Overview

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Security Smarts for the Self-Guided IT ProfessionalFind out how to excel in the field of computer forensics investigations. Learn what it takes to transition from an IT professional to a computer forensic examiner in the private sector. Written by a Certified Information Systems Security Professional, Computer Forensics: InfoSec Pro Guide is filled with real-world case studies that demonstrate the concepts covered in the book. You’ll learn how to set up a forensics lab, select hardware and software, choose forensic imaging procedures, test your tools, capture evidence from different sources, follow a sound investigative process, safely store evidence, and verify your findings. Best practices for documenting your results, preparing reports, and presenting evidence in court are also covered in this detailed resource. Computer Forensics: InfoSec Pro Guide features: Lingo—Common security terms defined so that you’re in the know on the job IMHO—Frank and relevant opinions based on the author’s years of industry experience Budget Note—Tips for getting security technologies and processes into your organization’s budget In Actual Practice—Exceptions to the rules of security explained in real-world contexts Your Plan—Customizable checklists you can use on the job now Into Action—Tips on how, why, and when to apply new skills and techniques at work

Full Product Details

Author:   David Cowen ,  Aaron Philipp ,  John Loveland
Publisher:   McGraw-Hill Education - Europe
Imprint:   Osborne/McGraw-Hill
Dimensions:   Width: 19.10cm , Height: 1.80cm , Length: 22.90cm
Weight:   0.597kg
ISBN:  

9780071742450

ISBN 10:   007174245
Pages:   344
Publication Date:   16 May 2013
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Paperback
Publisher's Status:   Active
Availability:   Awaiting stock  
The supplier is currently out of stock of this item. It will be ordered for you and placed on backorder. Once it does come back in stock, we will ship it out for you.

