book

CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide

by Charles L. Brooks

September 2014

Intermediate to advanced

656 pages

11h 18m

English

McGraw-Hill

Read now

Unlock full access

So What Is This Computer Forensics Business Anyway?The History of Computer ForensicsObjectives and BenefitsCorporate vs. Criminal InvestigationsThe Forensics InvestigatorChapter ReviewQuestionsAnswersReferences

What Is Digital Evidence?Anti-Digital ForensicsLocard’s Exchange PrincipleFederal Rules of Evidence (FRE)Computer-Generated vs. Computer-Stored RecordsEssential DataBest EvidenceInternational Principles of Computer EvidenceInternational Organization on Computer Evidence Scientific Working Group on Digital EvidenceEvidence CollectionIOCE Guidelines for Recovering Digital Forensic EvidenceThe Scientific MethodConsider a ScenarioExculpatory EvidenceChapter ReviewQuestionsAnswersReferences
The Process Is KeyOverviewBefore the InvestigationPreparing the InvestigationSeizing the EvidenceAnalyzing the Evidence Reporting and TestifyingChapter ReviewQuestionsAnswersReferences
What Services Are You Offering?Staffing Requirements and PlanningBecoming CertifiedSetting Up Your LabPhysical Location NeedsSoftware RequirementsHardware RequirementsField ToolsLab HardwareOther ConsiderationsChapter ReviewQuestionsAnswersReferences
Searching and Seizing ComputersIs Your Search and Seizure Unwarranted?You Have a WarrantElectronic SurveillancePost-seizure IssuesFirst Responder ProceduresFirst on the SceneManaging the Crime SceneCollecting and Transporting the Evidence Collecting and Preserving Electronic EvidenceThe Crime Scene ReportA Checklist for First RespondersData Acquisition and DuplicationData Acquisition: A DefinitionStatic vs. Live AcquisitionValidating the AcquisitionAcquisition Issues: SSDs, RAID, and CloudConcepts in Practice: Data Acquisition Software and ToolsChapter ReviewQuestionsAnswersReferences
Disk Drives and File SystemsEverything You Wanted to Know About Disk Drives File SystemsGetting the BootBooting from a Live CDRecovering Deleted Files and Partitions Recovering Disk PartitionsRecovering File Systems and FilesTheory into Practice: File and Partition Recovery Tools Steganography and Graphics File FormatsGraphics FilesSteganographyTheory into Practice: Graphics File Tools and Steganography Detection ToolsChapter ReviewQuestionsAnswersReferences
Windows Forensics AnalysisLive Investigations: Volatile InformationLive Investigations: Nonvolatile InformationForensic Investigation of a Windows SystemWindows Log AnalysisWindows Password StorageTheory into Practice: Forensics Tools for WindowsCracking PasswordsPasswords: The Good, the Bad, and the UglyPassword-Cracking TypesTheory into Practice: Password-Cracking ToolsChapter ReviewQuestionsAnswersReferences
Forensic InvestigationsInstallation and ConfigurationCreating the Case and Adding DataAnalyzing the DataGenerating the ReportChoosing the Proper Forensic SoftwareForensic Investigations Using FTKInstallation and Configuration Creating the Case and Adding DataAnalyzing the DataGenerating the Report Forensic Investigations Using EnCaseInstallation and ConfigurationCreating the Case and Adding DataAnalyzing the DataGenerating the ReportSo Did We Get the Evidence We Need?Which One to Choose?Chapter ReviewQuestionsAnswersReferences
Network Forensics: A DefinitionNetwork Forensics and Wired NetworksInvestigating Network TrafficNetwork Forensics: Attack and DefendNetwork Security MonitoringTheory into Practice: Network Forensic ToolsNetwork Forensics and Wireless NetworksWhat’s Different About Wireless?The Saga of Wireless EncryptionInvestigating Wireless AttacksTheory into Practice: Wireless Forensic Tools Log Capturing and Event Correlation Logs, Logs, LogsLegal Issues and Logging Synchronizing TimeSIM, SEM, SIEM—Everybody Wants OneTheory into Practice: Log Capturing and Analysis ToolsChapter ReviewQuestionsAnswersReferences
Cellular NetworksCellular DataMobile DevicesPDAsPlain Ol’ Cell PhonesMusic Players (Personal Entertainment Devices)Smart PhonesTablets and PhabletsWhat Can Criminals Do with Mobile Phones?Retrieving the Evidence Challenges in Mobile ForensicsPrecautions to Take Before InvestigatingThe Process in Mobile ForensicsTheory into Practice: Mobile Forensic ToolsChapter ReviewQuestionsAnswersReferences
Web-based AttacksWeb Applications: A DefinitionMounting the AttackWeb Applications: Attack and DefendWeb Tools Follow the LogsInvestigating the BreachE-mail AttacksE-mail ArchitectureE-mail Crimes Laws Regarding E-mailE-mail Headers and Message StructureE-mail InvestigationConcepts in Practice: E-mail Forensic ToolsChapter ReviewQuestionsAnswersReferences
Can I Get a Witness?Technical vs. Expert WitnessesPre-trial Report PreparationI Just Want to Testify Writing a Good ReportWhat Makes an Effective Report?Documenting the CaseTheory into Practice: Generating a ReportDo’s and Don’ts for a DFIResting the CaseChapter ReviewQuestionsAnswersReferences
System RequirementsInstalling and Running Total TesterAbout Total TesterTechnical Support

Content preview from CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide

GLOSSARY

Unlike information security and information assurance, there doesn’t seem to be a definitive glossary for digital forensics. I compiled this glossary based on definitions from three NIST special publications:

• SP800-72 Guidelines on PDA Forensics (2004)

• S800-86 Guide to Integrating Forensic Techniques into Incident Response (2006)

• SP800-101r Guidelines on Mobile Device Forensics (2014)

The most recent definition of a term is the one provided.

acquisition A process by which digital evidence is duplicated, copied, or imaged.

analysis The third phase of the computer and network forensic process, which involves using legally justifiable methods and techniques to derive useful information that addresses the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

CEH Certified Ethical Hacker Cert Guide, 4th Edition

Michael Gregg, Omar Santos

Introduction to Computer Networks and Cybersecurity

Chwan-Hwa (John) Wu, J. David Irwin

Practical Cyber Forensics: An Incident-Based Approach to Forensic Investigations

Niranjan Reddy

Digital Forensics Basics: A Practical Guide Using Windows OS

Nihad A. Hassan

Publisher Resources

ISBN: 9780071831567