"Provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties it all the complex pieces together with real-world case studies. ...Delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations." --Brian H. Karney, COO, AccessData Corporation
**The latest strategies for investigating cyber-crime**
Identify and investigate computer criminals of all stripes with help from this fully updated. real-world resource. __Hacking Exposed Computer Forensics, Second Edition__ explains how to construct a high-tech forensic lab, collect prosecutable evidence, discover e-mail and system file clues, track wireless activity, and recover obscured documents. Learn how to re-create an attacker's footsteps, communicate with counsel, prepare court-ready reports, and work through legal and organizational challenges. Case studies straight from today's headlines cover IP theft, mortgage fraud, employee misconduct, securities fraud, embezzlement, organized crime, and consumer fraud cases.
* Effectively uncover, capture, and prepare evidence for investigation
* Store and process collected data in a highly secure digital forensic lab
* Restore deleted documents, partitions, user activities, and file systems
* Analyze evidence gathered from Windows, Linux, and Macintosh systems
* Use the latest Web and client-based e-mail tools to extract relevant artifacts
* Overcome the hacker's anti-forensic, encryption, and obscurity techniques
* Unlock clues stored in cell phones, PDAs, and Windows Mobile devices
* Prepare legal documents that will hold up to judicial and defense scrutiny

nexusstc/Hacking Exposed Computer Forensics, Second Edition: Computer Forensics Secrets & Solutions/db6cba0347a20c5d38996a345cc87c61.pdf

zlib/Computers/Networking/Aaron Philipp, David Cowen, Chris Davis/Hacking Exposed Computer Forensics, Second Edition: Computer Forensics Secrets & Solutions_738901.pdf

Philipp, Aaron, Cowen, David, Davis, Chris

McGraw-Hill/Osborne ; McGraw-Hill [distributor

McGraw-Hill School Education Group

Irwin Professional Publishing

Oracle Press

Second Edition, Place of publication not identified, 2010

McGraw Hill LLC Professional Division, New York, 2009

2nd ed., New York, New York State, 2010

United States, United States of America

Second Edition, PS, 2009

0

lg312848

{"edition":"2","isbns":["0071626778","9780071626774"],"last_page":544,"publisher":"McGraw-Hill Osborne Media"}

Includes index.

McGraw Hill - Hacking Exposed Computer Forensics 2nd Edition November 2009 (ATTiCA)......Page 1
Contents......Page 10
Acknowledgments......Page 18
Introduction......Page 20
Part I: Preparing for an Incident......Page 24
Preparing for a Forensics Operation......Page 25
1 The Forensics Process......Page 28
Types of Investigations......Page 29
The Role of the Investigator......Page 32
Elements of a Good Process......Page 35
Defining a Process......Page 38
After the Investigation......Page 41
2 Computer Fundamentals......Page 42
The Bottom-up View of a Computer......Page 43
Types of Media......Page 48
3 Forensic Lab Environment Preparation......Page 64
The Ultimate Computer Forensic Lab......Page 65
Forensic Computers......Page 71
Forensic Hardware and Software Tools......Page 76
The Flyaway Kit......Page 78
Case Management......Page 79
Bonus: Linux or Windows?......Page 82
Part II: Collecting the Evidence......Page 84
Collecting Evidence......Page 85
4 Forensically Sound Evidence Collection......Page 86
Collecting Evidence from a Single System......Page 87
Common Mistakes in Evidence Collection......Page 117
5 Remote Investigations and Collections......Page 120
Privacy Issues......Page 121
Remote Investigations......Page 122
Remote Collections......Page 135
Encrypted Volumes or Drives......Page 145
USB Thumb Drives......Page 148
Part III: Forensic Investigation Techniques......Page 150
We're Not Done. Yet.......Page 151
Finally......Page 152
6 Microsoft Windows Systems Analysis......Page 154
Windows File Systems......Page 155
Recovering Deleted Files......Page 161
Windows Artifacts......Page 173
7 Linux Analysis......Page 184
The Linux File System (ext2 and ext3)......Page 185
Linux Analysis......Page 189
8 Macintosh Analysis......Page 198
The Evolution of the Mac OS......Page 199
Looking at a Mac Disk or Image......Page 201
Deleted Files......Page 209
A Closer Look at Macintosh Files......Page 215
Mac as a Forensics Platform......Page 218
9 Defeating Anti-forensic Techniques......Page 220
Obscurity Methods......Page 221
Privacy Measures......Page 228
10 Enterprise Storage Analysis......Page 244
The Enterprise Data Universe......Page 245
Working with NAS Systems......Page 247
Working with SAN Systems......Page 248
Working with Tapes......Page 249
Full-Text Indexing......Page 254
Mail Servers......Page 257
11 E-mail Analysis......Page 262
Finding E-mail Artifacts......Page 263
Obtaining Web-based E-mail (Webmail) from Online Sources......Page 264
Client-based E-mail......Page 266
Web-Based E-mail......Page 284
Investigating E-mail Headers......Page 290
12 Tracking User Activity......Page 296
Microsoft Office Forensics......Page 297
Tracking Web Usage......Page 306
Operating System User Logs......Page 321
13 Forensic Analysis of Mobile Devices......Page 326
Collecting and Analyzing Mobile Device Evidence......Page 328
Password-protected Windows Devices......Page 354
Conclusion......Page 361
Part IV: Presenting Your Findings......Page 362
He Said, She Said.........Page 363
14 Documenting the Investigation......Page 364
Read Me......Page 365
Internal Report......Page 366
Declaration......Page 369
Affidavit......Page 373
Expert Report......Page 374
15 The Justice System......Page 380
The Criminal Court System......Page 381
The Civil Justice System......Page 382
Expert Status......Page 387
Part V: Putting It All Together......Page 390
Time to Understand the Business Issues......Page 391
16 IP Theft......Page 392
What Is IP Theft?......Page 393
IP Theft Ramifications......Page 394
Types of Theft......Page 396
Tying It Together......Page 412
17 Employee Misconduct......Page 416
What Is Employee Misconduct?......Page 417
Ramifications......Page 418
Types of Misconduct......Page 421
Tying It Together......Page 435
18 Employee Fraud......Page 440
What Is Employee Fraud?......Page 441
Ramifications......Page 442
Types of Employee Fraud......Page 443
Tying It Together......Page 455
19 Corporate Fraud......Page 458
Ramifications......Page 460
Types of Corporate Fraud......Page 462
20 Organized Cyber Crime......Page 476
The Changing Landscape of Hacking......Page 477
Types of Hacks and the Role of Computer Forensics......Page 480
Money Laundering......Page 488
21 Consumer Fraud......Page 494
Ramifications......Page 496
Types of Consumer Fraud......Page 498
Tying It Together......Page 514
A Searching Techniques......Page 516
Regular Expressions......Page 517
V......Page 0
Z......Page 521

