Cyber forensics : from data to digital evidence /

Saved in:

Bibliographic Details
Author / Creator:	Marcella, Albert J.
Imprint:	Hoboken, New Jersey : Wiley, 2012.
Description:	1 online resource
Language:	English
Subject:	Forensic sciences -- Technological innovations. Electronic evidence. Evidence, Criminal. Criminal investigation. Computer crimes -- Investigation. Computer crimes -- Investigation Criminal investigation Electronic evidence Evidence, Criminal
Format:	E-Resource Book
URL for this record:	http://pi.lib.uchicago.edu/1001/cat/bib/13603851

Hidden Bibliographic Details
Other authors / contributors:	Guillossou, Frederic, 1970-
ISBN:	9781118273661 1118273664 9781119203452 1119203457 9786613621221 6613621226 9781118282687 111828268X 9781118285053 1118285050 9781118287316 1118287312 9781118273661 1118273664
Digital file characteristics:	data file
Notes:	Includes index. Includes bibliographical references and index. Print version record and CIP data provided by publisher. Print version record.
Summary:	"An explanation of the basic principles of data. This book explains the basic principles of data as building blocks of electronic evidential matter, which are used in a cyber forensics investigations. The entire text is written with no reference to a particular operation system or environment, thus it is applicable to all work environments, cyber investigation scenarios, and technologies. The text is written in a step-by-step manner, beginning with the elementary building blocks of data progressing upwards to the representation and storage of information. It includes practical examples and illustrations throughout to guide the reader"--
Other form:	Print version: Marcella, Albert J. Cyber forensics. Hoboken, New Jersey : Wiley, 2012 9781119203452
Standard no.:	9786613621221 40020847571
Publisher's no.:	EB00063272 Recorded Books

Table of Contents:

Preface
Acknowledgments
Chapter 1. The Fundamentals of Data
Base 2 Numbering System: Binary and Character Encoding
Communication in a Two-State Universe
Electricity and Magnetism
Building Blocks: The Origins of Data
Growing the Building Blocks of Data
Moving Beyond Base 2
American Standard Code for Information Interchange
Character Codes: The Basis for Processing Textual Data
Extended ASCII and Unicode
Summary
Notes
Chapter 2. Binary to Decimal
American Standard Code for Information Interchange
Computer as a Calculator
Why Is This Important in Forensics?
Data Representation
Converting Binary to Decimal
Conversion Analysis
A Forensic Case Example: An Application of the Math
Decimal to Binary: Recap for Review
Summary
Chapter 3. The Power of HEX: Finding Slivers of Data
What the HEX?
Bits and Bytes and Nibbles
Nibbles and Bits
Binary to HEX Conversion
Binary (HEX) Editor
The Needle within the Haystack
Summary
Notes
Chapter 4. Files
Opening
Files, File Structures, and File Formats
File Extensions
Changing a File's Extension to Evade Detection
Files and the HEX Editor
Files Signature
ASCII Is Not Text or HEX
Value of File Signatures
Complex Files: Compound, Compressed, and Encrypted Files
Why Do Compound Files Exist?
Compressed Files
Forensics and Encrypted Files
The Structure of Ciphers
Summary
Notes
Appendix 4A. Common File Extensions
Appendix 4B. Files Signature Database
Appendix 4C. Magic Number Definition
Appendix 4D. Compound Document Header
Chapter 5. The Boot Process and the Master Boot Record (MBR)
Booting Up
Primary Functions of the Boot Process
Forensic Imaging and Evidence Collection
Summarizing the BIOS
BIOS Setup Utility: Step by Step
The Master Boot Record (MBR)
Partition Table
Hard Disk Partition
Summary
Notes
Chapter 6. Endianness and the Partition Table
The Flavor of Endianness
Endianness
The Origins of Endian
Partition Table within the Master Boot Record
Summary
Notes
Chapter 7. Volume versus Partition
Tech Review
Cylinder, Head, Sector, and Logical Block Addressing
Volumes and Partitions
Summary
Notes
Chapter 8. File Systems-FAT 12/16
Tech Review
File Systems
Metadata
File Allocation Table (FAT) File System
Slack
HEX Review Note
Directory Entries
File Allocation Table (FAT)
How Is Cluster Size Determined?
Expanded Cluster Size
Directory Entries and the FAT
FAT Filing System Limitations
Directory Entry Limitations
Summary
Appendix 8A. Partition Table Fields
Appendix 8B. File Allocation Table Values
Appendix 8C. Directory Entry Byte Offset Description
Appendix 8D. FAT 12/16 Byte Offset Values
Appendix 8E. FAT 32 Byte Offset Values
Appendix 8F. The Power of 2
Chapter 9. File Systems-NTFS and Beyond
New Technology File System
Partition Boot Record
Master File Table
NTFS Summary
exFAT
Alternative Filing System Concepts
Summary
Notes
Appendix 9A. Common NTFS Systems Defined Attributes
Chapter 10. Cyber Forensics: Investigative Smart Practices
The Forensic Process
Forensic Investigative Smart Practices
Step 1. The Initial Contact, the Request
Step 2. Evidence Handling
Step 3. Acquisition of Evidence
Step 4. Data Preparation
Time
Summary
Note
Chapter 11. Time and Forensics
What Is Time?
Network Time Protocol
Timestamp Data
Keeping Track of Time
Clock Models and Time Bounding: The Foundations of Forensic Time
MS-DOS 32-Bit Timestamp: Date and Time
Date Determination
Time Determination
Time Inaccuracy
Summary
Notes
Chapter 12. Investigation: Incident Closure
Forensic Investigative Smart Practices
Step 5. Investigation (Continued)
Step 6. Communicate Findings
Characteristics of a Good Cyber Forensic Report
Report Contents
Step 7. Retention and Curation of Evidence
Step 8. Investigation Wrap-Up and Conclusion
Investigator's Role as an Expert Witness
Summary
Notes
Chapter 13. A Cyber Forensic Process Summary
Binary
Binary-Decimal-ASCII
Data Versus Code
HEX
From Raw Data to Files
Accessing Files
Endianness
Partitions
File Systems
Time
The Investigation Process
Summary
Appendix: Forensic Investigations, ABC Inc.
Glossary
About the Authors
Index

Cyber forensics : from data to digital evidence /

Similar Items