A Practical Guide to Computer Forensics Investigations,1th edition

A Practical Guide to Computer Forensics Investigations 1th edition

By: Darren R. Hayes
About this Book
ISBN-10: 0789741156
/ ISBN-13: 9780789741158
Edition: 1th edition
Format: MS Word /or PDF
Published By: Pearson IT Certification

TEST BANK

$25

22%
OFF
or

Get more savings using the coupon code "Testbankszip" on the check out page.

Yes , you are going to get a digital file with exam Questions and Answers for the Textbook “A Practical Guide to Computer Forensics Investigations by 1th edition, 

After successfully completed your order, you get an automated email with payment id and a downloadable link for the A Practical Guide to Computer Forensics Investigations TEST BANK 

ZIP is a standard file format that’s used to compress one or more chapters or files into a single location, to open a zip file you need to install Winzip free from their official website at link

The majority of the exam chapters are either in Word or PDF format, it depends on how it was released by the publisher.

 

Absolutely! TestBanksZip gives you the option to get a free chapter before investing in the entire product.

If you don’t get your download within 2 hours, please contact us. In the rare event that your product cannot be delivered, a refund will be issued promptly.

If for some reason your files are corrupted, please contact our team to resolve the issues or to obtain a refund.

Other than the reasons listed, all sales are considered final. Please make sure you are careful to purchase the right item before completing your transaction.

You can view our complete refund policy here.

If you need assistance regarding purchaing any of our listed study guides, you can fill the contact us form page.Our support agent will get in touch with you.

Table of content:

