Overview

All you need to know to succeed in digital forensics: technical and investigative skills, in one book   Complete, practical, and up-to-date Thoroughly covers digital forensics for Windows, Mac, mobile, hardware, and networks Addresses online and lab investigations, documentation, admissibility, and more By Dr. Darren Hayes, founder of Pace University’s Code Detectives forensics lab–one of America’s “Top 10 Computer Forensics Professors” Perfect for anyone pursuing a digital forensics career or working with examiners   Criminals go where the money is. Today, trillions of dollars of assets are digital, and digital crime is growing fast. In response, demand for digital forensics experts is soaring. To succeed in this exciting field, you need strong technical and investigative skills. In this guide, one of the world’s leading computer orensics experts teaches you all the skills you’ll need.   Writing for students and professionals at all levels, Dr. Darren Hayes presents complete best practices for capturing and analyzing evidence, protecting the chain of custody, documenting investigations, and scrupulously adhering to the law, so your evidence can always be used.   Hayes introduces today’s latest technologies and technical challenges, offering detailed coverage of crucial topics such as mobile forensics, Mac forensics, cyberbullying, and child endangerment.   This guide’s practical activities and case studies give you hands-on mastery of modern digital forensics tools and techniques. Its many realistic examples reflect the author’s extensive and pioneering work as a forensics examiner in both criminal and civil investigations.   Understand what computer forensics examiners do, and the types of digital evidence they work with Explore Windows and Mac computers, understand how their features affect evidence gathering, and use free tools to investigate their contents Extract data from diverse storage devices Establish a certified forensics lab and implement good practices for managing and processing evidence Gather data and perform investigations online Capture Internet communications, video, images, and other content Write comprehensive reports that withstand defense objections and enable successful prosecution Follow strict search and surveillance rules to make your evidence admissible Investigate network breaches, including dangerous Advanced Persistent Threats (APTs) Retrieve immense amounts of evidence from smartphones, even without seizing them Successfully investigate financial fraud performed with digital devices Use digital photographic evidence, including metadata and social media images  

Full Product Details

Author:   Darren Hayes
Publisher:   Pearson Education (US)
Imprint:   Pearson IT Certification
Dimensions:   Width: 17.70cm , Height: 2.80cm , Length: 23.20cm
Weight:   0.801kg
ISBN:  

9780789741158

ISBN 10:   0789741156
Pages:   528
Publication Date:   24 December 2014
Audience:   Professional and scholarly ,  College/higher education ,  Professional & Vocational ,  Tertiary & Higher Education
Replaced By:   9780789759917
Format:   Paperback
Publisher's Status:   Active
Availability:   In stock  
We have confirmation that this item is in stock with the supplier. It will be ordered in for you and dispatched immediately.

