O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Basics of Digital Forensics

Book Description

The Basics of Digital Forensics provides a foundation for people new to the field of digital forensics. This book teaches you how to conduct examinations by explaining what digital forensics is, the methodologies used, key technical concepts and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud, and Internet are discussed. Readers will also learn how to collect evidence, document the scene, and recover deleted data. This is the only resource your students need to get a jump-start into digital forensics investigations.

This book is organized into 11 chapters. After an introduction to the basics of digital forensics, the book proceeds with a discussion of key technical concepts. Succeeding chapters cover labs and tools; collecting evidence; Windows system artifacts; anti-forensics; Internet and email; network forensics; and mobile device forensics. The book concludes by outlining challenges and concerns associated with digital forensics. PowerPoint lecture slides are also available.

This book will be a valuable resource for entry-level digital forensics professionals as well as those in complimentary fields including law enforcement, legal, and general information security.

  • Learn all about what Digital Forensics entails
  • Build a toolkit and prepare an investigative plan
  • Understand the common artifacts to look for during an exam

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Preface
  7. Acknowledgments
  8. About the Author
  9. About the Technical Editor
  10. Chapter 1. Introduction
    1. Introduction
    2. What is Forensic Science?
    3. What is Digital Forensics?
    4. Uses of Digital Forensics
    5. Locard's Exchange Principle
    6. Scientific Method
    7. Organizations of Note
    8. Role of the Forensic Examiner in the Judicial System
    9. Summary
  11. Chapter 2. Key Technical Concepts
    1. Introduction
    2. Bits, Bytes, and Numbering Schemes
    3. File Extensions and File Signatures
    4. Storage and Memory
    5. Computing Environments
    6. Data Types
    7. File Systems
    8. Allocated and Unallocated Space
    9. How Magnetic Hard Drives Store Data
    10. Basic Computer Function—Putting it All Together
    11. Summary
  12. Chapter 3. Labs and Tools
    1. Introduction
    2. Forensic Laboratories
    3. Policies and Procedures
    4. Quality Assurance
    5. Digital Forensic Tools
    6. Accreditation
    7. Summary
  13. Chapter 4. Collecting Evidence
    1. Introduction
    2. Crime Scenes and Collecting Evidence
    3. Documenting the Scene
    4. Chain of Custody
    5. Cloning
    6. Live System versus Dead System
    7. Hashing
    8. Final Report
    9. Summary
  14. Chapter 5. Windows System Artifacts
    1. Introduction
    2. Deleted Data
    3. Hibernation File (Hiberfile.Sys)
    4. Registry
    5. Print Spooling
    6. Recycle Bin
    7. Metadata
    8. Thumbnail Cache
    9. Most Recently Used (MRU)
    10. Restore Points and Shadow Copy
    11. Prefetch
    12. Link Files
    13. Summary
  15. Chapter 6. Antiforensics
    1. Introduction
    2. Hiding Data
    3. Password Attacks
    4. Steganography
    5. Data Destruction
    6. Summary
  16. Chapter 7. Legal
    1. Introduction
    2. The Fourth Amendment
    3. Criminal Law—Searches Without a Warrant
    4. Searching with a Warrant
    5. Electronic Discovery (eDiscovery)
    6. Expert Testimony
    7. Summary
  17. Chapter 8. Internet and E-Mail
    1. Introduction
    2. Internet Overview
    3. Web Browsers—Internet Explorer
    4. E-Mail
    5. Social Networking Sites
    6. Summary
  18. Chapter 9. Network Forensics
    1. Introduction
    2. Network Fundamentals
    3. Network Security Tools
    4. Network Attacks
    5. Incident Response
    6. Network Evidence and Investigations
    7. Summary
  19. Chapter 10. Mobile Device Forensics
    1. Introduction
    2. Cellular Networks
    3. Operating Systems
    4. Cell Phone Evidence
    5. Cell Phone Forensic Tools
    6. Global Positioning Systems (GPS)
    7. Summary
  20. Chapter 11. Looking Ahead
    1. Introduction
    2. Standards and Controls
    3. Cloud Forensics (Finding/Identifying Potential Evidence Stored In the Cloud)
    4. Solid State Drives (SSD)
    5. Speed of Change
    6. Summary
  21. Index