En savoir plus
Teaches law enforcement and computer forensics investigators how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. This book takes into account changes in federal rules of evidence and case law that directly address digital evidence, as well as to expand upon portable device collection.
Table des matières
Part I: Computer Forensics and Evidence Dynamics;
Chapter 1: Computer Forensics Essentials;
Chapter 2: Rules of Evidence, Case Law, and Regulation;
Chapter 3: Evidence Dynamics;
Part II: Information Systems;
Chapter 4: Interview, Policy, and Audit;
Chapter 5: Network Topology and Architecture;
Chapter 6: Volatile Data;
Part III: Data Storage Systems and Media;
Chapter 7: Physical Disk Technologies;
Chapter 8: SAN, NAS, and RAID;
Chapter 9: Removable Media;
Part IV: Artifact Collection;
Chapter 10: Tools, Preparation, and Documentation;
Chapter 11: Collecting Volatile Data;
Chapter 12: Imaging Methodologies;
Chapter 13: Large System Collection;
Chapter 14: Personal Portable Device Collection
Part V: Archiving and Maintaining Evidence;
Chapter 15: The Forensics Workstation;
Chapter 16: The Forensics Lab;
Chapter 17: Whats Next;
Part IV: Computer Evicence Collection and Preservation Appendixes;
Appendix A: Sample Chain of Custody Form;
Appendix B: Evidence Collection Worksheet;
Appendix C: Evidence Access Worksheet;
Appendix D: Forensics Field Kit;
Appendix E: Hexadecimal Flags for Partition Types;
Appendix F: Forensics Tools for Digital Evidence Collection;
Appendix G: Agencies, Contacts, and Resources;
Appendix H: Cisco Router Command Cheat Sheet;
Appendix I: About the CD-ROM
