Cargando…
Computer forensics : infoSec Pro guide /
Security Smarts for the Self-Guided IT Professional Find out how to excel in the field of computer forensics investigations. Learn what it takes to transition from an IT professional to a computer forensic examiner in the private sector. Written by a Certified Information Systems Security Profession...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
New York :
McGraw-Hill,
[2013]
|
| Colección: | InfoSec Pro guide
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover
- About the Author
- Title Page
- Copyright Page
- Contents at a Glance
- Contents
- Acknowledgments
- Introduction
- Who Should Read This Book
- What This Book Covers
- How to Use This Book
- How Is This Book Organized?
- About the Series
- Lingo
- IMHO
- Budget Note
- In Actual Practice
- Your Plan
- Into Action
- Part I: Getting Started
- Chapter 1: What Is Computer Forensics?
- What You Can Do with Computer Forensics
- How People Get Involved in Computer Forensics
- Law Enforcement
- Military
- University Programs
- IT or Computer Security Professionals
- Incident Response vs. Computer Forensics
- How Computer Forensic Tools Work
- Types of Computer Forensic Tools
- Professional Licensing Requirements
- Chapter 2: Learning Computer Forensics
- Where and How to Get Training
- Law Enforcement Training
- Corporate Training
- Where and How to Get Certified
- Vendor Certifications
- Vendor-Neutral Certifications
- Staying Current
- Conferences
- Blogs
- Forums
- Podcasts
- Associations
- Chapter 3: Creating a Lab
- Choosing Where to Put Your Lab
- Access Controls
- Electrical Power
- Air Conditioning
- Privacy
- Gathering the Tools of the Trade
- Write Blockers
- Drive Kits
- External Storage
- Screwdriver Kits
- Antistatic Bags
- Adaptors
- Forensic Workstation
- Choosing Forensic Software
- Open Source Software
- Commercial Software
- Storing Evidence
- Securing Your Evidence
- Organizing Your Evidence
- Disposing of Old Evidence
- Part II: Your First Investigation
- Chapter 4: How to Approach a Computer Forensics Investigation
- The Investigative Process
- What Are You Being Asked to Find Out?
- Where Would the Data Exist?
- What Applications Might Have Been Used in Creating the Data?
- Should You Request to Go Beyond the Scope of the Investigation?.
- Testing Your Hypothesis
- Step 1. Define Your Hypothesis
- Step 2. Determine a Repeatable Test
- Step 3. Create Your Test Environment
- Step 4. Document Your Testing
- The Forensic Data Landscape
- Active Data
- Unallocated Space
- Slack Space
- Mobile Devices
- External Storage
- What Do You Have the Authority to Access
- Who Hosts the Data?
- Who Owns the Device?
- Expectation of Privacy
- Chapter 5: Choosing Your Procedures
- Forensic Imaging
- Determining Your Comfort Level
- Forensic Imaging Method Pros and Cons
- Creating Forms and Your Lab Manual
- Chain of Custody Forms
- Request Forms
- Report Forms
- Standard Operating Procedures Manual
- Chapter 6: Testing Your Tools
- When Do You Need to Test
- Collecting Data for Public Research or Presentations
- Testing a Forensic Method
- Testing a Tool
- Where to Get Test Evidence
- Raw Images
- Creating Your Own Test Images
- Forensic Challenges
- Learn Forensics with David Cowen on YouTube
- Honeynet Project
- DC3 Challenge
- DFRWS Challenge
- SANS Forensic Challenges
- High School Forensic Challenge
- Collections of Tool Testing Images
- Digital Forensic Tool Testing Images
- NIST Computer Forensics Reference Data Sets Images
- The Hacking Case
- NIST Computer Forensics Tool Testing
- Chapter 7: Live vs. Postmortem Forensics
- Live Forensics
- When Live Forensics Is the Best Option
- Tools for Live Forensics
- Postmortem Forensics
- Postmortem Memory Analysis
- Chapter 8: Capturing Evidence
- Creating Forensic Images of Internal Hard Drives
- FTK Imager with a Hardware Write Blocker
- FTK Imager with a Software Write Blocker
- Creating Forensic Images of External Drives
- FTK Imager with a USB Write Blocker
- FTK Imager with a Software Write Blocker
- Software Write Blocking on Linux Systems
- Creating Forensic Images of Network Shares.
