Fundamentals of Digital Forensics: Theory, Methods, and Real-Life Applications / Joakim Kävrestad.
Publication details: Cham : Springer, 2020.Edition: 2nd edDescription: xiii, 268p : illustrations (color) ; 24cmContent type:- text
- 9783030389543
- 3030389545
- 9783030389536
- 005.8
- HV8079.C65
| Item type | Current library | Shelving location | Call number | URL | Copy number | Status | Date due | Barcode | Course reserves | |
|---|---|---|---|---|---|---|---|---|---|---|
BOOK GPS
|
FRANCIS LIGHT LIBRARY | Link to resource | Not for loan | |||||||
|
BOOK GPS
|
FRANCIS LIGHT LIBRARY | Link to resource | Not for loan | |||||||
ACADEMIC
|
FRANCIS LIGHT LIBRARY | SHELVES 1 | 005.8 KAV (Browse shelf(Opens below)) | 1 | Available | 00000561 | ||||
|
ACADEMIC
|
FRANCIS LIGHT LIBRARY | SHELVES 1 | 005.8 KAV (Browse shelf(Opens below)) | 2 | Available | 00000562 |
14.7 Analyzing Compound Files
Includes bibliographical references and index.
Intro -- Preface -- Overview and Audience -- Motivation and Features -- Contents -- Part I: Theory -- 1: What Is Digital Forensics? -- 1.1 A Forensic Examination -- 1.2 How Forensics Has Been Used -- 1.3 Questions and Tasks -- References -- 2: Ethics and Integrity -- 2.1 Tracing Online Users -- 2.2 Key Disclosure Law(s) -- 2.3 Police Hacking -- 2.4 Ethical Guidelines -- 2.5 Questions and Tasks -- References -- 3: Computer Theory -- 3.1 Secondary Storage Media -- 3.2 The NTFS File Systems -- 3.3 File Structure -- 3.4 Data Representation -- 3.5 User Accounts in Windows 10
3.6 Windows Registry -- 3.7 Encryption and Hashing -- 3.8 SQLite Databases -- 3.9 Memory and Paging -- 3.10 Questions and Tasks -- References -- 4: Notable Artifacts -- 4.1 Metadata -- 4.2 EXIF Data -- 4.3 Prefetch -- 4.4 Shellbags -- 4.5 .LNK Files -- 4.6 MRU-Stuff -- 4.7 Thumbcache -- 4.8 Windows Event Viewer -- 4.9 Program Log Files -- 4.10 USB Device History -- 4.11 Questions and Tasks -- References -- 5: Decryption and Password Enforcing -- 5.1 Password Theory -- 5.2 Decryption Attacks -- 5.3 Password Guessing Attacks -- 5.4 Questions and Tasks -- References -- Part II: The Forensic Process
6: Cybercrime, Cyber Aided Crime, and Digital Evidence -- 6.1 Cybercrime -- 6.2 Cyber Aided Crime -- 6.3 Crimes with Digital Evidence -- 6.4 Questions and Tasks -- References -- 7: Incident Response -- 7.1 Why and When? -- 7.2 Establishing Capabilities -- 7.3 Incident Handling -- 7.4 Questions and Tasks -- References -- 8: Collecting Evidence -- 8.1 When the Device Is Off -- 8.2 When the Device Is On -- 8.3 Live Investigation: Preparation -- 8.4 Live Investigation: Conducting -- 8.5 Live Investigation: Afterthoughts -- 8.6 Questions and Tasks -- References -- 9: Triage
9.1 Specific Examinations -- 9.2 White and Blacklisting -- 9.3 Automated Analysis -- 9.4 Field Triage -- 9.5 Questions and Tasks -- References -- 10: Analyzing Data and Writing Reports -- 10.1 Setting the Stage -- 10.2 Forensic Analysis -- 10.3 Reporting -- 10.3.1 Case Data -- 10.3.2 Purpose of Examination -- Summary -- 10.3.3 Findings -- Findings -- 10.3.4 Conclusions -- Conclusions -- 10.4 Final Remarks -- 10.5 Questions and Tasks -- Part III: Get Practical -- 11: Collecting Data -- 11.1 Imaging -- 11.2 Collecting Memory Dumps -- 11.3 Collecting Registry Data -- 11.4 Collecting Network Data
11.5 Collecting Video from Surveillance -- 11.6 Process of a Live Examination -- 11.7 Questions and Tasks -- References -- 12: Indexing and Searching -- 12.1 Indexing -- 12.2 Searching -- 12.2.1 Questions and Tasks -- 13: Cracking -- 13.1 Password Cracking Using PRTK -- 13.2 Password Cracking Using Hashcat -- 13.3 Questions and Tasks -- 14: Finding Artifacts -- 14.1 Install Date -- 14.2 Time Zone Information -- 14.3 Users in the System -- 14.4 Registered Owner -- 14.5 Partition Analysis and Recovery -- 14.6 Deleted Files -- 14.6.1 Recovering Files Deleted from MFT -- 14.6.2 File Carving
This practical and accessible textbook/reference describes the theory and methodology of digital forensic examinations, presenting examples developed in collaboration with police authorities to ensure relevance to real-world practice. The coverage includes discussions on forensic artifacts and constraints, as well as forensic tools used for law enforcement and in the corporate sector. Emphasis is placed on reinforcing sound forensic thinking, and gaining experience in common tasks through hands-on exercises. This enhanced second edition has been expanded with new material on incident response tasks and computer memory analysis. Topics and features: Outlines what computer forensics is, and what it can do, as well as what its limitations are Discusses both the theoretical foundations and the fundamentals of forensic methodology Reviews broad principles that are applicable worldwide Explains how to find and interpret several important artifacts Describes free and open source software tools, along with the AccessData Forensic Toolkit Features exercises and review questions throughout, with solutions provided in the appendices Includes numerous practical examples, and provides supporting video lectures online This easy-to-follow primer is an essential resource for students of computer forensics, and will also serve as a valuable reference for practitioners seeking instruction on performing forensic examinations. Joakim Kävrestad is a lecturer and researcher at the University of Skövde, Sweden, and an AccessData Certified Examiner. He also serves as a forensic consultant, with several years of experience as a forensic expert with the Swedish police.
There are no comments on this title.