Table of Contents

Introduction xx Chapter 1: The Scope of Computer Forensics 2     Introduction.. . . . . . . . . . . . . . 2         Popular Myths about Computer Forensics.. . . . . . . 3     Types of Computer Forensics Evidence Recovered.. . . . . . 5         Electronic Mail (Email).. . . . . . . . . . . 5         Images.. . . . . . . . . . . . . . 7         Video. . . . . . . . . . . . . . 8         Websites Visited and Internet Searches.. . . . . . . 9         Cellphone Forensics.. . . . . . . . . . . 10     What Skills Must a Computer Forensics Investigator Possess?.. . . 10         Computer Science Knowledge. . . . . . . . . 10         Legal Expertise.. . . . . . . . . . . . 11         Communication Skills.. . . . . . . . . . . 11         Linguistic Abilities.. . . . . . . . . . . 11         Continuous Learning.. . . . . . . . . . . 11         An Appreciation for Confidentiality. . . . . . . . 12     The Importance of Computer Forensics.. . . . . . . . 12         Job Opportunities.. . . . . . . . . . . 12     A History of Computer Forensics.. . . . . . . . . 14         1980s: The Advent of the Personal Computer.. . . . . . 14         1990s: The Impact of the Internet.. . . . . . . . 15     Training and Education. . . . . . . . . . . . 19         Law Enforcement Training.. . . . . . . . . . 19     Summary.. . . . . . . . . . . . . . 25 Chapter 2: Windows Operating and File Systems 32     Introduction.. . . . . . . . . . . . . . 32     Physical and Logical Storage.. . . . . . . . . . 34         File Storage.. . . . . . . . . . . . . 34     File Conversion and Numbering Formats.. . . . . . . . 37         Conversion of Binary to Decimal.. . . . . . . . 37         Hexadecimal Numbering. . . . . . . . . . 37         Conversion of Hexadecimal to Decimal. . . . . . . 38         Conversion of Hexadecimal to ASCII (American Standard Code) for Information Interchange.. . . . . . . . . 38         Unicode.. . . . . . . . . . . . . 42     Operating Systems.. . . . . . . . . . . . 42         The Boot Process.. . . . . . . . . . . 42         Windows File Systems.. . . . . . . . . . 44     Windows Registry.. . . . . . . . . . . . . 50         Registry Data Types.. . . . . . . . . . . 52         FTK Registry Viewer.. . . . . . . . . . . 52     Microsoft Windows Features.. . . . . . . . . . 53         Windows Vista.. . . . . . . . . . . . 53         Windows 7.. . . . . . . . . . . . . 59         Windows 8.1. . . . . . . . . . . . . 70     Summary.. . . . . . . . . . . . . . 73 Chapter 3: Handling Computer Hardware 80     Introduction.. . . . . . . . . . . . . . 80     Hard Disk Drives.. . . . . . . . . . . . . 81         Small Computer System Interface (SCSI).. . . . . . . 81         Integrated Drive Electronics (IDE). . . . . . . . 82         Serial ATA (SATA).. . . . . . . . . . . 83     Cloning a PATA or SATA Hard Disk.. . . . . . . . . 86         Cloning Devices.. . . . . . . . . . . . 86     Removable Memory.. . . . . . . . . . . . 93         FireWire. . . . . . . . . . . . . . 94         USB Flash Drives.. . . . . . . . . . . . 94         External Hard Drives.. . . . . . . . . . . 95         MultiMedia Cards (MMCs).. . . . . . . . . . 96     Summary.. . . . . . . . . . . . . . 109     References.. . . . . . . . . . . . . . 114 Chapter 4: Acquiring Evidence in a Computer Forensics Lab 116     Introduction.. . . . . . . . . . . . . . 116     Lab Requirements. . . . . . . . . . . . 117         American Society of Crime Laboratory Directors.. . . . . 117         American Society of Crime Laboratory Directors/Lab Accreditation Board (ASCLD/LAB). . . . . . . . 117         ASCLD/LAB Guidelines for Forensic Laboratory Management Practices.. . . . . . . . . . . . . 117         Scientific Working Group on Digital Evidence (SWGDE).. . . 119     Private Sector Computer Forensics Laboratories.. . . . . . 119         Evidence Acquisition Laboratory.. . . . . . . . 120         Email Preparation Laboratory.. . . . . . . . . 120         Inventory Control.. . . . . . . . . . . 120         Web Hosting. . . . . . . . . . . . 121     Computer Forensics Laboratory Requirements.. . . . . . 121         Laboratory Layout.. . . . . . . . . . . 121         Laboratory Management. . . . . . . . . . 141         Laboratory Access. . . . . . . . . . . 141     Extracting Evidence from a Device.. . . . . . . . . 144         Using the dd Utility.. . . . . . . . . . . 144         Using Global Regular Expressions Print (GREP). . . . . 145     Skimmers. . . . . . . . . . . . . . 152     Summary.. . . . . . . . . . . . . . 156 Chapter 5: Online Investigations 162     Introduction.. . . . . . . . . . . . . . 162     Working Undercover. . . . . . . . . . . . 163         Generate an Identity.. . . . . . . . . . . 164         Generate an Email Account.. . . . . . . . . 165         Mask Your Identity. . . . . . . . . . . 167     Website Evidence.. . . . . . . . . . . . 171         Website Archives.. . . . . . . . . . . 171         Website Statistics.. . . . . . . . . . . 172     Background Searches on a Suspect. . . . . . . . . 173         Personal Information: Mailing Address, Email Address, Telephone Number, and Assets. . . . . . . . 174         Personal Interests and Membership of User Groups.. . . . 178         Searching for Stolen Property.. . . . . . . . . 