book

Learn Computer Forensics

by William Oettinger

April 2020

Beginner

368 pages

8h 12m

English

Packt Publishing

Read now

Unlock full access

Why subscribe?ContributorsAbout the authorAbout the reviewerPackt is searching for authors like you
Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touchReviews
Differences in computer-based investigationsCriminal investigationsFirst respondersCorporate investigationsEmployee misconductCorporate espionageInsider threatSummaryQuestionsFurther reading
Pre-investigation considerationsThe forensic workstationThe response kitForensic softwareForensic investigator trainingUnderstanding case information and legal issuesUnderstanding data acquisition Chain of custodyUnderstanding the analysis processDates and time zonesHash analysisFile signature analysisAntivirusReporting your findingsDetails to include in your reportDocument facts and circumstancesThe report conclusionSummaryQuestionsFurther reading
Exploring evidence Understanding the forensic examination environment Tool validationCreating sterile media Understanding write blockingDefining forensic imaging DD imageEnCase evidence file SSD deviceImaging toolsSummaryQuestionsFurther reading
Understanding the boot processForensic boot mediaHard drivesMBR (Master Boot Record) partitionsGPT partitionsHost Protected Area (HPA) and Device Configuration Overlays (DCO)Understanding filesystemsThe FAT filesystemData areaLong filenamesRecovering deleted filesSlack spaceUnderstanding the NTFS filesystemSummaryQuestionsFurther reading
Timeline analysisX-Ways Media analysisString searchRecovering deleted dataSummaryQuestionsFurther reading
Understanding user profilesUnderstanding Windows RegistryDetermining account usageLast login/last password changeDetermining file knowledgeExploring the thumbcacheExploring Microsoft browsersDetermining most recently used/recently usedLooking into the Recycle BinUnderstanding shortcut (LNK) filesDeciphering JumpListsOpening shellbagsUnderstanding prefetchIdentifying physical locationsDetermining time zonesExploring network historyUnderstanding the WLAN event logExploring program executionDetermining UserAssistExploring ShimcacheUnderstanding USB/attached devices SummaryQuestionsFurther reading

Fundamentals of memory Random access memory?Identifying sources of memoryCapturing RAMPreparing the capturing deviceExploring RAM capture toolsExploring RAM analyzing toolsUsing Bulk Extractor SummaryQuestionsFurther reading
Understanding email protocolsUnderstanding SMTP – Simple Mail Transfer Protocol Understanding the Post Office ProtocolIMAP – Internet Message Access ProtocolUnderstanding web-based emailDecoding emailUnderstanding the email message formatEmail attachmentsUnderstanding client-based email analysisExploring Microsoft Outlook/Outlook ExpressExploring Microsoft Windows Live MailMozilla ThunderbirdUnderstanding WebMail analysis SummaryQuestionsFurther reading
Understanding browsersExploring Google ChromeExploring Internet Explorer/Microsoft EdgeExploring FirefoxSocial mediaFacebookTwitterService providerPeer-to-Peer file sharingAreseMuleShareazaCloud computingSummaryQuestionsFurther reading
Effective note takingWriting the reportEvidence analyzedAcquisition detailsAnalysis detailsExhibits/technical detailsSummaryQuestionsFurther reading
Understanding the types of proceedingsBeginning the preparation phaseUnderstanding the curriculum vitaeUnderstanding testimony and evidenceUnderstanding the importance of ethical behaviorSummaryQuestionsFurther reading
Chapter 01Chapter 02Chapter 03Chapter 04Chapter 05Chapter 06Chapter 07Chapter 08Chapter 09Chapter 10Chapter 11
Leave a review - let other readers know what you think

Overview

"Learn Computer Forensics" is a comprehensive guide that introduces readers to the techniques essential for gathering and analyzing digital evidence in computer forensics. With step-by-step instructions, this book covers a range of topics from understanding the basics of computer investigations to managing real-world scenarios effectively.

What this Book will help me do

Understand core investigative processes and gain a clear grasp of ethical guidelines in digital forensics.
Skillfully recognize and document various types of computer hardware for forensic investigation.
Learn to validate forensic hardware and software, ensuring evidence reliability.
Effectively analyze Windows-based digital artifacts to uncover vital information.
Accurately document findings using professional forensic terminology to ensure credibility.

Author(s)

The book is authored by William Oettinger, a seasoned expert in the field of digital forensics. William has years of hands-on experience and a passion for teaching, ensuring readers gain practical knowledge. His straightforward writing style makes complex topics accessible, inspiring learners towards excellence in forensics.

Who is it for?

"Learn Computer Forensics" is tailored for IT professionals, aspiring forensic investigators, and students eager to explore digital forensics. This book fits individuals starting their journey in incident response or forensic analysis. It's ideal for IT enthusiasts seeking to understand digital evidence handling and examination.