Guide to Computer Forensics and Investigations 6th Edition by Bill Nelson ISBN 1337568945 9781337568944

Guide to Computer Forensics and Investigations 6th Edition by Bill Nelson – Ebook PDF Instant Download/Delivery. 1337568945, 9781337568944
Full download Guide to Computer Forensics and Investigations 6th Edition after payment

Product details:

ISBN 10: 1337568945 
ISBN 13: 9781337568944
Author: Bill Nelson

Master the skills you need to conduct a successful digital investigation with Nelson/Phillips/Steuart’s GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS, Sixth Edition–the most comprehensive forensics resource available. While other books offer just an overview of the field, this hands-on learning text provides clear instruction on the tools and techniques of the trade, walking you through every step of the computer forensics investigation–from lab setup to testifying in court. It also explains how to use current forensics software and provides free demo downloads. It includes the most up-to-date coverage available of Linux and Macintosh, virtual machine software such as VMware and Virtual Box, Android, mobile devices, handheld devices, cloud forensics, email, social media and the Internet of Anything. With its practical applications, you can immediately put what you learn into practice.

Guide to Computer Forensics and Investigations 6th Table of contents:

Chapter 1. Understanding the Digital Forensics Profession and Investigations
An Overview of Digital Forensics
Digital Forensics and Other Related Disciplines
A Brief History of Digital Forensics
Understanding Case Law
Developing Digital Forensics Resources
Preparing for Digital Investigations
Understanding Law Enforcement Agency Investigations
Following Legal Processes
Understanding Private-Sector Investigations
Maintaining Professional Conduct
Preparing a Digital Forensics Investigation
An Overview of a Computer Crime
An Overview of a Company Policy Violation
Taking a Systematic Approach
Procedures for Private-Sector High-Tech Investigations
Employee Termination Cases
Internet Abuse Investigations
E-mail Abuse Investigations
Attorney-Client Privilege Investigations
Industrial Espionage Investigations
Understanding Data Recovery Workstations and Software
Setting Up Your Workstation for Digital Forensics
Conducting an Investigation
Gathering the Evidence
Understanding Bit-stream Copies
Analyzing Your Digital Evidence
Completing the Case
Critiquing the Case
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 2. The Investigator’s Office and Laboratory
Understanding Forensics Lab Accreditation Requirements
Identifying Duties of the Lab Manager and Staff
Lab Budget Planning
Acquiring Certification and Training
Determining the Physical Requirements for a Digital Forensics Lab
Identifying Lab Security Needs
Conducting High-Risk Investigations
Using Evidence Containers
Overseeing Facility Maintenance
Considering Physical Security Needs
Auditing a Digital Forensics Lab
Determining Floor Plans for Digital Forensics Labs
Selecting a Basic Forensic Workstation
Selecting Workstations for a Lab
Selecting Workstations for Private-Sector Labs
Stocking Hardware Peripherals
Maintaining Operating Systems and Software Inventories
Using a Disaster Recovery Plan
Planning for Equipment Upgrades
Building a Business Case for Developing a Forensics Lab
Preparing a Business Case for a Digital Forensics Lab
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 3. Data Acquisition
Understanding Storage Formats for Digital Evidence
Raw Format
Proprietary Formats
Advanced Forensic Format
Determining the Best Acquisition Method
Contingency Planning for Image Acquisitions
Using Acquisition Tools
Mini-WinFE Boot CDs and USB Drives
Acquiring Data with a Linux Boot CD
Capturing an Image with AccessData FTK Imager Lite
Validating Data Acquisitions
Linux Validation Methods
Windows Validation Methods
Performing RAID Data Acquisitions
Understanding RAID
Acquiring RAID Disks
Using Remote Network Acquisition Tools
Remote Acquisition with ProDiscover
Remote Acquisition with EnCase Enterprise
Remote Acquisition with R-Tools R-Studio
Remote Acquisition with WetStone US-LATT PRO
Remote Acquisition with F-Response
Using Other Forensics Acquisition Tools
PassMark Software ImageUSB
ASR Data SMART
Runtime Software
ILookIX IXImager
SourceForge
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 4. Processing Crime and Incident Scenes
Identifying Digital Evidence
Understanding Rules of Evidence
Collecting Evidence in Private-Sector Incident Scenes
Processing Law Enforcement Crime Scenes
Understanding Concepts and Terms Used in Warrants
Preparing for a Search
Identifying the Nature of the Case
Identifying the Type of OS or Digital Device
Determining Whether You Can Seize Computers and Digital Devices
Getting a Detailed Description of the Location
Determining Who Is in Charge
Using Additional Technical Expertise
Determining the Tools You Need
Preparing the Investigation Team
Securing a Digital Incident or Crime Scene
Seizing Digital Evidence at the Scene
Preparing to Acquire Digital Evidence
Processing Incident or Crime Scenes
Processing Data Centers with RAID Systems
Using a Technical Advisor
Documenting Evidence in the Lab
Processing and Handling Digital Evidence
Storing Digital Evidence
Evidence Retention and Media Storage Needs
Documenting Evidence
Obtaining a Digital Hash
Reviewing a Case
Sample Civil Investigation
An Example of a Criminal Investigation
Reviewing Background Information for a Case
Planning the Investigation
Conducting the Investigation: Acquiring Evidence with OSForensics
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 5. Working with Windows and CLI Systems
Understanding File Systems
Understanding the Boot Sequence
Understanding Disk Drives
Solid-State Storage Devices
Exploring Microsoft File Structures
Disk Partitions
Examining FAT Disks
Examining NTFS Disks
NTFS System Files
MFT and File Attributes
MFT Structures for File Data
NTFS Alternate Data Streams
NTFS Compressed Files
NTFS Encrypting File System
EFS Recovery Key Agent
Deleting NTFS Files
Resilient File System
Understanding Whole Disk Encryption
Examining Microsoft BitLocker
Examining Third-Party Disk Encryption Tools
Understanding the Windows Registry
Exploring the Organization of the Windows Registry
Examining the Windows Registry
Understanding Microsoft Startup Tasks
Startup in Windows 7, Windows 8, and Windows 10
Startup in Windows NT and Later
Understanding Virtual Machines
Creating a Virtual Machine
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 6. Current Digital Forensics Tools
Evaluating Digital Forensics Tool Needs
Types of Digital Forensics Tools
Tasks Performed by Digital Forensics Tools
Tool Comparisons
Other Considerations for Tools
Digital Forensics Software Tools
Command-Line Forensics Tools
Linux Forensics Tools
Other GUI Forensics Tools
Digital Forensics Hardware Tools
Forensic Workstations
Using a Write-Blocker
Recommendations for a Forensic Workstation
Validating and Testing Forensics Software
Using National Institute of Standards and Technology Tools
Using Validation Protocols
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 7. Linux and Macintosh File Systems
Examining Linux File Structures
File Structures in Ext4
Understanding Macintosh File Structures
An Overview of Mac File Structures
Forensics Procedures in Mac
Using Linux Forensics Tools
Installing Sleuth Kit and Autopsy
Examining a Case with Sleuth Kit and Autopsy
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 8. Recovering Graphics Files
Recognizing a Graphics File
Understanding Bitmap and Raster Images
Understanding Vector Graphics
Understanding Metafile Graphics
Understanding Graphics File Formats
