book

Computer Forensics InfoSec Pro Guide

Name: Computer Forensics InfoSec Pro Guide
Author: David Cowen
ISBN: 9780071742467

by David Cowen

April 2013

Intermediate to advanced

512 pages

7h 40m

English

McGraw-Hill

Read now

Unlock full access

Cover
About the Author
Title Page
Copyright Page
Contents at a Glance
Contents
Acknowledgments
Introduction
PART I: Getting Started
Chapter 1: What Is Computer Forensics?
What You Can Do with Computer ForensicsHow People Get Involved in Computer ForensicsLaw EnforcementMilitaryUniversity ProgramsIT or Computer Security ProfessionalsIncident Response vs. Computer ForensicsHow Computer Forensic Tools WorkTypes of Computer Forensic ToolsProfessional Licensing Requirements

Chapter 2: Learning Computer Forensics
Where and How to Get TrainingLaw Enforcement TrainingCorporate TrainingWhere and How to Get CertifiedVendor CertificationsVendor-Neutral CertificationsStaying CurrentConferencesBlogsForumsPodcastsAssociations
Chapter 3: Creating a Lab
Choosing Where to Put Your LabAccess ControlsElectrical PowerAir ConditioningPrivacyGathering the Tools of the TradeWrite BlockersDrive KitsExternal StorageScrewdriver KitsAntistatic BagsAdaptorsForensic WorkstationChoosing Forensic SoftwareOpen Source SoftwareCommercial SoftwareStoring EvidenceSecuring Your EvidenceOrganizing Your EvidenceDisposing of Old Evidence
PART II: Your First Investigation
Chapter 4: How to Approach a Computer Forensics Investigation
The Investigative ProcessWhat Are You Being Asked to Find Out?Where Would the Data Exist?What Applications Might Have Been Used in Creating the Data?Should You Request to Go Beyond the Scope of the Investigation?Testing Your HypothesisStep 1. Define Your HypothesisStep 2. Determine a Repeatable TestStep 3. Create Your Test EnvironmentStep 4. Document Your TestingThe Forensic Data LandscapeActive DataUnallocated SpaceSlack SpaceMobile DevicesExternal StorageWhat Do You Have the Authority to AccessWho Hosts the Data?Who Owns the Device?Expectation of Privacy
Chapter 5: Choosing Your Procedures
Forensic ImagingDetermining Your Comfort LevelForensic Imaging Method Pros and ConsCreating Forms and Your Lab ManualChain of Custody FormsRequest FormsReport FormsStandard Operating Procedures Manual
Chapter 6: Testing Your Tools
When Do You Need to TestCollecting Data for Public Research or PresentationsTesting a Forensic MethodTesting a ToolWhere to Get Test EvidenceRaw ImagesCreating Your Own Test ImagesForensic ChallengesLearn Forensics with David Cowen on YouTubeHoneynet ProjectDC3 ChallengeDFRWS ChallengeSANS Forensic ChallengesHigh School Forensic ChallengeCollections of Tool Testing ImagesDigital Forensic Tool Testing ImagesNIST Computer Forensics Reference Data Sets ImagesThe Hacking CaseNIST Computer Forensics Tool Testing
Chapter 7: Live vs. Postmortem Forensics
Live ForensicsWhen Live Forensics Is the Best OptionTools for Live ForensicsPostmortem ForensicsPostmortem Memory Analysis
Chapter 8: Capturing Evidence
Creating Forensic Images of Internal Hard DrivesFTK Imager with a Hardware Write BlockerFTK Imager with a Software Write BlockerCreating Forensic Images of External DrivesFTK Imager with a USB Write BlockerFTK Imager with a Software Write BlockerSoftware Write Blocking on Linux SystemsCreating Forensic Images of Network SharesCapturing a Network Share with FTK ImagerMobile DevicesServers
Chapter 9: Nontraditional Digital Forensics
Breaking the Rules: Nontraditional Digital Forensic TechniquesVolatile ArtifactsMalwareEncrypted File SystemsChallenges to Accessing Encrypted DataMobile Devices: Smart Phones and TabletsSolid State DrivesVirtual Machines
PART III: Case Examples: How to Work a Case
Chapter 10: Establishing the Investigation Type and Criteria
