Computer Evidence: Collection and Preservation
About the Book
Computer Evidence : Collection and Preservation teaches law enforcement and computer forensics investigators how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. The book focuses on collection and preservation because these two phases of computer forensics are the most critical to evidence acceptance, but are not thoroughly covered in text or courses. Throughout the book, a constant eye is kept on evidence dynamics and the impact investigators can have on data integrity while collecting evidence. The simple act of a computer forensics investigator shutting down a suspect's computer changes the state of the computer as well as many of its files, so a good understanding of evidence dynamics is essential when doing computer forensics work. Broken up into five parts, Computer Forensics & Evidence Dynamics, Information Systems, Data Storage book places specific focus on how investigators and their tools are interacting with digital evidence. By reading and using this task-oriented guide, computer forensics investigators will be able to ensure case integrity during the most critical phases of the computer forensics process.
Table Of Contents :
Acknoledgements, IntroductionPart I Computer Forensics and Evidence DynamicsChapter 1 Computer Forensics Essentials, Chapter 2 Rules of Evidence, Case Law, and Regulation, Chapter 3 Evidence Dynamics.Part II Information SystemsChapter 4 Interview, Policy, and Audit, Chapter 5 Network Topology and Architecture, Chapter 6 Volatile Data.Part III Data Storage Systems and MediaChapter 7 Physical Disk technologies Chapter 8 SAN, NAS, and RAID, Chapter 9 Removable Media.Part IV Artifact CollectionChapter 10 Tools, Preparation, and Documentation Chapter 11 Collecting Volatile Data Chapter 12 Imaging Methodologies Chapter 13 Large System CollectionPart V Archiving and Maintaining EvidenceChapter 14 The Forensics Workstation, Chapter 15 The Forensics Lab, Chapter 16 What's NextAppendix A Sample Chain of Custody FormAppendix B Evidence Collection WorksheetAppendix C Evidence Access WorksheetAppendix D Forensics Field KitAppendix E Hexadecimal Flags for Partition TypesAppendix F Forensics Tools for Digitial Evidence CollectionAppendix G Agencies, Contacts, and ResourcesAppendix H Investigator's Cisco Router Command Cheat Sheet Appendix I About the CD-ROMIndex
About Author :
Christopher L.T. Brown (Coronado, CA) is the founder and CTO of Technology Pathways LLC, a provider of computer security tools and services for the Corporate IT, government, and legal communities. He has over 20 years of experience in computer security and holds numerous career certifications from UCSD, (ISC)2, Microsoft, CISCO, CompTIA and CITRIX including a CISSP certification. He is an author of Building and Intranet with Windows NT 4 and Web Site Construction Kit for Windows NT and has spoken at numerous conferences around the globe on the subject of computer forensics.
Book Details
ISBN-13: 9788131800157
Publisher Date: 30 Jul 2006
Binding: Paperback
Type: Professional & Vocational
ISBN-10: 8131800156
Publisher: Laxmi Publications
Publisher Imprint: Laxmi Publications
No of Pages: 394
Type: Tertiary Education (US: College)