Efnisyfirlit

• Cover
• Title
• Copyright
• Publisher’s Note
• Dedication
• Acknowledgments
• About the Authors
• Introduction
• Who Should Read This Book
• What This Book Covers
• How to Contact the Authors
• Chapter 1: The Need for Computer Forensics
• Defining Computer Forensics
• Computer Crime in Real Life
• Corporate versus Law Enforcement Concerns
• Training
• What Are Your Organization’s Needs?
• Terms to Know
• Review Questions
• Chapter 2: Preparation—What to Do Before You Start
• Know Your Hardware
• Know Your Operating System
• Know Your Limits
• Develop Your Incident Response Team
• Terms to Know
• Review Questions
• Chapter 3: Computer Evidence
• What Is Computer Evidence?
• Search and Seizure
• Chain of Custody
• Admissibility of Evidence in a Court of Law
• Leave No Trace
• Terms to Know
• Review Questions
• Chapter 4: Common Tasks
• Evidence Identification
• Evidence Preservation
• Evidence Analysis
• Evidence Presentation
• Terms to Know
• Review Questions
• Chapter 5: Capturing the Data Image
• The Imaging Process
• Partial Volume Images
• Working with Virtual Machines
• Imaging/Capture Tools
• Terms to Know
• Review Questions
• Chapter 6: Extracting Information from Data
• What Are You Looking For?
• How People Think
• Picking the Low-Hanging Fruit
• Hidden Evidence
• Trace Evidence
• Terms to Know
• Review Questions
• Chapter 7: Passwords and Encryption
• Passwords
• Encryption Basics
• Common Encryption Practices
• Strengths and Weaknesses of Encryption
• Handling Encrypted Data
• Terms to Know
• Review Questions
• Chapter 8: Common Forensic Tools
• Disk Imaging and Validation Tools
• Forensic Tools
• Your Forensic Toolkit
• Terms to Know
• Review Questions
• Chapter 9: Pulling It All Together
• Creating Easy-to-Use Reports
• Document Everything, Assume Nothing
• Formulating the Report
• Sample Analysis Reports
• Using Software to Generate Reports
• Terms to Know
• Review Questions
• Chapter 10: How to Testify in Court
• Preparation Is Everything
• Appearance Matters
• What Matters Is What They Hear
• Know Your Forensic Process and Tools
• Say Only What You Must
• Keep It Simple
• Be Ready to Justify Every Step
• Summary
• Terms to Know
• Review Questions
• Appendix A: Answers to Review Questions
• Chapter 1
• Chapter 2
• Chapter 3
• Chapter 4
• Chapter 5
• Chapter 6
• Chapter 7
• Chapter 8
• Chapter 9
• Chapter 10
• Appendix B: Forensic Resources
• Information
• Organizations
• Publications
• Services
• Software
• Hardware
• Training
• Appendix C: Forensic Certifications and More
• AccessData Certified Examiner (ACE)
• Advanced Information Security (AIS)
• Certified Computer Examiner (CCE)
• Certified Hacking Forensic Investigator (CHFI)
• Certified Forensic Computer Examiner (CFCE)
• Certified Information Systems Auditor (CISA)
• Certified ProDiscover Examiner (CPE)
• EnCase Certified Examiner Program
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Forensics Examiner (GCFE)
• Professional Certified Investigator (PCI)
• ASCLD/LAB Accreditation
• Licensure
• Appendix D: Forensic Tools
• Forensic Tool Suites
• Password-Cracking Utilities
• CD Analysis Utilities
• Metadata Viewer Utility
• Miscellaneous Utilities
• Forensic Hardware Devices
• Computer Forensic Training
• Glossary
• Index
• End User License Agreement