Understanding Digital Photograph File Formats
Understanding Data Compression
Lossless and Lossy Compression
Locating and Recovering Graphics Files
Identifying Graphics File Fragments
Repairing Damaged Headers
Searching for and Carving Data from Unallocated Space
Rebuilding File Headers
Reconstructing File Fragments
Identifying Unknown File Formats
Analyzing Graphics File Headers
Tools for Viewing Images
Understanding Steganography in Graphics Files
Using Steganalysis Tools
Understanding Copyright Issues with Graphics
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 9. Digital Forensics Analysis and Validation
Determining What Data to Collect and Analyze
Approaching Digital Forensics Cases
Using Autopsy to Validate Data
Collecting Hash Values in Autopsy
Validating Forensic Data
Validating with Hexadecimal Editors
Validating with Digital Forensics Tools
Addressing Data-Hiding Techniques
Hiding Files by Using the OS
Hiding Partitions
Marking Bad Clusters
Bit-Shifting
Understanding Steganalysis Methods
Examining Encrypted Files
Recovering Passwords
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 10. Virtual Machine Forensics, Live Acquisitions, and Network Forensics
An Overview of Virtual Machine Forensics
Type 2 Hypervisors
Conducting an Investigation with Type 2 Hypervisors
Working with Type 1 Hypervisors
Performing Live Acquisitions
Performing a Live Acquisition in Windows
Network Forensics Overview
The Need for Established Procedures
Securing a Network
Developing Procedures for Network Forensics
Investigating Virtual Networks
Examining the Honeynet Project
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 11. E-mail and Social Media Investigations
Exploring the Role of E-mail in Investigations
Exploring the Roles of the Client and Server in E-mail
Investigating E-mail Crimes and Violations
Understanding Forensic Linguistics
Examining E-mail Messages
Viewing E-mail Headers
Examining E-mail Headers
Examining Additional E-mail Files
Tracing an E-mail Message
Using Network E-mail Logs
Understanding E-mail Servers
Examining UNIX E-mail Server Logs
Examining Microsoft E-mail Server Logs
Using Specialized E-mail Forensics Tools
Using Magnet AXIOM to Recover E-mail
Using a Hex Editor to Carve E-mail Messages
Recovering Outlook Files
E-mail Case Studies
Applying Digital Forensics Methods to Social Media Communications
Social Media Forensics on Mobile Devices
Forensics Tools for Social Media Investigations
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 12. Mobile Device Forensics and the Internet of Anything
Understanding Mobile Device Forensics
Mobile Phone Basics
Inside Mobile Devices
Understanding Acquisition Procedures for Mobile Devices
Mobile Forensics Equipment
Using Mobile Forensics Tools
Understanding Forensics in the Internet of Anything
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 13. Cloud Forensics
An Overview of Cloud Computing
History of the Cloud
Cloud Service Levels and Deployment Methods
Cloud Vendors
Basic Concepts of Cloud Forensics
Legal Challenges in Cloud Forensics
Service Level Agreements
Jurisdiction Issues
Accessing Evidence in the Cloud
Technical Challenges in Cloud Forensics
Architecture
Analysis of Cloud Forensic Data
Anti-Forensics
Incident First Responders
Role Management
Standards and Training
Acquisitions in the Cloud
Encryption in the Cloud
Conducting a Cloud Investigation
Investigating CSPs
Investigating Cloud Customers
Understanding Prefetch Files
Examining Stored Cloud Data on a PC
Windows Prefetch Artifacts
Tools for Cloud Forensics
Forensic Open-Stack Tools
F-Response for the Cloud
Magnet AXIOM Cloud
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 14. Report Writing for High-Tech Investigations
Understanding the Importance of Reports
Limiting a Report to Specifics
Types of Reports
Guidelines for Writing Reports
What to Include in Written Preliminary Reports
