使用手机摄像头 - 扫描以下代码并下载 Kindle 阅读软件。
Learn Computer Forensics: A beginner's guide to searching, analyzing, and securing digital evidence (English Edition) Kindle电子书
Get up and running with collecting evidence using forensics best practices to present your findings in judicial or administrative proceedings
- Learn the core techniques of computer forensics to acquire and secure digital evidence skillfully
- Conduct a digital forensic examination and document the digital evidence collected
- Analyze security systems and overcome complex challenges with a variety of forensic investigations
A computer forensics investigator must possess a variety of skills, including the ability to answer legal questions, gather and document evidence, and prepare for an investigation. This book will help you get up and running with using digital forensic tools and techniques to investigate cybercrimes successfully.
Starting with an overview of forensics and all the open source and commercial tools needed to get the job done, you'll learn core forensic practices for searching databases and analyzing data over networks, personal devices, and web applications. You'll then learn how to acquire valuable information from different places, such as filesystems, e-mails, browser histories, and search queries, and capture data remotely. As you advance, this book will guide you through implementing forensic techniques on multiple platforms, such as Windows, Linux, and macOS, to demonstrate how to recover valuable information as evidence. Finally, you'll get to grips with presenting your findings efficiently in judicial or administrative proceedings.
By the end of this book, you'll have developed a clear understanding of how to acquire, analyze, and present digital evidence like a proficient computer forensics investigator.
What you will learn
- Understand investigative processes, the rules of evidence, and ethical guidelines
- Recognize and document different types of computer hardware
- Understand the boot process covering BIOS, UEFI, and the boot sequence
- Validate forensic hardware and software
- Discover the locations of common Windows artifacts
- Document your findings using technically correct terminology
Who this book is for
If you're an IT beginner, student, or an investigator in the public or private sector this book is for you.This book will also help professionals and investigators who are new to incident response and digital forensics and interested in making a career in the cybersecurity domain.
Table of Contents
- Types of Computer-Based Investigations
- The Forensic Analysis Process
- Acquisition of Evidence
- Computer Systems
- Computer Investigation Process
- Windows Artifact Analysis
- RAM Memory Forensic Analysis
- Email Forensics – Investigation Techniques
- Internet Artifacts
- Report Writing
- Expert Witness Ethics
- ASIN : B086WBP289
- 出版社 : Packt Publishing; 第 1st 版 (2020年4月30日)
- 出版日期 : 2020年4月30日
- 语言 : 英语
- 文件大小 : 31518 KB
- 标准语音朗读 : 已启用
- X-Ray : 未启用
- 生词提示功能 : 未启用
- 纸书页数 : 370页
- > ISBN : 1838648178
- 亚马逊热销商品排名: 商品里排第194,056名Kindle商店 (查看商品销售排行榜Kindle商店)
|5 星 (0%)||0%|
|4 星 (0%)||0%|
|3 星 (0%)||0%|
|2 星 (0%)||0%|
|1 星 (0%)||0%|
I was sold on the book after the author made the following statement, "Unfortunately, I find many students want to use a "find evidence" button, find all the artifacts, and print up a thousand-page report and call it a day. That is not digital forensics." I would replace the "students" with investigators/digital forensic analysts as I have seen this many times, especially as the paid-tools become more powerful and able to present artifacts in an easy-to-read format. As I read the line, I paused and immediately messaged another examiner with a different agency, as this sentiment is often brought up in our discussions. Paid-tools tempt practitioners to focus on single artifacts as evidence, but the author reminds the reader, "we cannot construe the mere presence of the artifact as a sign of the suspect's guilt (or innocence). The artifact needs to be placed within the context of the user and system activity." New and old forensic examiners need to remember that they are the skilled practitioner, whose job is to speak for the digital evidence. Our job is to examine the evidence as it exists and use the data found to present the truth without regard to the side of the courtroom we sit on. Through the book, the author reminds the reader that the forensic analyst role is to be a neutral evaluator of the evidence.
The book provides an excellent introduction for new examiners or those looking to expand their understanding of the results provided by forensic examiners. The book also can be used as a high-level reference for aspects of Windows forensics that an examiner may not use every day.
The author takes time to direct the reader to free tools and other resources. While he does declare his preference for one of the paid-tool over others, he does explain the free tools and how they can impact the review of a variety of artifacts. I appreciate him directing the reader to outside resources, collections of data, and information that should be marked in everyone's bookmarks.
I found his explanation of the thumbcache's relationship with Windows.edb to be the most concise and useful explanation of how to provide context to thumbcache databases. Thumbcache is a topic I have researched ad nauseam. As an ICAC investigator, items of interest are often found in the thumbcache databases; the ability to put a name on the image allows the image to be tied to other activities to provide context and value.
There are many little nuggets of gold scattered through the book that will be a value to nearly all examiners, if for no other purpose to provide a prewritten, easy-to-understand explanation of the artifacts.
The author's experience and professionalism shine through his writing.
The book itself is written in an easy to read tone, and while technically accurate, is not so technically complex that it would throw off someone entering digital forensics for the first time. The book covers the types of investigations that are typical in digital forensics, the various states of the digital forensics process from start to finish, and specific issues with regards typical forensic artefacts that you will encounter when dealing with a typical Windows endpoint system such as a laptop of desktop.
That being said, I think it is important to point out that this book will provide the most value when dealing with the forensic examination and analysis of computer running the Windows operating system, as the majority of the book focuses on these. If you are looking for the examination and analysis of other operating systems, then this book is not for you (unless of course you are new to the field in which case you would benefit).
While it is not specifically stated in the book, the material covered in the book addresses most of the certification objectives for the Certified Forensic Computer Examiner (CFCE) certification, offered by IACIS. If you are an external candidate planning to achieve this certification, then I would highly recommend this book. In fact, even if you have attended the IACIS BCFE training course and are going to do the certification exam, I would certainly recommend this book to complement your certification preparations.
Well done on a really good book.