Guide to Digital Forensics : A Concise and Practical Introduction.

Intro -- Preface -- Contents -- Introduction -- Theory -- 1 What Is Digital Forensics? -- Abstract -- 1.1 A Forensic Examination -- 1.2 Questions and Tasks -- References -- 2 What Is Cybercrime? -- Abstract -- 2.1 Questions and Tasks -- References -- 3 Computer Theory -- Abstract -- 3.1 Secondary Storage Media -- 3.2 The NTFS File Systems -- 3.3 File Structure -- 3.4 Data Representation -- 3.5 Windows Registry -- 3.6 Encryption and Hashing -- 3.7 Decryption Attack and Password Cracking -- 3.8 Memory and Paging -- 3.9 Questions and Tasks -- References -- 4 Collecting Evidence -- Abstract -- 4.1 When the Device Is off -- 4.2 When the Device Is on -- 4.3 Live Investigation: Preparation -- 4.4 Live Investigation: Conducting -- 4.5 Live Investigation: Afterthoughts -- 4.6 Questions and Tasks -- References -- 5 Analyzing Data and Writing Reports -- Abstract -- 5.1 Setting the Stage -- 5.2 Forensic Analysis -- 5.3 Reporting -- 5.3.1 Case Data -- 5.3.2 Purpose of Examination -- 5.3.3 Findings -- 5.3.4 Conclusions -- 5.4 Final Remarks -- 5.5 Questions and Tasks -- Put it to Practice -- 6 Collecting Data -- Abstract -- 6.1 Imaging -- 6.2 Collecting Memory Dumps -- 6.3 Collecting Registry Data -- 6.4 Collecting Video from Surveillance -- 6.5 Questions and Tasks -- References -- 7 Indexing, Searching, and Cracking -- Abstract -- 7.1 Indexing -- 7.2 Searching -- 7.3 Cracking -- 7.4 Questions and Tasks -- 8 Finding Artifacts -- Abstract -- 8.1 Install Date -- 8.2 Time Zone Information -- 8.3 Users on the System -- 8.4 Registered Owner -- 8.5 Partition Analysis and Recovery -- 8.6 Deleted Files -- 8.6.1 Recovering Files Deleted from MFT -- 8.6.2 File Carving -- 8.7 Analyzing Compound Files -- 8.8 Analyzing File Metadata -- 8.8.1 NTFS Timestamps -- 8.8.2 Exif Data -- 8.8.3 Office Metadata -- 8.9 Analyzing Log Files -- 8.10 Analyzing Unorganized Data.

8.11 Questions and Tasks -- References -- 9 Some Common Questions -- Abstract -- 9.1 Was the Computer Remote Controlled? -- 9.1.1 Analysis of Applications -- 9.1.2 Scenario Testing -- 9.2 Who Was Using the Computer? -- 9.3 Was This Device Ever at Site X? -- 9.4 Questions and Tasks -- 10 FTK Specifics -- Abstract -- 10.1 FTK: Create a Case -- 10.2 FTK: Preprocessing -- 10.3 FTK: Overview -- 10.4 Registry Viewer: Overview -- 11 Basic Memory Analysis -- Abstract -- 11.1 Questions and Tasks -- References -- Vocabulary -- 12 Vocabulary -- Abstract -- Appendices -- 13 Appendix A-Solutions -- Abstract -- 13.1 Chapter 1 -- 13.2 Chapter 2 -- 13.3 Chapter 3 -- 13.4 Chapter 4 -- 13.5 Chapter 5 -- 13.6 Chapter 6 -- 13.7 Chapter 7 -- 13.8 Chapter 8 -- 13.9 Chapter 9 -- 13.10 Chapter 11 -- Reference -- 14 Appendix B-Useful Scripts -- Abstract -- 14.1 Capturing Basic Computer Information on MAC and Linux -- 14.2 Capturing Basic Computer Information on Windows -- 14.3 Parse Jitsi Chat Logs -- 15 Appendix C-Sample Report Template -- Abstract -- 15.1 Examination Data -- 15.1.1 Summary -- 15.1.2 Findings -- 15.2 Conclusions -- 15.2.1 Word List -- 16 Appendix D-List of Time Zones -- Abstract -- Reference -- 17 Appendix E-Complete Jitsi Chat Log -- Abstract.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.