book

Cyber Forensics: From Data to Digital Evidence

by Frederic Guillossou, Albert J. Marcella

May 2012

Beginner

342 pages

8h 6m

English

Read now

Unlock full access

Contents

Base 2 Numbering System: Binary and Character EncodingCommunication in a Two-State UniverseElectricity and MagnetismBuilding Blocks: The Origins of DataGrowing the Building Blocks of DataMoving Beyond Base 2American Standard Code for Information InterchangeCharacter Codes: The Basis for Processing Textual DataExtended ASCII and UnicodeSummaryNotes
American Standard Code for Information InterchangeComputer as a CalculatorWhy is this Important in Forensics?Data RepresentationConverting Binary to DecimalConversion AnalysisA Forensic Case Example: An Application of the MathDecimal to Binary: Recap for ReviewSummary
What the HEX?Bits and Bytes and NibblesNibbles and BitsBinary to HEX ConversionBinary (HEX) EditorThe Needle within the HaystackSummaryNotes

OpeningFiles, File Structures, and File FormatsFile ExtensionsChanging a File’s Extension to Evade DetectionFiles and the HEX EditorFile SignatureASCII is not Text or HEXValue of File SignaturesComplex Files: Compound, Compressed, and Encrypted FilesWhy do Compound Files Exist?Compressed FilesForensics and Encrypted FilesThe Structure of CiphersSummaryNotesAppendix 4A: Common File ExtensionsAppendix 4B: File Signature DatabaseAppendix 4C: Magic Number DefinitionAppendix 4D: Compound Document Header
Booting UpPrimary Functions of the Boot ProcessForensic Imaging and Evidence CollectionSummarizing the BIOSBIOS Setup Utility: Step by StepThe Master Boot Record (MBR)Partition TableHard Disk PartitionSummaryNotes
The Flavor of EndiannessEndiannessThe Origins of EndianPartition Table within the Master Boot RecordSummaryNotes
Tech ReviewCylinder, Head, Sector, and Logical Block AddressingVolumes and PartitionsSummaryNotes
Tech ReviewFile SystemsMetadataFile Allocation Table (FAT) File SystemSlackHEX Review NoteDirectory EntriesFile Allocation Table (FAT)How is Cluster Size Determined?Expanded Cluster SizeDirectory Entries and the FATFAT Filing System LimitationsDirectory Entry LimitationsSummaryAppendix 8A: Partition Table FieldsAppendix 8B: File Allocation Table ValuesAppendix 8C: Directory Entry Byte Offset DescriptionAppendix 8D: FAT 12/16 Byte Offset ValuesAppendix 8E: FAT 32 Byte Offset ValuesAppendix 8F: The Power of 2
New Technology File SystemPartition Boot RecordMaster File TableNTFS SummaryexFATAlternative Filing System ConceptsSummaryNotesAppendix 9A: Common NTFS System Defined Attributes
The Forensic ProcessForensic Investigative Smart PracticesTimeSummaryNote
What is Time?Network Time ProtocolTimestamp DataKeeping Track of TimeClock Models and Time Bounding: The Foundations of Forensic TimeMS-DOS 32-Bit Timestamp: Date and TimeDate DeterminationTime DeterminationTime InaccuracySummaryNotes
Forensic Investigative Smart PracticesStep 5: Investigation (Continued)Step 6: Communicate FindingsCharacteristics of a Good Cyber Forensic ReportReport ContentsStep 7: Retention and Curation of EvidenceStep 8: Investigation Wrap-Up and ConclusionInvestigator’s Role as an Expert WitnessSummaryNotes
BinaryBinary—Decimal—ASCIIData Versus CodeHEXFrom Raw Data to FilesAccessing FilesEndiannessPartitionsFile SystemsTimeThe Investigation ProcessSummary

Content preview from Cyber Forensics: From Data to Digital Evidence

Contents

Acknowledgments

Chapter One: The Fundamentals of Data

Base 2 Numbering System: Binary and Character Encoding

Communication in a Two-State Universe

Electricity and Magnetism

Building Blocks: The Origins of Data

Growing the Building Blocks of Data

Moving Beyond Base 2

American Standard Code for Information Interchange

Character Codes: The Basis for Processing Textual Data

Extended ASCII and Unicode

Chapter Two: Binary to Decimal

American Standard Code for Information Interchange

Computer as a Calculator

Why is this Important in Forensics?

Data Representation

Converting Binary to Decimal

Conversion Analysis

A Forensic Case Example: An Application of the Math

Decimal to Binary: Recap for Review

Chapter Three: The Power of HEX: Finding Slivers of Data

Bits and Bytes and Nibbles

Nibbles and Bits

Binary to HEX Conversion

Binary (HEX) Editor

The Needle within the Haystack

Chapter Four: Files

Files, File Structures, and File Formats

File Extensions

Changing a File’s Extension to Evade Detection

Files and the HEX Editor

ASCII is not Text or HEX

Value of File Signatures

Complex Files: Compound, Compressed, and Encrypted Files

Why do Compound Files Exist?

Compressed Files

Forensics and Encrypted Files

The Structure of Ciphers

Appendix 4A: Common File Extensions

Appendix 4B: File Signature Database

Appendix 4C: Magic Number Definition

Appendix 4D: Compound Document Header

Chapter Five: The ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

You might also like

Digital Forensics and Internet of Things

Digital Forensics and Internet of Things

Anita Gehlot, Rajesh Singh, Jaskaran Singh, Neeta Raj Sharma

The Basics of Digital Forensics

The Basics of Digital Forensics

John Sammons

Cyber Crime and Cyber Terrorism Investigator's Handbook

Cyber Crime and Cyber Terrorism Investigator's Handbook

Babak Akhgar, Andrew Staniforth, Francesca Bosco

Implementing Digital Forensic Readiness

Implementing Digital Forensic Readiness

Jason Sachowski

Publisher Resources

ISBN: 9781118273661Purchase book