Introduction xx
Chapter 1: The Scope of Computer Forensics 2
Introduction.. . . . . . . . . . . . . . 2
Popular Myths about Computer Forensics.. . . . . . . 3
Types of Computer Forensics Evidence Recovered.. . . . . . 5
Electronic Mail (Email).. . . . . . . . . . . 5
Images.. . . . . . . . . . . . . . 7
Video. . . . . . . . . . . . . . 8
Websites Visited and Internet Searches.. . . . . . . 9
Cellphone Forensics.. . . . . . . . . . . 10
What Skills Must a Computer Forensics Investigator Possess?.. . . 10
Computer Science Knowledge. . . . . . . . . 10
Legal Expertise.. . . . . . . . . . . . 11
Communication Skills.. . . . . . . . . . . 11
Linguistic Abilities.. . . . . . . . . . . 11
Continuous Learning.. . . . . . . . . . . 11
An Appreciation for Confidentiality. . . . . . . . 12
The Importance of Computer Forensics.. . . . . . . . 12
Job Opportunities.. . . . . . . . . . . 12
A History of Computer Forensics.. . . . . . . . . 14
1980s: The Advent of the Personal Computer.. . . . . . 14
1990s: The Impact of the Internet.. . . . . . . . 15
Training and Education. . . . . . . . . . . . 19
Law Enforcement Training.. . . . . . . . . . 19
Summary.. . . . . . . . . . . . . . 25
Chapter 2: Windows Operating and File Systems 32
Introduction.. . . . . . . . . . . . . . 32
Physical and Logical Storage.. . . . . . . . . . 34
File Storage.. . . . . . . . . . . . . 34
File Conversion and Numbering Formats.. . . . . . . . 37
Conversion of Binary to Decimal.. . . . . . . . 37
Hexadecimal Numbering. . . . . . . . . . 37
Conversion of Hexadecimal to Decimal. . . . . . . 38
Conversion of Hexadecimal to ASCII (American Standard Code) for Information Interchange.. . . . . . . . . 38
Unicode.. . . . . . . . . . . . . 42
Operating Systems.. . . . . . . . . . . . 42
The Boot Process.. . . . . . . . . . . 42
Windows File Systems.. . . . . . . . . . 44
Windows Registry.. . . . . . . . . . . . . 50
Registry Data Types.. . . . . . . . . . . 52
FTK Registry Viewer.. . . . . . . . . . . 52
Microsoft Windows Features.. . . . . . . . . . 53
Windows Vista.. . . . . . . . . . . . 53
Windows 7.. . . . . . . . . . . . . 59
Windows 8.1. . . . . . . . . . . . . 70
Summary.. . . . . . . . . . . . . . 73
Chapter 3: Handling Computer Hardware 80
Introduction.. . . . . . . . . . . . . . 80
Hard Disk Drives.. . . . . . . . . . . . . 81
Small Computer System Interface (SCSI).. . . . . . . 81
Integrated Drive Electronics (IDE). . . . . . . . 82
Serial ATA (SATA).. . . . . . . . . . . 83
Cloning a PATA or SATA Hard Disk.. . . . . . . . . 86
Cloning Devices.. . . . . . . . . . . . 86
Removable Memory.. . . . . . . . . . . . 93
FireWire. . . . . . . . . . . . . . 94
USB Flash Drives.. . . . . . . . . . . . 94
External Hard Drives.. . . . . . . . . . . 95
MultiMedia Cards (MMCs).. . . . . . . . . . 96
Summary.. . . . . . . . . . . . . . 109
References.. . . . . . . . . . . . . . 114
Chapter 4: Acquiring Evidence in a Computer Forensics Lab 116
Introduction.. . . . . . . . . . . . . . 116
Lab Requirements. . . . . . . . . . . . 117
American Society of Crime Laboratory Directors.. . . . . 117
American Society of Crime Laboratory Directors/Lab Accreditation Board (ASCLD/LAB). . . . . . . . 117
ASCLD/LAB Guidelines for Forensic Laboratory Management Practices.. . . . . . . . . . . . . 117
Scientific Working Group on Digital Evidence (SWGDE).. . . 119
Private Sector Computer Forensics Laboratories.. . . . . . 119
Evidence Acquisition Laboratory.. . . . . . . . 120
Email Preparation Laboratory.. . . . . . . . . 120
Inventory Control.. . . . . . . . . . . 120
Web Hosting. . . . . . . . . . . . 121
Computer Forensics Laboratory Requirements.. . . . . . 121
Laboratory Layout.. . . . . . . . . . . 121
Laboratory Management. . . . . . . . . . 141
Laboratory Access. . . . . . . . . . . 141
Extracting Evidence from a Device.. . . . . . . . . 144
Using the dd Utility.. . . . . . . . . . . 144
Using Global Regular Expressions Print (GREP). . . . . 145
Skimmers. . . . . . . . . . . . . . 152
Summary.. . . . . . . . . . . . . . 156
Chapter 5: Online Investigations 162
Introduction.. . . . . . . . . . . . . . 162
Working Undercover. . . . . . . . . . . . 163
Generate an Identity.. . . . . . . . . . . 164
Generate an Email Account.. . . . . . . . . 165
Mask Your Identity. . . . . . . . . . . 167
Website Evidence.. . . . . . . . . . . . 171
Website Archives.. . . . . . . . . . . 171
Website Statistics.. . . . . . . . . . . 172
Background Searches on a Suspect. . . . . . . . . 173
Personal Information: Mailing Address, Email Address, Telephone Number, and Assets. . . . . . . . 174
Personal Interests and Membership of User Groups.. . . . 178
Searching for Stolen Property.. . . . . . . . . 179
