Storage media overview for postmortem acquisition -- Linux as a forensic acquisition platform -- Forensic image formats and acquisition tools -- Forensic imaging preparation and setup -- Attaching physical media to an acquisition host -- Forensic image acquisition -- Forensic image management -- Accessing logical, virtual, and operating system encrypted images -- Extracting subsets of forensic images

lgli/Bruce Nikkel;Practical Forensic Imaging Securing Digital Evidence with Linux Tools;;;No Starch Press;2016;;;English.pdf

lgrsnf/Bruce Nikkel;Practical Forensic Imaging Securing Digital Evidence with Linux Tools;;;No Starch Press;2016;;;English.pdf

zlib/Computers/Networking/Bruce Nikkel/Practical Forensic Imaging: Securing Digital Evidence with Linux Tools_2951646.pdf

Nikkel, Bruce

Penguin Random House LLC (Publisher Services), San Francisco, 2016

United States, United States of America

Sep 01, 2016

1, PS, 2016

True PDF

0

lg1709206

{"edition":"1","isbns":["1593277938","1593278004","1593278012","9781593277932","9781593278007","9781593278014"],"last_page":320,"publisher":"No Starch Press"}

Forensic image acquisition is an important part of postmortem incident response and evidence collection. Digital forensic investigators acquire, preserve, and manage digital evidence to support civil and criminal cases; examine organizational policy violations; resolve disputes; and analyze cyber attacks.
Practical Forensic Imaging takes a detailed look at how to secure and manage digital evidence using Linux-based command line tools. This essential guide walks you through the entire forensic acquisition process and covers a wide range of practical scenarios and situations related to the imaging of storage media.
You’ll learn how to:
• Perform forensic imaging of magnetic hard disks, SSDs and flash drives, optical discs, magnetic tapes, and legacy technologies
• Protect attached evidence media from accidental modification
• Manage large forensic image files, storage capacity, image format conversion, compression, splitting, duplication, secure transfer and storage, and secure disposal
• Preserve and verify evidence integrity with cryptographic and piecewise hashing, public key signatures, and RFC-3161 timestamping
• Work with newer drive and interface technologies like NVME, SATA Express, 4K-native sector drives, SSHDs, SAS, UASP/USB3x, and Thunderbolt
• Manage drive security such as ATA passwords; encrypted thumb drives; Opal self-encrypting drives; OS-encrypted drives using BitLocker, FileVault, and TrueCrypt; and others
• Acquire usable images from more complex or challenging situations such as RAID systems, virtual machine images, and damaged media
With its unique focus on digital forensic acquisition and evidence preservation, Practical Forensic Imaging is a valuable resource for experienced digital forensic investigators wanting to advance their Linux skills and experienced Linux administrators wanting to learn digital forensics. This is a must-have reference for every digital forensics lab.

2017-07-11