost, normal purchase price Inventory number Full call number Barcode Date last seen Copy number Cost, replacement price Price effective from Koha item type Total Checkouts Uniform Resource Identifier
    Dewey Decimal Classification     FRANCIS LIGHT LIBRARY FRANCIS LIGHT LIBRARY SHELVES 1 21/05/2021 EMO BOOKS SERVICES (IV-001020 : PCN2102016) 210.97 536 005.8 KAV 00000561 14/11/2021 1 240.97 14/11/2021 ACADEMIC    
    Dewey Decimal Classification     FRANCIS LIGHT LIBRARY FRANCIS LIGHT LIBRARY SHELVES 1 21/05/2021 EMO BOOKS SERVICES (IV-001020 : PCN2102016) 210.97 536 005.8 KAV 00000562 14/11/2021 2 240.97 14/11/2021 ACADEMIC    
    Dewey Decimal Classification     FRANCIS LIGHT LIBRARY FRANCIS LIGHT LIBRARY   20/09/2024           20/09/2024     20/09/2024 BOOK GPS   https://drive.google.com/file/d/1q6CpkS3FGYcY3CTIbvoJLVL-6hwO19eu/view?usp=sharing
    Dewey Decimal Classification     FRANCIS LIGHT LIBRARY FRANCIS LIGHT LIBRARY   20/09/2024           20/09/2024     20/09/2024 BOOK GPS   https://drive.google.com/file/d/1q6CpkS3FGYcY3CTIbvoJLVL-6hwO19eu/view?usp=sharing

The Ship Campus, No.1 Education Boulevard,One Auto Hub, Batu Kawan Industrial Park,14110, Bandar Cassia, Penang,Malaysia.Phone: +604 585 5000 Fax: +604 585 5009 | Email: noorshahidah@penisulacollege.edu.my 

Powered by KOHA |© Maintained by WISERF