92,30 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
Written by faculty members and associates of the world-renowned Norwegian Information Security Laboratory (NisLab) at the Norwegian University of Science and Technology (NTNU), this textbook takes a scientific approach to digital forensics ideally suited for university courses in digital forensics and information security. Each chapter was written by an accomplished expert in his or her field, many of them with extensive experience in law enforcement and industry. The author team comprises experts in digital forensics, cybercrime law, information security and related areas.
Digital forensics is a key competency in meeting the growing risks of cybercrime, as well as for criminal investigation generally. Considering the astonishing pace at which new information technology - and new ways of exploiting information technology - is brought on line, researchers and practitioners regularly face new technical challenges, forcing them to continuously upgrade their investigatory skills. Designed to prepare the next generation to rise to those challenges, the material contained in Digital Forensics has been tested and refined by use in both graduate and undergraduate programs and subjected to formal evaluations for more than ten years.
* Encompasses all aspects of the field, including methodological, scientific, technical and legal matters
* Based on the latest research, it provides novel insights for students, including an informed look at the future of digital forensics
* Includes test questions from actual exam sets, multiple choice questions suitable for online use and numerous visuals, illustrations and case example images
* Features real-word examples and scenarios, including court cases and technical problems, as well as a rich library of academic references and references to online media
Digital Forensics is an excellent introductory text for programs in computer science and computer engineering and for master degree programs in military and police education. It is also a valuable reference for legal practitioners, police officers, investigators, and forensic practitioners seeking to gain a deeper understanding of digital forensics and cybercrime.
Written by faculty members and associates of the world-renowned Norwegian Information Security Laboratory (NisLab) at the Norwegian University of Science and Technology (NTNU), this textbook takes a scientific approach to digital forensics ideally suited for university courses in digital forensics and information security. Each chapter was written by an accomplished expert in his or her field, many of them with extensive experience in law enforcement and industry. The author team comprises experts in digital forensics, cybercrime law, information security and related areas.
Digital forensics is a key competency in meeting the growing risks of cybercrime, as well as for criminal investigation generally. Considering the astonishing pace at which new information technology - and new ways of exploiting information technology - is brought on line, researchers and practitioners regularly face new technical challenges, forcing them to continuously upgrade their investigatory skills. Designed to prepare the next generation to rise to those challenges, the material contained in Digital Forensics has been tested and refined by use in both graduate and undergraduate programs and subjected to formal evaluations for more than ten years.
* Encompasses all aspects of the field, including methodological, scientific, technical and legal matters
* Based on the latest research, it provides novel insights for students, including an informed look at the future of digital forensics
* Includes test questions from actual exam sets, multiple choice questions suitable for online use and numerous visuals, illustrations and case example images
* Features real-word examples and scenarios, including court cases and technical problems, as well as a rich library of academic references and references to online media
Digital Forensics is an excellent introductory text for programs in computer science and computer engineering and for master degree programs in military and police education. It is also a valuable reference for legal practitioners, police officers, investigators, and forensic practitioners seeking to gain a deeper understanding of digital forensics and cybercrime.
ANDRÉ ÅRNES, PhD is Senior Vice President and Chief Security Office of Telenor Group and an Associate Professor on the faculty of the Norwegian Information Security Laboratory (NisLab) at the Norwegian University of Technology and Science (NTNU). An experienced cyber security expert, Dr. Årnes has extensive experience both as a security leader in a global corporation and as a computer crime special investigator in law enforcement.