179     Online Crime.. . . . . . . . . . . . . 195         Identity Theft.. . . . . . . . . . . . 195         Credit Cards for Sale. . . . . . . . . . . 195         Electronic Medical Records.. . . . . . . . . 196         Cyberbullying.. . . . . . . . . . . . 196         Social Networking.. . . . . . . . . . . 196     Capturing Online Communications.. . . . . . . . . 197         Using Screen Captures.. . . . . . . . . . 197         Using Video.. . . . . . . . . . . . 199         Viewing Cookies.. . . . . . . . . . . 199         Using Windows Registry.. . . . . . . . . . 200     Summary.. . . . . . . . . . . . . . 202 Chapter 6: Documenting the Investigation 210     Introduction.. . . . . . . . . . . . . . 210     Obtaining Evidence from a Service Provider.. . . . . . . 211     Documenting a Crime Scene.. . . . . . . . . . 211     Seizing Evidence. . . . . . . . . . . . . 213         Crime Scene Examinations. . . . . . . . . 213     Documenting the Evidence.. . . . . . . . . . 214         Completing a Chain of Custody Form.. . . . . . . 215         Completing a Computer Worksheet. . . . . . . . 216         Completing a Hard Disk Drive Worksheet.. . . . . . 217         Completing a Server Worksheet. . . . . . . . 218     Using Tools to Document an Investigation. . . . . . . 220         CaseNotes.. . . . . . . . . . . . . 220         FragView. . . . . . . . . . . . . 220         Helpful Mobile Applications (Apps).. . . . . . . . 221         Network Analyzer. . . . . . . . . . . 221         System Status.. . . . . . . . . . . . 221         The Cop App.. . . . . . . . . . . . 221         Lock and Code. . . . . . . . . . . . 221         Digital Forensics Reference.. . . . . . . . . 221         Federal Rules of Civil Procedure (FRCP).. . . . . . . 222         Federal Rules of Evidence (FREvidence).. . . . . . . 222     Writing Reports.. . . . . . . . . . . . . 222         Time Zones and Daylight Saving Time (DST).. . . . . . 222         Creating a Comprehensive Report. . . . . . . . 224     Using Expert Witnesses at Trial. . . . . . . . . . 227         The Expert Witness.. . . . . . . . . . . 228         The Goals of the Expert Witness.. . . . . . . . 228         Preparing an Expert Witness for Trial.. . . . . . . 228     Summary.. . . . . . . . . . . . . . 231 Chapter 7: Admissibility of Digital Evidence 238     Introduction.. . . . . . . . . . . . . . 238     History and Structure of the United States Legal System. . . . 239         Origins of the U.S. Legal System.. . . . . . . . 240         Overview of the U.S. Court System.. . . . . . . . 241         In the Courtroom.. . . . . . . . . . . 245     Evidence Admissibility.. . . . . . . . . . . 248     Constitutional Law.. . . . . . . . . . . . 248         First Amendment.. . . . . . . . . . . 248         First Amendment and the Internet.. . . . . . . . 249         Fourth Amendment.. . . . . . . . . . . 251         Fifth Amendment.. . . . . . . . . . . 263         Sixth Amendment.. . . . . . . . . . . 264         Congressional Legislation. . . . . . . . . . 265         Rules for Evidence Admissibility. . . . . . . . 271         Criminal Defense.. . . . . . . . . . . 276     When Computer Forensics Goes Wrong.. . . . . . . . 277         Pornography in the Classroom. . . . . . . . . 277     Structure of the Legal System in the European Union (E.U.).. . . . 278         Origins of European Law. . . . . . . . . . 278         Structure of European Union Law.. . . . . . . . 279     Structure of the Legal System in Asia. . . . . . . . 282         China. . . . . . . . . . . . . . 282         India.. . . . . . . . . . . . . . 282     Summary.. . . . . . . . . . . . . . 283 Chapter 8: Network Forensics 292     Introduction.. . . . . . . . . . . . . . 292     The Tools of the Trade.. . . . . . . . . . . 293     Networking Devices.. . . . . . . . . . . . 294         Proxy Servers. . . . . . . . . . . . 295         Web Servers. . . . . . . . . . . . 295         DHCP Servers.. . . . . . . . . . . . 298         SMTP Servers.. . . . . . . . . . . . 299         DNS Servers. . . . . . . . . . . . 301         Routers.. . . . . . . . . . . . . 302         IDS.. . . . . . . . . . . . . . 304         Firewalls.. . . . . . . . . . . . . 304         Ports.. . . . . . . . . . . . . . 305     Understanding the OSI Model.. . . . . . . . . . 305         The Physical Layer. . . . . . . . . . . 306         The Data Link Layer. . . . . . . . . . . 306         The Network Layer. . . . . . . . . . . 306         The Transport Layer.. . . . . . . . . . . 307         The Session Layer.. . . . . . . . . . . 308         The Presentation Layer.. . . . . . . . . . 308         The Application Layer.. . . . . . . . . . 309     Advanced Persistent Threats. . . . . . . . . . 310         Cyber Kill Chain.. . . . . . . . . . . . 310         Indicators of Compromise (IOC). . . . . . . . 312     Investigating a Network Attack.. . . . . . . . . . 313     Summary.. . . . . . . . . . . . . . 314 Chapter 9: Mobile Forensics 320     Introduction.. . . . . . . . . . . . . . 320     The Cellular Network.. . . . . . . . . . . . 322         Base Transceiver Station.. . . . . . . . . . 322         Mobile Station.. . . . . . . . . . . . 326         Cellular Network Types.. . . . . . . . . . 