A Practical Guide to Computer Forensics Investigations

A Practical Guide to Computer Forensics Investigations

By: Darren R. Hayes (author)Paperback

1 - 2 weeks availability

£32.79 RRP £40.99  You save £8.20 (20%) With FREE Saver Delivery

Description

All you need to know to succeed in digital forensics: technical and investigative skills, in one book Complete, practical, and up-to-date Thoroughly covers digital forensics for Windows, Mac, mobile, hardware, and networks Addresses online and lab investigations, documentation, admissibility, and more By Dr. Darren Hayes, founder of Pace University's Code Detectives forensics lab-one of America's "Top 10 Computer Forensics Professors" Perfect for anyone pursuing a digital forensics career or working with examiners Criminals go where the money is. Today, trillions of dollars of assets are digital, and digital crime is growing fast. In response, demand for digital forensics experts is soaring. To succeed in this exciting field, you need strong technical and investigative skills. In this guide, one of the world's leading computer orensics experts teaches you all the skills you'll need. Writing for students and professionals at all levels, Dr. Darren Hayes presents complete best practices for capturing and analyzing evidence, protecting the chain of custody, documenting investigations, and scrupulously adhering to the law, so your evidence can always be used. Hayes introduces today's latest technologies and technical challenges, offering detailed coverage of crucial topics such as mobile forensics, Mac forensics, cyberbullying, and child endangerment. This guide's practical activities and case studies give you hands-on mastery of modern digital forensics tools and techniques. Its many realistic examples reflect the author's extensive and pioneering work as a forensics examiner in both criminal and civil investigations. * Understand what computer forensics examiners do, and the types of digital evidence they work with * Explore Windows and Mac computers, understand how their features affect evidence gathering, and use free tools to investigate their contents * Extract data from diverse storage devices * Establish a certified forensics lab and implement good practices for managing and processing evidence * Gather data and perform investigations online * Capture Internet communications, video, images, and other content * Write comprehensive reports that withstand defense objections and enable successful prosecution * Follow strict search and surveillance rules to make your evidence admissible * Investigate network breaches, including dangerous Advanced Persistent Threats (APTs) * Retrieve immense amounts of evidence from smartphones, even without seizing them * Successfully investigate financial fraud performed with digital devices * Use digital photographic evidence, including metadata and social media images

Create a review

About Author

Dr. Darren R. Hayes is a leading expert in the field of digital forensics and computer security. He is the director of cybersecurity and an assistant professor at Pace University, and he has been named one of the Top 10 Computer Forensics Professors by Forensics Colleges. Hayes has served on the board of the High Technology Crime Investigation Association (HTCIA), Northeast Chapter, and is the former president of that chapter. He also established a student chapter of the HTCIA at Pace University. During his time at Pace University, Hayes developed a computer forensics track for the school's bachelor of science in information technology degree. He also created a computer forensics research laboratory, where he devotes most of his time to working with a team of students in computer forensics and, most recently, the burgeoning field of mobile forensics. As part of his research and promotion of this scientific field of study, he has fostered relationships with the NYPD, N.Y. State Police, and other law enforcement agencies. He also organized a successful internship program at the cybercrime division of the New York County D.A. Office and the Westchester County D.A. Office. Hayes is not only an academic, however-he is also a practitioner. He has been an investigator on both civil and criminal investigations and has been called upon as an expert for a number of law firms. In New York City, Hayes has been working with six to eight public high schools to develop a curriculum in computer forensics. He collaborates on computer forensics projects internationally and has served as an extern examiner for the MSc in Forensic Computing and Cybercrime Investigation degree program at University College Dublin for four years. Hayes has appeared on Bloomberg Television and Fox 5 News and been quoted by Associated Press, CNN, Compliance Week, E-Commerce Times, The Guardian (UK), Investor's Business Daily, MarketWatch, Newsweek, Network World, Silicon Valley Business Journal, USA Today, Washington Post, and Wired News. His op-eds have been published by American Banker's BankThink and The Hill's Congress Blog. In addition, he has authored a number of peer-reviewed articles in computer forensics, most of which have been published by the Institute of Electrical and Electronics Engineers (IEEE). Hayes has been both an author and reviewer for Pearson Prentice Hall since 2007.