Online Crime.. . . . . . . . . . . . . 195
Identity Theft.. . . . . . . . . . . . 195
Credit Cards for Sale. . . . . . . . . . . 195
Electronic Medical Records.. . . . . . . . . 196
Cyberbullying.. . . . . . . . . . . . 196
Social Networking.. . . . . . . . . . . 196
Capturing Online Communications.. . . . . . . . . 197
Using Screen Captures.. . . . . . . . . . 197
Using Video.. . . . . . . . . . . . 199
Viewing Cookies.. . . . . . . . . . . 199
Using Windows Registry.. . . . . . . . . . 200
Summary.. . . . . . . . . . . . . . 202
Chapter 6: Documenting the Investigation 210
Introduction.. . . . . . . . . . . . . . 210
Obtaining Evidence from a Service Provider.. . . . . . . 211
Documenting a Crime Scene.. . . . . . . . . . 211
Seizing Evidence. . . . . . . . . . . . . 213
Crime Scene Examinations. . . . . . . . . 213
Documenting the Evidence.. . . . . . . . . . 214
Completing a Chain of Custody Form.. . . . . . . 215
Completing a Computer Worksheet. . . . . . . . 216
Completing a Hard Disk Drive Worksheet.. . . . . . 217
Completing a Server Worksheet. . . . . . . . 218
Using Tools to Document an Investigation. . . . . . . 220
CaseNotes.. . . . . . . . . . . . . 220
FragView. . . . . . . . . . . . . 220
Helpful Mobile Applications (Apps).. . . . . . . . 221
Network Analyzer. . . . . . . . . . . 221
System Status.. . . . . . . . . . . . 221
The Cop App.. . . . . . . . . . . . 221
Lock and Code. . . . . . . . . . . . 221
Digital Forensics Reference.. . . . . . . . . 221
Federal Rules of Civil Procedure (FRCP).. . . . . . . 222
Federal Rules of Evidence (FREvidence).. . . . . . . 222
Writing Reports.. . . . . . . . . . . . . 222
Time Zones and Daylight Saving Time (DST).. . . . . . 222
Creating a Comprehensive Report. . . . . . . . 224
Using Expert Witnesses at Trial. . . . . . . . . . 227
The Expert Witness.. . . . . . . . . . . 228
The Goals of the Expert Witness.. . . . . . . . 228
Preparing an Expert Witness for Trial.. . . . . . . 228
Summary.. . . . . . . . . . . . . . 231
Chapter 7: Admissibility of Digital Evidence 238
Introduction.. . . . . . . . . . . . . . 238
History and Structure of the United States Legal System. . . . 239
Origins of the U.S. Legal System.. . . . . . . . 240
Overview of the U.S. Court System.. . . . . . . . 241
In the Courtroom.. . . . . . . . . . . 245
Evidence Admissibility.. . . . . . . . . . . 248
Constitutional Law.. . . . . . . . . . . . 248
First Amendment.. . . . . . . . . . . 248
First Amendment and the Internet.. . . . . . . . 249
Fourth Amendment.. . . . . . . . . . . 251
Fifth Amendment.. . . . . . . . . . . 263
Sixth Amendment.. . . . . . . . . . . 264
Congressional Legislation. . . . . . . . . . 265
Rules for Evidence Admissibility. . . . . . . . 271
Criminal Defense.. . . . . . . . . . . 276
When Computer Forensics Goes Wrong.. . . . . . . . 277
Pornography in the Classroom. . . . . . . . . 277
Structure of the Legal System in the European Union (E.U.).. . . . 278
Origins of European Law. . . . . . . . . . 278
Structure of European Union Law.. . . . . . . . 279
Structure of the Legal System in Asia. . . . . . . . 282
China. . . . . . . . . . . . . . 282
India.. . . . . . . . . . . . . . 282
Summary.. . . . . . . . . . . . . . 283
Chapter 8: Network Forensics 292
Introduction.. . . . . . . . . . . . . . 292
The Tools of the Trade.. . . . . . . . . . . 293
Networking Devices.. . . . . . . . . . . . 294
Proxy Servers. . . . . . . . . . . . 295
Web Servers. . . . . . . . . . . . 295
DHCP Servers.. . . . . . . . . . . . 298
SMTP Servers.. . . . . . . . . . . . 299
DNS Servers. . . . . . . . . . . . 301
Routers.. . . . . . . . . . . . . 302
IDS.. . . . . . . . . . . . . . 304
Firewalls.. . . . . . . . . . . . . 304
Ports.. . . . . . . . . . . . . . 305
Understanding the OSI Model.. . . . . . . . . . 305
The Physical Layer. . . . . . . . . . . 306
The Data Link Layer. . . . . . . . . . . 306
The Network Layer. . . . . . . . . . . 306
The Transport Layer.. . . . . . . . . . . 307
The Session Layer.. . . . . . . . . . . 308
The Presentation Layer.. . . . . . . . . . 308
The Application Layer.. . . . . . . . . . 309
Advanced Persistent Threats. . . . . . . . . . 310
Cyber Kill Chain.. . . . . . . . . . . . 310
Indicators of Compromise (IOC). . . . . . . . 312
Investigating a Network Attack.. . . . . . . . . . 313
Summary.. . . . . . . . . . . . . . 314
Chapter 9: Mobile Forensics 320
Introduction.. . . . . . . . . . . . . . 320
The Cellular Network.. . . . . . . . . . . . 322
Base Transceiver Station.. . . . . . . . . . 322
Mobile Station.. . . . . . . . . . . . 326
Cellular Network Types.. . . . . . . . . . 331
SIM Card Forensics.. . . . . . . . . . . 334
Types of Evidence.. . . . . . . . . . . 337
Handset Specifications.. . . . . . . . . . . 338
Memory and Processing.. . . . . . . . . . 338
Battery.. . . . . . . . . . . . . 338
Other Hardware.. . . . . . . . . . . . 338
Mobile Operating Systems. . . . . . . . . . . 339
Android OS. . . . . . . . . . . . . 339
Windows Phone. . . . . . . . . . . . 347
Standard Operating Procedures for Handling Handset Evidence.. . . 347
National Institute of Standards and Technology .. . . . . 348
Preparation and Containment. . . . . . . . . 349
Wireless Capabilities.. . . . . . . . . . . 352
Documenting the Investigation. . . . . . . . . 354
Handset Forensics.. . . . . . . . . . . . 354
Cellphone Forensic Software.. . . . . . . . . 354
Cellphone Forensics Hardware.. . . . . . . . 357
Logical versus Physical Examination.. . . . . . . 358
Manual Cellphone Examinations.. . . . . . . . . 358
Flasher Box.. . . . . . . . . . . . 359
Global Satellite Service Providers.. . . . . . . . . 360
Satellite Communication Services.. . . . . . . . 360
Legal Considerations.. . . . . . . . . . . . 360
Carrier Records.. . . . . . . . . . . . 361
Other Mobile Devices.. . . . . . . . . . . . 361
Tablets.. . . . . . . . . . . . . 361
GPS Devices.. . . . . . . . . . . . 362
Summary.. . . . . . . . . . . . . . 364
Chapter 10: Photograph Forensics 372
Introduction.. . . . . . . . . . . . . . 372
Understanding Digital Photography.. . . . . . . . . 375
File Systems.. . . . . . . . . . . . 375
Digital Photography Applications and Services.. . . . . 376
Examining Picture Files.. . . . . . . . . . . 377
Exchangeable Image File Format (EXIF).. . . . . . . 377
Evidence Admissibility.. . . . . . . . . . . 380
Federal Rules of Evidence (FRE).. . . . . . . . 380
Analog vs. Digital Photographs.. . . . . . . . 381
Case Studies.. . . . . . . . . . . . . 382
Worldwide Manhunt.. . . . . . . . . . . 382
NYPD Facial Recognition Unit.. . . . . . . . . 383
Summary.. . . . . . . . . . . . . . 384
Chapter 11: Mac Forensics 390
Introduction.. . . . . . . . . . . . . . 390
A Brief History.. . . . . . . . . . . . . 391
Macintosh. . . . . . . . . . . . . 391
Mac Mini with OS X Server.. . . . . . . . . 391
iPod. . . . . . . . . . . . . . 393
iPhone. . . . . . . . . . . . . . 394
iPad. . . . . . . . . . . . . . 394
Apple Wi-Fi Devices.. . . . . . . . . . . 395
Macintosh File Systems.. . . . . . . . . . . 397
Forensic Examinations of a Mac.. . . . . . . . . 398
IOReg Info.. . . . . . . . . . . . . 398
PMAP Info.. . . . . . . . . . . . . 399
Epoch Time.. . . . . . . . . . . . 399
Recovering Deleted Files.. . . . . . . . . . 401
Journaling. . . . . . . . . . . . . 401
DMG File System.. . . . . . . . . . . 401
PList Files.. . . . . . . . . . . . . 401
SQLite Databases.. . . . . . . . . . . 404
Macintosh Operating Systems.. . . . . . . . . . 404
Mac OS X.. . . . . . . . . . . . . 405
Target Disk Mode.. . . . . . . . . . . 408
Apple Mobile Devices. . . . . . . . . . . . 409
iOS.. . . . . . . . . . . . . . 410
iOS 7.. . . . . . . . . . . . . . 410
iOS 8.. . . . . . . . . . . . . . 410
Security and Encryption.. . . . . . . . . . 411
iPod. . . . . . . . . . . . . . 412
iPhone. . . . . . . . . . . . . . 413
Enterprise Deployment of iPhone and iOS Devices.. . . . 426
Case Studies.. . . . . . . . . . . . . 426
Find My iPhone.. . . . . . . . . . . . 427
Wanted Hactevist.. . . . . . . . . . . 427
Michael Jackson.. . . . . . . . . . . 427
Stolen iPhone. . . . . . . . . . . . 427
Drug Bust.. . . . . . . . . . . . . 427
Summary.. . . . . . . . . . . . . . 428
Chapter 12: Case Studies 436
Introduction.. . . . . . . . . . . . . . 436
Zacharias Moussaoui.. . . . . . . . . . . . 437
Background.. . . . . . . . . . . . 437
Digital Evidence.. . . . . . . . . . . . 438
Standby Counsel Objections.. . . . . . . . . 439
Prosecution Affidavit.. . . . . . . . . . . 440
Exhibits.. . . . . . . . . . . . . 440
Email Evidence. . . . . . . . . . . . 440
BTK (Bind Torture Kill) Killer. . . . . . . . . . 441
Profile of a Killer. . . . . . . . . . . . 441
Evidence.. . . . . . . . . . . . . 442
Cyberbullying.. . . . . . . . . . . . . 443
Federal Anti-harassment Legislation.. . . . . . . 443
State Anti-harassment Legislation.. . . . . . . . 443
Warning Signs of Cyberbullying.. . . . . . . . 443
What Is Cyberbullying?.. . . . . . . . . . 444
Phoebe Prince.. . . . . . . . . . . . 444
Ryan Halligan.. . . . . . . . . . . . 445
Megan Meier.. . . . . . . . . . . . 445
Tyler Clementi.. . . . . . . . . . . . 445
Sports.. . . . . . . . . . . . . . . 447
Summary.. . . . . . . . . . . . . . 449
TOC, 9780789741158, 11/20/2014

Reviews

Create a Free Account

* We don’t share your personal info with anyone. Check out our Privacy Policy for more information