ISBN:978-0-470-93166-0
出版时间:2011
关键字:计算机安全
总页数:338
Who Should Read This Book
Anyone fulfilling, or aspiring to fulfill, the responsibilities of a computer forensic
examiner can benefit from this book. Also, if you just want to know more about
what computer forensic examiners do, this book will fill you in on the details. The
material is organized to provide a high-level view of the process and methods used
in an investigation. Both law enforcement personnel and non-law enforcement can
benefit from the topics presented here.
Because you are reading this introduction, you must have some interest in
computer forensics. Why are you interested? Are you just curious, do you want
to start working in computer forensics, or have you just been given the responsi-
bility of conducting or managing an investigation? This book addresses readers
in all of these categories.
Although we recommend that you read the book from start to finish for a com -
plete overview of the topics, you can jump right to an area of interest. If you bought
this book for a concise list of forensic tools, go right to Chapter 8. But don’t forget
the other chapters! You’ll find a wealth of information in all chapters that will
expand your understanding of computer forensics.
What This Book Covers
Chapter 1: “The Need for Computer Forensics” This chapter lays the
foundation for the rest of the book. It discusses the need for computer
forensics and how the examiners’ activities meet the need.
Chapter 2: “Preparation—What to Do Before You Start” This chapter
addresses the necessary knowledge you must have before you start. When
you finish this chapter, you will know how to prepare for an investigation.
Chapter 3: “Computer Evidence” This chapter discusses computer evi-
dence and focuses on identifying, collecting, preserving, and analyzing
evidence.
Chapter 4: “Common Tasks” Most investigations include similar com-
mon tasks. This chapter outlines those tasks you are likely to see again and
again. It sets the stage for the action items you will use in your activities.
Chapter 5: “Capturing the Data Image” This chapter covers the first
functional step in many investigations. You will learn the reason for and
the process of creating media images for analysis.
Chapter 6: “Extracting Information from Data” After you have an exact
media image, you can start analyzing it for evidence. This chapter covers the
basics of data analysis. You will learn what to look for and how to find it.
Chapter 7: “Passwords and Encryption” Sooner or later, you will run
into password-protected resources and encrypted files. This chapter covers
basic encryption and password issues and discusses how to deal with them.
Chapter 8: “Common Forensic Tools” Every computer forensic examiner
needs a toolbox. This chapter covers many popular hardware and software
forensic tools.
Chapter 9: “Pulling It All Together” When the analysis is done, you need
to present the results. This chapter covers the elements and flow of an inves-
tigation report.
Chapter 10: “How to Testify in Court” If your evidence ends up in court,
you need to know how to effectively present it. This chapter covers many
ins and outs of being an expert witness and presenting evidence in court.
Appendix A: “Answers to Review Questions” Answers to the Review
Questions
Appendix B: “Forensic Resources” A list of forensic resources you can
use for further research
Appendix C: “Forensic Certifications and More” A list of computer foren-
sic certifications and contact information
Appendix D: “Forensic Tools” A summary list of forensic tools, several
of which are discussed in the text, with contact information
Glossary A list of terms used throughout the book
| 
