Computer Forensics JumpStart -- Front matter -- About the Authors -- About the Technical Editor -- Acknowledgments -- Contents -- Introduction -- Chapter 1: The Need for Computer Forensics -- Defining Computer Forensics -- Real-Life Examples of Computer Crime -- Hacker Pleads Guilty to Illegally Accessing New York Times Computer Network -- Man Pleads Guilty to Hacking Intrusion and Theft of Data Costing Company 5.8 Million -- Three Men Indicted for Hacking into LoweÌs CompaniesÌ Computers with Intent to Steal Credit Card Information -- Former Chief Computer Network Program Designer Arraigned for Alleged 10 Million Computer Software Bomb -- Juvenile Computer Hacker Sentenced to Six Months in Detention Facility -- Corporate versus Law Enforcement Concerns -- Corporate Concerns Focus on Detection and Prevention -- Law Enforcement Focuses on Prosecution -- Russian Computer Hacker Indicted in California for Breaking into Computer Systems and Extorting Victim Companies -- Training -- Practitioners -- End Users -- What Are Your OrganizationÌs Needs? -- Terms to Know -- Review Questions -- Chapter 2: Preparation--What to Do Before You Start -- Know Your Hardware -- What I/O Devices Are Used? -- Check Computers for Unauthorized Hardware -- Keep Up to Date with New I/O Trends -- Know Your Operating System -- Different Operating Systems -- Know What Filesystems Are in Use -- Maintain Tools and Procedures for Each Operating System -- and Filesystem -- Preinstalled Tools Make Forensics Easier -- Know Your Limits -- Legal Organizational Rights and Limits -- Search and Seizure Guidelines -- Will This End Up in Court? -- Develop Your Incident Response Team -- Organize the Team -- State Clear Processes -- Coordinate with Local Law Enforcement -- Terms to Know -- Review Questions -- Chapter 3: Computer Evidence -- What Is Computer Evidence?.

Incidents and Computer Evidence -- Types of Evidence -- Search and Seizure -- Voluntary Surrender -- Subpoena -- Search Warrant -- Chain of Custody -- Definition -- Controls -- Documentation -- Evidence Admissibility in a Court of Law -- Relevance and Admissibility -- Techniques to Ensure Admissibility -- Leave No Trace -- Read-Only Image -- Software Write Blocker -- Hardware Write Blocker -- Terms to Know -- Review Questions -- Chapter 4: Common Tasks -- Evidence Identification -- Physical Hardware -- Removable Storage -- Documents -- Evidence Preservation -- Pull the Plug or Shut It Down? -- Supply Power As Needed -- Provide Evidence of Initial State -- Evidence Analysis -- Knowing Where to Look -- Wading through the Sea of Data -- Sampling Data -- Evidence Presentation -- Know Your Audience -- Organization of Presentation -- Keep It Simple -- Terms to Know -- Review Questions -- Chapter 5: Capturing the Data Image -- Full Volume Images -- Evidence Collection Order -- Preparing Media and Tools -- Collecting the Volatile Data -- Creating a Duplicate of the Hard Disk -- Extracting Data from PDAs -- Image and Tool Documentation -- Partial Volume Image -- Imaging/Capture Tools -- Utilities -- Commercial Software -- PDA Tools -- Terms to Know -- Review Questions -- Chapter 6: Extracting Information from Data -- What Are You Looking For? -- Internet Files -- E-mail Headers -- Deleted Files -- Passwords -- How People Think -- Picking the Low-Hanging Fruit -- Hidden Evidence -- Trace Evidence -- Terms to Know -- Review Questions -- Chapter 7: Passwords and Encryption -- Passwords -- Finding Passwords -- Deducing Passwords -- Cracking Passwords -- Encryption Basics -- Common Encryption Practices -- Private Key Algorithms -- Public Key Algorithms -- Steganography -- Strengths and Weaknesses of Encryption -- Key Length -- Key Management.

Handling Encrypted Data -- Identifying Encrypted Files -- Decrypting Files -- Terms to Know -- Review Questions -- Chapter 8: Common Forensics Tools -- Disk Imaging and Validation Tools -- ByteBack -- dd -- DriveSpy -- EnCase -- Forensic Replicator -- FTK Imager -- Norton Ghost -- ProDiscover -- SafeBack -- SMART -- WinHex -- Forensics Tools -- Software Suites -- Miscellaneous Software Tools -- Hardware -- Your Forensics Toolkit -- Each Organization Is Different -- Most Examiners Use Overlapping Tools -- Terms to Know -- Review Questions -- Chapter 9: Pulling It All Together -- Begin with a Concise Summary -- Document Everything, Assume Nothing -- Interviews and Diagrams -- Videotapes and Photographs -- Transporting the Evidence -- Documenting Gathered Evidence -- Additional Documentation -- Formulating the Report -- Sample Analysis Reports -- Case #234--NextGard Technology Copyright Piracy Summary -- Additional Report Subsections -- Using Software to Generate Reports -- Terms to Know -- Review Questions -- Chapter 10: How to Testify in Court -- Preparation Is Everything -- Understand the Case -- Understand the Strategy -- Understand Your Job -- Appearance Matters -- Clothing -- Grooming -- Attitude -- What Matters Is What They Hear -- Listening -- Tone -- Vocabulary -- Know Your Forensics Process and Tools -- Best Practices -- Your Process and Documentation -- Your Forensic Toolkit -- Say Only What Is Necessary -- Be Complete, But Not Overly Elaborate -- Remember Your Audience -- Keep It Simple -- Explaining Technical Concepts -- Use Presentation Aids When Needed -- Watch for Feedback -- Be Ready to Justify Every Step -- Summary -- Terms to Know -- Review Questions -- Appendix A: Answers to Review Questions -- Chapter 1 -- Chapter 2 -- Chapter 3 -- Chapter 4 -- Chapter 5 -- Chapter 6 -- Chapter 7 -- Chapter 8 -- Chapter 9 -- Chapter 10.

Appendix B: Forensics Resources -- Information -- Organizations -- Publications -- Services -- Software -- Training -- Appendix C: Forensics Certifications -- Advanced Information Security (AIS) -- Certified Computer Examiner (CCE) -- Certified Cyber-Crime Expert (C^3E) -- Certified Information Forensics Investigator (CIFI) -- Certified Computer Crime Investigator (CCCI) -- Certified Computer Forensic Technician (CCFT) -- Certified Forensic Computer Examiner (CFCE) -- Certified Information Systems Auditor (CISA) -- EnCase Certified Examiner Program -- GIAC Certified Forensic Analyst (GCFA) -- Professional Certified Investigator (PCI) -- Appendix D: Forensics Tools -- Forensics Tool Suites -- Ultimate Toolkit -- Maresware -- X-Ways Forensics -- Forensicware -- Password-Cracking Utilities -- Passware -- ElcomSoft -- CD Analysis Utilities -- IsoBuster -- CD/DVD Inspector -- Metadata Viewer Utility -- Metadata Assistant -- Graphic Viewing Utility -- Quick View Plus -- Forensics Hardware Devices -- Intelligent Computer Solutions -- Computer Forensics Training -- Intense School Computer Forensics Training Class -- Glossary -- Index -- Symbols and Numbers -- A -- B -- C -- D -- E -- F -- G -- H -- I -- J -- K -- L -- M -- N -- O -- P -- Q -- R -- S -- T -- U -- V -- W -- X, Z.