Contents

Introduction xx Chapter 1: The Scope of Computer Forensics 2 Introduction... 2 Popular Myths about Computer Forensics... 3 Types of Computer Forensics Evidence Recovered... 5 Electronic Mail (Email)... 5 Images... 7 Video... 8 Websites Visited and Internet Searches... 9 Cellphone Forensics... 10 What Skills Must a Computer Forensics Investigator Possess?... 10 Computer Science Knowledge... 10 Legal Expertise... 11 Communication Skills... 11 Linguistic Abilities... 11 Continuous Learning... 11 An Appreciation for Confidentiality... 12 The Importance of Computer Forensics... 12 Job Opportunities... 12 A History of Computer Forensics... 14 1980s: The Advent of the Personal Computer... 14 1990s: The Impact of the Internet... 15 Training and Education... 19 Law Enforcement Training... 19 Summary... 25 Chapter 2: Windows Operating and File Systems 32 Introduction... 32 Physical and Logical Storage... 34 File Storage... 34 File Conversion and Numbering Formats... 37 Conversion of Binary to Decimal... 37 Hexadecimal Numbering... 37 Conversion of Hexadecimal to Decimal... 38 Conversion of Hexadecimal to ASCII (American Standard Code) for Information Interchange... 38 Unicode... 42 Operating Systems... 42 The Boot Process... 42 Windows File Systems... 44 Windows Registry... 50 Registry Data Types... 52 FTK Registry Viewer... 52 Microsoft Windows Features... 53 Windows Vista... 53 Windows 7... 59 Windows 8.1... 70 Summary... 73 Chapter 3: Handling Computer Hardware 80 Introduction... 80 Hard Disk Drives... 81 Small Computer System Interface (SCSI)... 81 Integrated Drive Electronics (IDE)... 82 Serial ATA (SATA)... 83 Cloning a PATA or SATA Hard Disk... 86 Cloning Devices... 86 Removable Memory... 93 FireWire... 94 USB Flash Drives... 94 External Hard Drives... 95 MultiMedia Cards (MMCs)... 96 Summary... 109 References... 114 Chapter 4: Acquiring Evidence in a Computer Forensics Lab 116 Introduction... 116 Lab Requirements... 117 American Society of Crime Laboratory Directors... 117 American Society of Crime Laboratory Directors/Lab Accreditation Board (ASCLD/LAB)... 117 ASCLD/LAB Guidelines for Forensic Laboratory Management Practices... 117 Scientific Working Group on Digital Evidence (SWGDE)... 119 Private Sector Computer Forensics Laboratories... 119 Evidence Acquisition Laboratory... 120 Email Preparation Laboratory... 120 Inventory Control... 120 Web Hosting... 121 Computer Forensics Laboratory Requirements... 121 Laboratory Layout... 121 Laboratory Management... 141 Laboratory Access... 141 Extracting Evidence from a Device... 144 Using the dd Utility... 144 Using Global Regular Expressions Print (GREP)... 145 Skimmers... 152 Summary... 156 Chapter 5: Online Investigations 162 Introduction... 162 Working Undercover... 163 Generate an Identity... 164 Generate an Email Account... 165 Mask Your Identity... 167 Website Evidence... 171 Website Archives... 171 Website Statistics... 172 Background Searches on a Suspect... 173 Personal Information: Mailing Address, Email Address, Telephone Number, and Assets... 174 Personal Interests and Membership of User Groups... 178 Searching for Stolen Property... 179 Online Crime... 195 Identity Theft... 195 Credit Cards for Sale... 195 Electronic Medical Records... 196 Cyberbullying... 196 Social Networking... 196 Capturing Online Communications... 197 Using Screen Captures... 197 Using Video... 199 Viewing Cookies... 199 Using Windows Registry... 200 Summary... 202 Chapter 6: Documenting the Investigation 210 Introduction... 210 Obtaining Evidence from a Service Provider... 211 Documenting a Crime Scene... 211 Seizing Evidence... 213 Crime Scene Examinations... 213 Documenting the Evidence... 214 Completing a Chain of Custody Form... 215 Completing a Computer Worksheet... 216 Completing a Hard Disk Drive Worksheet... 217 Completing a Server Worksheet... 218 Using Tools to Document an Investigation... 220 CaseNotes... 220 FragView... 220 Helpful Mobile Applications (Apps)... 221 Network Analyzer... 221 System Status... 221 The Cop App... 221 Lock and Code... 221 Digital Forensics Reference... 221 Federal Rules of Civil Procedure (FRCP)... 222 Federal Rules of Evidence (FREvidence)... 222 Writing Reports... 222 Time Zones and Daylight Saving Time (DST)... 222 Creating a Comprehensive Report... 224 Using Expert Witnesses at Trial... 227 The Expert Witness... 228 The Goals of the Expert Witness... 228 Preparing an Expert Witness for Trial... 228 Summary... 231 Chapter 7: Admissibility of Digital Evidence 238 Introduction... 238 History and Structure of the United States Legal System... 239 Origins of the U.S. Legal System... 