The evidence is in–to solve Windows crime, you need Windows tools.
An arcane pursuit a decade ago, forensic science today is a household term. And while the computer forensic analyst may not lead as exciting a life as TV’s CSIs do, he or she relies just as heavily on scientific principles and just as surely solves crime.
Whether you are contemplating a career in this growing field or are already an analyst in a Unix/Linux environment, this book prepares you to combat computer crime in the Windows world. Here are the tools to help you recover sabotaged files, track down the source of threatening e-mails, investigate industrial espionage, and expose computer criminals.
- Identify evidence of fraud, electronic theft, and employee Internet abuse
- Investigate crime related to instant messaging, Lotus Notes(r), and increasingly popular browsers such as Firefox(r)
- Learn what it takes to become a computer forensics analyst
- Take advantage of sample forms and layouts as well as case studies
- Protect the integrity of evidence
- Compile a forensic response toolkit
- Assess and analyze damage from computer crime and process the crime scene
- Develop a structure for effectively conducting investigations
- Discover how to locate evidence in the Windows Registry
Computer Forensics: Hard Disk and Operating Systems (Ec-Council Press Series : Computer Forensics) by EC-Council
The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks. Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating potential legal evidence. In full, this and the other four books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker’s path through a client system. The series and accompanying labs help prepare the security student or professional to profile an intruder’s footprint and gather all necessary information and evidence to support prosecution in a court of law. Hard Disks, File and Operating Systems provides a basic understanding of file systems, hard disks and digital media devices. Boot processes, Windows and Linux Forensics and application of password crackers are all discussed.
Uncover a digital trail of e-evidence by using the helpful, easy-to-understand information in Computer Forensics For Dummies! Professional and armchair investigators alike can learn the basics of computer forensics, from digging out electronic evidence to solving the case. You won’t need a computer science degree to master e-discovery. Find and filter data in mobile devices, e-mail, and other Web-based technologies.
You’ll learn all about e-mail and Web-based forensics, mobile forensics, passwords and encryption, and other e-evidence found through VoIP, voicemail, legacy mainframes, and databases. You’ll discover how to use the latest forensic software, tools, and equipment to find the answers that you’re looking for in record time. When you understand how data is stored, encrypted, and recovered, you’ll be able to protect your personal privacy as well. By the time you finish reading this book, you’ll know how to:
- Prepare for and conduct computer forensics investigations
- Find and filter data
- Protect personal privacy
- Transfer evidence without contaminating it
- Anticipate legal loopholes and opponents’ methods
- Handle passwords and encrypted data
- Work with the courts and win the case
Plus, Computer Forensics for Dummies includes lists of things that everyone interested in computer forensics should know, do, and build. Discover how to get qualified for a career in computer forensics, what to do to be a great investigator and expert witness, and how to build a forensics lab or toolkit.
This is an advanced cookbook and reference guide for digital forensic practitioners. File System Forensic Analysis focuses on the file system and disk. The file system of a computer is where most files are stored and where most evidence is found; it also the most technically challenging part of forensic analysis. This book offers an overview and detailed knowledge of the file system and disc layout. The overview will allow an investigator to more easily find evidence, recover deleted data, and validate his tools. The cookbook section will show how to use the many open source tools for analysis, many of which Brian Carrier has developed himself.
- Preserving the digital crime scene and duplicating hard disks for “dead analysis”
- Identifying hidden data on a disk’s Host Protected Area (HPA)
- Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more
- Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques
- Analyzing the contents of multiple disk volumes, such as RAID and disk spanning
- Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques
- Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more
- Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools
When it comes to file system analysis, no other book offers this much detail or expertise. Whether you’re a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.
Incident Response and Computer Forensics, Second Edition by Chris Prosise, Kevin Mandia, Matt Pepe.
- Paperback: 507 pages
- Publisher: McGraw-Hill/Osborne; 2 edition (July 17, 2003)
- Language: English
- ISBN-10: 007222696X
- ISBN-13: 978-0072226966
- Product Dimensions: 9.1 x 7.3 x 1.2 inches
- Shipping Weight: 2 pounds
A strong system of defenses will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Incident Response aims to teach you how to determine when an attack has occurred or is underway–they’re often hard to spot–and show you what to do about it. Authors Kevin Mandia and Chris Prosise favor a tools- and procedures-centric approach to the subject, thereby distinguishing this book from others that catalog particular attacks and methods for dealing with each one. The approach is more generic, and therefore better suited to dealing with newly emerging attack techniques.
Anti-attack procedures are presented with the goal of identifying, apprehending, and successfully prosecuting attackers. The advice on carefully preserving volatile information, such as the list of processes active at the time of an attack, is easy to follow. The book is quick to endorse tools, the functionalities of which are described so as to inspire creative applications. Information on bad-guy behavior is top quality as well, giving readers knowledge of how to interpret logs and other observed phenomena. Mandia and Prosise don’t–and can’t–offer a foolproof guide to catching crackers in the act, but they do offer a great “best practices” guide to active surveillance. –David Wall
Topics covered: Monitoring computer systems for evidence of malicious activity, and reacting to such activity when it’s detected. With coverage of Windows and Unix systems as well as non-platform-specific resources like Web services and routers, the book covers the fundamentals of incident response, processes for gathering evidence of an attack, and tools for making forensic work easier. –This text refers to an alternate Paperback edition.
List Price: $52.99 Price: $33.38 You Save: $19.61