Practical Forensic Imaging - Bruce Nikkel

Practical Forensic Imaging

Securing Digital Evidence with Linux Tools

(Autor)

Buch | Softcover
320 Seiten
2016
No Starch Press (Verlag)
978-1-59327-793-2 (ISBN)
59,80 inkl. MwSt
Forensic image acquisition is an important part of postmortem incident response and evidence collection. Digital forensic investigators acquire, preserve, and manage digital evidence to support civil and criminal cases; examine organizational policy violations; resolve disputes; and analyze cyber attacks.

Practical Forensic Imaging takes a detailed look at how to secure and manage digital evidence using Linux-based command line tools.

This essential guide walks you through the entire forensic acquisition process and covers a wide range of practical scenarios and situations ­related to the imaging of storage media.

You’ll learn how to:
  • Perform forensic imaging of magnetic hard disks, SSDs and flash drives, opti­cal discs, magnetic tapes, and legacy technologies
  • Protect attached evidence media from accidental modification
  • Manage large forensic image files, storage capacity, image format conversion, compression, splitting, duplication, secure transfer and storage, and secure ­disposal
  • Preserve and verify evidence integrity with cryptographic and piecewise hashing, public key signatures, and RFC-3161 ­timestamping
  • Work with newer drive and interface tech­nologies like NVME, SATA Express, 4K-native sector drives, SSHDs, SAS, UASP/USB3x, and Thunderbolt
  • Manage drive security such as ATA pass­words; encrypted thumb drives; Opal self-encrypting drives; OS-encrypted drives using BitLocker, FileVault, and TrueCrypt; and others
  • Acquire usable images from more complex or challenging situations such as RAID systems, virtual machine images, and damaged media

With its unique focus on digital forensic acquisition and evidence preservation, ­Practical Forensic Imaging is a valuable resource for experienced digital forensic investigators wanting to advance their Linux skills and experienced Linux administrators wanting to learn digital forensics.

This is a must-have reference for every digital forensics lab.

Bruce Nikkel is the director of Cyber-Crime / IT Investigation & Forensics at a global financial institution. Nikkel has headed the bank's global IT forensics unit since 2005, and worked for the bank's IT Security and Risk departments since 1997. Nikkel has published a number of research papers in the digital forensics field, is an editor for Digital Investigation journal, and holds a PhD in network forensics.

Introduction
Chapter 0: Digital Forensics Overview
Chapter 1: Storage Media Overview<
Chapter 2: Linux as a Forensic Acquisition Platform
Chapter 3: Forensic Image Formats
Chapter 4: Planning and Preparation
Chapter 5: Attaching Subject Media to an Acquisition Host
Chapter 6: Forensic Image Acquisition
Chapter 7: Forensic Image Management
Chapter 8: Special Image Access Topics
Chapter 9: Extracting Subsets of Forensic Images

Erscheinungsdatum
Verlagsort Daly City, California
Sprache englisch
Maße 177 x 234 mm
Gewicht 608 g
Einbandart kartoniert
Themenwelt Informatik Betriebssysteme / Server Unix / Linux
Mathematik / Informatik Informatik Datenbanken
Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
Schlagworte cyber crime • Forensic Imaging • IT-Sicherheit • Kryptographie • Linux • Tools
ISBN-10 1-59327-793-8 / 1593277938
ISBN-13 978-1-59327-793-2 / 9781593277932
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich