Cargando…
EnCase Computer Forensics : EnCase Certified Examiner Study Guide.
EnCE certification tells the world that you've not only mastered the use of EnCase Forensic Software, but also that you have acquired the in-depth forensics knowledge and techniques you need to conduct complex computer examinations. This official study guide, written by a law enforcement profes...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Chichester :
Wiley,
2012.
|
| Edición: | 2nd ed. |
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- EnCase Computer Forensics The Official EnCE: EnCase Certified Examiner Study Guide, Third Edition; Acknowledgments; About the Author; Contents at a Glance; Contents; Table of Exercises; Introduction; Assessment Test; Answers to Assessment Test; Chapter 1: Computer Hardware; The Boot Process; Partitions; File Systems; Summary; Exam Essentials; Review Questions; Chaper 2: File Systems; FAT Basics; NTFS Basics; exFAT; Exam Essentials; Chapter 3: First Response; Planning and Preparation; The Physical Location; Personnel; Computer Systems; What to Take with You Before You Leave.
- Recording and Photographing the SceneSeizing Computer Evidence; Bagging and Tagging; Summary; Exam Essentials; Review Questions; Chapter 4: Acquiring Digital Evidence; Booting a Computer Using the EnCase Boot Disk; Other Reasons for Using a DOS Boot; Steps for Using a DOS Boot; Drive-to-Drive DOS Acquisition; Steps for Drive-to-Drive DOS Acquisition; Supplemental Information About Drive-to-Drive DOS Acquisition; Network Acquisitions; Reasons to Use Network Acquisitions; Preparing an EnCase Network Boot Disk; FastBloc 2 Features; Steps for Tableau (FastBloc) Acquisition.
- FastBloc SE AcquisitionsAbout FastBloc SE; Steps for FastBloc SE Acquisitions; LinEn Acquisitions; Mounting a File System as Read-Only; Updating a Linux Boot CD with the Latest Version of LinEn; Steps for LinEn Acquisition; Enterprise and FIM Acquisitions; Summary; Exam Essentials; Review Questions; Chapter 5: EnCase Concepts; CRC, MD5, and SHA-1; EnCase Backup Utility; Evidence Cache Folder; Summary; Exam Essentials; Review Questions; Chapter 6: EnCase Environment; Home Screen; EnCase Layout; Creating a Case; Tree Pane Navigation; Disk View; View Pane Navigation; Text View; Hex View.
- Picture ViewReport View; Doc View; Transcript View; File Extents View; Permissions View; Decode View; Field View; Lock Option; Dixon Box; Find Feature; Other Views and Tools; Conditions and Filters; EnScript; Text Styles; Adjusting Panes; Other Views; Global Views and Settings; EnCase Options; Summary; Exam Essentials; Review Questions; Chapter 7: Understanding, Searching For, and Bookmarking Data; Understanding Data; Binary Numbers; Characters; Unicode; Searching for Data; GREP Keywords; Starting a Search; Bookmarking; Summary; Exam Essentials; Review Questions.
- Chapter 8: File Signature Analysis and Hash AnalysisFile Signature Analysis; Creating a New File Signature; Conducting a File Signature Analysis; Hash Analysis; Summary; Exam Essentials; Review Questions; Chapter 9: Windows Operating System Artifacts; Dates and Times; Time Zones; Windows 64-Bit Time Stamp; Adjusting for Time Zone Offsets; Recycle Bin; Determining the Owner of Files in the Recycle Bin; Using an EnCase Evidence Processor to Determine the Status of Recycle Bin Files; Recycle Bin Bypass; Windows Vista/Windows 7 Recycle Bin; Link Files; Changing the Properties of a Shortcut.