Автор: Joakim Kävrestad, Marcus Birath, Nathan Clarke
Издательство: Springer
Серия: Texts in Computer Science
Год: 2024
Страниц: 292
Язык: английский
Формат: pdf (true), epub
Размер: 51.5 MB
This textbook describes the theory and methodology of digital forensic examinations, presenting examples developed in collaboration with police authorities to ensure relevance to real-world practice. The coverage includes discussions on forensic artifacts and constraints, as well as forensic tools used for law enforcement and in the corporate sector. Emphasis is placed on reinforcing sound forensic thinking, and gaining experience in common tasks through hands-on exercises.
This enhanced third edition describes practical digital forensics with open-source tools and includes an outline of current challenges and research directions.
This book begins with setting the stage for forensics examinations by discussing the theoretical foundation that the authors regard as relevant and important for the area. This section will introduce the reader to the areas of computer forensics and the forensic methodology as well as discuss how to find and interpret certain artifacts in a Windows environment. The book will then take a more practical focus and discuss the hows and whys about some key forensic concepts. Finally, the book will provide a section with information on how to find and interpret artifacts. It should at this point be noticed that the book does not, by far, cover every single case, question, or artifact. Practical examples are rather here to serve as demonstrations of how to implement a forensically sound way of examining digital evidence and use forensic tools. Throughout the book, you will find real-world examples applicable in a real-world setting. The books end with an outline of current research topics. Since most computers targeted for a forensic examination are running some version of Windows, the examples and demonstrations in this book are presented in a Windows environment. Windows 10 and 11 have been used for practical examples, and they are, unless otherwise stated, accurate for both of those versions of Windows.
Computer forensics is the practice of collecting, analyzing and reporting on digital data in a way that is legally admissible. It can be used in the detection and prevention of crime and in any dispute where evidence is stored digitally. Computer forensics follows a similar process to other forensic disciplines, and faces similar issues. What is noticeable in this description is that it determines the tasks involved during a forensic investigation: collecting, analyzing, and reporting. It also describes that computer forensics is comparable to other forensic disciplines, and that does suggest that methods used, and conclusions drawn during a computer forensic investigation should face the same scrutiny as an analysis of a fingerprint or DNA test. The rest of the section will discuss each of these, beginning with establishing a model that could be used to describe a digital forensic examination.
Topics and features:
Outlines what computer forensics is, and what it can do, as well as what its limitations are
Discusses both the theoretical foundations and the fundamentals of forensic methodology
Reviews broad principles that are applicable worldwide
Explains how to find and interpret several important artifacts
Describes free and open-source software tools
Features content on corporate forensics, ethics, SQLite databases, triage, and memory analysis
Includes new supporting video lectures on YouTube
This easy-to-follow primer is an essential resource for students of computer forensics, and will also serve as a valuable reference for practitioners seeking instruction on performing forensic examinations.
Скачать Fundamentals of Digital Forensics, 3rd Edition