Preface xv
List of Contributors xvii
List of Figures xxi
List of Tables xxv
List of Examples xxvii
List of Definitions xxix
List of Abbreviations xxxi
1 Introduction 1
André Årnes
1.1 Forensic Science 1
1.1.1 History of Forensic Science 2
1.1.2 Locard's Exchange Principle 2
1.1.3 Crime Reconstruction 3
1.1.4 Investigations 3
1.1.5 Evidence Dynamics 4
1.2 Digital Forensics 4
1.2.1 Crimes and Incidents 5
1.2.2 Digital Devices, Media, and Objects 5
1.2.3 Forensic Soundness and Fundamental Principles 5
1.2.4 Crime Reconstruction in Digital Forensics 6
1.3 Digital Evidence 7
1.3.1 Layers of Abstraction 7
1.3.2 Metadata 7
1.3.3 Error, Uncertainty, and Loss 7
1.3.4 Online Bank Fraud - A Real-World Example 8
1.3.4.1 Modus Operandi 8
1.3.4.2 The SpyEye Case 8
1.4 Further Reading 9
1.5 Chapter Overview 10
1.6 Comments on Citation and Notation 10
2 The Digital Forensics Process 13
Anders O. Flaglien
2.1 Introduction 13
2.1.1 Why Do We Need a Process? 14
2.1.2 Principles of a Forensics Process 15
2.1.3 Finding the Digital Evidence 15
2.1.4 Introducing the Digital Forensics Process 16
2.2 The Identification Phase 17
2.2.1 Preparations and Deployment of Tools and Resources 18
2.2.2 The First Responder 19
2.2.3 At the Scene of the Incident 21
2.2.3.1 Preservation Tasks 22
2.2.4 Dealing with Live and Dead Systems 22
2.2.5 Chain of Custody 23
2.3 The Collection Phase 24
2.3.1 Sources of Digital Evidence 26
2.3.2 Systems Physically Tied to a Location 28
2.3.3 Multiple Evidence Sources 28
2.3.4 Reconstruction 28
2.3.5 Evidence Integrity and Cryptographic Hashes 29
2.3.6 Order of Volatility 30
2.3.7 Dual-Tool Verification 32
2.3.8 Remote Acquisition 32
2.3.9 External Competency and Forensics Cooperation 33
2.4 The Examination Phase 33
2.4.1 Initial Data Source Examination and Preprocessing 34
2.4.2 Forensic File Formats and Structures 35
2.4.3 Data Recovery 35
2.4.4 Data Reduction and Filtering 36
2.4.5 Timestamps 37
2.4.6 Compression, Encryption and Obfuscation 37
2.4.7 Data and File Carving 38
2.4.8 Automation 39
2.5 The Analysis Phase 39
2.5.1 Layers of Abstraction 40
2.5.2 Evidence Types 40
2.5.3 String and Keyword Searches 41
2.5.4 Anti-Forensics 42
2.5.4.1 Computer Media Wiping 42
2.5.4.2 Analysis of Encrypted and Obfuscated Data 42
2.5.5 Automated Analysis 43
2.5.6 Timelining of Events 43
2.5.7 Graphs and Visual Representations 43
2.5.8 Link Analysis 44
2.6 The Presentation Phase 45
2.6.1 The Final Reports 46
2.6.2 Presentation of Evidence and Work Conducted 46
2.6.3 The Chain of Custody Circle Closes 47
2.7 Summary 47
2.8 Exercises 48
3 Cybercrime Law 51
Inger Marie Sunde
3.1 Introduction 51
3.2 The International Legal Framework of Cybercrime Law 54
3.2.1 The Individuals Involved in Criminal Activity and in CrimePreventing Initiatives 54
3.2.2 The National Legal System versus the International Legal Framework 55
3.2.3 Fundamental Rights Relating to Cybercrime Law - The ECHR 56
3.2.3.1 The ECtHR as a Driving Force for Development of Human Rights 57
3.2.3.2 The Right to Bring a Case before the ECtHR 57
3.2.3.3 A Special Note on Transborder Search and Surveillance 58
