Computer Forensics and Digital Investigation With EnCase Forensic 1st edition by Suzanne Widup 9780071807913 0071807918

Computer Forensics and Digital Investigation With EnCase Forensic 1st edition by Suzanne Widup – Ebook PDF Instant Download/Delivery.9780071807913, 0071807918
Full download Computer Forensics and Digital Investigation With EnCase Forensic 1st edition  after payment

Product details:

ISBN 10: 0071807918
ISBN 13: 9780071807913 
Author: Suzanne Widup

Conduct repeatable, defensible investigations with EnCase Forensic v7 Maximize the powerful tools and features of the industry-leading digital investigation software. Computer Forensics and Digital Investigation with EnCase Forensic v7 reveals, step by step, how to detect illicit activity, capture and verify evidence, recover deleted and encrypted artifacts, prepare court-ready documents, and ensure legal and regulatory compliance. The book illustrates each concept using downloadable evidence from the National Institute of Standards and Technology CFReDS. Customizable sample procedures are included throughout this practical guide. Install EnCase Forensic v7 and customize the user interface Prepare your investigation and set up a new case Collect and verify evidence from suspect computers and networks Use the EnCase Evidence Processor and Case Analyzer Uncover clues using keyword searches and filter results through GREP Work with bookmarks, timelines, hash sets, and libraries Handle case closure, final disposition, and evidence destruction Carry out field investigations using EnCase Portable Learn to program in EnCase EnScript

Computer Forensics and Digital Investigation With EnCase Forensic 1st Table of contents:

Part I: Preparing for the Forensics Function
Chapter 1: The Road to Readiness

• Forensic Readiness
• Policies
• Methodology
• Procedures
• Organizing the Work
• Infrastructure Considerations
• The Lab
• Staffing
• Summary

Chapter 2: Getting Started

• Installing the Software
• DVD Installation
• Downloaded Installation
• Creating a New Case in EnCase
• The EnCase Home Screen
• The Case Screen
• Customizing the Interface
• The Case Options
• The Global Options
• Adding Your First Evidence
• Navigating EnCase
• The Tree Pane
• The Table Pane
• The View Pane
• Summary

Chapter 3: EnCase Concepts

• The EnCase Case File
• Case Backups
• The EnCase Evidence File
• Reacquiring Evidence
• Using Encryption with Ex01 and Lx01 Files
• Using Encryption to Share Files with Other Parties
• Using Encryption in a Multi-Investigator Environment
• EnCase Configuration (ini) Files
• Case Templates
• Summary

Part II: Beginning with EnCase Forensics
Chapter 4: Adding Evidence

• Case Study: The NIST CFReDS Hacking Case
• Creating a Case Plan
• Adding Evidence: Acquisition with EnCase Forensic
• Add Local Device
• Add Network Preview
• Add Evidence File
• Add Raw Image
• Acquire Smartphone
• Add Crossover Preview
• EnCase Imager
• Summary

Chapter 5: Processing Evidence

• Creating the NIST Hacking Case
• Adding and Verifying the Evidence
• Setting the Time Zone in EnCase
• The EnCase Evidence Processor
• Process Prioritization
• Default or Red-Flagged Modules
• Optional Modules
• Our First Evidence Processor Run
• Summary

Chapter 6: Documenting Evidence

• Initial Case Documentation
• Files with Internal Structure
• Viewing the Evidence Processor Results
• Bookmarking Evidence Items
• Types of Bookmarks
• Viewing Bookmarks
• The Blue Check
• The Selected Box
• The Set Include (Home Plate)
• Tagging
• Managing Tags
• Summary

Part III: Looking for Artifacts
Chapter 7: Further Inspection

• More on the Evidence Processor Modules
• The System Info Parser (Continued)
• The File Carver
• The Windows Artifact Parser
• Other Modules
• Archive
• Internet
• Thumbnails
• Email
• Registry
• Summary

