HAPPY BOOKSGIVING
Use code BOOKSGIVING during checkout to save 40%-55% on books and eBooks. Shop now.
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
PDF The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
Also available in other formats.
Register your product to gain access to bonus material or receive a coupon.
The Definitive, Up-to-Date Guide to Digital Forensics
The rapid proliferation of cyber crime is increasing the demand for digital forensics experts in both law enforcement and in the private sector. In Digital Archaeology, expert practitioner Michael Graves has written the most thorough, realistic, and up-to-date guide to the principles and techniques of modern digital forensics.
Graves begins by providing a solid understanding of the legal underpinnings of and critical laws affecting computer forensics, including key principles of evidence and case law. Next, he explains how to systematically and thoroughly investigate computer systems to unearth crimes or other misbehavior, and back it up with evidence that will stand up in court.
Drawing on the analogy of archaeological research, Graves explains each key tool and method investigators use to reliably uncover hidden information in digital systems. His detailed demonstrations often include the actual syntax of command-line utilities. Along the way, he presents exclusive coverage of facilities management, a full chapter on the crucial topic of first response to a digital crime scene, and up-to-the-minute coverage of investigating evidence in the cloud.
Graves concludes by presenting coverage of important professional and business issues associated with building a career in digital forensics, including current licensing and certification requirements.
Topics Covered Include
Digital Archaeology is a key resource for anyone preparing for a career as a professional investigator; for IT professionals who are sometimes called upon to assist in investigations; and for those seeking an explanation of the processes involved in preparing an effective defense, including how to avoid the legally indefensible destruction of digital evidence.
Preface xiii
About the Author xxi
Chapter 1: The Anatomy of a Digital Investigation 1
A Basic Model for Investigators 2
Understanding the Scope of the Investigation 8
Identifying the Stakeholders 12
The Art of Documentation 13
Chapter Review 21
Chapter Exercises 21
References 22
Chapter 2: Laws Affecting Forensic Investigations 23
Constitutional Implications of Forensic Investigation 24
The Right to Privacy 29
The Expert Witness 31
Chapter Review 32
Chapter Exercises 32
References 33
Chapter 3: Search Warrants and Subpoenas 35
Distinguishing between Warrants and Subpoenas 36
What Is a Search and When Is It Legal? 37
Basic Elements of Obtaining a Warrant 40
The Plain View Doctrine 43
The Warrantless Search 44
Subpoenas 50
Chapter Review 51
Chapter Exercises 52
References 52
Chapter 4: Legislated Privacy Concerns 55
General Privacy 56
Financial Legislation 59
Privacy in Health Care and Education 62
Privileged Information 64
Chapter Review 67
Chapter Exercises 68
References 68
Chapter 5: The Admissibility of Evidence 71
What Makes Evidence Admissible? 71
Keeping Evidence Authentic 76
Defining the Scope of the Search 84
When the Constitution Doesn’t Apply 84
Chapter Review 89
Chapter Exercises 89
References 89
Chapter 6: First Response and the Digital Investigator 91
Forensics and Computer Science 91
Controlling the Scene of the Crime 96
Handling Evidence 100
Chapter Review 109
Chapter Exercises 109
References 110
Chapter 7: Data Acquisition 111
Order of Volatility 112
Memory and Running Processes 112
Acquiring Media 121
Chapter Review 128
Chapter Exercises 128
References 129
Chapter 8: Finding Lost Files 131
File Recovery 131
The Deleted File 141
Data Carving 145
Chapter Review 149
Chapter Exercises 150
References 150
Chapter 9: Document Analysis 151
File Identification 151
Understanding Metadata 157
Mining the Temporary Files 172
Identifying Alternate Hiding Places of Data 176
Chapter Review 183
Chapter Exercises 183
References 183
Chapter 10: E-mail Forensics 185
E-mail Technology 185
Information Stores 191
The Anatomy of an E-mail 196
An Approach to E-mail Analysis 203
Chapter Review 210
Chapter Exercises 211
References 211
Chapter 11: Web Forensics 213
Internet Addresses 213
Web Browsers 215
Web Servers 233
Proxy Servers 238
Chapter Review 244
Chapter Exercises 244
References 245
Chapter 12: Searching the Network 247
An Eagle’s Eye View 247
Initial Response 248
Proactive Collection of Evidence 250
Post-Incident Collection of Evidence 262
Router and Switch Forensics 268
Chapter Review 275
Chapter Exercises 275
References 276
Chapter 13: Excavating a Cloud 277
What Is Cloud Computing? 277
Shaping the Cloud 279
The Implications of Cloud Forensics 284
On Virtualization 291
Constitutional Issues 300
Chapter Review 303
Chapter Exercises 304
References 304
Chapter 14: Mobile Device Forensics 307
Challenges of Mobile Device Forensics 307
How Cell Phones Work 308
Data Storage on Cell Phones 313
Acquisition and Storage 317
Legal Aspects of Mobile Device Forensics 322
Chapter Review 324
Chapter Exercises 325
References 325
Chapter 15: Fighting Antiforensics 327
Artifact Destruction 328
Hiding Data on the System 336
Covert Data 347
Chapter Review 354
Chapter Exercises 355
References 355
Chapter 16: Litigation and Electronic Discovery 357
What Is E-Discovery? 358
A Roadmap of E-Discovery 358
Conclusion 377
Chapter Review 377
Chapter Exercises 377
References 378
Chapter 17: Case Management and Report Writing 379
Managing a Case 379
Writing Reports 389
Chapter Review 393
Chapter Exercises 394
References 394
Chapter 18: Tools of the Digital Investigator 395
Software Tools 395
Working with “Court-Approved” Tools 410
Hardware Tools 413
Nontechnical Tools 418
Chapter Review 421
Chapter Exercises 422
References 422
Chapter 19: Building a Forensic Workstation 423
What Is a Forensic Workstation? 424
Commercially Available Forensic Workstations 425
Building a Forensic Workstation From Scratch 429
Chapter Review 440
Chapter Exercises 440
References 440
Chapter 20: Licensing and Certification 441
Digital Forensic Certification 441
Vendor-Neutral Certification Programs 442
Vendor-Specific Certification Programs 449
Digital Forensic Licensing Requirements 452
Chapter Review 454
Chapter Exercises 454
References 454
Chapter 21: The Business of Digital Forensics 457
Starting a New Forensics Organization 458
Maintaining the Organization 466
Generating Revenue 478
Organizational Certification 481
Chapter Review 483
Chapter Exercises 483
References 483
Appendix A: Chapter Review Answers 485
Appendix B: Sample Forms 505
Glossary 511
Index 521