3.2.3.4 The Connection between Fundamental Rights and the Rule of Law 60
3.2.3.5 The Principle of Legality in the Context of Crime 60
3.2.3.6 The Principle of Legality in the Context of a Criminal Investigation 61
3.2.3.7 The Positive Obligation of the Nation State 63
3.2.3.8 The Right to Fair Trial 64
3.2.3.9 A Special Note on Evidence Rules in Different Legal Systems 68
3.2.3.10 Possible Outcomes of a Violation of Fundamental Rights 69
3.2.4 Special Legal Framework: The Cybercrime Convention 69
3.2.5 Interpretation of Cybercrime Law 72
3.2.5.1 Interpretation of Substantive Criminal Law 72
3.2.5.2 Application of Old Criminal Provisions to New Modes of Conduct 74
3.2.5.3 Interpretation of Procedural Provisions Authorizing Coercive Measures 75
3.3 Digital Crime - Substantive Criminal Law 76
3.3.1 General Conditions for Criminal Liability 77
3.3.2 Real-Life Modus Operandi 80
3.3.3 Offenses against the Confidentiality, Integrity, and Availability of Computer Data and Systems 81
3.3.3.1 Illegal Access and Illegal Interception 82
3.3.3.2 Data and System Interference 85
3.3.3.3 Misuse of Devices 88
3.3.4 Computer-Related Offenses 89
3.3.5 Content-Related Offenses 91
3.3.6 Offenses Related to Infringements of Copyright and Related Rights 93
3.3.7 Racist and Xenophobic Speech 94
3.4 Investigation Methods for Collecting Digital Evidence 95
3.4.1 The Digital Forensic Process in the Context of Criminal Procedure 95
3.4.2 Computer Data That Are Publicly Available 97
3.4.2.1 Transborder Access to Stored Computer Data Where Publicly Available 98
3.4.2.2 Online Undercover Operations 98
3.4.3 Scope and Safeguards of the Investigation Methods 99
3.4.3.1 Suspicion-Based Investigation Methods 99
3.4.3.2 The Scope of the Investigation Methods (Article 14) 99
3.4.3.3 Conditions and Safeguards (Article 15) 100
3.4.3.4 Considerations Relating to Third Parties 102
3.4.4 Search and Seizure (Article 19) 103
3.4.4.1 Main Rules 103
3.4.4.2 Special Issues 104
3.4.5 Production Order 106
3.4.6 Expedited Preservation and Partial Disclosure of Traffic Data 107
3.4.6.1 Real-Time Investigation Methods (Articles 20 and 21) 107
3.5 International Cooperation in Order to Collect Digital Evidence 109
3.5.1 Narrowing the Focus 109
3.5.2 A Special Note on Transborder Access to Digital Evidence 110
3.5.3 Mutual Legal Assistance 111
3.5.3.1 Basic Principles and Formal Steps of the Procedure 111
3.5.3.2 International Conventions Concerning Mutual Legal Assistance 112
3.5.4 International Police Cooperation and Joint Investigation Teams 114
3.6 Summary 115
3.7 Exercises 115
4 Digital Forensic Readiness 117
Ausra Dilijonaite
4.1 Introduction 117
4.2 Definition 117
4.3 Law Enforcement versus Enterprise Digital Forensic Readiness 118
4.4 Why? A Rationale for Digital Forensic Readiness 119
4.4.1 Cost 119
4.4.2 Usefulness of Digital Evidence 120
4.4.2.1 Existence of Digital Evidence 121
4.4.2.2 Evidentiary Weight of Digital Evidence 121
4.5 Frameworks, Standards, and Methodologies 123
4.5.1 Standards 124
4.5.1.1 ISO/IEC 27037 124
4.5.1.2 ISO/IEC 17025 124
4.5.1.3 NIST SP 800-86 124
4.5.2 Guidelines 124
4.5.2.1 IOCE Guidelines 124
