Book Image

Learn Computer Forensics – 2nd edition - Second Edition

By : William Oettinger
Book Image

Learn Computer Forensics – 2nd edition - Second Edition

By: William Oettinger

Overview of this book

Computer Forensics, being a broad topic, involves a variety of skills which will involve seizing electronic evidence, acquiring data from electronic evidence, data analysis, and finally developing a forensic report. This book will help you to build up the skills you need to work in a highly technical environment. This book's ideal goal is to get you up and running with forensics tools and techniques to successfully investigate crime and corporate misconduct. You will discover ways to collect personal information about an individual from online sources. You will also learn how criminal investigations are performed online while preserving data such as e-mails, images, and videos that may be important to a case. You will further explore networking and understand Network Topologies, IP Addressing, and Network Devices. Finally, you will how to write a proper forensic report, the most exciting portion of the forensic exam process. By the end of this book, you will have developed a clear understanding of how to acquire, analyze, and present digital evidence, like a proficient computer forensics investigator.

Related Content you might be interested in

Current Title:

Small book image
Learn Computer Forensics – 2nd edition - Second Edition
William Oettinger
Jul, 2022 | 434 pages
Small book image
Windows Forensics Analyst Field Guide
Muhiballah Mohammed
Oct, 2023 | 318 pages
Small book image
Digital Forensics with Kali Linux
Shiva V N Parasram
Dec, 2017 | 274 pages
Small book image
Digital Forensics with Kali Linux
Shiva V N Parasram
Apr, 2020 | 334 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
Get in touch
1
Types of Computer-Based Investigations
Types of Computer-Based Investigations
Introduction to computer-based investigations
Criminal investigations
Corporate investigations
Case studies
Summary
Questions
Further reading
Free Chapter
2
The Forensic Analysis Process
The Forensic Analysis Process
Pre-investigation considerations
Understanding case information and legal issues
Understanding data acquisition
Understanding the analysis process
Reporting your findings
Summary
Questions
Further reading
3
Acquisition of Evidence
Acquisition of Evidence
Exploring evidence
Understanding the forensic examination environment
Tool validation
Creating sterile media
Defining forensic imaging
Summary
Questions
Further reading
4
Computer Systems
Computer Systems
Understanding the boot process
Understanding filesystems
Understanding the NTFS filesystem
Summary
Questions
Further reading
5
Computer Investigation Process
Computer Investigation Process
Timeline analysis
Media analysis
String search
Recovering deleted data
Summary
Questions
Further reading
Exercise
6
Windows Artifact Analysis
Windows Artifact Analysis
Understanding user profiles
Understanding Windows Registry
Determining account usage
Determining file knowledge
Identifying physical locations
Exploring program execution
Understanding USB/attached devices
Summary
Questions
Further reading
Exercise
7
RAM Memory Forensic Analysis
RAM Memory Forensic Analysis
Fundamentals of memory
Random access memory?
Identifying sources of memory
Capturing RAM
Exploring RAM analyzing tools
Summary
Questions
Further reading
8
Email Forensics – Investigation Techniques
Email Forensics – Investigation Techniques
Understanding email protocols
Decoding email
Understanding client-based email analysis
Understanding WebMail analysis
Summary
Questions
Further reading
Exercise
9
Internet Artifacts
Internet Artifacts
Understanding browsers
Social media
P2P file sharing
Cloud computing
Summary
Questions
Further reading
10
Online Investigations
Online Investigations
Undercover investigations
Background searches
Preserving online communications
Summary
Questions
Further reading
11
Networking Basics
Networking Basics
The Open Source Interconnection (OSI) model
TCP/IP
Summary
Questions
Further reading
12
Report Writing
Report Writing
Effective note taking
Writing the report
Summary
Questions
Further reading
13
Expert Witness Ethics
Expert Witness Ethics
Understanding the types of proceedings
Beginning the preparation phase
Understanding the curriculum vitae
Understanding testimony and evidence
Understanding the importance of ethical behavior
Summary
Questions
Further reading
14
Assessments
Chapter 01
Chapter 02
Chapter 03
Chapter 04
Chapter 05
Chapter 06
Chapter 07
Chapter 08
Chapter 09
Chapter 10
Chapter 11
Chapter 12
Chapter 13
15
Other Books You May Enjoy
Other Books You May Enjoy
16
Index
Index

Identifying sources of memory

What happens if you are not the investigator on the scene when the digital evidence is collected in the RAM, and they do not collect volatile data? Is it possible to still access the RAM, despite having the system shut down? While you cannot analyze the RAM, it is possible to examine other sources containing the same data stored in the RAM. This option may not always be viable, depending on the specific set of circumstances surrounding the seizure of the digital evidence.

You need to know that there are potential additional sources containing the same or similar data in RAM. They are as follows:

  • Hibernation file (hiberfil.sys): Hibernation is the process of powering down the computer while still maintaining the current state of the system. In Windows, the RAM is compressed and stored in a hiberfil.sys file. This will allow the system to power down completely, but when the system is reactivated, the contents of the hiberfil.sys file will...
Previous Section
End of Section 4
Next Section