Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Netwitness categorizes and organizes traffic so that:

17/12/2020 Client: saad24vbs Deadline: 10 Days

ISSA INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES


Fundamentals of Communications and Networking, Second Edition Michael G. Solomon and David Kim


Fundamentals of Information Systems Security, Third Edition David Kim and Michael G. Solomon


Legal Issues in Information Security, Second Edition Joanna Lyn Grama


Managing Risk in Information Systems, Second Edition Darril Gibson


Security Policies and Implementation Issues, Second Edition Rob Johnson


Auditing IT Infrastructures for Compliance, Second Edition Martin Weiss and Michael G. Solomon


Access Control, Authentication, and Public Key Infrastructure, Second Edition Mike Chapple, Bill Ballad, Tricia Ballad, and Erin Banks


Security Strategies in Windows Platforms and Applications, Second Edition


Michael G. Solomon


Security Strategies in Linux Platforms and Applications, Second Edition Michael Jang and Ric Messier


Network Security, Firewalls, and VPNs, Second Edition J. Michael Stewart


Hacker Techniques, Tools, and Incident Handling, Second Edition Sean-Philip Oriyano


Internet Security: How to Defend Against Attackers on the Web, Second Edition Mike Harwood


System Forensics, Investigation, and Response, Third Edition Chuck Easttom


Cyberwarfare: Information Operations in a Connected World Mike Chapple and David Seidl


Wireless and Mobile Device Security Jim Doherty


JONES & BARTLETT LEARNING


The Information Systems Security & Assurance Series (ISSA) offers an interactive curriculum solution that covers the essential topics needed to support certification or degree programs within IT Security, Cybersecurity, Information


Assurance and Information Systems Security. Developed by certified professionals, the series delivers fundamental IT security principles and real-world applications, tools, and techniques used in today’s work force and necessary for accommodating the rapidly growing job demand for cybersecurity. The inclusion of robust courseware and innovative labs, delivered in a first-of-its kind “cloud” computing environment, offer a fully immersive cloud learning experience. Students can learn in a trial-and- error format in an experiential learning environment with no risk, gaining invaluable workplace-related skills essential to maintaining the security and confidentiality of their employers’ data assets. Visit http://www.issaseries.com/ for the most current information on text availability and additional information on the Virtual Security Cloud Labs.


http://www.issaseries.com/

System Forensics, Investigation, and Response


ISSA INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES


THIRD EDITION


Chuck Easttom


JONES & BARTLETT LEARNING


World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com


Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.


Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com.


Copyright © 2019 by Jones & Bartlett Learning, LLC, an Ascend Learning Company


All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.


mailto:info@jblearning.com

http://www.jblearning.com

http://www.jblearning.com

mailto:specialsales@jblearning.com

The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. System Forensics, Investigation, and Response, Third Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product.


There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious, but are used for instructional purposes only.


This publication is designed to provide accurate and authoritative information in regard to the Subject Matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal


advice or other expert assistance is required, the service of a competent professional person should be sought.


Production Credits VP, Executive Publisher: David D. Cella Executive Editor: Matt Kane Acquisitions Editor: Laura Pagluica Editorial Assistant: Mary Menzemer Associate Production Editor: Alex Schab Director of Marketing: Andrea DeFronzo Production Services Manager: Colleen Lamy VP, Manufacturing and Inventory Control: Therese Connell Composition: codeMantra U.S. LLC Cover Design: Scott Moden Rights & Media Specialist: Thais Miller Media Development Editor: Shannon Sheehan Cover Image (Title Page, Part Opener, Chapter Opener): © Click Bestsellers/Shutterstock Printing and Binding: Edwards Brothers Malloy Cover Printing: Edwards Brothers Malloy


Library of Congress Cataloging-in-Publication Data Names: Easttom, Chuck, author. Title: System forensics, investigation, and response / Chuck Easttom. Description: Third Edition. | Burlington, MA : Jones & Bartlett Learning, [2019] | Revised edition of the author’s System forensics, investigation, and response, c2014. Identifiers: LCCN 2017018109 | ISBN


9781284121841 Subjects: LCSH: Computer crimes—Investigation— Textbooks. Classification: LCC HV8079.C65 E37 2017 | DDC 363.25/968—dc23 LC record available at https://lccn.loc.gov/2017018109


6048


Printed in the United States of America 21 20 19 18 17 10 9 8 7 6 5 4 3 2 1


https://lccn.loc.gov/2017018109

Contents Preface


About the Author


PART I Introduction to Forensics


CHAPTER 1 Introduction to Forensics What Is Computer Forensics?


Using Scientific Knowledge


Collecting


Analyzing


Presenting


Understanding the Field of Digital Forensics


What Is Digital Evidence?


Scope-Related Challenges to System


Forensics


Types of Digital System Forensics


Analysis


General Guidelines


Knowledge Needed for Computer Forensics Analysis


Hardware


Software


Networks


Addresses


Obscured Information and Anti-Forensics


The Daubert Standard


U.S. Laws Affecting Digital Forensics


The Federal Privacy Act of 1974


The Privacy Protection Act of 1980


The Communications Assistance for Law


Enforcement Act of 1994


The Electronic Communications Privacy


Act of 1986


The Computer Security Act of 1987


The Foreign Intelligence Surveillance Act


of 1978


The Child Protection and Sexual Predator


Punishment Act of 1998


The Children’s Online Privacy Protection


Act of 1998


The Communications Decency Act of 1996


The Telecommunications Act of 1996


The Wireless Communications and Public


Safety Act of 1999


The USA Patriot Act of 2001


The Sarbanes-Oxley Act of 2002


18 U.S.C. § 1030: Fraud and Related


Activity in Connection with Computers


18 U.S.C. § 1020: Fraud and Related


Activity in Connection with Access Devices


The Digital Millennium Copyright Act


(DMCA) of 1998


18 U.S.C. § 1028A: Identity Theft and


Aggravated Identity Theft


18 U.S.C. § 2251: Sexual Exploitation of


Children


Warrants


Federal Guidelines


The FBI


The Secret Service


The Regional Computer Forensics


Laboratory Program


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 1 ASSESSMENT


CHAPTER 2 Overview of Computer Crime


How Computer Crime Affects Forensics


Identity Theft


Phishing


Spyware


Discarded Information


How Does This Crime Affect Forensics?


Hacking


SQL Injection


Cross-Site Scripting


Ophcrack


Tricking Tech Support


Hacking in General


Cyberstalking and Harassment


Real Cyberstalking Cases


Fraud


Investment Offers


Data Piracy


Non-Access Computer Crimes


Denial of Service


Viruses


Logic Bombs


Cyberterrorism


How Does This Crime Affect Forensics?


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 2 ASSESSMENT


CHAPTER 3 Forensic Methods and Labs


Forensic Methodologies


Handle Original Data as Little as Possible


Comply with the Rules of Evidence


Avoid Exceeding Your Knowledge


Create an Analysis Plan


Technical Information Collection


Considerations


Formal Forensic Approaches


Department of Defense Forensic


Standards


The Digital Forensic Research Workshop


Framework


The Scientific Working Group on Digital


Evidence Framework


An Event-Based Digital Forensics


Investigation Framework


Documentation of Methodologies and Findings


Disk Structure


File Slack Searching


Evidence-Handling Tasks


Evidence-Gathering Measures


Expert Reports


How to Set Up a Forensic Lab


Equipment


Security


American Society of Crime Laboratory


Directors


Common Forensic Software Programs


EnCase


Forensic Toolkit


OSForensics


Helix


Kali Linux


AnaDisk Disk Analysis Tool


CopyQM Plus Disk Duplication Software


The Sleuth Kit


Disk Investigator


Forensic Certifications


EnCase Certified Examiner Certification


AccessData Certified Examiner


OSForensics


Certified Cyber Forensics Professional


EC Council Computer Hacking Forensic


Investigator


High Tech Crime Network Certifications


Global Information Assurance Certification


Certifications


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 3 ASSESSMENT


PART II Technical Overview: System Forensics Tools, Techniques, and Methods


CHAPTER 4 Collecting, Seizing, and Protecting Evidence Proper Procedure


Shutting Down the Computer


Transporting the Computer System to a


Secure Location


Preparing the System


Documenting the Hardware Configuration


of the System


Mathematically Authenticating Data on All


Storage Devices


Handling Evidence


Collecting Data


Documenting Filenames, Dates, and Times


Identifying File, Program, and Storage


Anomalies


Evidence-Gathering Measures


Storage Formats


Magnetic Media


Solid-State Drives


Digital Audio Tape Drives


Digital Linear Tape and Super DLT


Optical Media


Using USB Drives


File Formats


Forensic Imaging


Imaging with EnCase


Imaging with the Forensic Toolkit


Imaging with OSForensics


RAID Acquisitions


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 4 ASSESSMENT


CHAPTER LAB


CHAPTER 5 Understanding Techniques for Hiding and Scrambling Information Steganography


