The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered.
The new Second Edition of this book provides you with completely up-to-date real-world examples and all the key technologies used in digital forensics, as well as new coverage of network intrusion response, how hard drives are organized, and electronic discovery. You'll also learn how to incorporate quality assurance into an investigation, how to prioritize evidence items to examine (triage), case processing, and what goes into making an expert witness.
The Second Edition also features expanded resources and references, including online resources that keep you current, sample legal documents, and suggested further reading.
- Learn what Digital Forensics entails
- Build a toolkit and prepare an investigative plan
- Understand the common artifacts to look for in an exam
- Second Edition features all-new coverage of hard drives, triage, network intrusion response, and electronic discovery; as well as updated case studies, expert interviews, and expanded resources and references
1. Introduction 2. Key Technical Concepts 3. Labs and Tools 4. Collecting Evidence 5. Windows System Artifacts 6. Anti-Forensics 7. Legal Considerations 8. Internet and E-mail 9. Network Forensics and Incident Response 10. Mobile Device Forensics 11. Looking Ahead: Challenges and Concerns 12. Electronic Discovery
Appendix A. Online Resources Appendix B. Sample Documents Appendix C. Further Reading
John Sammons is an Associate Professor and Director of the undergraduate program in Digital Forensics and Information Assurance at Marshall University in Huntington, West Virginia. John teaches digital forensics, electronic discovery, information security and technology in the School of Forensic and Criminal Justices Sciences. He's also adjunct faculty with the Marshall University graduate forensic science program where he teaches the advanced digital forensics course. John, a former police officer, is also an Investigator with the Cabell County Prosecuting Attorney's Office and a member of the West Virginia Internet Crimes Against Children Task Force. He is a Member of the American Academy of Forensic Sciences, the High Technology Crime Investigation Association, and Infragard.
John is the founder and President of the Appalachian Institute of Digital Evidence. AIDE is a non-profit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement and information security practitioners in the private sector. He is the author of best-selling book, The Basics of Digital Forensics published by Syngress.