Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second EditionCRC Press, 19. des. 2010 - 528 sider Updating and expanding information on concealment techniques, new technologies, hardware, software, and relevant new legislation, this second edition details scope of cyber forensics to reveal and track legal and illegal activity. Designed as an introduction and overview to the field, the authors guide you step-by-step through the basics of investigation and introduce the tools and procedures required to legally seize and forensically evaluate a suspect machine. The book covers rules of evidence, chain of custody, standard operating procedures, and the manipulation of technology to conceal illegal activities and how cyber forensics can uncover them. |
Innhold
1 | |
27 | |
Chapter 3 Concealment Techniques | 49 |
Model System Platforms | 117 |
Operating Systems Network Traffic and Applications | 143 |
Digital Forensic Laboratory Accreditation Standards | 179 |
Flowchart for the Seizure of Electronic Evidence and Associated Internal Control Questionaires | 193 |
An Australian Perspective | 231 |
Cyber Forensic Best Practcice Recommendations | 375 |
Steganography Tools | 381 |
Forensic ResourcesLiterature and Selected Readings | 385 |
Forensic Online Resources | 389 |
Locating Forensic Data in Windows Registries | 395 |
Sedona Principles for Electronic Document Production | 411 |
Recap Federal Rules of Civil Procedure Involving EDiscovery Amendments | 413 |
Selected Acronyms | 419 |
Chapter 9 Forensic Black Bag | 241 |
Forensic Value and Corporate Exposure | 255 |
Legal Considerations | 267 |
Chapter 12 Cyber Forensics and the Changing Face of Investigating Criminal Behavior | 297 |
Chapter 13 Electronically Stored Information and Cyber Forensics | 311 |
Management Survey | 331 |
Computer Forensic Forensic Web Sites | 343 |
Cyber Crime and Forensic Organizations | 345 |
Cyber Forensic Training Resources List | 351 |
Pertinent Legistlation | 355 |
Recommended Readings | 357 |
Management Assessment 20 Questions | 361 |
Flowchart for the Seizure of a Personal Digital Assistant | 363 |
Additional Information Computer Hardware | 365 |
Questions That Every Cyber Investigator Should Ask before during and after an Investigation | 369 |
Generic Cellular Telephone Search Warrants | 423 |
Generic Computer Search Warrant | 427 |
Generic Affidavit for Search Warrant | 433 |
Configuring the Investigators Forensic Analysis Machine | 437 |
Generic Search Warrant | 439 |
Statement of Underlying Facts and Circumtances | 443 |
Generic State Court OrderSeizure of Electronic Hardware and Records | 447 |
Consent to Search | 453 |
Confidential Cyber Forensics Questionnaire | 457 |
Forensic Case Study Files from the Field | 459 |
Glossary of Terms | 463 |
Index | 483 |
Back cover | 499 |
Andre utgaver - Vis alle
Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving ... Albert Marcella, Jr.,Doug Menendez Ingen forhåndsvisning tilgjengelig - 2007 |
Vanlige uttrykk og setninger
activity Alternate Data Streams analyzing application archived attack audit block cipher bytes chain of custody cluster collection Computer Forensics configuration contain corporate court criminal cyber crime cyber forensic investigator data sources deleted detective determine devices digital evidence digital forensic document e-discovery e-mail electronic evidence encryption ensure event Federal Figure file system forensic examination forensic tools hard disk hard drive hardware hash identify implement Incident Response internal Internet IP address issues laboratory law enforcement litigation logs monitoring motherboard network traffic NTFS NTUSER.DAT operating system organization organization’s packet sniffers packets passwords percent perform policies potential procedures Protocol records retrieved rootkit Rule seized server slack space specific standard steganography storage stored suspect swap files tion types typically UNIX utility Windows Δ Δ Δ
Populære avsnitt
Side 274 - If scientific, technical, or other specialized knowledge will assist the trier of fact to understand the evidence or to determine a fact in issue...
Side 477 - Relevant evidence" means evidence having any tendency to make the existence of any fact that is of consequence to the determination of the action more probable or less probable than it would be without the evidence.
Side 19 - Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act) was enacted on October 26, 2001.
Side 21 - Whoever, with intent or reason to believe that it is to be used to the injury of the United States or to the advantage of a foreign nation...
Side 233 - No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. 2. Everyone has the right to the protection of the law against such interference or attacks.
Side 195 - Internal control is a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: ( 1 ) effectiveness and efficiency of operations, (2) reliability of financial reporting, and (3) compliance with applicable laws and regulations.
Side 18 - Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual...
Side 274 - ... most instances, what is an original will be selfevident and further refinement will be unnecessary. However, in some instances particularized definition is required. A carbon copy of a contract executed in duplicate becomes an original, as does a sales ticket carbon copy given to a customer. While strictly speaking the original of a photograph might be thought to be only the negative, practicality and common usage require that any print from the negative be regarded as an original. Similarly,...
Side 15 - Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.