Efnisyfirlit

• Introduction
• Who Should Read This Book?
• About This Book
• How to Use This Book
• What You Don’t Need to Read
• Foolish Assumptions
• How This Book Is Organized
• Part I: Digging Out and Documenting Electronic Evidence
• Part II: Preparing to Crack the Case
• Part III: Doing Computer Forensic Investigations
• Part IV: Succeeding in Court
• Part V: The Part of Tens
• Glossary
• About the Web Site and Blog
• Icons Used in This Book
• Where to Go from Here
• Part I: Digging Out and Documenting Electronic Evidence
• Chapter 1: Knowing What Your Digital Devices Create, Capture, and Pack Away — Until Revelation Day
• Living and Working in a Recorded World
• Deleting is a misnomer
• Getting backed up
• Delusions of privacy danced in their headsets
• Giving the Third Degree to Computers, Electronics, and the Internet
• Answering the Big Questions
• What is my computer doing behind my back?
• How does my data get out there?
• Why can data be discovered and recovered easily?
• Examining Investigative Methods
• Getting permission
• Choosing your forensic tools
• Knowing what to look for and where
• Gathering evidence properly
• Revealing Investigation Results
• Preparing bulletproof findings
• Making it through trial
• Chapter 2: Suiting Up for a Lawsuit or Criminal Investigation
• Deciphering the Legal Codes
• Learning about relevancy and admissibility
• Getting started with electronic discovery
• Deciding what’s in and what’s not
• Playing by the rules
• Managing E-Discovery
• Understanding that timing is everything
• Grasping ESI discovery problems
• Avoiding overbroad requests
• Shaping the request
• Stepping through the response
• Conducting the Investigation in Good Faith
• Deciding Who’s Paying the Bill
• Chapter 3: Getting Authorized to Search and Seize
• Getting Authority: Never Start Without It
• Acknowledging who’s the boss (not you!)
• Putting together your team
• Involving external sources
• No warrant, no problem (if it’s done legally)
• Criminal Cases: Papering Your Behind (CYA)
• Learning about the case and the target
• Drafting an affidavit for a search warrant
• Presenting an affidavit for judicial processing
• Civil Cases: Verifying Company Policy
• Searching with verbal permission (without a warrant)
• Obtaining a subpoena
• Chapter 4: Documenting and Managing the Crime Scene
• Obsessing over Documentation
• Keeping the chain complete
• Dealing with carbon memories
• Deciding who gets the evidence first
• Getting to the truth
• Directing the Scene
• Papering the trail
• Recording the scene: Video
• Recording the sounds: Audio
• Getting the lead out
• Managing Evidence Behind the Yellow Tape
• Arriving ready to roll: Bringing the right tools
• Minimizing your presence
• Stepping Through the Scene
• Securing the area
• Surveying the scene
• Transporting the e-evidence
• Part II: Preparing to Crack the Case
• Chapter 5: Minding and Finding the Loopholes
• Deciding to Take On a Client
• Learning about the case and the theory
• Finding out the client’s priorities
• Timing your work
• Defining the scope of work
• Determining Whether You Can Help the Case
• Serving as a resource for the lawyer
• Taking an active role
• Answering big, blunt questions
• Signing on the dotted line
• Passing the Court’s Standard As a Reliable Witness
• Getting your credentials accepted
• Impressing opinions on the jury
• Going Forward with the Case
• Digging into the evidence
• Organizing and documenting your work
• Researching and digging for intelligence
• Keeping a Tight Forensic Defense
• Plugging loopholes
• Chapter 6: Acquiring and Authenticating E-Evidence
• Acquiring E-Evidence Properly
• Step 1: Determine the Type of Media You’re Working With
• Step 2: Find the Right Tool
• Finding all the space
• A write-protect device
• Sterile media
• Step 3: Transfer Data
• Transferring data in the field
• From computer to computer
• From storage device to computer
• Step 4: Authenticate the Preserved Data
• Step 5: Make a Duplicate of the Duplicate
• Chapter 7: Examining E-Evidence
• The Art of Scientific Inquiry
• Gearing Up for Challenges
• Getting a Handle on Search Terms
• Defining your search list
• Using forensic software to search
• Assuming risks
• Challenging Your Results: Plants and Frames and Being in the Wrong Place
• Knowing what can go wrong
• Looking beyond the file
• Finding No Evidence
• No evidence of who logged in
• No evidence of how it got there
• Reporting Your Analysis
• Chapter 8: Extracting Hidden Data
• Recognizing Attempts to Blind the Investigator
• Encryption and compression
• Data hiding techniques
• Defeating Algorithms, Hashes, and Keys
• Finding Out-of-Sight Bytes
• Cracking Passwords
• Knowing when to crack and when not to crack
• Disarming passwords to get in
• Circumventing passwords to sneak in
• Decrypting the Encrypted
• Sloppiness cracks PGP
• Desperate measures
• Part III: Doing Computer Forensics Investigations
• Chapter 9: E-Mail and Web Forensics
• Opening Pandora’s Box of E-Mail
