Computer Evidence: Collection and Preservation
As computers and data systems continue to evolve, they expand into every facet of our personal and business lives. Never before has our society been so information and technology driven. Because computers, data communications, and data storage devices have become ubiquitous, few crimes or civil disputes do not involve them in some way. This book teaches law enforcement, system administrators, information technology security professionals, legal professionals, and students of computer...
Search in google:
As computers and data systems continue to evolve, they expand into every facet of our personal and business lives. Never before has our society been so information and technology driven. Because computers, data communications, and data storage devices have become ubiquitous, few crimes or civil disputes do not involve them in some way. This book teaches law enforcement, system administrators, information technology security professionals, legal professionals, and students of computer forensics how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. It has been updated to take into account changes in federal rules of evidence and case law that directly address digital evidence, as well as to expand upon portable device collection.
Part I: Computer Forensics and Evidence Dynamics; Chapter 1: Computer Forensics Essentials; Chapter 2: Rules of Evidence, Case Law, and Regulation; Chapter 3: Evidence Dynamics; Part II: Information Systems; Chapter 4: Interview, Policy, and Audit; Chapter 5: Network Topology and Architecture; Chapter 6: Volatile Data; Part III: Data Storage Systems and Media; Chapter 7: Physical Disk Technologies; Chapter 8: SAN, NAS, and RAID; Chapter 9: Removable Media; Part IV: Artifact Collection; Chapter 10: Tools, Preparation, and Documentation; Chapter 11: Collecting Volatile Data; Chapter 12: Imaging Methodologies; Chapter 13: Large System Collection; Part V: Archiving and Maintaining Evidence; Chapter 14: The Forensics Workstation; Chapter 15: The Forensics Lab; Chapter 16: Whats Next; Appendix A: Sample Chain of Custody Form; Appendix B: Evidence Collection Worksheet; Appendix C: Evidence Access Worksheet; Appendix D: Forensics Field Kit; Appendix E: Hexadecimal Flags for Partition Types; Appendix F: Forensics Tools for Digital Evidence Collection; Appendix G: Agencies, Contacts, and Resources; Appendix H: Investigators Cisco Router Command Cheat Sheet; Appendix I: About the CD-ROM
