Fundamentals of digital forensics theory, methods, and real-life applications /: theory, methods, and real-life applications. (2020)
- Record Type:
- Book
- Title:
- Fundamentals of digital forensics theory, methods, and real-life applications /: theory, methods, and real-life applications. (2020)
- Main Title:
- Fundamentals of digital forensics theory, methods, and real-life applications
- Further Information:
- Note: Joakim Kävrestad.
- Other Names:
- Kävrestad, Joakim
- Contents:
- Intro -- Preface -- Overview and Audience -- Motivation and Features -- Contents -- Part I: Theory -- 1: What Is Digital Forensics? -- 1.1 A Forensic Examination -- 1.2 How Forensics Has Been Used -- 1.3 Questions and Tasks -- References -- 2: Ethics and Integrity -- 2.1 Tracing Online Users -- 2.2 Key Disclosure Law(s) -- 2.3 Police Hacking -- 2.4 Ethical Guidelines -- 2.5 Questions and Tasks -- References -- 3: Computer Theory -- 3.1 Secondary Storage Media -- 3.2 The NTFS File Systems -- 3.3 File Structure -- 3.4 Data Representation -- 3.5 User Accounts in Windows 10 3.6 Windows Registry -- 3.7 Encryption and Hashing -- 3.8 SQLite Databases -- 3.9 Memory and Paging -- 3.10 Questions and Tasks -- References -- 4: Notable Artifacts -- 4.1 Metadata -- 4.2 EXIF Data -- 4.3 Prefetch -- 4.4 Shellbags -- 4.5 .LNK Files -- 4.6 MRU-Stuff -- 4.7 Thumbcache -- 4.8 Windows Event Viewer -- 4.9 Program Log Files -- 4.10 USB Device History -- 4.11 Questions and Tasks -- References -- 5: Decryption and Password Enforcing -- 5.1 Password Theory -- 5.2 Decryption Attacks -- 5.3 Password Guessing Attacks -- 5.4 Questions and Tasks -- References -- Part II: The Forensic Process 6: Cybercrime, Cyber Aided Crime, and Digital Evidence -- 6.1 Cybercrime -- 6.2 Cyber Aided Crime -- 6.3 Crimes with Digital Evidence -- 6.4 Questions and Tasks -- References -- 7: Incident Response -- 7.1 Why and When? -- 7.2 Establishing Capabilities -- 7.3 Incident Handling -- 7.4 Questions and Tasks -- ReferencesIntro -- Preface -- Overview and Audience -- Motivation and Features -- Contents -- Part I: Theory -- 1: What Is Digital Forensics? -- 1.1 A Forensic Examination -- 1.2 How Forensics Has Been Used -- 1.3 Questions and Tasks -- References -- 2: Ethics and Integrity -- 2.1 Tracing Online Users -- 2.2 Key Disclosure Law(s) -- 2.3 Police Hacking -- 2.4 Ethical Guidelines -- 2.5 Questions and Tasks -- References -- 3: Computer Theory -- 3.1 Secondary Storage Media -- 3.2 The NTFS File Systems -- 3.3 File Structure -- 3.4 Data Representation -- 3.5 User Accounts in Windows 10 3.6 Windows Registry -- 3.7 Encryption and Hashing -- 3.8 SQLite Databases -- 3.9 Memory and Paging -- 3.10 Questions and Tasks -- References -- 4: Notable Artifacts -- 4.1 Metadata -- 4.2 EXIF Data -- 4.3 Prefetch -- 4.4 Shellbags -- 4.5 .LNK Files -- 4.6 MRU-Stuff -- 4.7 Thumbcache -- 4.8 Windows Event Viewer -- 4.9 Program Log Files -- 4.10 USB Device History -- 4.11 Questions and Tasks -- References -- 5: Decryption and Password Enforcing -- 5.1 Password Theory -- 5.2 Decryption Attacks -- 5.3 Password Guessing Attacks -- 5.4 Questions and Tasks -- References -- Part II: The Forensic Process 6: Cybercrime, Cyber Aided Crime, and Digital Evidence -- 6.1 Cybercrime -- 6.2 Cyber Aided Crime -- 6.3 Crimes with Digital Evidence -- 6.4 Questions and Tasks -- References -- 7: Incident Response -- 7.1 Why and When? -- 7.2 Establishing Capabilities -- 7.3 Incident Handling -- 7.4 Questions and Tasks -- References -- 8: Collecting Evidence -- 8.1 When the Device Is Off -- 8.2 When the Device Is On -- 8.3 Live Investigation: Preparation -- 8.4 Live Investigation: Conducting -- 8.5 Live Investigation: Afterthoughts -- 8.6 Questions and Tasks -- References -- 9: Triage 9.1 Specific Examinations -- 9.2 White and Blacklisting -- 9.3 Automated Analysis -- 9.4 Field Triage -- 9.5 Questions and Tasks -- References -- 10: Analyzing Data and Writing Reports -- 10.1 Setting the Stage -- 10.2 Forensic Analysis -- 10.3 Reporting -- 10.3.1 Case Data -- 10.3.2 Purpose of Examination -- Summary -- 10.3.3 Findings -- Findings -- 10.3.4 Conclusions -- Conclusions -- 10.4 Final Remarks -- 10.5 Questions and Tasks -- Part III: Get Practical -- 11: Collecting Data -- 11.1 Imaging -- 11.2 Collecting Memory Dumps -- 11.3 Collecting Registry Data -- 11.4 Collecting Network Data 11.5 Collecting Video from Surveillance -- 11.6 Process of a Live Examination -- 11.7 Questions and Tasks -- References -- 12: Indexing and Searching -- 12.1 Indexing -- 12.2 Searching -- 12.2.1 Questions and Tasks -- 13: Cracking -- 13.1 Password Cracking Using PRTK -- 13.2 Password Cracking Using Hashcat -- 13.3 Questions and Tasks -- 14: Finding Artifacts -- 14.1 Install Date -- 14.2 Time Zone Information -- 14.3 Users in the System -- 14.4 Registered Owner -- 14.5 Partition Analysis and Recovery -- 14.6 Deleted Files -- 14.6.1 Recovering Files Deleted from MFT -- 14.6.2 File Carving … (more)
- Edition:
- 2nd ed
- Publisher Details:
- Cham : Springer
- Publication Date:
- 2020
- Extent:
- 1 online resource (265 p.)
- Subjects:
- 005.8
Digital forensic science
Electronic books - Languages:
- English
- ISBNs:
- 9783030389543
3030389545 - Related ISBNs:
- 9783030389536
- Notes:
- Note: Includes bibliographical references and index.
- Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.507161
- Ingest File:
- 03_082.xml