You have no items in your shopping cart.

Cyber Forensics: From Data to Digital Evidence

Cyber Forensics From Data to Digital Evidence

  • Author:
  • Publisher: John Wiley & Sons
  • ISBN: 9781118273661
  • Published In: April 2012
  • Format: Hardback , 400 pages
  • Jurisdiction: International or US ? Disclaimer:
    Countri(es) stated herein are used as reference only
Out of stock
OR
  • Description 
  • Contents 
  • Author 
  • Details

    An explanation of the basic principles of data

    This book explains the basic principles of data as building blocks of electronic evidential matter, which are used in a cyber forensics investigations. The entire text is written with no reference to a particular operation system or environment, thus it is applicable to all work environments, cyber investigation scenarios, and technologies.  The text is written in a step-by-step manner, beginning with the elementary building blocks of data progressing upwards to the representation and storage of information.  It inlcudes practical examples and illustrations throughout to guide the reader.

  • Preface

    Acknowledgments

    Chapter 1: The Fundamentals of Data

    Base 2 Numbering System: Binary and Character Encoding

    Communication in a Two State Universe

    Electricity and Magnetism

    Building Blocks: The Origins of Data

    Growing the Building Blocks of Data

    Moving Beyond Base 2

    American Standard Code for Information Interchange

    Character Codes: The Basis for Processing Textual Data

    Extended ASCII and Unicode

    Summary

    Notes

    Chapter 2: Binary to Decimal

    American Standard Code for Information Interchange

    Computer as a Calculator

    Why Is This Important In Forensics?

    Data Representation

    Converting Binary to Decimal

    Conversion Analysis

    A Forensic Case Example: An Application of the Math

    Decimal to Binary: Recap for Review

    Summary

    Chapter 3: The Power of HEX: Finding Slivers of Data

    What the HEX?

    Bits and Bytes and Nibbles

    Nibbles and Bits

    Binary to HEX Conversion

    Binary (HEX) Editor

    The Needle within the Haystack

    Summary

    Note

    Chapter 4: Files

    Introduction

    Files, File Structures, and File Formats

    File Extensions

    Changing a File's Extension to Evade Detection

    Files and the HEX Editor

    File Signature

    ASCII is Not Text nor HEX

    Value of File Signatures

    Complex Files: Compound, Compressed, and Encrypted Files

    Why Do Compound Files Exist?

    Compressed Files and Magic Numbers

    Forensics and Encrypted Files

    The Structure of Ciphers

    Summary

    Notes

    Appendix 4A: Common File Extensions

    Appendix 4B: File Signature/Magic Number Database

    Appendix C: Magic Number Definition

    Appendix 4D: Compound Document Header

    Chapter 5: The Boot Process and the Master Boot Record (MBR)

    Booting Up

    Primary Functions of the Boot Process

    Forensic Imaging and Evidence Collection

    Summarizing the BIOS

    The Master Boot Record (MBR)

    Partition Table

    Hard Disk Partition

    Summary

    Notes

    Chapter 6: Endianness and the Partition Table

    The Flavor of Endianness

    Endianness

    The Origins of Endian

    Partition Table within the Master Boot Record

    Summary

    Notes

    Chapter 7: Volume versus Partition

    Tech Review

    Cylinder, Head, Sector and Logical Block Addressing

    Volumes and Partitions

    Summary

    Notes

    Chapter 8: File Systems – FAT 12/16

    Tech Review

    File Systems

    Metadata

    File Allocation Table (FAT) File System

    Slack

    HEX Review Note

    Directory Entries

    File Allocation Table (FAT)

    How is Cluster Size Determined?

    Expanded Cluster Size

    Directory Entries and the FAT Table

    FAT Filing System Limitations

    Directory Entry Limitations

    Summary

    Appendix 8A: Partition Table Fields

    Appendix 8B: FAT Table Values

    Appendix 8C: Directory Entry Byte Offset Description

    Appendix 8D: FAT12/16 Byte Offset Values

    Appendix 8E: FAT 32 Byte Offset Values

    Appendix 8F: The Power of 2

    Chapter 9: File Systems – NTFS and Beyond

    New Technology File System

    Partition Boot Record

    Master File Table

    NTFS Summary

    exFAT

    Alternative Filing System Concepts

    Summary

    Notes

    Appendix 9A: Common NTFS System Defined Attributes

    Box Analogy

    Chapter 10: Cyber Forensics: Investigative Smart Practices

    The Forensic Process

    Forensic Investigative Smart Practices (ISPs)

    Time

    Summary

    Note

    Chapter 11: Time and Forensics

    Network Time Protocol

    Timestamp Data

    Keeping Track of Time

    Clock Models and Time Bounding: The Foundations of Forensic Time

    MS-DOS 32 Bit Time Stamp: Date and Time

    Date Determination

    Time Determination

    Time Inaccuracy

    Summary

    Notes

    Chapter 12: Investigation: Incident Closure

    Step 5: Investigation

    Step 6: Communicate Findings

    Characteristics of a Good Cyber Forensic Report

    Report Contents

    Step 7: Retention and Curation of Evidence

    Step 8: Investigation Wrap Up and Conclusion

    Investigator’s Role as an Expert Witness

    Summary

    Notes

    Chapter 13: A Cyber Forensic Process Summary

    Binary

    Binary – Decimal - ASCII

    Data versus Code

    HEX

    From Raw Data to Files

    Accessing Files

    Endianness

    Partitions

    File Systems

    Time

    The Investigation Process

    Summary

    Appendix: Forensic Report: Forensic Investigations, ABC Inc.

    Glossary

    About the Authors

    Index

  • Albert J. Marcella, Jr., PhD, CISA, CISM, is President of Business Automation Consultants, LLC, a global information technology and management consulting firm providing IT management consulting, audit and security reviews, and training. He is an internationally recognized public speaker, researcher, workshop and seminar leader, and an author of numerous articles and books on various IT, audit, and security related subjects.

    Frederic Guillossou, CISSP, CCE, is an Information Security Analyst with TALX, a division of Equifax. He regularly trains on intrusion prevention systems and has successfully led a number of forensic investigations in the field.

You may also be interested in these books: