Front Cover -- The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics -- Copyright -- Dedication -- Table of Contents -- Preface -- Intended Audience -- Organization of This Book -- Chapter 1 - Introduction -- Chapter 2 - Key Technical Concepts -- Chapter 3 - Labs and Tools -- Chapter 4 - Collecting Evidence -- Chapter 5 - Windows System Artifacts -- Chapter 6 - Antiforensics -- Chapter 7 - Legal -- Chapter 8 - Internet and E-Mail -- Chapter 9 - Network Forensics -- Chapter 10 - Mobile Device Forensics -- Chapter 11 - Looking Ahead: Challenges and Concerns -- Acknowledgments -- About the Author -- About the Technical Editor -- 1. Introduction -- Introduction -- What is Forensic Science? -- What is Digital Forensics? -- Uses of Digital Forensics -- Criminal Investigations -- Bind. Torture. Kill. -- Civil Litigation -- Intelligence -- Moussaoui -- Administrative Matters -- The Securities and Exchange Commission (SEC) -- Locard's Exchange Principle -- Scientific Method -- Organizations of Note -- Scientific Working Group on Digital Evidence -- American Academy of Forensic Sciences -- American Society of Crime Laboratory Directors/Laboratory Accreditation Board -- National Institute of Standards and Technology (NIST) -- American Society for Testing and Materials (ASTM) -- Role of the Forensic Examiner in the Judicial System -- The CSI Effect -- Summary -- References -- 2. Key Technical Concepts -- Introduction -- Bits, Bytes, and Numbering Schemes -- Hexadecimal -- Binary to Text: ASCII and Unicode -- File Extensions and File Signatures -- Storage and Memory -- Magnetic Disks -- Flash Memory -- Optical Storage -- Volatile versus Nonvolatile Memory -- Computing Environments -- Cloud Computing -- IaaS -- PaaS -- SaaS -- Data Types -- Active Data -- Latent Data -- Archival Data -- File Systems.

Allocated and Unallocated Space -- Data Persistence -- How Magnetic Hard Drives Store Data -- Page File (or Swap Space) -- Basic Computer Function-Putting it All Together -- Summary -- References -- 3. Labs and Tools -- Introduction -- Forensic Laboratories -- Virtual Labs -- Lab Security -- Evidence Storage -- Policies and Procedures -- Quality Assurance -- Tool Validation -- Documentation -- Forms -- Examiner Notes -- Examiner's Final Report -- Digital Forensic Tools -- Tool Selection -- Hardware -- Other Equipment -- Software -- Accreditation -- Accreditation versus Certification -- Summary -- References -- 4. Collecting Evidence -- Introduction -- Crime Scenes and Collecting Evidence -- Removable Media -- Removable Storage Media -- Cell Phones -- Order of Volatility -- Documenting the Scene -- Photography -- Notes -- Chain of Custody -- Marking Evidence -- Cloning -- Purpose of Cloning -- The Cloning Process -- Forensically Clean Media -- Forensic Image Formats -- Risks and Challenges -- Value in eDiscovery -- Live System versus Dead System -- Live Acquisition Concerns -- Advantage of Live Collection -- Principles of Live Collection -- Conducting and Documenting a Live Collection -- Hashing -- Types of Hashing Algorithms -- Hashing Example -- Uses of Hashing -- Final Report -- Summary -- References -- 5. Windows System Artifacts -- Introduction -- Deleted Data -- Hibernation File (Hiberfile.Sys) -- Sleep -- Hibernation -- Hybrid Sleep -- Registry -- Registry Structure -- From the Case Files: The Windows Registry -- From the Case Files: The Windows Registry and USBStor -- Attribution -- External Drives -- Print Spooling -- Recycle Bin -- Metadata -- Removing Metadata -- From the Case Files: Metadata -- Thumbnail Cache -- Most Recently Used (MRU) -- Restore Points and Shadow Copy -- Restore Points.

From the Case Files: Internet History & Restore Points -- Shadow Copies -- From the Case Files: Restore Points, Shadow Copies, and Anti-forensics -- Prefetch -- Link Files -- Installed Programs -- Summary -- References -- 6. Antiforensics -- Introduction -- Hiding Data -- Encryption -- What Is Encryption? -- Early Encryption -- Algorithms -- Algorithms: It's No Secret -- Key Space -- Some Common Types of Encryption -- Encrypting File System (EFS) -- Bitlocker -- Apple Filevault -- Truecrypt -- Breaking Passwords -- Password Attacks -- Brute Force Attacks -- Password Reset -- Dictionary Attack -- Steganography -- Data Destruction -- Drive Wiping -- Summary -- References -- 7. Legal -- Introduction -- The Fourth Amendment -- Criminal Law-Searches Without a Warrant -- Reasonable Expectation of Privacy -- Private Searches -- E-mail -- The Electronic Communications Privacy Act (ECPA) -- Exceptions to the Search Warrant Requirement -- Searching with a Warrant -- Seize the Hardware or Just the Information? -- Particularity -- Establishing Need for Off-Site Analysis -- Stored Communications Act -- Electronic Discovery (eDiscovery) -- Duty to Preserve -- Private Searches in the Workplace -- Expert Testimony -- Summary -- References -- 8. Internet and E-Mail -- Introduction -- Internet Overview -- Peer-to-Peer (P2P) -- The INDEX.DAT File -- Web Browsers-Internet Explorer -- Cookies -- Temporary Internet Files, a.k.a. web Cache -- Internet History -- Internet Explorer Artifacts in the Registry -- Chat Clients -- Internet Relay Chat (IRC) -- ICQ "I Seek You" -- E-Mail -- Accessing E-mail -- E-mail Protocols -- E-mail as Evidence -- E-mail-Covering the Trail -- Tracing E-mail -- Reading E-mail Headers -- Social Networking Sites -- Summary -- References -- 9. Network Forensics -- Introduction -- Social Engineering -- Network Fundamentals -- Network Types.

Network Security Tools -- Network Attacks -- Incident Response -- Network Evidence and Investigations -- Network Investigation Challenges -- Summary -- References -- 10. Mobile Device Forensics -- Introduction -- Cellular Networks -- Cellular Network Components -- Types of Cellular Networks -- Code Division Multiple Access (CDMA) -- Global System for Mobile Communication (GSM) -- Integrated Digitally Enhanced Network (IDEN) -- Prepaid Cell Phones -- Operating Systems -- Cell Phone Evidence -- Call Detail Records -- Collecting and Handling Cell Phone Evidence -- Subscriber Identity Modules -- Cell Phone Acquisition: Physical and Logical -- Cell Phone Forensic Tools -- Global Positioning Systems (GPS) -- Summary -- References -- 11. Looking Ahead: Challenges and Concerns -- Introduction -- Standards and Controls -- Cloud Forensics (Finding/Identifying Potential Evidence Stored In the Cloud) -- What Is Cloud Computing? -- The Benefits of the Cloud -- Cloud Forensics and Legal Concerns -- Solid State Drives (SSD) -- How Solid State Drives Store Data -- The Problem: Taking out the Trash -- Speed of Change -- Summary -- References -- Index -- A -- B -- C -- D -- E -- F -- G -- H -- I -- J -- K -- L -- M -- N -- O -- P -- Q -- R -- S -- T -- U -- V -- W -- Z.