4.5.2.2 Scientific Working Group on Digital Evidence (SWGDE) 125
4.5.2.3 ENFSI Guidelines 125
4.5.3 Research 125
4.5.3.1 Rowlingson's Ten-Step Process 125
4.5.3.2 Grobler et al.'s Forensic Readiness Framework 125
4.5.3.3 Endicott-Popovsky et al.'s Forensic Readiness Framework 126
4.6 Becoming "Digital Forensic" Ready 126
4.7 Enterprise Digital Forensic Readiness 127
4.7.1 Legal Aspects 127
4.7.2 Policy, Processes, and Procedures 128
4.7.2.1 Risk-Based Approach 128
4.7.2.2 Incident Response versus Digital Forensics 130
4.7.2.3 Policy 130
4.7.2.4 Processes and Procedures 131
4.7.3 People 132
4.7.3.1 Roles and Responsibilities 132
4.7.3.2 Skills, Competencies, and Training 134
4.7.3.3 Awareness Training 134
4.7.4 Technology: Digital Forensic Laboratory 135
4.7.4.1 Accreditation and Certification 135
4.7.4.2 Organizational Framework 136
4.7.4.3 Security Policy or Framework 136
4.7.4.4 Control of Records 136
4.7.4.5 Processes, Procedures, and Lab Routines 137
4.7.4.6 Methodology and Methods 138
4.7.4.7 Personnel 138
4.7.4.8 Code of Conduct 138
4.7.4.9 Tools 138
4.7.5 Technology: Tools and Infrastructure 139
4.7.5.1 Sources of the Digital Evidence 139
4.7.5.2 Validation and Verification of Digital Forensic Tools 140
4.7.5.3 Preparation of Infrastructure 141
4.7.6 Outsourcing Digital Forensic Capabilities 142
4.7.6.1 Continuous Improvement 143
4.8 Considerations for Law Enforcement 144
4.9 Summary 145
4.10 Exercises 145
5 Computer Forensics 147
Jeff Hamm
5.1 Introduction 147
5.2 Evidence Collection 148
5.2.1 Data Acquisition 149
5.2.1.1 Live Data (Including Memory) 150
5.2.1.2 Forensic Image 152
5.2.2 Forensic Copy 152
5.3 Examination 152
5.3.1 Disk Structures 153
5.3.1.1 Physical Disk Structures 153
5.3.1.2 Logical Disk Structures 156
5.3.2 File Systems 159
5.3.2.1 NTFS (New Technology File System) 163
5.3.2.2 INDX (Index) 173
5.3.2.3 Orphan Files 174
5.3.2.4 EXT2/3/4 (Second, Third, and Fourth Extended Filesystems) 176
5.3.2.5 Operating System Artifacts 177
5.3.2.6 Linux Distributions 183
5.4 Analysis 185
5.4.1 Analysis Tools 185
5.4.2 Timeline Analysis 186
5.4.3 File Hashing 187
5.4.4 Filtering 187
5.4.5 Data Carving 188
...Erscheinungsjahr: | 2017 |
---|---|
Fachbereich: | Allgemeines |
Genre: | Chemie, Importe |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | 370 S. |
ISBN-13: | 9781119262381 |
ISBN-10: | 1119262380 |
Sprache: | Englisch |
Herstellernummer: | 1W119262380 |
Einband: | Kartoniert / Broschiert |
Autor: | Årnes, André |
Redaktion: | Årnes, André |
Herausgeber: | André Årnes |
Hersteller: |
Wiley
John Wiley & Sons |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 244 x 170 x 20 mm |
Von/Mit: | André Årnes |
Erscheinungsdatum: | 24.07.2017 |
Gewicht: | 0,641 kg |
ANDRÉ ÅRNES, PhD is Senior Vice President and Chief Security Office of Telenor Group and an Associate Professor on the faculty of the Norwegian Information Security Laboratory (NisLab) at the Norwegian University of Technology and Science (NTNU). An experienced cyber security expert, Dr. Årnes has extensive experience both as a security leader in a global corporation and as a computer crime special investigator in law enforcement.
