Book Image

Learn Computer Forensics – 2nd edition - Second Edition

By : William Oettinger
Book Image

Learn Computer Forensics – 2nd edition - Second Edition

By: William Oettinger

Overview of this book

Computer Forensics, being a broad topic, involves a variety of skills which will involve seizing electronic evidence, acquiring data from electronic evidence, data analysis, and finally developing a forensic report. This book will help you to build up the skills you need to work in a highly technical environment. This book's ideal goal is to get you up and running with forensics tools and techniques to successfully investigate crime and corporate misconduct. You will discover ways to collect personal information about an individual from online sources. You will also learn how criminal investigations are performed online while preserving data such as e-mails, images, and videos that may be important to a case. You will further explore networking and understand Network Topologies, IP Addressing, and Network Devices. Finally, you will how to write a proper forensic report, the most exciting portion of the forensic exam process. By the end of this book, you will have developed a clear understanding of how to acquire, analyze, and present digital evidence, like a proficient computer forensics investigator.

Related Content you might be interested in

Current Title:

Small book image
Learn Computer Forensics – 2nd edition - Second Edition
William Oettinger
Jul, 2022 | 434 pages
Small book image
Windows Forensics Analyst Field Guide
Muhiballah Mohammed
Oct, 2023 | 318 pages
Small book image
Digital Forensics with Kali Linux
Shiva V N Parasram
Dec, 2017 | 274 pages
Small book image
Digital Forensics with Kali Linux
Shiva V N Parasram
Apr, 2020 | 334 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
Get in touch
1
Types of Computer-Based Investigations
Types of Computer-Based Investigations
Introduction to computer-based investigations
Criminal investigations
Corporate investigations
Case studies
Summary
Questions
Further reading
Free Chapter
2
The Forensic Analysis Process
The Forensic Analysis Process
Pre-investigation considerations
Understanding case information and legal issues
Understanding data acquisition
Understanding the analysis process
Reporting your findings
Summary
Questions
Further reading
3
Acquisition of Evidence
Acquisition of Evidence
Exploring evidence
Understanding the forensic examination environment
Tool validation
Creating sterile media
Defining forensic imaging
Summary
Questions
Further reading
4
Computer Systems
Computer Systems
Understanding the boot process
Understanding filesystems
Understanding the NTFS filesystem
Summary
Questions
Further reading
5
Computer Investigation Process
Computer Investigation Process
Timeline analysis
Media analysis
String search
Recovering deleted data
Summary
Questions
Further reading
Exercise
6
Windows Artifact Analysis
Windows Artifact Analysis
Understanding user profiles
Understanding Windows Registry
Determining account usage
Determining file knowledge
Identifying physical locations
Exploring program execution
Understanding USB/attached devices
Summary
Questions
Further reading
Exercise
7
RAM Memory Forensic Analysis
RAM Memory Forensic Analysis
Fundamentals of memory
Random access memory?
Identifying sources of memory
Capturing RAM
Exploring RAM analyzing tools
Summary
Questions
Further reading
8
Email Forensics – Investigation Techniques
Email Forensics – Investigation Techniques
Understanding email protocols
Decoding email
Understanding client-based email analysis
Understanding WebMail analysis
Summary
Questions
Further reading
Exercise
9
Internet Artifacts
Internet Artifacts
Understanding browsers
Social media
P2P file sharing
Cloud computing
Summary
Questions
Further reading
10
Online Investigations
Online Investigations
Undercover investigations
Background searches
Preserving online communications
Summary
Questions
Further reading
11
Networking Basics
Networking Basics
The Open Source Interconnection (OSI) model
TCP/IP
Summary
Questions
Further reading
12
Report Writing
Report Writing
Effective note taking
Writing the report
Summary
Questions
Further reading
13
Expert Witness Ethics
Expert Witness Ethics
Understanding the types of proceedings
Beginning the preparation phase
Understanding the curriculum vitae
Understanding testimony and evidence
Understanding the importance of ethical behavior
Summary
Questions
Further reading
14
Assessments
Chapter 01
Chapter 02
Chapter 03
Chapter 04
Chapter 05
Chapter 06
Chapter 07
Chapter 08
Chapter 09
Chapter 10
Chapter 11
Chapter 12
Chapter 13
15
Other Books You May Enjoy
Other Books You May Enjoy
16
Index
Index

Decoding email

An email has many unique identifiers for a digital forensic investigator to identify and track down. The mailbox and domain name, along with the message ID, will allow a digital forensic investigator to serve judicially approved subpoenas/search warrants on the vendor to follow any investigative leads.

In this section, we will break down the email header one section at a time so that you can decide how to conduct your investigation. First, we will start by discussing the email envelope.

Understanding the email message format

The vast majority of email users are only familiar with basic email information, such as this:

Subject background checks 
Date 07/19/2008 23:39:57 +0 
Sender [email protected] 
Recipients [email protected]

We are back to dealing with our friend Jean, and by looking at the email, we can see several fields commonly associated with an email. Here, we know the subject, background checks, the date and time when the user sent the email,...

Previous Section
End of Section 3
Next Section