Product Cover Image

Digital Archaeology: The Art and Science of Digital Forensics, CourseSmart eTextbook

By Michael Graves

Published by Addison-Wesley Professional

Published Date: Aug 23, 2013

Description

In Digital Archaeology, expert practitioner Michael Graves has written the most thorough, realistic, and up-to-date guide to the principles and techniques of modern digital forensics. He begins by providing a solid understanding of the legal underpinnings of and critical laws affecting computer forensics, including key principles of evidence and case law. Next, he explains how to systematically and thoroughly investigate computer systems to unearth crimes or other misbehavior, and back it up with evidence that will stand up in court. Drawing on the analogy of archaeological research, Graves explains each key tool and method investigators use to reliably uncover hidden information in digital systems. Graves concludes by presenting coverage of important professional and business issues associated with building a career in digital forensics, including current licensing and certification requirements.

Table of Contents

Preface          xiii

About the Author         xxi

 

Chapter 1: The Anatomy of a Digital Investigation         1

A Basic Model for Investigators  2

Understanding the Scope of the Investigation  8

Identifying the Stakeholders  12

The Art of Documentation  13

Chapter Review  21

Chapter Exercises  21

References  22

 

Chapter 2: Laws Affecting Forensic Investigations          23

Constitutional Implications of Forensic Investigation  24

The Right to Privacy  29

The Expert Witness  31

Chapter Review  32

Chapter Exercises  32

References  33

 

Chapter 3: Search Warrants and Subpoenas          35

Distinguishing between Warrants and Subpoenas  36

What Is a Search and When Is It Legal?  37

Basic Elements of Obtaining a Warrant  40

The Plain View Doctrine  43

The Warrantless Search  44

Subpoenas  50

Chapter Review 51

Chapter Exercises  52

References  52

 

Chapter 4: Legislated Privacy Concerns          55

General Privacy  56

Financial Legislation  59

Privacy in Health Care and Education  62

Privileged Information  64

Chapter Review  67

Chapter Exercises  68

References  68

 

Chapter 5: The Admissibility of Evidence          71

What Makes Evidence Admissible?  71

Keeping Evidence Authentic  76

Defining the Scope of the Search  84

When the Constitution Doesn’t Apply  84

Chapter Review  89

Chapter Exercises  89

References  89

 

Chapter 6: First Response and the Digital Investigator         91

Forensics and Computer Science  91

Controlling the Scene of the Crime  96

Handling Evidence  100

Chapter Review  109

Chapter Exercises  109

References  110

 

Chapter 7: Data Acquisition         111

Order of Volatility  112

Memory and Running Processes  112

Acquiring Media  121

Chapter Review  128

Chapter Exercises  128

References  129

 

Chapter 8: Finding Lost Files         131

File Recovery  131

The Deleted File  141

Data Carving  145

Chapter Review  149

Chapter Exercises  150

References  150

 

Chapter 9: Document Analysis          151

File Identification  151

Understanding Metadata  157

Mining the Temporary Files  172

Identifying Alternate Hiding Places of Data  176

Chapter Review  183

Chapter Exercises  183

References  183

 

Chapter 10: E-mail Forensics          185

E-mail Technology  185

Information Stores  191

The Anatomy of an E-mail  196

An Approach to E-mail Analysis  203

Chapter Review  210

Chapter Exercises  211

References  211

 

Chapter 11: Web Forensics           213

Internet Addresses  213

Web Browsers  215

Web Servers  233

Proxy Servers  238

Chapter Review  244

Chapter Exercises  244

References  245

 

Chapter 12: Searching the Network          247

An Eagle’s Eye View  247

Initial Response  248

Proactive Collection of Evidence  250

Post-Incident Collection of Evidence  262

Router and Switch Forensics  268

Chapter Review  275

Chapter Exercises  275

References  276

 

Chapter 13: Excavating a Cloud          277

What Is Cloud Computing?  277

Shaping the Cloud  279

The Implications of Cloud Forensics  284

On Virtualization  291

Constitutional Issues  300

Chapter Review  303

Chapter Exercises  304

References  304

 

Chapter 14: Mobile Device Forensics         307

Challenges of Mobile Device Forensics  307

How Cell Phones Work  308

Data Storage on Cell Phones  313

Acquisition and Storage  317

Legal Aspects of Mobile Device Forensics  322

Chapter Review  324

Chapter Exercises  325

References  325

 

Chapter 15: Fighting Antiforensics         327

Artifact Destruction  328

Hiding Data on the System  336

Covert Data  347

Chapter Review  354

Chapter Exercises 355

References  355

 

Chapter 16: Litigation and Electronic Discovery          357

What Is E-Discovery?  358

A Roadmap of E-Discovery  358

Conclusion  377

Chapter Review  377

Chapter Exercises  377

References  378

 

Chapter 17: Case Management and Report Writing          379

Managing a Case  379

Writing Reports  389

Chapter Review  393

Chapter Exercises  394

References  394

 

Chapter 18: Tools of the Digital Investigator         395

Software Tools  395

Working with “Court-Approved” Tools  410

Hardware Tools  413

Nontechnical Tools  418

Chapter Review  421

Chapter Exercises  422

References  422

 

Chapter 19: Building a Forensic Workstation          423

What Is a Forensic Workstation?  424

Commercially Available Forensic Workstations  425

Building a Forensic Workstation From Scratch  429

Chapter Review  440

Chapter Exercises  440

References  440

 

Chapter 20: Licensing and Certification          441

Digital Forensic Certification  441

Vendor-Neutral Certification Programs  442

Vendor-Specific Certification Programs  449

Digital Forensic Licensing Requirements  452

Chapter Review  454

Chapter Exercises  454

References  454

 

Chapter 21: The Business of Digital Forensics         457

Starting a New Forensics Organization  458

Maintaining the Organization  466

Generating Revenue  478

Organizational Certification  481

Chapter Review  483

Chapter Exercises  483

References  483

 

Appendix A: Chapter Review Answers          485

 

Appendix B: Sample Forms         505

 

Glossary         511

 

Index       521

 

Purchase Info ?

With CourseSmart eTextbooks and eResources, you save up to 60% off the price of new print textbooks, and can switch between studying online or offline to suit your needs.

Once you have purchased your eTextbooks and added them to your CourseSmart bookshelf, you can access them anytime, anywhere.

Buy Access

Digital Archaeology: The Art and Science of Digital Forensics, CourseSmart eTextbook
Format: Safari Book

$39.99 | ISBN-13: 978-0-13-346188-6