Preface xv
List of Contributors xvii
List of Figures xxi
List of Tables xxv
List of Examples xxvii
List of Definitions xxix
List of Abbreviations xxxi
1 Introduction 1
André Årnes
1.1 Forensic Science 1
1.1.1 History of Forensic Science 2
1.1.2 Locard's Exchange Principle 2
1.1.3 Crime Reconstruction 3
1.1.4 Investigations 3
1.1.5 Evidence Dynamics 4
1.2 Digital Forensics 4
1.2.1 Crimes and Incidents 5
1.2.2 Digital Devices, Media, and Objects 5
1.2.3 Forensic Soundness and Fundamental Principles 5
1.2.4 Crime Reconstruction in Digital Forensics 6
1.3 Digital Evidence 7
1.3.1 Layers of Abstraction 7
1.3.2 Metadata 7
1.3.3 Error, Uncertainty, and Loss 7
1.3.4 Online Bank Fraud - A Real-World Example 8
1.3.4.1 Modus Operandi 8
1.3.4.2 The SpyEye Case 8
1.4 Further Reading 9
1.5 Chapter Overview 10
1.6 Comments on Citation and Notation 10
2 The Digital Forensics Process 13
Anders O. Flaglien
2.1 Introduction 13
2.1.1 Why Do We Need a Process? 14
2.1.2 Principles of a Forensics Process 15
2.1.3 Finding the Digital Evidence 15
2.1.4 Introducing the Digital Forensics Process 16
2.2 The Identification Phase 17
2.2.1 Preparations and Deployment of Tools and Resources 18
2.2.2 The First Responder 19
2.2.3 At the Scene of the Incident 21
2.2.3.1 Preservation Tasks 22
2.2.4 Dealing with Live and Dead Systems 22
2.2.5 Chain of Custody 23
2.3 The Collection Phase 24
2.3.1 Sources of Digital Evidence 26
2.3.2 Systems Physically Tied to a Location 28
2.3.3 Multiple Evidence Sources 28
2.3.4 Reconstruction 28
2.3.5 Evidence Integrity and Cryptographic Hashes 29
2.3.6 Order of Volatility 30
2.3.7 Dual-Tool Verification 32
2.3.8 Remote Acquisition 32
2.3.9 External Competency and Forensics Cooperation 33
2.4 The Examination Phase 33
2.4.1 Initial Data Source Examination and Preprocessing 34
2.4.2 Forensic File Formats and Structures 35
2.4.3 Data Recovery 35
2.4.4 Data Reduction and Filtering 36
2.4.5 Timestamps 37
2.4.6 Compression, Encryption and Obfuscation 37
2.4.7 Data and File Carving 38
2.4.8 Automation 39
2.5 The Analysis Phase 39
2.5.1 Layers of Abstraction 40
2.5.2 Evidence Types 40
2.5.3 String and Keyword Searches 41
2.5.4 Anti-Forensics 42
2.5.4.1 Computer Media Wiping 42
2.5.4.2 Analysis of Encrypted and Obfuscated Data 42
2.5.5 Automated Analysis 43
2.5.6 Timelining of Events 43
2.5.7 Graphs and Visual Representations 43
2.5.8 Link Analysis 44
2.6 The Presentation Phase 45
2.6.1 The Final Reports 46
2.6.2 Presentation of Evidence and Work Conducted 46
2.6.3 The Chain of Custody Circle Closes 47
2.7 Summary 47
2.8 Exercises 48
3 Cybercrime Law 51
Inger Marie Sunde
3.1 Introduction 51
3.2 The International Legal Framework of Cybercrime Law 54
3.2.1 The Individuals Involved in Criminal Activity and in CrimePreventing Initiatives 54
3.2.2 The National Legal System versus the International Legal Framework 55
3.2.3 Fundamental Rights Relating to Cybercrime Law - The ECHR 56
3.2.3.1 The ECtHR as a Driving Force for Development of Human Rights 57
