This practical and accessible textbook/reference describes the theory and methodology of digital forensic examinations, presenting examples developed in collaboration with police authorities to ensure relevance to real-world practice. The coverage includes discussions on forensic artifacts and constraints, as well as forensic tools used for law enforcement and in the corporate sector. Emphasis is placed on reinforcing sound forensic thinking, and gaining experience in common tasks through hands-on exercises.
This enhanced second edition has been expanded with new material on incident response tasks and computer memory analysis.
Topics and features:
- Outlines what computer forensics is, and what it can do, as well as what its limitations are
- Discusses both the theoretical foundations and the fundamentals of forensic methodology
- Reviews broad principles that are applicable worldwide
- Explains how to find and interpret several important artifacts
- Describes free and open source software tools, along with the Access Data Forensic Toolkit
- Features exercises and review questions throughout, with solutions provided in the appendices
- Includes numerous practical examples, and provides supporting video lectures online
This easy-to-follow primer is an essential resource for students of computer forensics, and will also serve as a valuable reference for practitioners seeking instruction on performing forensic examinations.
Joakim Kävrestad is a lecturer and researcher at the University of Skövde, Sweden, and an Access Data Certified Examiner. He also serves as a forensic consultant, with several years of experience as a forensic expert with the Swedish police.
Table of Content
Part I: Theory
What Is Digital Forensics?
Ethics and Integrity
Computer Theory
Notable Artifacts
Decryption and Password Enforcing
Part II: The Forensic Process
Cybercrime, Cyber-Aided Crime and Digital Evidence
Incident Response
Collecting Evidence
Triage
Analyzing Data and Writing Reports
Part III: Get Practical
Collecting Data
Indexing and Searching
Cracking
Finding Artifacts
Some Common Questions and Tasks
FTK Specifics
Open-Source or Freeware Tools
Part IV: Memory Forensics
Memory Analysis
Memory Analysis Tools
Memory Analysis in Criminal Investigations
Malware Analysis
Appendix A: Solutions
Appendix B: Useful Scripts
Appendix C: Sample Report (Template)
Appendix D: List of Time Zones
Appendix E: Complete Jitsi Chat Log
About the author
Joakim Kävrestad is a lecturer and researcher at the University of Skövde, Sweden, and an Access Data Certified Examiner. He also serves as a forensic consultant, with several years of experience as a forensic expert with the Swedish police.
More ebooks from the same author(s) / Editor
16,593 Ebooks in this category