240 Overview of the U.S. Court System... 241 In the Courtroom... 245 Evidence Admissibility... 248 Constitutional Law... 248 First Amendment... 248 First Amendment and the Internet... 249 Fourth Amendment... 251 Fifth Amendment... 263 Sixth Amendment... 264 Congressional Legislation... 265 Rules for Evidence Admissibility... 271 Criminal Defense... 276 When Computer Forensics Goes Wrong... 277 Pornography in the Classroom... 277 Structure of the Legal System in the European Union (E.U.)... 278 Origins of European Law... 278 Structure of European Union Law... 279 Structure of the Legal System in Asia... 282 China... 282 India... 282 Summary... 283 Chapter 8: Network Forensics 292 Introduction... 292 The Tools of the Trade... 293 Networking Devices... 294 Proxy Servers... 295 Web Servers... 295 DHCP Servers... 298 SMTP Servers... 299 DNS Servers... 301 Routers... 302 IDS... 304 Firewalls... 304 Ports... 305 Understanding the OSI Model... 305 The Physical Layer... 306 The Data Link Layer... 306 The Network Layer... 306 The Transport Layer... 307 The Session Layer... 308 The Presentation Layer... 308 The Application Layer... 309 Advanced Persistent Threats... 310 Cyber Kill Chain... 310 Indicators of Compromise (IOC)... 312 Investigating a Network Attack... 313 Summary... 314 Chapter 9: Mobile Forensics 320 Introduction... 320 The Cellular Network... 322 Base Transceiver Station... 322 Mobile Station... 326 Cellular Network Types... 331 SIM Card Forensics... 334 Types of Evidence... 337 Handset Specifications... 338 Memory and Processing... 338 Battery... 338 Other Hardware... 338 Mobile Operating Systems... 339 Android OS... 339 Windows Phone... 347 Standard Operating Procedures for Handling Handset Evidence... 347 National Institute of Standards and Technology ... 348 Preparation and Containment... 349 Wireless Capabilities... 352 Documenting the Investigation... 354 Handset Forensics... 354 Cellphone Forensic Software... 354 Cellphone Forensics Hardware... 357 Logical versus Physical Examination... 358 Manual Cellphone Examinations... 358 Flasher Box... 359 Global Satellite Service Providers... 360 Satellite Communication Services... 360 Legal Considerations... 360 Carrier Records... 361 Other Mobile Devices... 361 Tablets... 361 GPS Devices... 362 Summary... 364 Chapter 10: Photograph Forensics 372 Introduction... 372 Understanding Digital Photography... 375 File Systems... 375 Digital Photography Applications and Services... 376 Examining Picture Files... 377 Exchangeable Image File Format (EXIF)... 377 Evidence Admissibility... 380 Federal Rules of Evidence (FRE)... 380 Analog vs. Digital Photographs... 381 Case Studies... 382 Worldwide Manhunt... 382 NYPD Facial Recognition Unit... 383 Summary... 384 Chapter 11: Mac Forensics 390 Introduction... 390 A Brief History... 391 Macintosh... 391 Mac Mini with OS X Server... 391 iPod... 393 iPhone... 394 iPad... 394 Apple Wi-Fi Devices... 395 Macintosh File Systems... 397 Forensic Examinations of a Mac... 398 IOReg Info... 398 PMAP Info... 399 Epoch Time... 399 Recovering Deleted Files... 401 Journaling... 401 DMG File System... 401 PList Files... 401 SQLite Databases... 404 Macintosh Operating Systems... 404 Mac OS X... 405 Target Disk Mode... 408 Apple Mobile Devices... 409 iOS... 410 iOS 7... 410 iOS 8... 410 Security and Encryption... 411 iPod... 412 iPhone... 413 Enterprise Deployment of iPhone and iOS Devices... 426 Case Studies... 426 Find My iPhone... 427 Wanted Hactevist... 427 Michael Jackson... 427 Stolen iPhone... 427 Drug Bust... 427 Summary... 428 Chapter 12: Case Studies 436 Introduction... 436 Zacharias Moussaoui... 437 Background... 437 Digital Evidence... 438 Standby Counsel Objections... 439 Prosecution Affidavit... 440 Exhibits... 440 Email Evidence... 440 BTK (Bind Torture Kill) Killer... 441 Profile of a Killer... 441 Evidence... 442 Cyberbullying... 443 Federal Anti-harassment Legislation... 443 State Anti-harassment Legislation... 443 Warning Signs of Cyberbullying... 443 What Is Cyberbullying?... 444 Phoebe Prince... 444 Ryan Halligan... 445 Megan Meier... 445 Tyler Clementi... 445 Sports... 447 Summary... 449 TOC, 9780789741158, 11/20/2014

Product Details

  • publication date: 17/12/2014
  • ISBN13: 9780789741158
  • Format: Paperback
  • Number Of Pages: 600
  • ID: 9780789741158
  • weight: 801
  • ISBN10: 0789741156

Delivery Information

  • Saver Delivery: Yes
  • 1st Class Delivery: Yes
  • Courier Delivery: Yes
  • Store Delivery: Yes

Prices are for internet purchases only. Prices and availability in WHSmith Stores may vary significantly

Close