3.2.3.2 The Right to Bring a Case before the ECtHR 57
3.2.3.3 A Special Note on Transborder Search and Surveillance 58
3.2.3.4 The Connection between Fundamental Rights and the Rule of Law 60
3.2.3.5 The Principle of Legality in the Context of Crime 60
3.2.3.6 The Principle of Legality in the Context of a Criminal Investigation 61
3.2.3.7 The Positive Obligation of the Nation State 63
3.2.3.8 The Right to Fair Trial 64
3.2.3.9 A Special Note on Evidence Rules in Different Legal Systems 68
3.2.3.10 Possible Outcomes of a Violation of Fundamental Rights 69
3.2.4 Special Legal Framework: The Cybercrime Convention 69
3.2.5 Interpretation of Cybercrime Law 72
3.2.5.1 Interpretation of Substantive Criminal Law 72
3.2.5.2 Application of Old Criminal Provisions to New Modes of Conduct 74
3.2.5.3 Interpretation of Procedural Provisions Authorizing Coercive Measures 75
3.3 Digital Crime - Substantive Criminal Law 76
3.3.1 General Conditions for Criminal Liability 77
3.3.2 Real-Life Modus Operandi 80
3.3.3 Offenses against the Confidentiality, Integrity, and Availability of Computer Data and Systems 81
3.3.3.1 Illegal Access and Illegal Interception 82
3.3.3.2 Data and System Interference 85
3.3.3.3 Misuse of Devices 88
3.3.4 Computer-Related Offenses 89
3.3.5 Content-Related Offenses 91
3.3.6 Offenses Related to Infringements of Copyright and Related Rights 93
3.3.7 Racist and Xenophobic Speech 94
3.4 Investigation Methods for Collecting Digital Evidence 95
3.4.1 The Digital Forensic Process in the Context of Criminal Procedure 95
3.4.2 Computer Data That Are Publicly Available 97
3.4.2.1 Transborder Access to Stored Computer Data Where Publicly Available 98
3.4.2.2 Online Undercover Operations 98
3.4.3 Scope and Safeguards of the Investigation Methods 99
3.4.3.1 Suspicion-Based Investigation Methods 99
3.4.3.2 The Scope of the Investigation Methods (Article 14) 99
3.4.3.3 Conditions and Safeguards (Article 15) 100
3.4.3.4 Considerations Relating to Third Parties 102
3.4.4 Search and Seizure (Article 19) 103
3.4.4.1 Main Rules 103
3.4.4.2 Special Issues 104
3.4.5 Production Order 106
3.4.6 Expedited Preservation and Partial Disclosure of Traffic Data 107
3.4.6.1 Real-Time Investigation Methods (Articles 20 and 21) 107
3.5 International Cooperation in Order to Collect Digital Evidence 109
3.5.1 Narrowing the Focus 109
3.5.2 A Special Note on Transborder Access to Digital Evidence 110
3.5.3 Mutual Legal Assistance 111
3.5.3.1 Basic Principles and Formal Steps of the Procedure 111
3.5.3.2 International Conventions Concerning Mutual Legal Assistance 112
3.5.4 International Police Cooperation and Joint Investigation Teams 114
3.6 Summary 115
3.7 Exercises 115
4 Digital Forensic Readiness 117
Ausra Dilijonaite
4.1 Introduction 117
4.2 Definition 117
4.3 Law Enforcement versus Enterprise Digital Forensic Readiness 118
4.4 Why? A Rationale for Digital Forensic Readiness 119
4.4.1 Cost 119
4.4.2 Usefulness of Digital Evidence 120
4.4.2.1 Existence of Digital Evidence 121
