This practical and accessible textbook/reference describes the theory and methodology of digital forensic examinations, presenting examples developed in collaboration with police authorities to ensure relevance to real-world practice. The coverage includes discussions on forensic artifacts and constraints, as well as forensic tools used for law enforcement and in the corporate sector. Emphasis is placed on reinforcing sound forensic thinking, and gaining experience in common tasks through hands-on exercises.
This enhanced second edition has been expanded with new material on incident response tasks and computer memory analysis.
Topics and features:
- Outlines what computer forensics is, and what it can do, as well as what its limitations are
- Discusses both the theoretical foundations and the fundamentals of forensic methodology
- Reviews broad principles that are applicable worldwide
- Explains how to find and interpret several important artifacts
- Describes free and open source software tools, along with the AccessData Forensic Toolkit
- Features exercises and review questions throughout, with solutions provided in the appendices
- Includes numerous practical examples, and provides supporting video lectures online
This easy-to-follow primer is an essential resource for students of computer forensics, and will also serve as a valuable reference for practitioners seeking instruction on performing forensic examinations.
Joakim Kävrestad is a lecturer and researcher at the University of Skövde, Sweden, and an AccessData Certified Examiner. He also serves as a forensic consultant, with several years of experience as a forensic expert with the Swedish police.
Part I: Theory
What Is Digital Forensics?
Ethics and Integrity
Decryption and Password Enforcing
Part II: The Forensic Process
Cybercrime, Cyber-Aided Crime and Digital Evidence
Analyzing Data and Writing Reports
Part III: Get Practical
Indexing and Searching
Some Common Questions and Tasks
Open-Source or Freeware Tools
Part IV: Memory Forensics
Memory Analysis Tools
Memory Analysis in Criminal Investigations
Appendix A: Solutions
Appendix B: Useful Scripts
Appendix C: Sample Report (Template)
Appendix D: List of Time Zones
Appendix E: Complete Jitsi Chat Log