After reading this chapter and completing the exercises, you will be able to do the following:
• Understand basic forensics principles
• Make a forensic copy of a drive
• Use basic forensics tools
In the preceding 13 chapters, you have been introduced to a variety of security topics: from concepts like the CIA triangle, to attacks such as session hijacking, to counter measures like IDS and honey pots. In this chapter, we are going to cover the basics of computer forensics. This is a very important topic for anyone involved in computer security or network administration. It is frequently the case that the first responder to a computer crime is the network administrator, not ...