Report Structure
Writing Reports Clearly
Designing the Layout and Presentation of Reports
Generating Report Findings with Forensics Software Tools
Using Autopsy to Generate Reports
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 15. Expert Testimony in Digital Investigations
Preparing for Testimony
Documenting and Preparing Evidence
Reviewing Your Role as a Consulting Expert or an Expert Witness
Creating and Maintaining Your CV
Preparing Technical Definitions
Preparing to Deal with the News Media
Testifying in Court
Understanding the Trial Process
Providing Qualifications for Your Testimony
General Guidelines on Testifying
Testifying During Direct Examination
Testifying During Cross-Examination
Preparing for a Deposition or Hearing
Guidelines for Testifying at Depositions
Guidelines for Testifying at Hearings
Preparing Forensics Evidence for Testimony
Preparing a Defense of Your Evidence-Collection Methods
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Chapter 16. Ethics for the Expert Witness
Applying Ethics and Codes to Expert Witnesses
Forensics Examiners’ Roles in Testifying
Considerations in Disqualification
Traps for Unwary Experts
Determining Admissibility of Evidence
Organizations with Codes of Ethics
International Society of Forensic Computer Examiners
International High Technology Crime Investigation Association
International Association of Computer Investigative Specialists
American Bar Association
American Psychological Association
Ethical Difficulties in Expert Testimony
Ethical Responsibilities Owed to You
Standard Forensics Tools and Tools You Create
An Ethics Exercise
Performing a Cursory Exam of a Forensic Image
Performing a Detailed Exam of a Forensic Image
Performing the Exam
Interpreting Attribute 0x80 Data Runs
Carving Data Run Clusters Manually
Chapter Summary
Key Terms
Review Questions
Hands-On Projects
Case Projects
Lab Manual for Guide to Computer Forensics and Investigations
Chapter 1. Understanding the Digital Forensics Profession and Investigations
Lab 1.1. Installing Autopsy for Windows
Objectives
Activity
Review Questions
Lab 1.2. Downloading FTK Imager Lite
Objectives
Activity
Review Questions
Lab 1.3. Downloading WinHex
Objectives
Activity
Review Questions
Lab 1.4. Using Autopsy for Windows
Objectives
Activity
Review Questions
Chapter 2. The Investigator’s Office and Laboratory
Lab 2.1. Wiping a USB Drive Securely
Objectives
Activity
Review Questions
Lab 2.2. Using Directory Snoop to Image a USB Drive
Objectives
Activity
Review Questions
Lab 2.3. Converting a Raw Image to an .E01 Image
Objectives
Activity
Review Questions
Lab 2.4. Imaging Evidence with FTK Imager Lite
Objectives
Activity
Review Questions
Lab 2.5. Viewing Images in FTK Imager Lite
Objectives
Activity
Review Questions
Chapter 3. Data Acquisition
Lab 3.1. Creating a DEFT Zero Forensic Boot CD and USB Drive
Objectives
Activity
Review Questions
Lab 3.2. Examining a FAT Image
Objectives
Activity
Review Questions
Lab 3.3. Examining an NTFS Image
Objectives
Activity
Review Questions
Lab 3.4. Examining an HFS+ Image
Objectives
Activity
Review Questions
Chapter 4. Processing Crime and Incident Scenes
Lab 4.1. Creating a Mini-WinFE Boot CD
Objectives
Activity
Review Questions
Lab 4.2. Using Mini-WinFE to Boot and Image a Windows Computer
Objectives
Activity
Review Questions
Lab 4.3. Testing the Mini-WinFE Write-Protection Feature
Objectives
Activity
Review Questions
Lab 4.4. Creating an Image with Guymager
Objectives
Activity
Review Questions
Chapter 5. Working with Windows and CLI Systems
Lab 5.1. Using DART to Export Windows Registry Files
Objectives
Activity
Review Questions
Lab 5.2. Examining the SAM Hive
Objectives
Activity
Review Questions
Lab 5.3. Examining the SYSTEM Hive
Objectives
Activity
Review Questions
Lab 5.4. Examining the ntuser.dat Registry File
Objectives
Activity
Review Questions
