book

CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide

by Charles L. Brooks

September 2014

Intermediate to advanced

656 pages

11h 18m

English

McGraw-Hill

Read now

Unlock full access

So What Is This Computer Forensics Business Anyway?The History of Computer ForensicsObjectives and BenefitsCorporate vs. Criminal InvestigationsThe Forensics InvestigatorChapter ReviewQuestionsAnswersReferences

What Is Digital Evidence?Anti-Digital ForensicsLocard’s Exchange PrincipleFederal Rules of Evidence (FRE)Computer-Generated vs. Computer-Stored RecordsEssential DataBest EvidenceInternational Principles of Computer EvidenceInternational Organization on Computer Evidence Scientific Working Group on Digital EvidenceEvidence CollectionIOCE Guidelines for Recovering Digital Forensic EvidenceThe Scientific MethodConsider a ScenarioExculpatory EvidenceChapter ReviewQuestionsAnswersReferences
The Process Is KeyOverviewBefore the InvestigationPreparing the InvestigationSeizing the EvidenceAnalyzing the Evidence Reporting and TestifyingChapter ReviewQuestionsAnswersReferences
What Services Are You Offering?Staffing Requirements and PlanningBecoming CertifiedSetting Up Your LabPhysical Location NeedsSoftware RequirementsHardware RequirementsField ToolsLab HardwareOther ConsiderationsChapter ReviewQuestionsAnswersReferences
Searching and Seizing ComputersIs Your Search and Seizure Unwarranted?You Have a WarrantElectronic SurveillancePost-seizure IssuesFirst Responder ProceduresFirst on the SceneManaging the Crime SceneCollecting and Transporting the Evidence Collecting and Preserving Electronic EvidenceThe Crime Scene ReportA Checklist for First RespondersData Acquisition and DuplicationData Acquisition: A DefinitionStatic vs. Live AcquisitionValidating the AcquisitionAcquisition Issues: SSDs, RAID, and CloudConcepts in Practice: Data Acquisition Software and ToolsChapter ReviewQuestionsAnswersReferences
Disk Drives and File SystemsEverything You Wanted to Know About Disk Drives File SystemsGetting the BootBooting from a Live CDRecovering Deleted Files and Partitions Recovering Disk PartitionsRecovering File Systems and FilesTheory into Practice: File and Partition Recovery Tools Steganography and Graphics File FormatsGraphics FilesSteganographyTheory into Practice: Graphics File Tools and Steganography Detection ToolsChapter ReviewQuestionsAnswersReferences
Windows Forensics AnalysisLive Investigations: Volatile InformationLive Investigations: Nonvolatile InformationForensic Investigation of a Windows SystemWindows Log AnalysisWindows Password StorageTheory into Practice: Forensics Tools for WindowsCracking PasswordsPasswords: The Good, the Bad, and the UglyPassword-Cracking TypesTheory into Practice: Password-Cracking ToolsChapter ReviewQuestionsAnswersReferences
Forensic InvestigationsInstallation and ConfigurationCreating the Case and Adding DataAnalyzing the DataGenerating the ReportChoosing the Proper Forensic SoftwareForensic Investigations Using FTKInstallation and Configuration Creating the Case and Adding DataAnalyzing the DataGenerating the Report Forensic Investigations Using EnCaseInstallation and ConfigurationCreating the Case and Adding DataAnalyzing the DataGenerating the ReportSo Did We Get the Evidence We Need?Which One to Choose?Chapter ReviewQuestionsAnswersReferences
Network Forensics: A DefinitionNetwork Forensics and Wired NetworksInvestigating Network TrafficNetwork Forensics: Attack and DefendNetwork Security MonitoringTheory into Practice: Network Forensic ToolsNetwork Forensics and Wireless NetworksWhat’s Different About Wireless?The Saga of Wireless EncryptionInvestigating Wireless AttacksTheory into Practice: Wireless Forensic Tools Log Capturing and Event Correlation Logs, Logs, LogsLegal Issues and Logging Synchronizing TimeSIM, SEM, SIEM—Everybody Wants OneTheory into Practice: Log Capturing and Analysis ToolsChapter ReviewQuestionsAnswersReferences
Cellular NetworksCellular DataMobile DevicesPDAsPlain Ol’ Cell PhonesMusic Players (Personal Entertainment Devices)Smart PhonesTablets and PhabletsWhat Can Criminals Do with Mobile Phones?Retrieving the Evidence Challenges in Mobile ForensicsPrecautions to Take Before InvestigatingThe Process in Mobile ForensicsTheory into Practice: Mobile Forensic ToolsChapter ReviewQuestionsAnswersReferences
Web-based AttacksWeb Applications: A DefinitionMounting the AttackWeb Applications: Attack and DefendWeb Tools Follow the LogsInvestigating the BreachE-mail AttacksE-mail ArchitectureE-mail Crimes Laws Regarding E-mailE-mail Headers and Message StructureE-mail InvestigationConcepts in Practice: E-mail Forensic ToolsChapter ReviewQuestionsAnswersReferences
Can I Get a Witness?Technical vs. Expert WitnessesPre-trial Report PreparationI Just Want to Testify Writing a Good ReportWhat Makes an Effective Report?Documenting the CaseTheory into Practice: Generating a ReportDo’s and Don’ts for a DFIResting the CaseChapter ReviewQuestionsAnswersReferences
System RequirementsInstalling and Running Total TesterAbout Total TesterTechnical Support

Content preview from CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide

CHAPTER 8 Forensic Investigations

In this chapter, you will learn how to

• Install and configure Forensic Toolkit and EnCase

• Create a case and add the data

• Analyze the data

• Generate the report

We’ve talked about individual analysis tools in a previous chapter. An alternative to creating your own forensic software toolkit is to use a software distribution specifically configured for forensic investigations, or to use a particular forensic software program.

A forensic software distribution combines a collection of programs with a host operating system. Many of these distributions are Linux based, and can be either installed to a hard disk or run “live” from a bootable medium such as a CD-ROM or a universal ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

CEH Certified Ethical Hacker Cert Guide, 4th Edition

Publisher Resources

ISBN: 9780071831567

CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide

by Charles L. Brooks

CHAPTER 8

Forensic Investigations

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

CEH Certified Ethical Hacker Cert Guide, 4th Edition

Introduction to Computer Networks and Cybersecurity

Practical Cyber Forensics: An Incident-Based Approach to Forensic Investigations

Digital Forensics Basics: A Practical Guide Using Windows OS

Publisher Resources

CHAPTER 8

Forensic Investigations

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

CEH Certified Ethical Hacker Cert Guide, 4th Edition

Introduction to Computer Networks and Cybersecurity

Practical Cyber Forensics: An Incident-Based Approach to Forensic Investigations

Digital Forensics Basics: A Practical Guide Using Windows OS

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.