Cover
Brief Contents
Table of Contents
Preface
Introduction
Chapter 1: Understanding the Digital Forensics Profession and Investigations
An Overview of Digital Forensics
Preparing for Digital Investigations
Maintaining Professional Conduct
Preparing a Digital Forensics Investigation
Procedures for Private-Sector High-Tech Investigations
Understanding Data Recovery Workstations and Software
Conducting an Investigation
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 2: The Investigator's Office and Laboratory
Understanding Forensics Lab Accreditation Requirements
Determining the Physical Requirements for a Digital Forensics Lab
Selecting a Basic Forensic Workstation
Building a Business Case for Developing a Forensics Lab
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 3: Data Acquisition
Understanding Storage Formats for Digital Evidence
Determining the Best Acquisition Method
Contingency Planning for Image Acquisitions
Using Acquisition Tools
Validating Data Acquisitions
Performing RAID Data Acquisitions
Using Remote Network Acquisition Tools
Using Other Forensics Acquisition Tools
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 4: Processing Crime and Incident Scenes
Identifying Digital Evidence
Collecting Evidence in Private-Sector Incident Scenes
Processing Law Enforcement Crime Scenes
Preparing for a Search
Securing a Digital Incident or Crime Scene
Seizing Digital Evidence at the Scene
Storing Digital Evidence
Obtaining a Digital Hash
Reviewing a Case
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 5: Working with Windows and CLI Systems
Understanding File Systems
Exploring Microsoft File Structures
Examining NTFS Disks
Understanding Whole Disk Encryption
Understanding the Windows Registry
Understanding Microsoft Startup Tasks
Understanding Virtual Machines
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 6: Current Digital Forensics Tools
Evaluating Digital Forensics Tool Needs
Digital Forensics Software Tools
Digital Forensics Hardware Tools
Validating and Testing Forensics Software
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 7: Linux and Macintosh File Systems
Examining Linux File Structures
Understanding Macintosh File Structures
Using Linux Forensics Tools
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 8: Recovering Graphics Files
Recognizing a Graphics File
Understanding Data Compression
Identifying Unknown File Formats
Understanding Copyright Issues with Graphics
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 9: Digital Forensics Analysis and Validation
Determining What Data to Collect and Analyze
Validating Forensic Data
Addressing Data-Hiding Techniques
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 10: Virtual Machine Forensics, Live Acquisitions, and Network Forensics
An Overview of Virtual Machine Forensics
Performing Live Acquisitions
Network Forensics Overview
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 11: E-Mail and Social Media Investigations
Exploring the Role of E-mail in Investigations
Exploring the Roles of the Client and Server in E-mail
Investigating E-mail Crimes and Violations
Understanding E-mail Servers
Using Specialized E-mail Forensics Tools
Applying Digital Forensics Methods to Social Media Communications
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 12: Mobile Device Forensics and the Internet of Anything
Understanding Mobile Device Forensics
Understanding Acquisition Procedures for Mobile Devices
Understanding Forensics in the Internet of Anything
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 13: Cloud Forensics
An Overview of Cloud Computing
Legal Challenges in Cloud Forensics
Technical Challenges in Cloud Forensics
Acquisitions in the Cloud
Conducting a Cloud Investigation
Tools for Cloud Forensics
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 14: Report Writing for High-Tech Investigations
Understanding the Importance of Reports
Guidelines for Writing Reports
Generating Report Findings with Forensics Software Tools
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 15: Expert Testimony in Digital Investigations
Preparing for Testimony
Testifying in Court
Preparing for a Deposition or Hearing
Preparing Forensics Evidence for Testimony
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 16: Ethics for the Expert Witness
Applying Ethics and Codes to Expert Witnesses
Organizations with Codes of Ethics
Ethical Difficulties in Expert Testimony
An Ethics Exercise
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Appendix A: Certification Test References
Appendix B: Digital Forensics References
Appendix C: Digital Forensics Lab Considerations
Appendix D: Legacy File System and Forensics Tools
Glossary
Index