Chapter 6. Current Digital Forensics Tools
Lab 6.1. Using Autopsy 4.7.0 to Search an Image File
Objectives
Activity
Review Questions
Lab 6.2. Using OSForensics to Search an Image of a Hard Drive
Objectives
Activity
Review Questions
Lab 6.3. Examining a Corrupt Image File with FTK Imager Lite, Autopsy, and WinHex
Objectives
Activity
Review Questions
Chapter 7. Linux and Macintosh File Systems
Lab 7.1. Using Autopsy to Process a Mac OS X Image
Objectives
Activity
Review Questions
Lab 7.2. Using Autopsy to Process a Mac OS 9 Image
Objectives
Activity
Review Questions
Lab 7.3. Using Autopsy to Process a Linux Image
Objectives
Activity
Review Questions
Chapter 8. Recovering Graphics Files
Lab 8.1. Using Autopsy to Analyze Multimedia Files
Objectives
Activity
Review Questions
Lab 8.2. Using OSForensics to Analyze Multimedia Files
Objectives
Activity
Review Questions
Lab 8.3. Using WinHex to Analyze Multimedia Files
Objectives
Activity
Review Questions
Chapter 9. Digital Forensics Analysis and Validation
Lab 9.1. Using Autopsy to Search for Keywords in an Image
Objectives
Activity
Review Questions
Lab 9.2. Validating File Hash Values with FTK Imager Lite
Objectives
Activity
Review Questions
Lab 9.3. Validating File Hash Values with WinHex
Objectives
Activity
Review Questions
Chapter 10. Virtual Machine Forensics, Live Acquisitions, and Network Forensics
Lab 10.1. Analyzing a Forensic Image Hosting a Virtual Machine
Objectives
Activity
Review Questions
Lab 10.2. Conducting a Live Acquisition
Objectives
Activity
Review Questions
Lab 10.3. Using Kali Linux for Network Forensics
Objectives
Activity
Review Questions
Chapter 11. E-mail and Social Media Investigations
Lab 11.1. Using OSForensics to Search for E-mails and Mailboxes
Objectives
Activity
Review Questions
Lab 11.2. Using Autopsy to Search for E-mails and Mailboxes
Objectives
Activity
Review Questions
Lab 11.3. Finding Google Searches and Multiple E-mail Accounts
Objectives
Activity
Review Questions
Chapter 12. Mobile Device Forensics
Lab 12.1. Examining Cell Phone Storage Devices
Objectives
Activity
Review Questions
Lab 12.2. Using FTK Imager Lite to View Text Messages, Phone Numbers, and Photos
Objectives
Activity
Review Questions
Lab 12.3. Using Autopsy to Search Cloud Backups of Mobile Devices
Objectives
Activity
Review Questions
Chapter 13. Cloud Forensics
Lab 13.1. Examining Dropbox Cloud Storage
Objectives
Activity
Review Questions
Lab 13.2. Examining Google Drive Cloud Storage
Objectives
Activity
Review Questions
Lab 13.3. Examining OneDrive Cloud Storage
Objectives
Activity
Review Questions
Chapter 14. Report Writing for High-Tech Investigations
Lab 14.1. Investigating Corporate Espionage
Objectives
Activity
Review Questions
Lab 14.2. Adding Evidence to a Case
Objectives
Activity
Review Questions
Lab 14.3. Preparing a Report
Objectives
Activity
Review Questions
Chapter 15. Expert Testimony in Digital Investigations
Lab 15.1. Conducting a Preliminary Investigation
Objectives
Activity
Review Questions
Lab 15.2. Investigating an Arsonist
Objectives
Activity
Review Questions
Lab 15.3. Recovering a Password from Password-Protected Files
Objectives
Activity
Review Questions
Chapter 16. Ethics for the Expert Witness
Lab 16.1. Rebuilding an MFT Record from a Corrupt Image
Objectives
Activity
Review Questions
Appendix A. Certification Test References
Appendix B. Digital Forensics References
Appendix C. Digital Forensics Lab Considerations
Appendix D. Legacy File System and Forensics Tools

People also search for Guide to Computer Forensics and Investigations 6th:

guide to computer forensics and investigations
    
cengage guide to computer forensics and investigations
    
borrow guide to computer forensics and investigations
    
guide to computer forensics and investigations 7th edition free pdf
    
guide to computer forensics and investigations student companion site