331         SIM Card Forensics.. . . . . . . . . . . 334         Types of Evidence.. . . . . . . . . . . 337     Handset Specifications.. . . . . . . . . . . 338         Memory and Processing.. . . . . . . . . . 338         Battery.. . . . . . . . . . . . . 338         Other Hardware.. . . . . . . . . . . . 338     Mobile Operating Systems. . . . . . . . . . . 339         Android OS. . . . . . . . . . . . . 339         Windows Phone. . . . . . . . . . . . 347     Standard Operating Procedures for Handling Handset Evidence.. . . 347         National Institute of Standards and Technology .. . . . . 348         Preparation and Containment. . . . . . . . . 349         Wireless Capabilities.. . . . . . . . . . . 352         Documenting the Investigation. . . . . . . . . 354     Handset Forensics.. . . . . . . . . . . . 354         Cellphone Forensic Software.. . . . . . . . . 354         Cellphone Forensics Hardware.. . . . . . . . 357         Logical versus Physical Examination.. . . . . . . 358     Manual Cellphone Examinations.. . . . . . . . . 358         Flasher Box.. . . . . . . . . . . . 359     Global Satellite Service Providers.. . . . . . . . . 360         Satellite Communication Services.. . . . . . . . 360     Legal Considerations.. . . . . . . . . . . . 360         Carrier Records.. . . . . . . . . . . . 361     Other Mobile Devices.. . . . . . . . . . . . 361         Tablets.. . . . . . . . . . . . . 361         GPS Devices.. . . . . . . . . . . . 362     Summary.. . . . . . . . . . . . . . 364 Chapter 10: Photograph Forensics 372     Introduction.. . . . . . . . . . . . . . 372     Understanding Digital Photography.. . . . . . . . . 375         File Systems.. . . . . . . . . . . . 375         Digital Photography Applications and Services.. . . . . 376     Examining Picture Files.. . . . . . . . . . . 377         Exchangeable Image File Format (EXIF).. . . . . . . 377     Evidence Admissibility.. . . . . . . . . . . 380         Federal Rules of Evidence (FRE).. . . . . . . . 380         Analog vs. Digital Photographs.. . . . . . . . 381     Case Studies.. . . . . . . . . . . . . 382         Worldwide Manhunt.. . . . . . . . . . . 382         NYPD Facial Recognition Unit.. . . . . . . . . 383     Summary.. . . . . . . . . . . . . . 384 Chapter 11: Mac Forensics 390     Introduction.. . . . . . . . . . . . . . 390     A Brief History.. . . . . . . . . . . . . 391         Macintosh. . . . . . . . . . . . . 391         Mac Mini with OS X Server.. . . . . . . . . 391         iPod. . . . . . . . . . . . . . 393         iPhone. . . . . . . . . . . . . . 394         iPad. . . . . . . . . . . . . . 394         Apple Wi-Fi Devices.. . . . . . . . . . . 395     Macintosh File Systems.. . . . . . . . . . . 397     Forensic Examinations of a Mac.. . . . . . . . . 398         IOReg Info.. . . . . . . . . . . . . 398         PMAP Info.. . . . . . . . . . . . . 399         Epoch Time.. . . . . . . . . . . . 399         Recovering Deleted Files.. . . . . . . . . . 401         Journaling. . . . . . . . . . . . . 401         DMG File System.. . . . . . . . . . . 401         PList Files.. . . . . . . . . . . . . 401         SQLite Databases.. . . . . . . . . . . 404     Macintosh Operating Systems.. . . . . . . . . . 404         Mac OS X.. . . . . . . . . . . . . 405         Target Disk Mode.. . . . . . . . . . . 408     Apple Mobile Devices. . . . . . . . . . . . 409         iOS.. . . . . . . . . . . . . . 410         iOS 7.. . . . . . . . . . . . . . 410         iOS 8.. . . . . . . . . . . . . . 410         Security and Encryption.. . . . . . . . . . 411         iPod. . . . . . . . . . . . . . 412         iPhone. . . . . . . . . . . . . . 413         Enterprise Deployment of iPhone and iOS Devices.. . . . 426     Case Studies.. . . . . . . . . . . . . 426         Find My iPhone.. . . . . . . . . . . . 427         Wanted Hactevist.. . . . . . . . . . . 427         Michael Jackson.. . . . . . . . . . . 427         Stolen iPhone. . . . . . . . . . . . 427         Drug Bust.. . . . . . . . . . . . . 427     Summary.. . . . . . . . . . . . . . 428 Chapter 12: Case Studies 436     Introduction.. . . . . . . . . . . . . . 436     Zacharias Moussaoui.. . . . . . . . . . . . 437         Background.. . . . . . . . . . . . 437         Digital Evidence.. . . . . . . . . . . . 438         Standby Counsel Objections.. . . . . . . . . 439         Prosecution Affidavit.. . . . . . . . . . . 440         Exhibits.. . . . . . . . . . . . . 440         Email Evidence. . . . . . . . . . . . 440     BTK (Bind Torture Kill) Killer. . . . . . . . . . 441         Profile of a Killer. . . . . . . . . . . . 441         Evidence.. . . . . . . . . . . . . 442     Cyberbullying.. . . . . . . . . . . . . 443         Federal Anti-harassment Legislation.. . . . . . . 443         State Anti-harassment Legislation.. . . . . . . . 443         Warning Signs of Cyberbullying.. . . . . . . . 443         What Is Cyberbullying?.. . . . . . . . . . 444         Phoebe Prince.. . . . . . . . . . . . 444         Ryan Halligan.. . . . . . . . . . . . 445         Megan Meier.. . . . . . . . . . . . 445         Tyler Clementi.. . . . . . . . . . . . 445     Sports.. . . . . . . . . . . . . . . 447     Summary.. . . . . . . . . . . . . . 449 TOC, 9780789741158, 11/20/2014  