Historical Steganography


Steganophony


Video Steganography


More Advanced Steganography


Steganalysis


Invisible Secrets


MP3Stego


Additional Resources


Encryption


The History of Encryption


Modern Cryptography


Breaking Encryption


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 5 ASSESSMENT


CHAPTER 6 Recovering Data Undeleting Data


File Systems and Hard Drives


Windows


Forensically Scrubbing a File or Folder


Linux


Macintosh


Recovering Information from Damaged Media


Physical Damage Recovery Techniques


Recovering Data After Logical Damage


File Carving


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 6 ASSESSMENT


CHAPTER 7 Email Forensics


How Email Works


Email Protocols


Faking Email


Email Headers


Getting Headers in Outlook


Getting Headers from Yahoo! Email


Getting Headers from Gmail


Other Email Clients


Email Files


Paraben’s Email Examiner


ReadPST


Tracing Email


Email Server Forensics


Email and the Law


The Fourth Amendment to the U.S.


Constitution


The Electronic Communications Privacy


Act


The CAN-SPAM Act


18 U.S.C. 2252B


The Communication Assistance to Law


Enforcement Act


The Foreign Intelligence Surveillance Act


The USA Patriot Act


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 7 ASSESSMENT


CHAPTER 8 Windows Forensics


Windows Details


Windows History


64-Bit


The Boot Process


Important Files


Volatile Data


Tools


Windows Swap File


Windows Logs


Windows Directories


UserAssist


Unallocated/Slack Space


Alternate Data Streams


Index.dat


Windows Files and Permissions


MAC


The Registry


USB Information


Wireless Networks


Tracking Word Documents in the Registry


Malware in the Registry


Uninstalled Software


Passwords


ShellBag


Prefetch


Volume Shadow Copy


Memory Forensics


Volatility


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 8 ASSESSMENT


CHAPTER 9 Linux Forensics


Linux and Forensics


Linux Basics


Linux History


Linux Shells


Graphical User Interface


K Desktop Environment (KDE)/Plasma


Linux Boot Process


Logical Volume Manager


Linux Distributions


Linux File Systems


Ext


The Reiser File System


The Berkeley Fast File System


Linux Logs


The /var/log/faillog Log


The /var/log/kern.log Log


The /var/log/lpr.log Log


The /var/log/mail.* Log


The /var/log/mysql.* Log


The /var/log/apache2/* Log


The /var/log/lighttpd/* Log


The /var/log/apport.log Log


Other Logs


Viewing Logs


Linux Directories


The /root Directory


The /bin Directory


The /sbin Directory


The /etc Folder


The /etc/inittab File


The /dev Directory


The /mnt Directory


The /boot Directory


The /usr Directory


The /var Directory


The /var/spool Directory


The /proc Directory


Shell Commands for Forensics


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


Can You Undelete in Linux?


Manual Method


Kali Linux Forensics


Forensics Tools for Linux


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 9 ASSESSMENT


CHAPTER 10 Macintosh Forensics


Mac Basics


Mac History


Mac File Systems


Partition Types


Macintosh Logs


The /var/log Log


The /var/spool/cups Folder


The /Library/Receipts Folder


The /Users/<user>/.bash_history Log


The /var/vm Folder


The /Users/ Directory


The /Users/<user>/Library/Preferences/


Folder


Directories


The /Volumes Directory


The /Users Directory


The /Applications Directory


The /Network Directory


The /etc Directory


The


/Library/Preferences/SystemConfiguration/dom.apple.preferences.plist


File


Macintosh Forensic Techniques


Target Disk Mode


Searching Virtual Memory


Shell Commands


How to Examine a Mac


Can You Undelete in Mac?


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 10 ASSESSMENT


CHAPTER 11 Mobile Forensics


Cellular Device Concepts


Terms


Operating Systems


The BlackBerry


What Evidence You Can Get from a Cell Phone


Types of Investigations


Phone states


Seizing Evidence from a Mobile Device


The iPhone


BlackBerry


JTAG


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Helping Hand
Homework Guru
University Coursework Help
Best Coursework Help
Top Essay Tutor
Calculation Guru
Writer Writer Name Offer Chat
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$40 Chat With Writer
Homework Guru

ONLINE

Homework Guru

Hi dear, I am ready to do your homework in a reasonable price and in a timely manner.

$42 Chat With Writer
University Coursework Help

ONLINE

University Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

$42 Chat With Writer
Best Coursework Help

ONLINE

Best Coursework Help

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$40 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

I have more than 12 years of experience in managing online classes, exams, and quizzes on different websites like; Connect, McGraw-Hill, and Blackboard. I always provide a guarantee to my clients for their grades.