Publisher's Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.
The latest strategies for investigating cyber-crime Identify and investigate computer criminals of all stripes with help from this fully updated. real-world resource. Hacking Exposed Computer Forensics, Second Edition explains how to construct a high-tech forensic lab, collect prosecutable evidence, discover e-mail and system file clues, track wireless activity, and recover obscured documents. Learn how to re-create an attacker's footsteps, communicate with counsel, prepare court-ready reports, and work through legal and organizational challenges. Case studies straight from today's headlines cover IP theft, mortgage fraud, employee misconduct, securities fraud, embezzlement, organized crime, and consumer fraud cases.

I use this text as the required text for a course I teach on Computer Forensics. Overall, it is an excellent introductory text. Students say that it is easy to read, which is exactly what I want in a textbook. However, I do not use it exclusively for lecture material. I pull my lecture material from a variety of texts, such as Real Digital Forensics, Incident Response (2nd edition), File System Forensic Analysis, and the other Hacking Exposed Textbooks. The second edition is a welcome improvement. I really like the new section (Part V) where it discusses the practical cases, and what type of forensic techniques that you would use for each type of case. I create all of my own lectures and labs for the classroom. I assign this text to students to fill in the gaps of the lectures.

Investigate computer crime, corporate malfeasance, and hacker break-ins quickly and effectively with help from this practical and comprehensive resource. You'll get expert information on crucial procedures to successfully prosecute violators while avoiding the pitfalls of illicit searches, privacy violations, and illegally obtained evidence. It's all here--from collecting actionable evidence, re-creating the criminal timeline, and zeroing in on a suspect to uncovering obscured and deleted code, unlocking encrypted files, and preparing lawful affidavits. Plus, you'll get in-depth coverage of the latest PDA and cell phone investigation techniques and real-world case studies.

Leading experts in computer forensics reveal the secrets and strategies for investigating computer crime, in an updated edition that includes six new chapters that cover IP theft, employee misconduct, securities fraud, embezzlement, organized crime and hacking, and foreign corrupt practices and money laundering. Original.

With case studies straight from today's headlines; this reall-world resource explains how to construct a high-tech forensic lab; collect prosecutable evidence; discover e-mail and system file clues; track wireless activity; and recover obscured documents. -- Edited summary from book

2010-10-03