Cargando…
EnCase computer forensics : the official EnCE : EnCase certified examiner study guide /
& B & The official, Guidance Software-approved book on the newest EnCE exam! & /b & & p & The EnCE exam tests that computer forensic analysts and examiners have thoroughly mastered computer investigation methodologies, as well as the use of Guidance Software's EnCase For...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Hoboken, N.J. : Chichester :
Wiley ; John Wiley [distributor],
2012.
|
| Edición: | 3rd ed. |
| Colección: | Serious skills.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- At a Glance
- Table of Exercises
- Introduction
- Assessment Test
- Answers to Assessment Test
- 1. : Computer Hardware
- The Boot Process
- Part itions.
- File Systems
- Summary
- Exam Essentials
- Review Questions
- Chaper 2: File Systems
- FAT Basics
- NTFS Basics
- exFAT
- Exam Essentials
- 3. : First Response
- Planning and Preparation
- The Physical Location
- Personnel
- Computer Systems
- What to Take with You Before You Leave.
- Recording and Photographing the SceneSeizing Computer Evidence
- Bagging and Tagging
- Summary
- Exam Essentials
- Review Questions
- 4. : Acquiring Digital Evidence
- Booting a Computer Using the℗ EnCase℗ Boot Disk
- Other Reasons for Using a DOS Boot
- Steps for Using a DOS Boot
- Drive-to-Drive DOS Acquisition
- Steps for Drive-to-Drive DOS Acquisition
- Supplemental Information About Drive-to-Drive DOS Acquisition
- Network Acquisitions
- Reasons to Use Network Acquisitions
- Preparing an EnCase Network Boot Disk
- FastBloc 2 Features
- Steps for Tableau (FastBloc) Acquisition.
- FastBloc SE AcquisitionsAbout FastBloc SE
- Steps for FastBloc SE Acquisitions
- LinEn Acquisitions
- Mounting a File System as Read-Only
- Updating a Linux Boot CD with the Latest Version of℗ LinEn
- Steps for LinEn Acquisition
- Enterprise and FIM Acquisitions
- Summary
- Exam Essentials
- Review Questions
- 5. : EnCase Concepts
- CRC, MD5, and SHA-1
- EnCase Backup Utility
- Evidence Cache Folder
- Summary
- Exam Essentials
- Review Questions
- 6. : EnCase Environment
- Home Screen
- EnCase Layout
- Creating a Case
- Tree Pane Navigation
- Disk View
- View Pane Navigation
- Text View
- Hex View.
- Picture ViewReport View
- Doc View
- Transcript View
- File Extents View
- Permissions View
- Decode View
- Field View
- Lock Option
- Dixon Box
- Find Feature
- Other Views and Tools
- Conditions and Filters
- EnScript
- Text Styles
- Adjusting Panes
- Other Views
- Global Views and Settings
- EnCase Options
- Summary
- Exam Essentials
- Review Questions
- 7. : Understanding, Searching For, and Bookmarking Data
- Understanding Data
- Binary Numbers
- Characters
- Unicode
- Searching for Data
- GREP Keywords
- Starting a Search
- Bookmarking
- Summary
- Exam Essentials
- Review Questions.
- 8. : File Signature Analysis and Hash AnalysisFile Signature Analysis
- Creating a New File Signature
- Conducting a File Signature Analysis
- Hash Analysis
- Summary
- Exam Essentials
- Review Questions
- 9. : Windows Operating System Artifacts
- Dates and Times
- Time Zones
- Windows℗ 64-Bit Time Stamp
- Adjusting for Time Zone Offsets
- Recycle Bin
- Determining the Owner of Files in the Recycle Bin
- Using an EnCase Evidence Processor to Determine the Status of Recycle Bin Files
- Recycle Bin Bypass
- Windows℗ Vista/Windows℗ 7 Recycle Bin
- Link Files
- Changing the Properties of a Shortcut.
- Forensic Importance of Link Files.