THE DEFINITIVE GUIDE TO DIGITAL FORENSICS NOW THOROUGHLY UPDATED WITH NEW TECHNIQUES, TOOLS, AND SOLUTIONS
Complete, practical coverage of both technical and investigative skills
Thoroughly covers modern devices, networks, and the Internet
Addresses online and lab investigations, documentation, admissibility, and more
Aligns closely with the NSA Knowledge Units and the NICE Cybersecurity Workforce Framework
As digital crime soars, so does the need for experts who can recover and evaluate evidence for successful prosecution. Now, Dr. Darren Hayes has thoroughly updated his definitive guide to digital forensics investigations, reflecting current best practices for securely seizing, extracting and analyzing digital evidence, protecting the integrity of the chain of custody, effectively documenting investigations, and scrupulously adhering to the law, so that your evidence is admissible in court.
Every chapter of this new Second Edition is revised to reflect newer technologies, the latest challenges, technical solutions, and recent court decisions. Hayes has added detailed coverage of wearable technologies, IoT forensics, 5G communications, vehicle forensics, and mobile app examinations; advances in incident response; and new iPhone and Android device examination techniques. Through practical activities, realistic examples, and fascinating case studies, you'll build hands-on mastery and prepare to succeed in one of today's fastest-growing fields.
LEARN HOW TO
Understand what digital forensics examiners do, the evidence they work with, and the opportunities available to them
Explore how modern device features affect evidence gathering, and use diverse tools to investigate them
Establish a certified forensics lab and implement best practices for managing and processing evidence
Gather data online to investigate today's complex crimes
Uncover indicators of compromise and master best practices for incident response
Investigate financial fraud with digital evidence
Use digital photographic evidence, including metadata and social media images
Investigate wearable technologies and other Internet of Things devices
Learn new ways to extract a full file system image from many iPhones
Capture extensive data and real-time intelligence from popular apps
Follow strict rules to make evidence admissible, even after recent Supreme Court decisions
Author(s): Darren R. Hayes
Edition: 2
Publisher: Pearson IT Certification
Year: 2020
Language: English
Commentary: decrypted from E5373A495BAA58B2A8945A26D1F2A2A8 source file
Pages: 1633
About This eBook
Title Page
Copyright Page
Credits
Contents at a Glance
Table of Contents
About the Author
About the Technical Reviewers
Dedication
Acknowledgments
We Want to Hear from You!
Introduction
Chapter 1. The Scope of Digital Forensics
Popular Myths about Computer Forensics
Types of Digital Forensic Evidence Recovered
What Skills Must a Digital Forensics Investigator Possess?
The Importance of Digital Forensics
Job Opportunities
A History of Digital Forensics
Training and Education
Summary
Key Terms
Assessment
Chapter 2. Windows Operating and File Systems
Physical and Logical Storage
Paging
File Conversion and Numbering Formats
Operating Systems
Windows Registry
Microsoft Office
Microsoft Windows Features
Summary
Key Terms
Assessment
Chapter 3. Handling Computer Hardware
Hard Disk Drives
Cloning a PATA or SATA Hard Disk
Removable Memory
Summary
Key Terms
Assessment
Reference
Chapter 4. Acquiring Evidence in a Computer Forensics Lab
Lab Requirements
Private-Sector Computer Forensics Laboratories
Computer Forensics Laboratory Requirements
Extracting Evidence from a Device
Skimmers
Steganography
Summary
Key Terms
Assessment
Chapter 5. Online Investigations
Working Undercover
Dark Web Investigations
Virtual Currencies
Website Evidence
Background Searches on a Suspect
Online Crime
Capturing Online Communications
Edge Web Browser
Summary
Key Terms
Assessment
Chapter 6. Documenting the Investigation
Obtaining Evidence from a Service Provider
Documenting a Crime Scene
Seizing Evidence
Documenting the Evidence
Using Tools to Document an Investigation
Writing Reports
Using Expert Witnesses at Trial
Summary
Key Terms
Assessment
Chapter 7. Admissibility of Digital Evidence
History and Structure of the United States Legal System
Evidence Admissibility
Constitutional Law
When Computer Forensics Goes Wrong
Structure of the Legal System in the European Union (E.U.)
Privacy Legislation in Asia
Summary
Key Terms
Assessment
Chapter 8. Network Forensics and Incident Response
The Tools of the Trade
Networking Devices
Understanding the OSI Model
Introduction to VoIP
Incident Response (IR)
STIX, TAXII, and Cybox
Advanced Persistent Threats
Investigating a Network Attack
Summary
Key Terms
Assessment
Chapter 9. Mobile Forensics
The Cellular Network
Handset Specifications
Mobile Operating Systems
Standard Operating Procedures for Handling Handset Evidence
Handset Forensics
Manual Cellphone Examinations
Global Satellite Service Providers
Legal Considerations
Other Mobile Devices
Documenting the Investigation
Summary
Key Terms
Assessment
Chapter 10. Mobile App Investigations
Static Versus Dynamic Analysis
Dating Apps
Rideshare Apps
Communication Apps
Summary
Key Terms
Assessment
Chapter 11. Photograph Forensics
National Center for Missing and Exploited Children (NCMEC)
Project VIC
Case Studies
Understanding Digital Photography
Examining Picture Files
Evidence Admissibility
Case Studies
Summary
Key Terms
Assessment
Chapter 12. Mac Forensics
A Brief History
Apple Wi-Fi Devices
Macintosh File Systems
Macintosh Operating Systems
Apple Mobile Devices
Performing a Mac Forensics Examination
Case Studies
Summary
Key Terms
Assessment
Chapter 13. Case Studies
Silk Road
Las Vegas Massacre
Zacharias Moussaoui
BTK (Bind Torture Kill) Serial Killer
Cyberbullying
Sports
Summary
Key Terms
Assessment
Assignment
Chapter 14. Internet of Things (IoT) Forensics and Emergent Technologies
5G
Wi-Fi 6
Wi-Fi Mesh Networks
Shodan
Mirai Botnet
Cryptocurrency Mining
Alexa
Micro-Chipping
Fitness Trackers
Apple Watch
Action Cameras
Police Safety
Police Vehicles
Vehicle Forensics
Low-Tech Solution for High-Tech Seizures
Summary
Key Terms
Assessment
Answer Key
Index
Code Snippets
