Book description
Forensic image acquisition is an important part of postmortem incident response and evidence collection. Digital forensic investigators acquire, preserve, and manage digital evidence to support civil and criminal cases; examine organizational policy violations; resolve disputes; and analyze cyber attacks.
Practical Forensic Imaging takes a detailed look at how to secure and manage digital evidence using Linux-based command line tools. This essential guide walks you through the entire forensic acquisition process and covers a wide range of practical scenarios and situations related to the imaging of storage media.
You'll learn how to:
- Perform forensic imaging of magnetic hard disks, SSDs and flash drives, optical discs, magnetic tapes, and legacy technologies
- Protect attached evidence media from accidental modification
- Manage large forensic image files, storage capacity, image format conversion, compression, splitting, duplication, secure transfer and storage, and secure disposal
- Preserve and verify evidence integrity with cryptographic and piecewise hashing, public key signatures, and RFC-3161 timestamping
- Work with newer drive and interface technologies like NVME, SATA Express, 4K-native sector drives, SSHDs, SAS, UASP/USB3x, and Thunderbolt
- Manage drive security such as ATA passwords; encrypted thumb drives; Opal self-encrypting drives; OS-encrypted drives using BitLocker, FileVault, and TrueCrypt; and others
- Acquire usable images from more complex or challenging situations such as RAID systems, virtual machine images, and damaged media
Publisher resources
Table of contents
- Cover Page
- Title Page
- Copyright Page
- Dedication
- About the Author
- Brief Contents
- Contents in Detail
- Foreword by Eoghan Casey
- Introduction
- Chapter 0: Digital Forensics Overview
- Chapter 1: Storage Media Overview
- Chapter 2: Linux as a Forensic Acquisition Platform
- Chapter 3: Forensic Image Formats
- Chapter 4: Planning and Preparation
- Chapter 5: Attaching Subject Media to an Acquisition Host
- Chapter 6: Forensic Image Acquisition
- Chapter 7: Forensic Image Management
- Chapter 8: Special Image Access Topics
- Chapter 9: Extracting Subsets of Forensic Images
- Closing Remarks
- Index
- Updates
- “An indispensible reference for anyone responsible for preserving digital evidence.” —Professor Eoghan Casey, University of Lausanne
-
Footnotes
- Chapter 0: Digital Forensics Overview
- Chapter 1: Storage Media Overview
- Chapter 2: Linux as a Forensic Acquisition Platform
- Chapter 3: Forensic Image Formats
- Chapter 4: Planning and Preparation
- Chapter 5: Attaching Subject Media to an Acquisition Host
- Chapter 6: Forensic Image Acquisition
- Chapter 7: Forensic Image Management
- Chapter 8: Special Image Access Topics
Product information
- Title: Practical Forensic Imaging
- Author(s):
- Release date: September 2016
- Publisher(s): No Starch Press
- ISBN: 9781593277932
You might also like
book
Radar Trends to Watch: September 2023
Read about the latest developments on O'Reilly Media's Radar.
book
Full Stack Python Security
No-nonsense techniques, libraries, and best practices you can use to keep your Python applications safe and …
book
The Art of Cyberwarfare
Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by …
book
Practical Vulnerability Management
Bugs: they’re everywhere. Software, firmware, hardware — they all have them. Bugs even live in the …