Practical Guide to Digital Forensics Investigations, A

THE DEFINITIVE GUIDE TO DIGITAL FORENSICS-NOW THOROUGHLY UPDATED WITH NEW TECHNIQUES, TOOLS, AND SOLUTIONS    Complete, practical coverage of both technical and investigative skills    Thoroughly covers modern devices, networks, and the Internet    Addresses online and lab investigations, documentation, admissibility, and more    Aligns closely with the NSA Knowledge Units and the NICE Cybersecurity Workforce Framework    As digital crime soars, so does the need for experts who can recover and evaluate evidence for successful prosecution. Now, Dr. Darren Hayes has thoroughly updated his definitive guide to digital forensics investigations, reflecting current best practices for securely seizing, extracting and analyzing digital evidence, protecting the integrity of the chain of custody, effectively documenting investigations, and scrupulously adhering to the law, so that your evidence is admissible in court.    Every chapter of this new Second Edition is revised to reflect newer technologies, the latest challenges, technical solutions, and recent court decisions. Hayes has added detailed coverage of wearable technologies, IoT forensics, 5G communications, vehicle forensics, and mobile app examinations; advances in incident response; and new iPhone and Android device examination techniques. Through practical activities, realistic examples, and fascinating case studies, you'll build hands-on mastery-and prepare to succeed in one of today's fastest-growing fields.    LEARN HOW TO    

• Understand what digital forensics examiners do, the evidence they work with, and the opportunities available to them
• Explore how modern device features affect evidence gathering, and use diverse tools to investigate them
• Establish a certified forensics lab and implement best practices for managing and processing evidence
• Gather data online to investigate today's complex crimes
• Uncover indicators of compromise and master best practices for incident response
• Investigate financial fraud with digital evidence
• Use digital photographic evidence, including metadata and social media images
• Investigate wearable technologies and other "Internet of Things" devices
• Learn new ways to extract a full fi le system image from many iPhones
• Capture extensive data and real-time intelligence from popular apps
• Follow strict rules to make evidence admissible, even after recent Supreme Court decisions

Auteur

Dr. Darren R. Hayes is a leading expert in the field of digital forensics and computer security. He is the Director of Digital Forensics and Associate Professor at Pace University, and he has been named one of the Top 10 Computer Forensics Professors by Forensics Colleges. He was selected as the recipient of the 2020 Homeland Security Investigations New York Private Sector Partnership Award. During his time at Pace University, Hayes developed a Digital Forensics track for the University's Bachelor of Science in Information Technology degree in addition to his development of digital forensics graduate courses. He also created, and now manages, the Pace University Digital Forensics Research Laboratory, where he devotes must of his time to working with a team of students to support the efforts of law enforcement and the University's students. As part of his research and promoting this scientific field of study, he has fostered relationships with the New York Police Department, New York County D.A., Westchester County D.A., Homeland Security Investigations, National Crime Agency and numerous other agencies. Hayes is not only an academic, however-he is also a practitioner. He has been an investigator on both civil and criminal investigations and frequently consults on cases for law firms. In fact, he has been declared an expert witness in U.S. federal court. In New York City, Hayes has been working with six to eight public high schools to develop a curriculum in computer forensics and cybersecurity. He collaborates on computer forensics projects internationally and served as an extern examiner for the MSc in the Forensic Computing and Cybercrime Investigation degree program at University College Dublin for four years. Hayes has appeared on CNBC, Bloomberg Television, MSNBC and Fox News and been quoted by Associated Press, CNN, Wall Street Journal, The Guardian (UK), The Irish Independent, Japan Times, Investor's Business Daily, MarketWatch, Newsweek, SC Magazine, Silicon Valley Business Journal, USA Today, Washington Post, and Wired News. His op-eds have been published by Homeland Security Today, USA Today, and The Hill's Congress Blog. In addition, he has authored a number of peerreviewed articles in many prominent academic journals. Hayes has been both an author and reviewer for Pearson Prentice Hall since 2007

Contenu

Introduction xxxvii Chapter 1: The Scope of Digital Forensics 2 Popular Myths about Computer Forensics.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Types of Digital Forensic Evidence Recovered.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 What Skills Must a Digital Forensics Investigator Possess?.. . . . . . . . . . . . . . . . . . . . 10 The Importance of Digital Forensics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Job Opportunities.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 A History of Digital Forensics.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Training and Education.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Assessment.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Chapter 2: Windows Operating and File Systems 34 Physical and Logical Storage.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Paging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 File Conversion and Numbering Formats.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Operating Systems.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Windows Registry.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Microsoft Office.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Microsoft Windows Features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Assessment.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Chapter 3: Handling Computer Hardware 92 Hard Disk Drives.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Cloning a PATA or SATA Hard Disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Removable Memory. . . . . . . . . . . . . . . . . . . …