Computer Forensics and Digital Investigation with EnCase Forensic v7 1st Edition by Suzanne Widup ISBN 0071807918 9780071807913

Computer Forensics and Digital Investigation with EnCase Forensic v7 1st Edition by Suzanne Widup – Ebook PDF Instant Download/Delivery. 0071807918, 9780071807913
Full download Computer Forensics and Digital Investigation with EnCase Forensic v7 1st Edition after payment

Product details:

ISBN 10: 0071807918 
ISBN 13: 9780071807913
Author: Suzanne Widup

Conduct repeatable, defensible investigations with EnCase Forensic v7 Maximize the powerful tools and features of the industry-leading digital investigation software. Computer Forensics and Digital Investigation with EnCase Forensic v7 reveals, step by step, how to detect illicit activity, capture and verify evidence, recover deleted and encrypted artifacts, prepare court-ready documents, and ensure legal and regulatory compliance. The book illustrates each concept using downloadable evidence from the National Institute of Standards and Technology CFReDS. Customizable sample procedures are included throughout this practical guide. Install EnCase Forensic v7 and customize the user interface Prepare your investigation and set up a new case Collect and verify evidence from suspect computers and networks Use the EnCase Evidence Processor and Case Analyzer Uncover clues using keyword searches and filter results through GREP Work with bookmarks, timelines, hash sets, and libraries Handle case closure, final disposition, and evidence destruction Carry out field investigations using EnCase Portable Learn to program in EnCase EnScript.

Computer Forensics and Digital Investigation with EnCase Forensic v7 1st Table of contents:

Part I: Preparing for the Forensics Function
Chapter 1: The Road to Readiness
Forensic Readiness
Policies
Methodology
Procedures
Organizing the Work
Infrastructure Considerations
The Lab
Staffing
Summary
Chapter 2: Getting Started
Installing the Software
DVD Installation
Downloaded Installation
Creating a New Case in EnCase
The EnCase Home Screen
The Case Screen
Customizing the Interface
The Case Options
The Global Options
Adding Your First Evidence
Navigating EnCase
The Tree Pane
The Table Pane
The View Pane
Summary
Chapter 3: EnCase Concepts
The EnCase Case File
Case Backups
The EnCase Evidence File
Reacquiring Evidence
Using Encryption with Ex01 and Lx01 Files
Using Encryption to Share Files with Other Parties
Using Encryption in a Multi-Investigator Environment
EnCase Configuration (ini) Files
Case Templates
Summary
Part II: Beginning with EnCase Forensics
Chapter 4: Adding Evidence
Case Study: The NIST CFReDS Hacking Case
Creating a Case Plan
Adding Evidence: Acquisition with EnCase Forensic
Add Local Device
Add Network Preview
Add Evidence File
Add Raw Image
Acquire Smartphone
Add Crossover Preview
EnCase Imager
Summary
Chapter 5: Processing Evidence
Creating the NIST Hacking Case
Adding and Verifying the Evidence
Setting the Time Zone in EnCase
The EnCase Evidence Processor
Process Prioritization
Default or Red-Flagged Modules
Optional Modules
Our First Evidence Processor Run
Summary
Chapter 6: Documenting Evidence
Initial Case Documentation
Files with Internal Structure
Viewing the Evidence Processor Results
Bookmarking Evidence Items
Types of Bookmarks
Viewing Bookmarks
The Blue Check
The Selected Box
The Set Include (Home Plate)
Tagging
Managing Tags
Summary
Part III: Looking for Artifacts
Chapter 7: Further Inspection
More on the Evidence Processor Modules
The System Info Parser (Continued)
The File Carver
The Windows Artifact Parser
Other Modules
Archive
Internet
Thumbnails
Email
Registry
Summary
Chapter 8: Analyzing the Case
The Case Analyzer
Windows Artifacts
Customizing the Case Analyzer
Case Analyzer Report Conventions
SQLite Manager (Firefox)
SQL Basics
Customizing Our Report
Parsing Email
Outlook Express
Web-Based Email
Summary
Chapter 9: Keywords and Searching
Keywords and Searching
Logical vs. Physical Searches
Searching in the Evidence Processor
Viewing Search Results
Searching in the Evidence Browser
Evidence and Cache Locations
Troubleshooting the Evidence Cache
Index Searches
Search Operators
Using GREP Operators
The GREP Wildcards
Grouping and GREP
Ranges and Logical Operators
Summary
Part IV: Putting It All Together
Chapter 10: Conditions and Filters
Conditions
Running an Existing Condition
Creating a New Condition
Condition Logic
Nesting Terms
Running the Condition
Filters
Running a Filter
Editing a Filter
Adding a New Filter
Sharing a Filter
Summary
Chapter 11: Hash Analysis and Timelines
Working with Hash Sets and Libraries
Creating a New Hash Library
Adding Case Results to Your Hash Library
Importing the NSRL Hash Library
Importing Legacy Hash Results into Your Hash Library
Running Queries Against Your Hash Libraries
Using Hash Libraries for Hash Analysis
Viewing Timeline Data in EnCase
Summary
Chapter 12: Reporting
Generating Your Report
Customizing Existing Report Templates
Report Object Code
Changing the Graphic on the Title Page
Creating a New Report Template
Using Styles
Building the Report Tree Hierarchy
Associating Bookmark Folders with Report Sections
Controlling Which Sections Display
Summary
Chapter 13: Wrapping Up the Case
Evidence Lifecycle Management
The Digital Evidence Lifecycle
Acquisition Phase
Processing Phase
Analysis Phase
Presentation Phase
Archival Phase
Disposal Phase
Case Closure Criteria
Inactive Case Review
Archiving a Case
Preparing a Case Package
Physical Media Considerations
Summary
Part V: Automation in EnCase
Chapter 14: EnCase Portable and App Central
EnCase Portable Basics
What Is Included
Installing from the Downloaded Product
Installing from the DVD
Preparing EnCase Portable for Redeployment After Use
Restoring Using EnCase Forensic—Requires Forensic Dongle
Restoring Using the DVD—Does Not Require a Forensic Dongle
Restoring Using an Update File—Does Not Require a Forensic Dongle
Preparing Additional Storage Devices for Use with Portable
Preparing Storage Devices with EnCase Forensics—Scripted Method
Preparing Storage Devices with Windows Explorer—Quick Method
Managing and Configuring EnCase Portable
The Portable Management Interface
File Types in EnCase Portable
Running Jobs in the Field
Collecting from a Powered-On Computer
Collecting from a Powered-Off Computer
The Report Builder
On-Scene Analysis
After the Collection—Back at the Forensic Lab
EnCase App Central
Summary
Chapter 15: An EnScript Primer
The Basics of EnScript
The EnScript Environment
The EnScript Help Function
The EnScript Types Tab and the Class Browser
Anatomy of an EnScript
Our First EnScript
Variables
Variables and Their Scope
Operators
Looping Constructs—Controlling the Flow of an EnScript
The If, Else If, and Else Statements
The For Statement
The While and Do While Statements
The Break and Continue Statements
The Switch, Case, Default Statement
The Foreach, Forall and Forroot Statements
The Ternary Operator
The Debugger
Functions
Passing by Reference or Value
Classes
What Is a Class?
The Aircraft Class
The Constructor
Summary
Part VI: Appendixes
Appendix A: Rosetta Stone for Windows Operating Systems
Appendix B: EnCase Version 7 Keyboard Shortcuts
EnCase Keyboard Shortcuts Quick Reference
Appendix C: Sample Run Books
Creating a New Case (Chapter 2)
Relocating Evidence Manually (Chapter 2)
Backing Up the Current Case (Chapter 3)
Reacquiring .E01/.Ex01 Evidence (Chapter 3)
Reacquiring .L01/.Lx01 Evidence (Chapter 3)
Encrypting an Evidence File (See Reacquiring Evidence)
Adding/Acquiring a Local Device (Chapter 4)
Adding an EnCase Evidence File (Logical or Physical) (Chapter 4)
Adding a Raw Image (Chapter 4)
Acquiring a Smartphone (Chapter 4)
Creating a New Case (Chapter 5)
Verifying an Evidence File without Opening a Case (Chapter 5)
Setting the Time Zone (Chapter 5)
Processing and Preparation of Initial Case Evidence (Chapter 5)
Mounting Files with Internal Structure (Compound Files) Individually (Chapter 6)
Manually Verifying Evidence (Chapter 6)
Regenerating the Case.sqlite Database (Chapter 8)
Searching in the Evidence Browser (Chapter 9)
Running an Existing Condition (Chapter 10)
Running an Existing Filter (Chapter 10)
Creating a Hash Library (Chapter 11)
Creating a New Hash Set Inside the Library (Chapter 11)
Adding Results to Your Hash Library from a Case (Chapter 11)
Importing the NSRL Hash Library (Chapter 11)
Generating a Report (Chapter 12)
Creating a New Report Template (Chapter 12)
Preparing a Case Package for Archiving (Chapter 13)
Wiping a Drive with EnCase (Chapter 13)
Restoring the EnCase Portable USB Device (Chapter 14)
Using EnCase Forensics—Requires Forensic Dongle
Using the DVD—No Forensic Dongle Required
Using the File Update—No Forensic Dongle Required
Preparing Additional Storage Devices for Use with EnCase Portable (Chapter 14)
Launching EnCase Portable Management (Chapter 14)
Collecting from a Powered-On Computer (Chapter 14)
Collecting from a Powered-Off Computer (Chapter 14)
Importing Evidence from EnCase Portable into EnCase Forensic (Chapter 14)
Appendix D: EnScript Class Hierarchy

People also search for Computer Forensics and Digital Investigation with EnCase Forensic v7 1st:

computer forensics and digital investigation
    
computer forensics and digital investigations
    
computer forensics and digital investigation with encase forensic v7
    
computer forensics and digital investigation with encase forensic
    
guide to computer forensics and investigations processing digital evidence