- Capturing a Network Share with FTK Imager
- Mobile Devices
- Servers
- Chapter 9: Nontraditional Digital Forensics
- Breaking the Rules: Nontraditional Digital Forensic Techniques
- Volatile Artifacts
- Malware
- Encrypted File Systems
- Challenges to Accessing Encrypted Data
- Mobile Devices: Smart Phones and Tablets
- Solid State Drives
- Virtual Machines
- Part III: Case Examples: How to Work a Case
- Chapter 10: Establishing the Investigation Type and Criteria
- Determining What Type of Investigation Is Required
- Human Resources Cases
- Administrator Abuse
- Stealing Information
- Internal Leaks
- Keyloggers and Malware
- What to Do When Criteria Causes an Overlap
- What to Do When No Criteria Matches
- Where Should the Evidence Be?
- Did This Occur over the Network?
- Nothing Working? Create a Super Timeline
- Chapter 11: Human Resources Cases
- Results of a Human Resource Case
- How to Work a Pornography Case
- Pornography Case Study
- How to Investigate a Pornography Case
- How to Work a Productivity Waste Case
- Chapter 12: Administrator Abuse
- The Abuse of Omniscience
- Scenario 1: Administrator Runs a Pornographic Site Using Company Resources
- Beginning an Investigation
- The Web Server's Role in the Network
- Directories
- Virtual Servers
- Virtual Directories
- Scenario 2: Exploiting Insider Knowledge Against an Ex-employer
- A Private Investigator Calls...
- As if They're Reading Our Minds...
- What a Network Vulnerability Assessment Can Reveal
- E-mail Data Review and Server Restoration
- Stepping Up Your Game: Knowledge Meets Creativity
- Chapter 13: Stealing Information
- What Are We Looking For?
- Determining Where the Data Went
- LNK Files
- Shellbags
- Scenario: Recovering Log Files to Catch a Thief
- Chapter 14: Internal Leaks
- Why Internal Leaks Happen.
- Investigating Internal Leaks
- Reviewing the Registry Files
- Identifying LNK Files
- Wrapping Up the Investigation
- Using File System Meta-data to Track Leaked or Printed Materials
- Chapter 15: Keyloggers and Malware
- Defining Keyloggers and Malware
- How to Detect Keyloggers and Malware
- Registry Files
- Prefetch Files
- Keyword Searches
- Handling Suspicious Files
- Determining How an Infection Occurred
- What We Know About This Infection
- What We Know About the Keylogger
- Identifying What Data Was Captured
- Finding Information About the Attacker
- What We Know About the Attacker
- Where to Find More About the Attacker
- Part IV: Defending Your Work
- Chapter 16: Documenting Your Findings with Reports
- Documenting Your Findings
- Who Asked You to Undertake the Investigation
- What You Were Asked to Do
- What You Reviewed
- What You Found
- What Your Findings Mean
- Types of Reports
- Informal Report
- Incident Report
- Internal Report
- Declaration
- Affidavit
- Explaining Your Work
- Define Technical Terms
- Provide Examples in Layperson Terms
- Explain Artifacts
- Chapter 17: Litigation and Reports for Court and Exhibits
- Important Legal Terms
- What Type of Witness Are You?
- Fact Witness
- Expert Consultant
- Expert Witness
- Special Master
- Neutral
- Writing Reports for Court
- Declarations in Support of Motions
- Expert Reports
- Creating Exhibits
- Working with Forensic Artifacts
- InfoSec Pro Series: Glossary
- Index.