|
Computer Evedence: Collection & Preservation
Computer Evidence: Collection and Preservation teaches law enforcement and computer forensics investigators how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. The book focuses on collection and preservation because these two phases of computer forensics are the most critical to evidence
acceptance, but are not thoroughly covered in text or courses. Throughout the book, a constant eye is kept on evidence dynamics and the impact investigators can have on data integrity while collecting evidence. The simple act of a computer forensics investigator shutting down a suspect's computer changes the state of the computer as well as many of its fi les, so a good understanding of evidence dynamics is essential when doing computer forensics work. Broken up into five parts, Computer Forensics & Evidence Dynamics, Information Systems, Data Storage Systems & Media, Artifact Collection, and Archiving & Maintaining Evidence, the book places specific focus on how investigators and their tools are interacting with digital evidence. By reading and using this task-oriented guide, computer forensics investigators will be able to ensure case integrity during the most crucial phases of the computer forensics process.
CONTENTS:
Preface; Part I: Computer Forensics & Evidence Dynamics; Chapter 1: Computer Forensics Essentials; Chapter 2: International Rules of Evidence; Chapter 3: Evidence Dynamics; Part II: Information Systems; Chapter 4: Discovering Information Systems Through Interview, Policies, and Audit; Chapter 5: Network Topology and Its Effects on Identifying Potential Evidence; Chapter 6: Volatile Data; Part III: Data Storage Systems & Media; Chapter 7: Disk IDE, SIDE, and SCSI; Chapter 8: SAN, NAS, and RAID; Chapter 9: Removable and Optical Media; Chapter 10: File Systems; Part IV:Artifact Collection; Chapter 11: Documentation; Chapter 12: Collecting Volatile Data; Chapter 13: Imaging Methodologies; Chapter 14: Large System Collection; Part V:Archiving and Maintaining Evidence; Chapter 15: Forensics Networks and Live Storage; Chapter 16: Offline Storage Media; Chapter 17: Physical Security; Appendix A: Sample Chain of Custody Form; Appendix B: Evidence Collection Worksheet; Appendix C: Evidence Access Worksheets; Appendix D: Forensics Field Kits; Appendix E: Partition Types; Appendix F: Drive Math; Appendix G: Forensics Tools; Appendix H: Agencies & Contacts; Appendix I: Resources; Appendix J: About the CD-ROM; Index
|
