The Basics of Digital Forensics provides a foundation for people new to the field of digital forensics. This book teaches you how to conduct examinations by explaining what digital forensics is, the methodologies used, key technical concepts and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud, and Internet are discussed. Readers will also learn how to collect evidence, document the scene, and recover deleted data. This is the only resource your students need to get a jump-start into digital forensics investigations.
This book is organized into 11 chapters. After an introduction to the basics of digital forensics, the book proceeds with a discussion of key technical concepts. Succeeding chapters cover labs and tools; collecting evidence; Windows system artifacts; anti-forensics; Internet and email; network forensics; and mobile device forensics. The book concludes by outlining challenges and concerns associated with digital forensics. PowerPoint lecture slides are also available.
This book will be a valuable resource for entry-level digital forensics professionals as well as those in complimentary fields including law enforcement, legal, and general information security.
- Learn all about what Digital Forensics entails
- Build a toolkit and prepare an investigative plan
- Understand the common artifacts to look for during an exam
Entry-level digital forensics professionals, also complimentary fields such as: law enforcement, legal, general information security.
About the Author
About the Technical Editor
Chapter 1. Introduction
What is Forensic Science?
What is Digital Forensics?
Uses of Digital Forensics
Locard's Exchange Principle
Organizations of Note
Role of the Forensic Examiner in the Judicial System
Chapter 2. Key Technical Concepts
Bits, Bytes, and Numbering Schemes
File Extensions and File Signatures
Storage and Memory
Allocated and Unallocated Space
How Magnetic Hard Drives Store Data
Basic Computer Function—Putting it All Together
Chapter 3. Labs and Tools
Policies and Procedures
Digital Forensic Tools
Chapter 4. Collecting Evidence
Crime Scenes and Collecting Evidence
Documenting the Scene
Chain of Custody
Live System versus Dead System
Chapter 5. Windows System Artifacts
Hibernation File (Hiberfile.Sys)
Most Recently Used (MRU)
Restore Points and Shadow Copy
Chapter 6. Antiforensics
Chapter 7. Legal
The Fourth Amendment
Criminal Law—Searches Without a Warrant
Searching with a Warrant
Electronic Discovery (eDiscovery)
Chapter 8. Internet and E-Mail
Web Browsers—Internet Explorer
Social Networking Sites
Chapter 9. Network Forensics
Network Security Tools
Network Evidence and Investigations
Chapter 10. Mobile Device Forensics
Cell Phone Evidence
Cell Phone Forensic Tools
Global Positioning Systems (GPS)
Chapter 11. Looking Ahead
Standards and Controls
Cloud Forensics (Finding/Identifying Potential Evidence Stored In the Cloud)
Solid State Drives (SSD)
Speed of Change
- No. of pages:
- © Syngress 2012
- 24th February 2012
- eBook ISBN:
- Paperback ISBN:
John Sammons is an Associate Professor and Director of the undergraduate program in Digital Forensics and Information Assurance at Marshall University in Huntington, West Virginia. John teaches digital forensics, electronic discovery, information security and technology in the School of Forensic and Criminal Justices Sciences. He's also adjunct faculty with the Marshall University graduate forensic science program where he teaches the advanced digital forensics course. John, a former police officer, is also an Investigator with the Cabell County Prosecuting Attorney’s Office and a member of the West Virginia Internet Crimes Against Children Task Force. He is a Member of the American Academy of Forensic Sciences, the High Technology Crime Investigation Association, and Infragard.
John is the founder and President of the Appalachian Institute of Digital Evidence. AIDE is a non-profit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement and information security practitioners in the private sector. He is the author of best-selling book, The Basics of Digital Forensics published by Syngress.
Associate Professor and Director of the Digital Forensics and Information Assurance program, Marshall University, Huntington, WV, USA
"This book is an excellent introduction and overview of the field of Configuration Systems. It covers the most important developments in the field."--HPCMagazine.com, August 2014
"The book is quite easy to read – the author uses colloquial language and the text flows more like long magazine articles rather than a text book. A nice addition is computer forensic case studies that are peppered throughout the book."--The Journal of Digital Forensics, Security and Law,Vol. 9, No. 1, 2014