Chapter 16

Introduction to Forensics

Chapter Objectives

After reading this chapter and completing the exercises, you will be able to do the following:

  • Understand basic forensics principles.

  • Understand forensic procedures.

  • Make a forensic copy of a drive.

  • Use basic forensics tools.

  • Perform basic forensic tasks.


Throughout this book we have explored many aspects of network security. We have examined threats and countermeasures, firewalls, antivirus, IDS, cyber terrorism, policies, and more. However, your network security knowledge is incomplete without at least a basic understanding of computer forensics. The reason for this is simple: The first responders to computer crimes are usually the network administrators and tech support ...

Get Network Defense and Countermeasures: Principles and Practices, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.