$45 Chat With Writer
Calculation Guru

ONLINE

Calculation Guru

I see that your standard of work is to get content for articles. Well, you are in the right place because I am a professional content writer holding a PhD. in English, as well as having immense experience in writing articles for a vast variety of niches and category such as newest trends, health issues, entertainment, technology, etc and I will make sure your article has all the key pointers and relevant information, Pros, Cons and basically all the information that a perfect article needs with good research. Your article is guaranteed to be appealing, attractive, engaging, original and passed through Copyscape for the audience so once they start reading they keep asking for more and stay interested.

$35 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Detailed Description - Software Development - Round robin average waiting time - Gartner magic quadrant for application testing services - Wk 3, HCS 335: DR 1 - Research Paper - Heat of solution lab report answers - Experiment 2: diffusion - concentration gradients and membrane permeability - Young buck cheese stockists - The last dance despelder pdf - The Big Fix at Toyota Motor Sales (TMS) - Ethical considerations when prescribing for friends and family - Q skills for success reading and writing 3 pdf - Macroeconomics multiple choice questions and answers 2012 - A car in an amusement park ride rolls - Should students be allowed phones in school - Capital structure of apple inc - Subjective and objective language examples - Sabre simulation tips - Circumference to diameter ratio - Policy Analysis Paper - Barrientos se habla espanol - Community teaching work plan proposal - One characteristic of plant assets is that they are - Rc drilling sampling procedure - Sociology final exam multiple choice - Research Paper on Arab Uprising - Care certificate standard 1 understand your role answers - Culham st gabriel's trust - Paxton green group practice - Mitel 5320e ip phone quick reference guide - Did the phoenicians create the alphabet - Ufo sightings in san jose ca - Interpretive simulations hr management tips - Marvel enterprises inc case study solution - Starbucks inputs and outputs - Statement of purpose for international business - Implementation plan - Bus 475 week 4 - No man's sky scorched planet - CASES CASE 35 CIRQUE DU SOLEIL* The founder of Cirque du Soleil, Guy Laliberté, after see- ing the firm’s growth prospects wane in recent years, was thinking about expanding his firm in new directions. For three decades, the firm had reinvented and revolutionized the circus. From its beginning in 1984, Cirque de Soleil had thrilled over 150 million spectators with a novel show concept that was as original as it was nontraditional: an astonishing theatrical blend of circus acts and street enter- tainment, wrapped up in spectacular costumes and fairy- land sets and staged to spellbinding music and magical lighting. Cirque du Soleil’s business triumphs mirrored its high- flying aerial stunts, and it became a case study for business school journal articles on carving out unique markets. But following a recent bleak outlook report from a consultant, a spate of poorly received shows over the last few years, and a decline in profits, executives at Cirque said they were now restructuring a - Cambridge checkpoint maths past papers - DB Communications - Reasons why students should not have phones in school - Rms.nsw.gov.au road users handbook - Epoxy polyester hybrid powder coating - Timken bearing damage analysis poster - Huntington beach to fullerton - Chapter 3 recordkeeping lesson 3.2 preparing a budget sheet answers - The Golden State LAWS - Fitbit chatter messages - Rival causes - Labor relations and collective bargaining private and public sectors - Charlotte's web lesson plans - Sociology - 2 Houre make Diversity Infographic - Vender Management - Unite union ecs test - Vce vietnamese second language - Jewel park border collies - Positivism - History - Ibm global sales school - Prepare a balance sheet at december - Fouls in table tennis - Pathophysiology (24 hours) - Fibonacci sequence in the bible - Historical notes in the handmaid's tale - Dutton park neighbourhood plan - Discussion - Difference between the role of the Nursing Professional (RN) and Advance Practice Register Nurse (APRN) - Croajingolong national park accommodation - Which statement is true about cost volume profit cvp analysis - Developing Your Design Solution - What product category does jeep cherokee fit into - Food inc film questions - Principles of Microeconomics - How to write a chemistry literature review - Think like a nurse login - Business Strategy Discussion - Blackboard salford ac uk - Nfpa 99 2012 chapter 9 - Words in context worksheet - Community nursing questions - Diana kendall framing class vicarious living and conspicuous consumption pdf - Design a class named automobile that holds the vehicle identification number - Salem sump tube nursing interventions - Silas marner chapter 3 summary - Jacob & Co. ASTRONOMIA SKY PLATINUM 950 AT110.30.AA.SD.A - Value based healthcare delivery intensive seminar - Human Resources - Imperial camel corps badge for sale - Lm358 laser driver circuit - Macbeth act 2 critical thinking questions - Air cycle cooling system in aircraft - Hexadecimal calculator - Mixed methods sampling strategies in social science research - How to do adjustments in accounting worksheet - Iso 14001 2015 management review template ppt - Cite your sources using apa format week 5 assignment - Amazon push pull strategy