A Practical Guide to Digital Forensics Investigations, 2nd Edition

A Practical Guide to Digital Forensics Investigations, 2nd Edition

by Darren R. Hayes
Released October 2020
Publisher(s): Pearson IT Certification
ISBN: 9780134878942

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

THE DEFINITIVE GUIDE TO DIGITAL FORENSICSNOW THOROUGHLY UPDATED WITH NEW TECHNIQUES, TOOLS, AND SOLUTIONS

Complete, practical coverage of both technical and investigative skills

Thoroughly covers modern devices, networks, and the Internet

Addresses online and lab investigations, documentation, admissibility, and more

Aligns closely with the NSA Knowledge Units and the NICE Cybersecurity Workforce Framework

As digital crime soars, so does the need for experts who can recover and evaluate evidence for successful prosecution. Now, Dr. Darren Hayes has thoroughly updated his definitive guide to digital forensics investigations, reflecting current best practices for securely seizing, extracting and analyzing digital evidence, protecting the integrity of the chain of custody, effectively documenting investigations, and scrupulously adhering to the law, so that your evidence is admissible in court.

Every chapter of this new Second Edition is revised to reflect newer technologies, the latest challenges, technical solutions, and recent court decisions. Hayes has added detailed coverage of wearable technologies, IoT forensics, 5G communications, vehicle forensics, and mobile app examinations; advances in incident response; and new iPhone and Android device examination techniques. Through practical activities, realistic examples, and fascinating case studies, youll build hands-on masteryand prepare to succeed in one of todays fastest-growing fields.

LEARN HOW TO

  • Understand what digital forensics examiners do, the evidence they work with, and the opportunities available to them

  • Explore how modern device features affect evidence gathering, and use diverse tools to investigate them

  • Establish a certified forensics lab and implement best practices for managing and processing evidence

  • Gather data online to investigate todays complex crimes

  • Uncover indicators of compromise and master best practices for incident response

  • Investigate financial fraud with digital evidence

  • Use digital photographic evidence, including metadata and social media images

  • Investigate wearable technologies and other Internet of Things devices

  • Learn new ways to extract a full fi le system image from many iPhones

  • Capture extensive data and real-time intelligence from popular apps

  • Follow strict rules to make evidence admissible, even after recent Supreme Court decisions..

