book

CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide

by Charles L. Brooks

September 2014

Intermediate to advanced

656 pages

11h 18m

English

McGraw-Hill

Read now

Unlock full access

So What Is This Computer Forensics Business Anyway?The History of Computer ForensicsObjectives and BenefitsCorporate vs. Criminal InvestigationsThe Forensics InvestigatorChapter ReviewQuestionsAnswersReferences

What Is Digital Evidence?Anti-Digital ForensicsLocard’s Exchange PrincipleFederal Rules of Evidence (FRE)Computer-Generated vs. Computer-Stored RecordsEssential DataBest EvidenceInternational Principles of Computer EvidenceInternational Organization on Computer Evidence Scientific Working Group on Digital EvidenceEvidence CollectionIOCE Guidelines for Recovering Digital Forensic EvidenceThe Scientific MethodConsider a ScenarioExculpatory EvidenceChapter ReviewQuestionsAnswersReferences
The Process Is KeyOverviewBefore the InvestigationPreparing the InvestigationSeizing the EvidenceAnalyzing the Evidence Reporting and TestifyingChapter ReviewQuestionsAnswersReferences
What Services Are You Offering?Staffing Requirements and PlanningBecoming CertifiedSetting Up Your LabPhysical Location NeedsSoftware RequirementsHardware RequirementsField ToolsLab HardwareOther ConsiderationsChapter ReviewQuestionsAnswersReferences
Searching and Seizing ComputersIs Your Search and Seizure Unwarranted?You Have a WarrantElectronic SurveillancePost-seizure IssuesFirst Responder ProceduresFirst on the SceneManaging the Crime SceneCollecting and Transporting the Evidence Collecting and Preserving Electronic EvidenceThe Crime Scene ReportA Checklist for First RespondersData Acquisition and DuplicationData Acquisition: A DefinitionStatic vs. Live AcquisitionValidating the AcquisitionAcquisition Issues: SSDs, RAID, and CloudConcepts in Practice: Data Acquisition Software and ToolsChapter ReviewQuestionsAnswersReferences
Disk Drives and File SystemsEverything You Wanted to Know About Disk Drives File SystemsGetting the BootBooting from a Live CDRecovering Deleted Files and Partitions Recovering Disk PartitionsRecovering File Systems and FilesTheory into Practice: File and Partition Recovery Tools Steganography and Graphics File FormatsGraphics FilesSteganographyTheory into Practice: Graphics File Tools and Steganography Detection ToolsChapter ReviewQuestionsAnswersReferences
Windows Forensics AnalysisLive Investigations: Volatile InformationLive Investigations: Nonvolatile InformationForensic Investigation of a Windows SystemWindows Log AnalysisWindows Password StorageTheory into Practice: Forensics Tools for WindowsCracking PasswordsPasswords: The Good, the Bad, and the UglyPassword-Cracking TypesTheory into Practice: Password-Cracking ToolsChapter ReviewQuestionsAnswersReferences
Forensic InvestigationsInstallation and ConfigurationCreating the Case and Adding DataAnalyzing the DataGenerating the ReportChoosing the Proper Forensic SoftwareForensic Investigations Using FTKInstallation and Configuration Creating the Case and Adding DataAnalyzing the DataGenerating the Report Forensic Investigations Using EnCaseInstallation and ConfigurationCreating the Case and Adding DataAnalyzing the DataGenerating the ReportSo Did We Get the Evidence We Need?Which One to Choose?Chapter ReviewQuestionsAnswersReferences
Network Forensics: A DefinitionNetwork Forensics and Wired NetworksInvestigating Network TrafficNetwork Forensics: Attack and DefendNetwork Security MonitoringTheory into Practice: Network Forensic ToolsNetwork Forensics and Wireless NetworksWhat’s Different About Wireless?The Saga of Wireless EncryptionInvestigating Wireless AttacksTheory into Practice: Wireless Forensic Tools Log Capturing and Event Correlation Logs, Logs, LogsLegal Issues and Logging Synchronizing TimeSIM, SEM, SIEM—Everybody Wants OneTheory into Practice: Log Capturing and Analysis ToolsChapter ReviewQuestionsAnswersReferences
Cellular NetworksCellular DataMobile DevicesPDAsPlain Ol’ Cell PhonesMusic Players (Personal Entertainment Devices)Smart PhonesTablets and PhabletsWhat Can Criminals Do with Mobile Phones?Retrieving the Evidence Challenges in Mobile ForensicsPrecautions to Take Before InvestigatingThe Process in Mobile ForensicsTheory into Practice: Mobile Forensic ToolsChapter ReviewQuestionsAnswersReferences
Web-based AttacksWeb Applications: A DefinitionMounting the AttackWeb Applications: Attack and DefendWeb Tools Follow the LogsInvestigating the BreachE-mail AttacksE-mail ArchitectureE-mail Crimes Laws Regarding E-mailE-mail Headers and Message StructureE-mail InvestigationConcepts in Practice: E-mail Forensic ToolsChapter ReviewQuestionsAnswersReferences
Can I Get a Witness?Technical vs. Expert WitnessesPre-trial Report PreparationI Just Want to Testify Writing a Good ReportWhat Makes an Effective Report?Documenting the CaseTheory into Practice: Generating a ReportDo’s and Don’ts for a DFIResting the CaseChapter ReviewQuestionsAnswersReferences
System RequirementsInstalling and Running Total TesterAbout Total TesterTechnical Support

Content preview from CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide

CHAPTER 9 Network Forensics

In this chapter, you will learn how to

• Explain why we investigate network traffic; summarize network forensics concepts; and define the terms firewall, honeypot, and IDS

• List various kinds of network vulnerabilities and network attacks, and where to look for and gather evidence for wired and wireless networks

• Analyze the data: how to handle logs as evidence, and how to condense a log file

• Explain the function of log management, the legality of using logs, and combining event and log management to correlate local and remote events

I’ve been involved with IP networking and data communications for a long, long time, as both a software developer and a software and application ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

CEH Certified Ethical Hacker Cert Guide, 4th Edition

Publisher Resources

ISBN: 9780071831567

CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide

by Charles L. Brooks

CHAPTER 9

Network Forensics

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

CEH Certified Ethical Hacker Cert Guide, 4th Edition

Introduction to Computer Networks and Cybersecurity

Practical Cyber Forensics: An Incident-Based Approach to Forensic Investigations

Digital Forensics Basics: A Practical Guide Using Windows OS

Publisher Resources

CHAPTER 9

Network Forensics

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

CEH Certified Ethical Hacker Cert Guide, 4th Edition

Introduction to Computer Networks and Cybersecurity

Practical Cyber Forensics: An Incident-Based Approach to Forensic Investigations

Digital Forensics Basics: A Practical Guide Using Windows OS

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.