Table of Contents

Introduction PART I: Getting Started Chapter 1: What Is Computer Forensics? What You Can Do with Computer Forensics How People Get Involved in Computer Forensics Law Enforcement Military University Programs IT or Computer Security Professionals Incident Response vs. Computer Forensics How Computer Forensic Tools Work Types of Computer Forensic Tools Professional Licensing Requirements Chapter 2: Learning Computer Forensics Where and How to Get Training Law Enforcement Training Corporate Training Where and How to Get Certified Vendor Certifications Vendor-Neutral Certifications Staying Current Conferences Blogs Forums Podcasts Associations Chapter 3: Creating a Lab Choosing Where to Put Your Lab Access Controls Electrical Power Air Conditioning Privacy Gathering the Tools of the Trade Write Blockers Drive Kits External Storage Screwdriver Kits Antistatic Bags Adaptors Forensic Workstation Choosing Forensic Software Open Source Software Commercial Software Storing Evidence Securing Your Evidence Organizing Your Evidence Disposing of Old Evidence PART II: Your First Investigation Chapter 4: How to Approach a Computer Forensics Investigation The Investigative Process What Are You Being Asked to Find Out? Where Would the Data Exist? What Applications Might Have Been Used in Creating the Data? Should You Request to Go Beyond the Scope of the Investigation? Testing Your Hypothesis Step 1. Define Your Hypothesis Step 2. Determine a Repeatable Test Step 3. Create Your Test Environment Step 4. Document Your Testing The Forensic Data Landscape Active Data Unallocated Space Slack Space Mobile Devices External Storage What Do You Have the Authority to Access Who Hosts the Data? Who Owns the Device? Expectation of Privacy Chapter 5: Choosing Your Procedures Forensic Imaging Determining Your Comfort Level Forensic Imaging Method Pros and Cons Creating Forms and Your Lab Manual Chain of Custody Forms Request Forms Report Forms Standard Operating Procedures Manual Chapter 6: Testing Your Tools When Do You Need to Test Collecting Data for Public Research or Presentations Testing a Forensic Method Testing a Tool Where to Get Test Evidence Raw Images Creating Your Own Test Images Forensic Challenges Learn Forensics with David Cowen on YouTube Honeynet Project DC3 Challenge DFRWS Challenge SANS Forensic Challenges High School Forensic Challenge Collections of Tool Testing Images Digital Forensic Tool Testing Images NIST Computer Forensics Reference Data Sets Images The Hacking Case NIST Computer Forensics Tool Testing Chapter 7: Live vs. Postmortem Forensics Live Forensics When Live Forensics Is the Best Option Tools for Live Forensics Postmortem Forensics Postmortem Memory Analysis Chapter 8: Capturing Evidence Creating Forensic Images of Internal Hard Drives FTK Imager with a Hardware Write Blocker FTK Imager with a Software Write Blocker Creating Forensic Images of External Drives FTK Imager with a USB Write Blocker FTK Imager with a Software Write Blocker Software Write Blocking on Linux Systems Creating Forensic Images of Network Shares Capturing a Network Share with FTK Imager Mobile Devices Servers Chapter 9: Nontraditional Digital Forensics Breaking the Rules: Nontraditional Digital Forensic Techniques Volatile Artifacts Malware Encrypted File Systems Challenges to Accessing Encrypted Data Mobile Devices: Smart Phones and Tablets Solid State Drives Virtual Machines PART III: Case Examples: How to Work a Case Chapter 10: Establishing the Investigation Type and Criteria Determining What Type of Investigation Is Required Human Resources Cases Administrator Abuse Stealing Information Internal Leaks Keyloggers and Malware What to Do When Criteria Causes an Overlap What to Do When No Criteria Matches Where Should the Evidence Be? Did This Occur over the Network? Nothing Working? Create a Super Timeline Chapter 11: Human Resources Cases Results of a Human Resource Case How to Work a Pornography Case Pornography Case Study How to Investigate a Pornography Case How to Work a Productivity Waste Case Chapter 12: Administrator Abuse The Abuse of Omniscience Scenario 1: Administrator Runs a Pornographic Site Using Company Resources Beginning an Investigation The Web Server’s Role in the Network Directories Virtual Servers Virtual Directories Scenario 2: Exploiting Insider Knowledge Against an Ex-employer A Private Investigator Calls… As if They’re Reading Our Minds… What a Network Vulnerability Assessment Can Reveal E-mail Data Review and Server Restoration Stepping Up Your Game: Knowledge Meets Creativity Chapter 13: Stealing Information What Are We Looking For? Determining Where the Data Went LNK Files Shellbags Scenario: Recovering Log Files to Catch a Thief Chapter 14: Internal Leaks Why Internal Leaks Happen Investigating Internal Leaks Reviewing the Registry Files Identifying LNK Files Wrapping Up the Investigation Using File System Meta-data to Track Leaked or Printed Materials Chapter 15: Keyloggers and Malware Defining Keyloggers and Malware How to Detect Keyloggers and Malware Registry Files Prefetch Files Keyword Searches Handling Suspicious Files Determining How an Infection Occurred What We Know About This Infection What We Know About the Keylogger Identifying What Data Was Captured Finding Information About the Attacker What We Know About the Attacker Where to Find More About the Attacker PART IV: Defending Your Work Chapter 16: Documenting Your Findings with Reports Documenting Your Findings Who Asked You to Undertake the Investigation What You Were Asked to Do What You Reviewed What You Found What Your Findings Mean Types of Reports Informal Report Incident Report Internal Report Declaration Affidavit Explaining Your Work Define Technical Terms Provide Examples in Layperson Terms Explain Artifacts Chapter 17: Litigation and Reports for Court and Exhibits Important Legal Terms What Type of Witness Are You? Fact Witness Expert Consultant Expert Witness Special Master Neutral Writing Reports for Court Declarations in Support of Motions Expert Reports Creating Exhibits Working with Forensic Artifacts InfoSec Pro Series: Glossary Index

Reviews

Author Information

David Cowen, CISSP, is a partner at G-C Partners, LLC, where he provides expert witness services and consulting to Fortune 500 companies nationwide.

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions