Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Netwitness categorizes and organizes traffic so that:

17/12/2020 Client: saad24vbs Deadline: 10 Days

ISSA INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES


Fundamentals of Communications and Networking, Second Edition Michael G. Solomon and David Kim


Fundamentals of Information Systems Security, Third Edition David Kim and Michael G. Solomon


Legal Issues in Information Security, Second Edition Joanna Lyn Grama


Managing Risk in Information Systems, Second Edition Darril Gibson


Security Policies and Implementation Issues, Second Edition Rob Johnson


Auditing IT Infrastructures for Compliance, Second Edition Martin Weiss and Michael G. Solomon


Access Control, Authentication, and Public Key Infrastructure, Second Edition Mike Chapple, Bill Ballad, Tricia Ballad, and Erin Banks


Security Strategies in Windows Platforms and Applications, Second Edition


Michael G. Solomon


Security Strategies in Linux Platforms and Applications, Second Edition Michael Jang and Ric Messier


Network Security, Firewalls, and VPNs, Second Edition J. Michael Stewart


Hacker Techniques, Tools, and Incident Handling, Second Edition Sean-Philip Oriyano


Internet Security: How to Defend Against Attackers on the Web, Second Edition Mike Harwood


System Forensics, Investigation, and Response, Third Edition Chuck Easttom


Cyberwarfare: Information Operations in a Connected World Mike Chapple and David Seidl


Wireless and Mobile Device Security Jim Doherty


JONES & BARTLETT LEARNING


The Information Systems Security & Assurance Series (ISSA) offers an interactive curriculum solution that covers the essential topics needed to support certification or degree programs within IT Security, Cybersecurity, Information


Assurance and Information Systems Security. Developed by certified professionals, the series delivers fundamental IT security principles and real-world applications, tools, and techniques used in today’s work force and necessary for accommodating the rapidly growing job demand for cybersecurity. The inclusion of robust courseware and innovative labs, delivered in a first-of-its kind “cloud” computing environment, offer a fully immersive cloud learning experience. Students can learn in a trial-and- error format in an experiential learning environment with no risk, gaining invaluable workplace-related skills essential to maintaining the security and confidentiality of their employers’ data assets. Visit http://www.issaseries.com/ for the most current information on text availability and additional information on the Virtual Security Cloud Labs.


http://www.issaseries.com/

System Forensics, Investigation, and Response


ISSA INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES


THIRD EDITION


Chuck Easttom


JONES & BARTLETT LEARNING


World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com


Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.


Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com.


Copyright © 2019 by Jones & Bartlett Learning, LLC, an Ascend Learning Company


All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.


mailto:info@jblearning.com

http://www.jblearning.com

http://www.jblearning.com

mailto:specialsales@jblearning.com

The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. System Forensics, Investigation, and Response, Third Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product.


There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious, but are used for instructional purposes only.


This publication is designed to provide accurate and authoritative information in regard to the Subject Matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal


advice or other expert assistance is required, the service of a competent professional person should be sought.


Production Credits VP, Executive Publisher: David D. Cella Executive Editor: Matt Kane Acquisitions Editor: Laura Pagluica Editorial Assistant: Mary Menzemer Associate Production Editor: Alex Schab Director of Marketing: Andrea DeFronzo Production Services Manager: Colleen Lamy VP, Manufacturing and Inventory Control: Therese Connell Composition: codeMantra U.S. LLC Cover Design: Scott Moden Rights & Media Specialist: Thais Miller Media Development Editor: Shannon Sheehan Cover Image (Title Page, Part Opener, Chapter Opener): © Click Bestsellers/Shutterstock Printing and Binding: Edwards Brothers Malloy Cover Printing: Edwards Brothers Malloy


Library of Congress Cataloging-in-Publication Data Names: Easttom, Chuck, author. Title: System forensics, investigation, and response / Chuck Easttom. Description: Third Edition. | Burlington, MA : Jones & Bartlett Learning, [2019] | Revised edition of the author’s System forensics, investigation, and response, c2014. Identifiers: LCCN 2017018109 | ISBN


9781284121841 Subjects: LCSH: Computer crimes—Investigation— Textbooks. Classification: LCC HV8079.C65 E37 2017 | DDC 363.25/968—dc23 LC record available at https://lccn.loc.gov/2017018109


6048


Printed in the United States of America 21 20 19 18 17 10 9 8 7 6 5 4 3 2 1


https://lccn.loc.gov/2017018109

Contents Preface


About the Author


PART I Introduction to Forensics


CHAPTER 1 Introduction to Forensics What Is Computer Forensics?


Using Scientific Knowledge


Collecting


Analyzing


Presenting


Understanding the Field of Digital Forensics


What Is Digital Evidence?


Scope-Related Challenges to System


Forensics


Types of Digital System Forensics


Analysis


General Guidelines


Knowledge Needed for Computer Forensics Analysis


Hardware


Software


Networks


Addresses


Obscured Information and Anti-Forensics


The Daubert Standard


U.S. Laws Affecting Digital Forensics


The Federal Privacy Act of 1974


The Privacy Protection Act of 1980


The Communications Assistance for Law


Enforcement Act of 1994


The Electronic Communications Privacy


Act of 1986


The Computer Security Act of 1987


The Foreign Intelligence Surveillance Act


of 1978


The Child Protection and Sexual Predator


Punishment Act of 1998


The Children’s Online Privacy Protection


Act of 1998


The Communications Decency Act of 1996


The Telecommunications Act of 1996


The Wireless Communications and Public


Safety Act of 1999


The USA Patriot Act of 2001


The Sarbanes-Oxley Act of 2002


18 U.S.C. § 1030: Fraud and Related


Activity in Connection with Computers


18 U.S.C. § 1020: Fraud and Related


Activity in Connection with Access Devices


The Digital Millennium Copyright Act


(DMCA) of 1998


18 U.S.C. § 1028A: Identity Theft and


Aggravated Identity Theft


18 U.S.C. § 2251: Sexual Exploitation of


Children


Warrants


Federal Guidelines


The FBI


The Secret Service


The Regional Computer Forensics


Laboratory Program


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 1 ASSESSMENT


CHAPTER 2 Overview of Computer Crime


How Computer Crime Affects Forensics


Identity Theft


Phishing


Spyware


Discarded Information


How Does This Crime Affect Forensics?


Hacking


SQL Injection


Cross-Site Scripting


Ophcrack


Tricking Tech Support


Hacking in General


Cyberstalking and Harassment


Real Cyberstalking Cases


Fraud


Investment Offers


Data Piracy


Non-Access Computer Crimes


Denial of Service


Viruses


Logic Bombs


Cyberterrorism


How Does This Crime Affect Forensics?


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 2 ASSESSMENT


CHAPTER 3 Forensic Methods and Labs


Forensic Methodologies


Handle Original Data as Little as Possible


Comply with the Rules of Evidence


Avoid Exceeding Your Knowledge


Create an Analysis Plan


Technical Information Collection


Considerations


Formal Forensic Approaches


Department of Defense Forensic


Standards


The Digital Forensic Research Workshop


Framework


The Scientific Working Group on Digital


Evidence Framework


An Event-Based Digital Forensics


Investigation Framework


Documentation of Methodologies and Findings


Disk Structure


File Slack Searching


Evidence-Handling Tasks


Evidence-Gathering Measures


Expert Reports


How to Set Up a Forensic Lab


Equipment


Security


American Society of Crime Laboratory


Directors


Common Forensic Software Programs


EnCase


Forensic Toolkit


OSForensics


Helix


Kali Linux


AnaDisk Disk Analysis Tool


CopyQM Plus Disk Duplication Software


The Sleuth Kit


Disk Investigator


Forensic Certifications


EnCase Certified Examiner Certification


AccessData Certified Examiner


OSForensics


Certified Cyber Forensics Professional


EC Council Computer Hacking Forensic


Investigator


High Tech Crime Network Certifications


Global Information Assurance Certification


Certifications


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 3 ASSESSMENT


PART II Technical Overview: System Forensics Tools, Techniques, and Methods


CHAPTER 4 Collecting, Seizing, and Protecting Evidence Proper Procedure


Shutting Down the Computer


Transporting the Computer System to a


Secure Location


Preparing the System


Documenting the Hardware Configuration


of the System


Mathematically Authenticating Data on All


Storage Devices


Handling Evidence


Collecting Data


Documenting Filenames, Dates, and Times


Identifying File, Program, and Storage


Anomalies


Evidence-Gathering Measures


Storage Formats


Magnetic Media


Solid-State Drives


Digital Audio Tape Drives


Digital Linear Tape and Super DLT


Optical Media


Using USB Drives


File Formats


Forensic Imaging


Imaging with EnCase


Imaging with the Forensic Toolkit


Imaging with OSForensics


RAID Acquisitions


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 4 ASSESSMENT


CHAPTER LAB


CHAPTER 5 Understanding Techniques for Hiding and Scrambling Information Steganography


Historical Steganography


Steganophony


Video Steganography


More Advanced Steganography


Steganalysis


Invisible Secrets


MP3Stego


Additional Resources


Encryption


The History of Encryption


Modern Cryptography


Breaking Encryption


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 5 ASSESSMENT


CHAPTER 6 Recovering Data Undeleting Data


File Systems and Hard Drives


Windows


Forensically Scrubbing a File or Folder


Linux


Macintosh


Recovering Information from Damaged Media


Physical Damage Recovery Techniques


Recovering Data After Logical Damage


File Carving


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 6 ASSESSMENT


CHAPTER 7 Email Forensics


How Email Works


Email Protocols


Faking Email


Email Headers


Getting Headers in Outlook


Getting Headers from Yahoo! Email


Getting Headers from Gmail


Other Email Clients


Email Files


Paraben’s Email Examiner


ReadPST


Tracing Email


Email Server Forensics


Email and the Law


The Fourth Amendment to the U.S.


Constitution


The Electronic Communications Privacy


Act


The CAN-SPAM Act


18 U.S.C. 2252B


The Communication Assistance to Law


Enforcement Act


The Foreign Intelligence Surveillance Act


The USA Patriot Act


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 7 ASSESSMENT


CHAPTER 8 Windows Forensics


Windows Details


Windows History


64-Bit


The Boot Process


Important Files


Volatile Data


Tools


Windows Swap File


Windows Logs


Windows Directories


UserAssist


Unallocated/Slack Space


Alternate Data Streams


Index.dat


Windows Files and Permissions


MAC


The Registry


USB Information


Wireless Networks


Tracking Word Documents in the Registry


Malware in the Registry


Uninstalled Software


Passwords


ShellBag


Prefetch


Volume Shadow Copy


Memory Forensics


Volatility


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 8 ASSESSMENT


CHAPTER 9 Linux Forensics


Linux and Forensics


Linux Basics


Linux History


Linux Shells


Graphical User Interface


K Desktop Environment (KDE)/Plasma


Linux Boot Process


Logical Volume Manager


Linux Distributions


Linux File Systems


Ext


The Reiser File System


The Berkeley Fast File System


Linux Logs


The /var/log/faillog Log


The /var/log/kern.log Log


The /var/log/lpr.log Log


The /var/log/mail.* Log


The /var/log/mysql.* Log


The /var/log/apache2/* Log


The /var/log/lighttpd/* Log


The /var/log/apport.log Log


Other Logs


Viewing Logs


Linux Directories


The /root Directory


The /bin Directory


The /sbin Directory


The /etc Folder


The /etc/inittab File


The /dev Directory


The /mnt Directory


The /boot Directory


The /usr Directory


The /var Directory


The /var/spool Directory


The /proc Directory


Shell Commands for Forensics


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


The Command


Can You Undelete in Linux?


Manual Method


Kali Linux Forensics


Forensics Tools for Linux


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 9 ASSESSMENT


CHAPTER 10 Macintosh Forensics


Mac Basics


Mac History


Mac File Systems


Partition Types


Macintosh Logs


The /var/log Log


The /var/spool/cups Folder


The /Library/Receipts Folder


The /Users/<user>/.bash_history Log


The /var/vm Folder


The /Users/ Directory


The /Users/<user>/Library/Preferences/


Folder


Directories


The /Volumes Directory


The /Users Directory


The /Applications Directory


The /Network Directory


The /etc Directory


The


/Library/Preferences/SystemConfiguration/dom.apple.preferences.plist


File


Macintosh Forensic Techniques


Target Disk Mode


Searching Virtual Memory


Shell Commands


How to Examine a Mac


Can You Undelete in Mac?


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


CHAPTER 10 ASSESSMENT


CHAPTER 11 Mobile Forensics


Cellular Device Concepts


Terms


Operating Systems


The BlackBerry


What Evidence You Can Get from a Cell Phone


Types of Investigations


Phone states


Seizing Evidence from a Mobile Device


The iPhone


BlackBerry


JTAG


CHAPTER SUMMARY


KEY CONCEPTS AND TERMS


Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Helping Hand
Homework Guru
University Coursework Help
Best Coursework Help
Top Essay Tutor
Calculation Guru
Writer Writer Name Offer Chat
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$40 Chat With Writer
Homework Guru

ONLINE

Homework Guru

Hi dear, I am ready to do your homework in a reasonable price and in a timely manner.