Determining What Type of Investigation Is RequiredHuman Resources CasesAdministrator AbuseStealing InformationInternal LeaksKeyloggers and MalwareWhat to Do When Criteria Causes an OverlapWhat to Do When No Criteria MatchesWhere Should the Evidence Be?Did This Occur over the Network?Nothing Working? Create a Super Timeline
Chapter 11: Human Resources Cases
Results of a Human Resource CaseHow to Work a Pornography CasePornography Case StudyHow to Investigate a Pornography CaseHow to Work a Productivity Waste Case
Chapter 12: Administrator Abuse
The Abuse of OmniscienceScenario 1: Administrator Runs a Pornographic Site Using Company ResourcesBeginning an InvestigationThe Web Server’s Role in the NetworkDirectoriesVirtual ServersVirtual DirectoriesScenario 2: Exploiting Insider Knowledge Against an Ex-employerA Private Investigator Calls…As if They’re Reading Our Minds…What a Network Vulnerability Assessment Can RevealE-mail Data Review and Server RestorationStepping Up Your Game: Knowledge Meets Creativity
Chapter 13: Stealing Information
What Are We Looking For?Determining Where the Data WentLNK FilesShellbagsScenario: Recovering Log Files to Catch a Thief
Chapter 14: Internal Leaks
Why Internal Leaks HappenInvestigating Internal LeaksReviewing the Registry FilesIdentifying LNK FilesWrapping Up the InvestigationUsing File System Meta-data to Track Leaked or Printed Materials
Chapter 15: Keyloggers and Malware
Defining Keyloggers and MalwareHow to Detect Keyloggers and MalwareRegistry FilesPrefetch FilesKeyword SearchesHandling Suspicious FilesDetermining How an Infection OccurredWhat We Know About This InfectionWhat We Know About the KeyloggerIdentifying What Data Was CapturedFinding Information About the AttackerWhat We Know About the AttackerWhere to Find More About the Attacker
PART IV: Defending Your Work
Chapter 16: Documenting Your Findings with Reports
Documenting Your FindingsWho Asked You to Undertake the InvestigationWhat You Were Asked to DoWhat You ReviewedWhat You FoundWhat Your Findings MeanTypes of ReportsInformal ReportIncident ReportInternal ReportDeclarationAffidavitExplaining Your WorkDefine Technical TermsProvide Examples in Layperson TermsExplain Artifacts
Chapter 17: Litigation and Reports for Court and Exhibits
Important Legal TermsWhat Type of Witness Are You?Fact WitnessExpert ConsultantExpert WitnessSpecial MasterNeutralWriting Reports for CourtDeclarations in Support of MotionsExpert ReportsCreating ExhibitsWorking with Forensic Artifacts
InfoSec Pro Series: Glossary
Index

Overview

Security Smarts for the Self-Guided IT Professional

Find out how to excel in the field of computer forensics investigations. Learn what it takes to transition from an IT professional to a computer forensic examiner in the private sector. Written by a Certified Information Systems Security Professional, Computer Forensics: InfoSec Pro Guide is filled with real-world case studies that demonstrate the concepts covered in the book.

You’ll learn how to set up a forensics lab, select hardware and software, choose forensic imaging procedures, test your tools, capture evidence from different sources, follow a sound investigative process, safely store evidence, and verify your findings. Best practices for documenting your results, preparing reports, and presenting evidence in court are also covered in this detailed resource.

Computer Forensics: InfoSec Pro Guide features:

Lingo—Common security terms defined so that you’re in the know on the job
IMHO—Frank and relevant opinions based on the author’s years of industry experience
Budget Note—Tips for getting security technologies and processes into your organization’s budget
In Actual Practice—Exceptions to the rules of security explained in real-world contexts
Your Plan—Customizable checklists you can use on the job now
Into Action—Tips on how, why, and when to apply new skills and techniques at work

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide

Publisher Resources

ISBN: 9780071742450

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills