Book Image

Learn Computer Forensics – 2nd edition - Second Edition

By : William Oettinger
Book Image

Learn Computer Forensics – 2nd edition - Second Edition

By: William Oettinger

Overview of this book

Computer Forensics, being a broad topic, involves a variety of skills which will involve seizing electronic evidence, acquiring data from electronic evidence, data analysis, and finally developing a forensic report. This book will help you to build up the skills you need to work in a highly technical environment. This book's ideal goal is to get you up and running with forensics tools and techniques to successfully investigate crime and corporate misconduct. You will discover ways to collect personal information about an individual from online sources. You will also learn how criminal investigations are performed online while preserving data such as e-mails, images, and videos that may be important to a case. You will further explore networking and understand Network Topologies, IP Addressing, and Network Devices. Finally, you will how to write a proper forensic report, the most exciting portion of the forensic exam process. By the end of this book, you will have developed a clear understanding of how to acquire, analyze, and present digital evidence, like a proficient computer forensics investigator.

Related Content you might be interested in

Current Title:

Small book image
Learn Computer Forensics – 2nd edition - Second Edition
William Oettinger
Jul, 2022 | 434 pages
Small book image
Windows Forensics Analyst Field Guide
Muhiballah Mohammed
Oct, 2023 | 318 pages
Small book image
Digital Forensics with Kali Linux
Shiva V N Parasram
Dec, 2017 | 274 pages
Small book image
Digital Forensics with Kali Linux
Shiva V N Parasram
Apr, 2020 | 334 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
Get in touch
1
Types of Computer-Based Investigations
Types of Computer-Based Investigations
Introduction to computer-based investigations
Criminal investigations
Corporate investigations
Case studies
Summary
Questions
Further reading
Free Chapter
2
The Forensic Analysis Process
The Forensic Analysis Process
Pre-investigation considerations
Understanding case information and legal issues
Understanding data acquisition
Understanding the analysis process
Reporting your findings
Summary
Questions
Further reading
3
Acquisition of Evidence
Acquisition of Evidence
Exploring evidence
Understanding the forensic examination environment
Tool validation
Creating sterile media
Defining forensic imaging
Summary
Questions
Further reading
4
Computer Systems
Computer Systems
Understanding the boot process
Understanding filesystems
Understanding the NTFS filesystem
Summary
Questions
Further reading
5
Computer Investigation Process
Computer Investigation Process
Timeline analysis
Media analysis
String search
Recovering deleted data
Summary
Questions
Further reading
Exercise
6
Windows Artifact Analysis
Windows Artifact Analysis
Understanding user profiles
Understanding Windows Registry
Determining account usage
Determining file knowledge
Identifying physical locations
Exploring program execution
Understanding USB/attached devices
Summary
Questions
Further reading
Exercise
7
RAM Memory Forensic Analysis
RAM Memory Forensic Analysis
Fundamentals of memory
Random access memory?
Identifying sources of memory
Capturing RAM
Exploring RAM analyzing tools
Summary
Questions
Further reading
8
Email Forensics – Investigation Techniques
Email Forensics – Investigation Techniques
Understanding email protocols
Decoding email
Understanding client-based email analysis
Understanding WebMail analysis
Summary
Questions
Further reading
Exercise
9
Internet Artifacts
Internet Artifacts
Understanding browsers
Social media
P2P file sharing
Cloud computing
Summary
Questions
Further reading
10
Online Investigations
Online Investigations
Undercover investigations
Background searches
Preserving online communications
Summary
Questions
Further reading
11
Networking Basics
Networking Basics
The Open Source Interconnection (OSI) model
TCP/IP
Summary
Questions
Further reading
12
Report Writing
Report Writing
Effective note taking
Writing the report
Summary
Questions
Further reading
13
Expert Witness Ethics
Expert Witness Ethics
Understanding the types of proceedings
Beginning the preparation phase
Understanding the curriculum vitae
Understanding testimony and evidence
Understanding the importance of ethical behavior
Summary
Questions
Further reading
14
Assessments
Chapter 01
Chapter 02
Chapter 03
Chapter 04
Chapter 05
Chapter 06
Chapter 07
Chapter 08
Chapter 09
Chapter 10
Chapter 11
Chapter 12
Chapter 13
15
Other Books You May Enjoy
Other Books You May Enjoy
16
Index
Index

Determining file knowledge

Some incidents you investigate may deal with contraband images, stolen data, or unlawful access to data. You will have to determine whether the user had knowledge of the file(s) in question, or whether the file(s) existed on the user’s system.

We will now talk about some artifacts you can find in the Windows operating system that will help you make that determination.

Exploring the thumbcache

A thumbcache is a database of thumbnail images created when using Windows Explorer in a thumbnail view. Depending on the size of the thumbnail, you may have multiple databases with the same image but with different sizes. It depends on the view the user selected while in Windows Explorer. The existence of an image found in the database is not substantial proof that the user knew the image was on the system. The system can add a thumbnail to the cache without the user’s knowledge. The thumbcache can be found in the user’s profile at the...

Previous Section
End of Section 5
Next Section