$42 Chat With Writer
University Coursework Help

ONLINE

University Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

$42 Chat With Writer
Best Coursework Help

ONLINE

Best Coursework Help

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$40 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

I have more than 12 years of experience in managing online classes, exams, and quizzes on different websites like; Connect, McGraw-Hill, and Blackboard. I always provide a guarantee to my clients for their grades.

$45 Chat With Writer
Calculation Guru

ONLINE

Calculation Guru

I see that your standard of work is to get content for articles. Well, you are in the right place because I am a professional content writer holding a PhD. in English, as well as having immense experience in writing articles for a vast variety of niches and category such as newest trends, health issues, entertainment, technology, etc and I will make sure your article has all the key pointers and relevant information, Pros, Cons and basically all the information that a perfect article needs with good research. Your article is guaranteed to be appealing, attractive, engaging, original and passed through Copyscape for the audience so once they start reading they keep asking for more and stay interested.

$35 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Caco3 covalent or ionic - Cat critically appraised topic - Dennis gioia ford pinto - Marketing plan for toyota motor company - Inorganic contaminants present in a sample of water lab report - Engineering thermodynamics questions - Girlington primary school website - Keynows - I don t need no doctor solo tab - Problems facing domino's pizza - Article Summary - NURS561PROMPTWEEK7 - Hampshire county council ess lite - Assignment 2 10,21,20 - Alternate function of port 3 of 8051 microcontroller - Skip downing on course 8th edition pdf - Eleanor and park summary sparknotes - Job seach assignment - What is the length width and height of a box - Las islas galápagos están cerca de la costa - Document based question essay - Anyone lived in a pretty how town questions and answers - Case Formulation - Who can administer the ctopp - FIN: Management of banking institutions - Rolls royce marine perth - Head to toe nursing assessment - 3 quick discussion questions with 3 student responses - Popular transaction processing oltp software in ibm mainframes - Eastern districts tennis association - The treadmill of consumption james roberts - Racism in othello act 4 - Half life gizmo answer key activity b - What is worldcat penn foster - Free vark questionnaire - Goal for university admission (essay type) - 19 linton street baulkham hills - Animal farm exam questions and answers pdf - AVD7 - The family surgery reddish - Research paper outline powerpoint - How did kiowa die in the things they carried - Bachelor of arts philippines - Jtl management inc long island - What was hacksaw ridge based on - Sola sdn 10 24 100c manual - The Ethics Behind Assessment - I need 8-10 slides on Virigin Atlantic - Executive summary of hotel industry - What did the pendleton civil service act seek to accomplish - IT Security and Data Brach - Wm wrigley jr company case analysis - A tank holds 1000 gallons of water - Comparison of the DNP and Ph D roles in nursing - My sister and i comparison essay - Can physical therapists accept gifts from patients - Zara marketing strategy pdf - 110 bus route cairns - 7 last plagues revelation - Acecqa self assessment tool - Project dj accounting answers - Cases in healthcare management buchbinder pdf - Salary inequities at astrazeneca - Flank hernia repair cpt code - Consistency limit of soil - Compare and contrast two different air traffic control entities - Ritz carlton target customers - Are you Interested In Learning how to Write A Effective Personal Statement For Admission Board? - Bussmann medium voltage fuses - What methods of capital acquisition did honest tea employ why - Article Review - 02.03 the anti federalists assessment - Please - Ppt on power of social media - Parallel and series circuit combined - LITERATURE - The new jim crow essay - Electronic devices floyd 9th edition ppt - Calculus 2 taylor series - Barbie global marketing strategy - Sales discounts is a revenue account with a credit balance - Saudi power transformers company - Similar triangles examples with answers - Article Summary - Prebles artforms 11th edition powerpoint - Project report on supply chain management of amul - 83 halsey road fulham - Pharmacy intern exam dates - Wuthering heights chapter 5 summary - What three ideals make up the project complexity triangle - What is a webliography examples - Data science life cycle pdf - 3 page paper due tomorrow 9/13/20 at 3:00 MUST BE 100% ORIGINAL three references - Mickey monus - Jcu timetable - Collective Bargaining: Unit VIII Assessment - Eco 550 assignment 1 - For Essays Guru - - Eso error 102 invalid metafile - Wk 3 - Security Standards, Policies, and Procedures Manual