Computer Evidence
Charles River Media
978-1-58450-405-4 (ISBN)
- Titel erscheint in neuer Auflage
- Artikel merken
Computer Evidence: Collection and Preservation teaches law enforcement and computer forensics investigators how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. The book focuses on collection and preservation because these two phases of computer forensics are the most critical to evidence acceptance, but are not thoroughly covered in text or courses. Throughout the book, a constant eye is kept on evidence dynamics and the impact investigators can have on data integrity while collecting evidence. The simple act of a computer forensics investigator shutting down a suspect’s computer changes the state of the computer as well as many of its files, so a good understanding of evidence dynamics is essential when doing computer forensics work. Broken up into five parts, Computer Forensics & Evidence Dynamics, Information Systems, Data Storage Systems & Media, Artifact Collection, and Archiving & Maintaining Evidence, the book places specific focus on how investigators and their tools are interacting with digital evidence. By reading and using this task-oriented guide, computer forensics investigators will be able to ensure case integrity during the most crucial phases of the computer forensics process.
Christopher L. T. Brown, CISSP, is the founder and CTO of Technology Pathways. He is the chief architect of the Technology Pathways ProDiscover family of security products. Prior to his position with Technology Pathways, Mr. Brown served in key technology positions at several companies including GlobalApp, Inc., CompuVision, Inc., and StoragePoint, Inc. He is retired from a career with the U.S. Navy, where he managed a large team of technicians working in the area of information warfare and network security operations. In addition to his demanding duties as ProDiscover’s chief architect, Mr. Brown teaches network security and computer forensics at the University of California at San Diego and has written numerous books on Windows, Security, the Internet, and forensics. He served as president of the San Diego HTCIA chapter in 2006, first vice president in 2005, second vice president in 2003, and was the 2007 HTCIA International conference chair. He attended UCSD and holds numerous career certifications from (ISC)2, Microsoft, Cisco, CompTIA, and CITRIX.
Acknowledgments
Introduction
Part I Computer Forensics and Evidence Dynamics
Chapter 1 Computer Forensics Essentials
Chapter 2 Rules of Evidence, Case Law, and Regulation
Chapter 3 Evidence Dynamics
Part II Information Systems
Chapter 4 Interview, Policy, and Audit
Chapter 5 Network Topology and Architecture
Chapter 6 Volatile Data
Part III Data Storage Systems and Media
Chapter 7 Physical Disk Technologies
Chapter 8 SAN, NAS, and RAID
Chapter 9 Removable Media
Part IV Artifact Collection
Chapter 10 Tools, Preparation, and Documentation
Chapter 11 Collecting Volatile Data
Chapter 12 Imaging Methodologies
Chapter 13 Large System Collection
Part V Archiving and Maintaining Evidence
Chapter 14 The Forensics Workstation
Chapter 15 The Forensics Lab
Chapter 16 Whats Next
Appendix A Sample Chain of Custody Form
Appendix B Evidence Collection Worksheet
Appendix C Evidence Access Worksheet
Appendix D Forensics Field Kit
Appendix E Hexadecimal Flags for Partition Types
Appendix F Forensics Tools for Digital Evidence Collection
Appendix G Agencies, Contacts, and Resources
Appendix H Investigators Cisco Router Command Cheat Sheet
Appendix I About the CD-ROM
Index
Erscheint lt. Verlag | 2.11.2005 |
---|---|
Verlagsort | Hingham |
Sprache | englisch |
Maße | 189 x 235 mm |
Gewicht | 716 g |
Themenwelt | Informatik ► Theorie / Studium ► Kryptologie |
Recht / Steuern ► Strafrecht ► Kriminologie | |
ISBN-10 | 1-58450-405-6 / 1584504056 |
ISBN-13 | 978-1-58450-405-4 / 9781584504054 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |