This completely revised reference work will concentrate on providing specific practical information in a well organized format. Each chapter will have a consistent structure, covering similar aspects of different systems when appropriate. In order to provide readers with the knowledge they will need, and to create a thorough understanding of how to utilize the widest range of digital evidence in vastly varying situations, this work is divided into two parts: Investigative Methodology and Forensic Analysis.
The Investigative Methodology section will provide guidance in how to conduct three distinct types of digital investigations: forensic analysis, e-discovery, intrusion investigation. This section will end with an objective discussion of the tools, describing tool evaluation and noting the limitations of forensic software.
The Forensic Analysis section will provide in-depth technical descriptions of digital evidence analysis in commonly encountered situations, starting with computers, moving on to networks, and culminating with embedded systems. This section will demonstrate how forensic science is applied in different technological contexts, providing investigators with technical information and guidance they can use at the crime scene. These technical chapters will focus on the recovery and analysis of digital evidence.
*Demonstrates how computer system usage leaves traces that are useful in investigations, how to locate digital evidence, how that evidence is created and what it means *Furnishes forensic examiners with a range of tools to verify results *Case examples in every chapter convey complex concepts, giving readers a sense of the technical, legal, and practical challenges that arise in real investigations