Reviews

Author Information

Dr. Darren R. Hayes is a leading expert in the field of digital forensics and computer security. He is the director of cybersecurity and an assistant professor at Pace University, and he has been named one of the Top 10 Computer Forensics Professors by Forensics Colleges.   Hayes has served on the board of the High Technology Crime Investigation Association (HTCIA), Northeast Chapter, and is the former president of that chapter. He also established a student chapter of the HTCIA at Pace University.   During his time at Pace University, Hayes developed a computer forensics track for the school’s bachelor of science in information technology degree. He also created a computer forensics research laboratory, where he devotes most of his time to working with a team of students in computer forensics and, most recently, the burgeoning field of mobile forensics. As part of his research and promotion of this scientific field of study, he has fostered relationships with the NYPD, N.Y. State Police, and other law enforcement agencies. He also organized a successful internship program at the cybercrime division of the New York County D.A. Office and the Westchester County D.A. Office.   Hayes is not only an academic, however—he is also a practitioner. He has been an investigator on both civil and criminal investigations and has been called upon as an expert for a number of law firms. In New York City, Hayes has been working with six to eight public high schools to develop a curriculum in computer forensics. He collaborates on computer forensics projects internationally and has served as an extern examiner for the MSc in Forensic Computing and Cybercrime Investigation degree program at University College Dublin for four years.   Hayes has appeared on Bloomberg Television and Fox 5 News and been quoted by Associated Press, CNN, Compliance Week, E-Commerce Times, The Guardian (UK), Investor’s Business Daily, MarketWatch, Newsweek, Network World, Silicon Valley Business Journal, USA Today, Washington Post, and Wired News. His op-eds have been published by American Banker’s BankThink and The Hill’s Congress Blog. In addition, he has authored a number of peer-reviewed articles in computer forensics, most of which have been published by the Institute of Electrical and Electronics Engineers (IEEE). Hayes has been both an author and reviewer for Pearson Prentice Hall since 2007.

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions