جزییات کتاب
Learn to Collect Digital Artifacts and Ensure Evidence Acceptance!Computer Evidence: Collection and Preservation teaches law enforcement and computer forensics investigators how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. The book focuses on collection and preservation because these two phases of computer forensics are the most critical to evidence acceptance, but are not thoroughly covered in text or courses. Throughout the book, a constant eye is kept on evidence dynamics and the impact investigators can have on data integrity while collecting evidence. The simple act of a computer forensics investigator shutting down a suspect’s computer changes the state of the computer as well as many of its fi les, so a good understanding of evidence dynamics is essential when doing computer forensics work. Broken up into five parts, Computer Forensics & Evidence Dynamics, Information Systems, Data Storage Systems & Media, Artifact Collection, and Archiving & Maintaining Evidence, the book places specific focus on how investigators and their tools are interacting with digital evidence. By reading and using this task-oriented guide, computer forensics investigators will be able to ensure case integrity during the most crucial phases of the computer forensics process.KEY FEATURES * Provides a practical fi eld guide to evidence collection and preservation that will help maintain evidence acceptability * Covers key areas such as rules of evidence, evidence dynamics, network topologies, collecting volatile data, imaging methodologies, and forensics labs and workstations * Teaches criminal investigators everything they need to know to ensure the integrity of their digital evidence * Includes a CD-ROM with several demo and freeware software applications as well as document templates, worksheets, and references * Includes a CD-ROM with several demo and freeware software applications as well as document templates, worksheets, and references On the CD! * DRIVE HEALTH: Contains a demo version of this IDE disk-monitoring application * CRYPTCAT: Contains this freeware application to create secure TCP/IP data channels * MARESWARE: Provides demo utilities from Mares and Company LLC, which are useful for scripting large-batch forensic operations * LANSURVEYOR: Contains a demo version of this software for mapping networks through various automatic discovery methods * PRODISCOVER FORENSICS EDITION: Includes a demo version of this disk-imaging and analysis suite * SYSINTERNALS: Contains three freeware utility applications (PSList, PSInfo, and PSLoggedon) useful in batch file volatitle data collection * WINHEX: Provides a demo version of the WinHex raw fi le and disk editor * FORMS: Includes digital copies of the sample forms provided in the book * FIGURES: Includes all of the fi gures from the book by chapterSYSTEM REQUIREMENTS: Pentium class CPU or later; Windows 98SE / NT / 2000 / XP/2003; Web browser; 128MB of memory; 128MB of available disk space; CD-ROM or DVD-ROM drive; VGA monitor or high-resolution monitor; keyboard and mouse, or other pointing device.