Computer forensics : infoSec Pro guide / David Cowen.

Format:

Book

Author/Creator:

Cowen, David, author.

Language:

English

Subjects (All):

Computer security.

Forensic sciences.

Computer crimes--Investigation.

Computer crimes.

Physical Description:

1 online resource (318 pages ) illustrations (black and white)

Edition:

1st edition

Place of Publication:

New York, New York State : McGraw-Hill Education, 2013.

Language Note:

English

System Details:

text file

Summary:

This hands-on guide shows beginners how to use free, open source tools to conduct computer forensics investigations and verify the findings. Security Smarts for the Self-Guided IT Professional Find out how to excel in the field of computer forensics investigations. Learn what it takes to transition from an IT professional to a computer forensic examiner in the private sector. Written by a Certified Information Systems Security Professional, Computer Forensics: InfoSec Pro Guide is filled with real-world case studies that demonstrate the concepts covered in the book. You'll learn how to set up a forensics lab, select hardware and software, choose forensic imaging procedures, test your tools, capture evidence from different sources, follow a sound investigative process, safely store evidence, and verify your findings. Best practices for documenting your results, preparing reports, and presenting evidence in court are also covered in this detailed resource. Computer Forensics: InfoSec Pro Guide features: Lingo-Common security terms defined so that you're in the know on the job IMHO-Frank and relevant opinions based on the author's years of industry experience Budget Note-Tips for getting security technologies and processes into your organization's budget In Actual Practice-Exceptions to the rules of security explained in real-world contexts Your Plan-Customizable checklists you can use on the job now Into Action-Tips on how, why, and when to apply new skills and techniques at work Security Smarts for the Self-Guided IT Professional Find out how to excel in the field of computer forensics investigations. Learn what it takes to transition from an IT professional to a computer forensic examiner in the private sector. Written by a Certified Information Systems Security Professional, Computer Forensics: InfoSec Pro Guide is filled with real-world case studies that demonstrate the concepts covered in the book. You'll learn how to set up a forensics lab, select hardware and software, choose forensic imaging procedures, test your tools, capture evidence from different sources, follow a sound investigative process, safely store evidence, and verify your findings. Best practices for documenting your results, preparing reports, and presenting evidence in court are also covered in this detailed resource. Computer Forensics: InfoSec Pro Guide features: Lingo-Common security terms defined so that you're in the know on the job IMHO-Frank and relevant opinions based on the author's years of industry experience Budget Note-Tips for getting security technologies and processes into your organization's budget In Actual Practice-Exceptions to the rules of security explained in real-world contexts Your Plan-Customizable checklists you can use on the job now Into Action-Tips on how, why, and when to apply new skills and techniques at work

Contents:

Cover

About the Author

Title Page

Copyright Page

Contents at a Glance

Contents

Acknowledgments

Introduction

Who Should Read This Book

What This Book Covers

How to Use This Book

How Is This Book Organized?

About the Series

Lingo

IMHO

Budget Note

In Actual Practice

Your Plan

Into Action

Part I: Getting Started

Chapter 1: What Is Computer Forensics?

What You Can Do with Computer Forensics

How People Get Involved in Computer Forensics

Law Enforcement

Military

University Programs

IT or Computer Security Professionals

Incident Response vs. Computer Forensics

How Computer Forensic Tools Work

Types of Computer Forensic Tools

Professional Licensing Requirements

Chapter 2: Learning Computer Forensics

Where and How to Get Training

Law Enforcement Training

Corporate Training

Where and How to Get Certified

Vendor Certifications

Vendor-Neutral Certifications

Staying Current

Conferences

Blogs

Forums

Podcasts

Associations

Chapter 3: Creating a Lab

Choosing Where to Put Your Lab

Access Controls

Electrical Power

Air Conditioning

Privacy

Gathering the Tools of the Trade

Write Blockers

Drive Kits

External Storage

Screwdriver Kits

Antistatic Bags

Adaptors

Forensic Workstation

Choosing Forensic Software

Open Source Software

Commercial Software

Storing Evidence

Securing Your Evidence

Organizing Your Evidence

Disposing of Old Evidence

Part II: Your First Investigation

Chapter 4: How to Approach a Computer Forensics Investigation

The Investigative Process

What Are You Being Asked to Find Out?

Where Would the Data Exist?

What Applications Might Have Been Used in Creating the Data?

Should You Request to Go Beyond the Scope of the Investigation?.

Testing Your Hypothesis

Step 1. Define Your Hypothesis

Step 2. Determine a Repeatable Test

Step 3. Create Your Test Environment

Step 4. Document Your Testing

The Forensic Data Landscape

Active Data

Unallocated Space

Slack Space

Mobile Devices

What Do You Have the Authority to Access

Who Hosts the Data?

Who Owns the Device?