Table of contents

  1. Cover Page
  2. About This eBook
  3. Title Page
  4. Copyright Page
  5. Credits
  6. Contents at a Glance
  7. Table of Contents
  8. About the Author
  9. About the Technical Reviewers
  10. Dedication
  11. Acknowledgments
  12. We Want to Hear from You!
  13. Introduction
  14. Chapter 1. The Scope of Digital Forensics
    1. Popular Myths about Computer Forensics
    2. Types of Digital Forensic Evidence Recovered
    3. What Skills Must a Digital Forensics Investigator Possess?
    4. The Importance of Digital Forensics
    5. Job Opportunities
    6. A History of Digital Forensics
    7. Training and Education
    8. Summary
    9. Key Terms
    10. Assessment
  15. Chapter 2. Windows Operating and File Systems
    1. Physical and Logical Storage
    2. Paging
    3. File Conversion and Numbering Formats
    4. Operating Systems
    5. Windows Registry
    6. Microsoft Office
    7. Microsoft Windows Features
    8. Summary
    9. Key Terms
    10. Assessment
  16. Chapter 3. Handling Computer Hardware
    1. Hard Disk Drives
    2. Cloning a PATA or SATA Hard Disk
    3. Removable Memory
    4. Summary
    5. Key Terms
    6. Assessment
    7. Reference
  17. Chapter 4. Acquiring Evidence in a Computer Forensics Lab
    1. Lab Requirements
    2. Private-Sector Computer Forensics Laboratories
    3. Computer Forensics Laboratory Requirements
    4. Extracting Evidence from a Device
    5. Skimmers
    6. Steganography
    7. Summary
    8. Key Terms
    9. Assessment
  18. Chapter 5. Online Investigations
    1. Working Undercover
    2. Dark Web Investigations
    3. Virtual Currencies
    4. Website Evidence
    5. Background Searches on a Suspect
    6. Online Crime
    7. Capturing Online Communications
    8. Edge Web Browser
    9. Summary
    10. Key Terms
    11. Assessment
  19. Chapter 6. Documenting the Investigation
    1. Obtaining Evidence from a Service Provider
    2. Documenting a Crime Scene
    3. Seizing Evidence
    4. Documenting the Evidence
    5. Using Tools to Document an Investigation
    6. Writing Reports
    7. Using Expert Witnesses at Trial
    8. Summary
    9. Key Terms
    10. Assessment
  20. Chapter 7. Admissibility of Digital Evidence
    1. History and Structure of the United States Legal System
    2. Evidence Admissibility
    3. Constitutional Law
    4. When Computer Forensics Goes Wrong
    5. Structure of the Legal System in the European Union (E.U.)
    6. Privacy Legislation in Asia
    7. Summary
    8. Key Terms
    9. Assessment
  21. Chapter 8. Network Forensics and Incident Response
    1. The Tools of the Trade
    2. Networking Devices
    3. Understanding the OSI Model
    4. Introduction to VoIP
    5. Incident Response (IR)
    6. STIX, TAXII, and Cybox
    7. Advanced Persistent Threats
    8. Investigating a Network Attack
    9. Summary
    10. Key Terms
    11. Assessment
  22. Chapter 9. Mobile Forensics
    1. The Cellular Network
    2. Handset Specifications
    3. Mobile Operating Systems
    4. Standard Operating Procedures for Handling Handset Evidence
    5. Handset Forensics
    6. Manual Cellphone Examinations
    7. Global Satellite Service Providers
    8. Legal Considerations
    9. Other Mobile Devices
    10. Documenting the Investigation
    11. Summary
    12. Key Terms
    13. Assessment
  23. Chapter 10. Mobile App Investigations
    1. Static Versus Dynamic Analysis
    2. Dating Apps
    3. Rideshare Apps
    4. Communication Apps
    5. Summary
    6. Key Terms
    7. Assessment
  24. Chapter 11. Photograph Forensics
    1. National Center for Missing and Exploited Children (NCMEC)
    2. Project VIC
    3. Case Studies
    4. Understanding Digital Photography
    5. Examining Picture Files
    6. Evidence Admissibility
    7. Case Studies
    8. Summary
    9. Key Terms
    10. Assessment
  25. Chapter 12. Mac Forensics
    1. A Brief History
    2. Apple Wi-Fi Devices
    3. Macintosh File Systems
    4. Macintosh Operating Systems
    5. Apple Mobile Devices
    6. Performing a Mac Forensics Examination
    7. Case Studies
    8. Summary
    9. Key Terms
    10. Assessment
  26. Chapter 13. Case Studies
    1. Silk Road
    2. Las Vegas Massacre
    3. Zacharias Moussaoui
    4. BTK (Bind Torture Kill) Serial Killer
    5. Cyberbullying
    6. Sports
    7. Summary
    8. Key Terms
    9. Assessment
    10. Assignment
  27. Chapter 14. Internet of Things (IoT) Forensics and Emergent Technologies
    1. 5G
    2. Wi-Fi 6
    3. Wi-Fi Mesh Networks
    4. Shodan
    5. Mirai Botnet
    6. Cryptocurrency Mining
    7. Alexa
    8. Micro-Chipping
    9. Fitness Trackers
    10. Apple Watch
    11. Action Cameras
    12. Police Safety
    13. Police Vehicles
    14. Vehicle Forensics
    15. Low-Tech Solution for High-Tech Seizures
    16. Summary
    17. Key Terms
    18. Assessment
  28. Answer Key
  29. Index
  30. Code Snippets

Product information

  • Title: A Practical Guide to Digital Forensics Investigations, 2nd Edition
  • Author(s): Darren R. Hayes
  • Release date: October 2020
  • Publisher(s): Pearson IT Certification
  • ISBN: 9780134878942