4.4.2.2 Evidentiary Weight of Digital Evidence 121
4.5 Frameworks, Standards, and Methodologies 123
4.5.1 Standards 124
4.5.1.1 ISO/IEC 27037 124
4.5.1.2 ISO/IEC 17025 124
4.5.1.3 NIST SP 800-86 124
4.5.2 Guidelines 124
4.5.2.1 IOCE Guidelines 124
4.5.2.2 Scientific Working Group on Digital Evidence (SWGDE) 125
4.5.2.3 ENFSI Guidelines 125
4.5.3 Research 125
4.5.3.1 Rowlingson's Ten-Step Process 125
4.5.3.2 Grobler et al.'s Forensic Readiness Framework 125
4.5.3.3 Endicott-Popovsky et al.'s Forensic Readiness Framework 126
4.6 Becoming "Digital Forensic" Ready 126
4.7 Enterprise Digital Forensic Readiness 127
4.7.1 Legal Aspects 127
4.7.2 Policy, Processes, and Procedures 128
4.7.2.1 Risk-Based Approach 128
4.7.2.2 Incident Response versus Digital Forensics 130
4.7.2.3 Policy 130
4.7.2.4 Processes and Procedures 131
4.7.3 People 132
4.7.3.1 Roles and Responsibilities 132
4.7.3.2 Skills, Competencies, and Training 134
4.7.3.3 Awareness Training 134
4.7.4 Technology: Digital Forensic Laboratory 135
4.7.4.1 Accreditation and Certification 135
4.7.4.2 Organizational Framework 136
4.7.4.3 Security Policy or Framework 136
4.7.4.4 Control of Records 136
4.7.4.5 Processes, Procedures, and Lab Routines 137
4.7.4.6 Methodology and Methods 138
4.7.4.7 Personnel 138
4.7.4.8 Code of Conduct 138
4.7.4.9 Tools 138
4.7.5 Technology: Tools and Infrastructure 139
4.7.5.1 Sources of the Digital Evidence 139
4.7.5.2 Validation and Verification of Digital Forensic Tools 140
4.7.5.3 Preparation of Infrastructure 141
4.7.6 Outsourcing Digital Forensic Capabilities 142
4.7.6.1 Continuous Improvement 143
4.8 Considerations for Law Enforcement 144
4.9 Summary 145
4.10 Exercises 145
5 Computer Forensics 147
Jeff Hamm
5.1 Introduction 147
5.2 Evidence Collection 148
5.2.1 Data Acquisition 149
5.2.1.1 Live Data (Including Memory) 150
5.2.1.2 Forensic Image 152
5.2.2 Forensic Copy 152
5.3 Examination 152
5.3.1 Disk Structures 153
5.3.1.1 Physical Disk Structures 153
5.3.1.2 Logical Disk Structures 156
5.3.2 File Systems 159
5.3.2.1 NTFS (New Technology File System) 163
5.3.2.2 INDX (Index) 173
5.3.2.3 Orphan Files 174
5.3.2.4 EXT2/3/4 (Second, Third, and Fourth Extended Filesystems) 176
5.3.2.5 Operating System Artifacts 177
5.3.2.6 Linux Distributions 183
5.4 Analysis 185
5.4.1 Analysis Tools 185
5.4.2 Timeline Analysis 186
5.4.3 File Hashing 187
5.4.4 Filtering 187
5.4.5 Data Carving 188
...Erscheinungsjahr: | 2017 |
---|---|
Fachbereich: | Allgemeines |
Genre: | Chemie, Importe |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | 370 S. |
ISBN-13: | 9781119262381 |
ISBN-10: | 1119262380 |
Sprache: | Englisch |
Herstellernummer: | 1W119262380 |
Einband: | Kartoniert / Broschiert |
Autor: | Årnes, André |
Redaktion: | Årnes, André |
Herausgeber: | André Årnes |
Hersteller: |
Wiley
John Wiley & Sons |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 244 x 170 x 20 mm |
Von/Mit: | André Årnes |
Erscheinungsdatum: | 24.07.2017 |
Gewicht: | 0,641 kg |