Expectation of Privacy

Chapter 5: Choosing Your Procedures

Forensic Imaging

Determining Your Comfort Level

Forensic Imaging Method Pros and Cons

Creating Forms and Your Lab Manual

Chain of Custody Forms

Request Forms

Report Forms

Standard Operating Procedures Manual

Chapter 6: Testing Your Tools

When Do You Need to Test

Collecting Data for Public Research or Presentations

Testing a Forensic Method

Testing a Tool

Where to Get Test Evidence

Raw Images

Creating Your Own Test Images

Forensic Challenges

Learn Forensics with David Cowen on YouTube

Honeynet Project

DC3 Challenge

DFRWS Challenge

SANS Forensic Challenges

High School Forensic Challenge

Collections of Tool Testing Images

Digital Forensic Tool Testing Images

NIST Computer Forensics Reference Data Sets Images

The Hacking Case

NIST Computer Forensics Tool Testing

Chapter 7: Live vs. Postmortem Forensics

Live Forensics

When Live Forensics Is the Best Option

Tools for Live Forensics

Postmortem Forensics

Postmortem Memory Analysis

Chapter 8: Capturing Evidence

Creating Forensic Images of Internal Hard Drives

FTK Imager with a Hardware Write Blocker

FTK Imager with a Software Write Blocker

Creating Forensic Images of External Drives

FTK Imager with a USB Write Blocker

Software Write Blocking on Linux Systems

Creating Forensic Images of Network Shares.

Capturing a Network Share with FTK Imager

Servers

Chapter 9: Nontraditional Digital Forensics

Breaking the Rules: Nontraditional Digital Forensic Techniques

Volatile Artifacts

Malware

Encrypted File Systems

Challenges to Accessing Encrypted Data

Mobile Devices: Smart Phones and Tablets

Solid State Drives

Virtual Machines

Part III: Case Examples: How to Work a Case

Chapter 10: Establishing the Investigation Type and Criteria

Determining What Type of Investigation Is Required

Human Resources Cases

Administrator Abuse

Stealing Information

Internal Leaks

Keyloggers and Malware

What to Do When Criteria Causes an Overlap

What to Do When No Criteria Matches

Where Should the Evidence Be?

Did This Occur over the Network?

Nothing Working? Create a Super Timeline

Chapter 11: Human Resources Cases

Results of a Human Resource Case

How to Work a Pornography Case

Pornography Case Study

How to Investigate a Pornography Case

How to Work a Productivity Waste Case

Chapter 12: Administrator Abuse

The Abuse of Omniscience

Scenario 1: Administrator Runs a Pornographic Site Using Company Resources

Beginning an Investigation

The Web Server's Role in the Network

Directories

Virtual Servers

Virtual Directories

Scenario 2: Exploiting Insider Knowledge Against an Ex-employer

A Private Investigator Calls...

As if They're Reading Our Minds...

What a Network Vulnerability Assessment Can Reveal

E-mail Data Review and Server Restoration

Stepping Up Your Game: Knowledge Meets Creativity

Chapter 13: Stealing Information

What Are We Looking For?

Determining Where the Data Went

LNK Files

Shellbags

Scenario: Recovering Log Files to Catch a Thief

Chapter 14: Internal Leaks

Why Internal Leaks Happen.

Investigating Internal Leaks

Reviewing the Registry Files

Identifying LNK Files

Wrapping Up the Investigation

Using File System Meta-data to Track Leaked or Printed Materials

Chapter 15: Keyloggers and Malware

Defining Keyloggers and Malware

How to Detect Keyloggers and Malware

Registry Files

Prefetch Files

Keyword Searches

Handling Suspicious Files

Determining How an Infection Occurred

What We Know About This Infection

What We Know About the Keylogger

Identifying What Data Was Captured

Finding Information About the Attacker

What We Know About the Attacker

Where to Find More About the Attacker

Part IV: Defending Your Work

Chapter 16: Documenting Your Findings with Reports

Documenting Your Findings

Who Asked You to Undertake the Investigation

What You Were Asked to Do

What You Reviewed

What You Found

What Your Findings Mean

Types of Reports

Informal Report

Incident Report

Internal Report

Declaration

Affidavit

Explaining Your Work

Define Technical Terms

Provide Examples in Layperson Terms

Explain Artifacts

Chapter 17: Litigation and Reports for Court and Exhibits

Important Legal Terms

What Type of Witness Are You?

Fact Witness

Expert Consultant

Expert Witness

Special Master

Neutral

Writing Reports for Court

Declarations in Support of Motions

Expert Reports

Creating Exhibits

Working with Forensic Artifacts

InfoSec Pro Series: Glossary

Index.

Notes:

Includes index.

Description based on print version record.

ISBN:

9780071742450

007174245X

9780071742467

0071742468

OCLC:

852469265