Chapter 8: Analyzing the Case

• The Case Analyzer
• Windows Artifacts
• Customizing the Case Analyzer
• Case Analyzer Report Conventions
• SQLite Manager (Firefox)
• SQL Basics
• Customizing Our Report
• Parsing Email
• Outlook Express
• Web-Based Email
• Summary

Chapter 9: Keywords and Searching

• Keywords and Searching
• Logical vs. Physical Searches
• Searching in the Evidence Processor
• Viewing Search Results
• Searching in the Evidence Browser
• Evidence and Cache Locations
• Troubleshooting the Evidence Cache
• Index Searches
• Search Operators
• Using GREP Operators
• The GREP Wildcards
• Grouping and GREP
• Ranges and Logical Operators
• Summary

Part IV: Putting It All Together
Chapter 10: Conditions and Filters

• Conditions
• Running an Existing Condition
• Creating a New Condition
• Condition Logic
• Nesting Terms
• Running the Condition
• Filters
• Running a Filter
• Editing a Filter
• Adding a New Filter
• Sharing a Filter
• Summary

Chapter 11: Hash Analysis and Timelines

• Working with Hash Sets and Libraries
• Creating a New Hash Library
• Adding Case Results to Your Hash Library
• Importing the NSRL Hash Library
• Importing Legacy Hash Results into Your Hash Library
• Running Queries Against Your Hash Libraries
• Using Hash Libraries for Hash Analysis
• Viewing Timeline Data in EnCase
• Summary

Chapter 12: Reporting

• Generating Your Report
• Customizing Existing Report Templates
• Report Object Code
• Changing the Graphic on the Title Page
• Creating a New Report Template
• Using Styles
• Building the Report Tree Hierarchy
• Associating Bookmark Folders with Report Sections
• Controlling Which Sections Display
• Summary

Chapter 13: Wrapping Up the Case

• Evidence Lifecycle Management
• The Digital Evidence Lifecycle
• Acquisition Phase
• Processing Phase
• Analysis Phase
• Presentation Phase
• Archival Phase
• Disposal Phase
• Case Closure Criteria
• Inactive Case Review
• Archiving a Case
• Preparing a Case Package
• Physical Media Considerations
• Summary

Part V: Automation in EnCase
Chapter 14: EnCase Portable and App Central

• EnCase Portable Basics
• What Is Included
• Installing from the Downloaded Product
• Installing from the DVD
• Preparing EnCase Portable for Redeployment After Use
• Restoring Using EnCase Forensic—Requires Forensic Dongle
• Restoring Using the DVD—Does Not Require a Forensic Dongle
• Restoring Using an Update File—Does Not Require a Forensic Dongle
• Preparing Additional Storage Devices for Use with Portable
• Preparing Storage Devices with EnCase Forensics—Scripted Method
• Preparing Storage Devices with Windows Explorer—Quick Method
• Managing and Configuring EnCase Portable
• The Portable Management Interface
• File Types in EnCase Portable
• Running Jobs in the Field
• Collecting from a Powered-On Computer
• Collecting from a Powered-Off Computer
• The Report Builder
• On-Scene Analysis
• After the Collection—Back at the Forensic Lab
• EnCase App Central
• Summary

Chapter 15: An EnScript Primer

• The Basics of EnScript
• The EnScript Environment
• The EnScript Help Function
• The EnScript Types Tab and the Class Browser
• Anatomy of an EnScript
• Our First EnScript
• Variables
• Variables and Their Scope
• Operators
• Looping Constructs—Controlling the Flow of an EnScript
• The If, Else If, and Else Statements
• The For Statement
• The While and Do While Statements
• The Break and Continue Statements
• The Switch, Case, Default Statement
• The Foreach, Forall and Forroot Statements
• The Ternary Operator
• The Debugger
• Functions
• Passing by Reference or Value
• Classes
• What Is a Class?
• The Aircraft Class
• The Constructor
• Summary

People also search for Computer Forensics and Digital Investigation With EnCase Forensic 1st :

guide to computer forensics and investigations
 
types of computer forensics
 
challenges in computer forensics
 
computer forensics salary
 
primary goal of computer forensics is