• Following the route of e-mail packets
• Becoming Exhibit A
• Tracking the biggest trend in civil litigation
• Scoping Out E-Mail Architecture
• E-mail structures
• E-mail addressing
• E-mail lingo
• E-mail in motion
• Seeing the E-Mail Forensics Perspective
• Dissecting the message
• Expanding headers
• Checking for e-mail extras
• Examining Client-Based E-Mail
• Extracting e-mail from clients
• Getting to know e-mail file extensions
• Copying the e-mail
• Printing the e-mail
• Investigating Web-Based Mail
• Searching Browser Files
• Temporary files
• Internet history
• Looking through Instant Messages
• Chapter 10: Data Forensics
• Delving into Data Storage
• The anatomy of a disk drive
• Microsoft operating systems
• Apple: HFS
• Linux/Unix
• Finding Digital Cavities Where Data Hides
• Deleted files
• Non-accessible space
• RAM
• Windows Registry
• Search filtering
• Extracting Data
• Rebuilding Extracted Data
• Chapter 11: Document Forensics
• Finding Evidential Material in Documents: Metadata
• Viewing metadata
• Extracting metadata
• Honing In on CAM (Create, Access, Modify) Facts
• Discovering Documents
• Luring documents out of local storage
• Finding links and external storage
• Rounding up backups
• Chapter 12: Mobile Forensics
• Keeping Up with Data on the Move
• Shifting from desktop to handhelds
• Considering mobile devices forensically
• Recognizing the imperfect understanding of the technology
• Making a Device Seizure
• Mobile phones and SIM cards
• Personal digital assistants
• Digital cameras
• Digital audio recorders
• Cutting-Edge Cellular Extractions
• Equipping for mobile forensics
• Mobile forensic hardware
• Securing the mobile device
• Finding mobile data
• Examining a smart phone step-by-step
• Chapter 13: Network Forensics
• Mobilizing Network Forensic Power
• Identifying Network Components
• Looking at the Open Systems Interconnection Model (OSI)
• Cooperating with secret agents and controlling servers
• Saving Network Data
• Categorizing the data
• Figuring out where to store all those bytes
• Re-Creating an Event from Traffic
• Analyzing time stamps
• Putting together a data sequence
• Spotting different data streams
• Looking at Network Forensic Tools
• Test Access Port (TAP)
• Mirrors
• Promiscuous NIC
• Wireless
• Discovering Network Forensic Vendors
• Chapter 14: Investigating X-Files: eXotic Forensics
• Taking a Closer Look at Answering Machines
• Examining Video Surveillance Systems
• Cracking Home Security Systems
• Tracking Automobiles
• Extracting Information from Radio Frequency Identification (RFID)
• Examining Copiers
• Taking a Look On the Horizon
• Part IV: Succeeding in Court
• Chapter 15: Holding Up Your End at Pretrial
• Pretrial Motions
• Motion to suppress evidence
• Motion in limine
• Motion to dismiss
• Other motions
• Handling Pretrial Hearings
• Giving a Deposition
• Swearing to tell truthful opinions
• Surviving a deposition
• Bulletproofing your opinions
• Checking your statements
• Fighting stage fright
• Chapter 16: Winning a Case Before You Go to Court
• Working Around Wrong Moves
• Responding to Opposing Experts
• Dealing with counterparts
• Formatting your response
• Responding to affidavits
• Hardening your testimony
• Chapter 17: Standing Your Ground in Court
• Making Good on Deliverables
• Understanding Barroom Brawls in the Courtroom
• Managing challenging issues
• Sitting on the stand
• Instructing jurors about expert testimony
• Presenting E-Evidence to Persuade
• Staging a disaster
• Exhibiting like an expert
• Communicating to the Court
• Giving testimony about the case
• Answering about yourself
• Getting paid without conflict
• Chapter 18: Ten Ways to Get Qualified and Prepped for Success
• The Front Ten: Certifications
• ACE: AccessData
• CCE: Certified Computer Examiner
• CFCE: Certified Forensic Computer Examiner
• CEECS: Certified Electronic Evidence Collection Specialist
• Cisco: Various certifications
• CISSP: Certified Information Systems Security Professional
• CompTia: Various certifications
• EnCE: Guidance Software
• Paraben training
• SANS and GCFA: GIAC Certified Forensics Analyst
• The Back Ten: Journals and Education
• Chapter 19: Ten Tactics of an Excellent Investigator and a Dangerous Expert Witness
• Stick to Finding and Telling the Truth
• Don’t Fall for Counsel’s Tricks in Court
• Be Irrefutable
• Submit a Descriptive, Complete Bill
• Prepare a Clear, Complete Report
• Understand Nonverbal Cues
• Look ’Em Straight in the Eye
• Dress for Your Role As a Professional
• Stay Certified and Up-to-Date
• Know When to Say No
• Chapter 20: Ten Cool Tools for Computer Forensics
• Computer Forensic Software Tools
• EnCase
• Forensic ToolKit (FTK)
• Device Seizure
• Computer Forensic Hardware
• FRED
• WiebeTech Forensic Field Kit
• Logicube
• Computer Forensic Laboratories
• Computer forensic data server
• Forensic write blockers
• Media wiping equipment
• Recording equipment
• Glossary
• Cheat Sheet
• Connect with Dummies
• End User License Agreement