System Forensics, Investigation, and Response, Second Edition

System Forensics, Investigation, and Response, Second Edition

Chuck Easttom
ISBN-13: 978-1-284-03105-8
318 pages
© 2014

Learn More
Request a Review Copy

  • Description
  • Applied Labs
  • Table of Contents
  • Course Objectives
  • Resources

Computer crimes call for forensics specialists, people who know how to find and follow the evidence. Completely revised and rewritten to keep pace with the changing field of computer forensics, System Forensics, Investigation, and Response, Second Edition begins by examining the fundamentals of system forensics, such as what forensics is, the role of computer forensics specialists, computer forensic evidence, and application of forensic analysis skills. It also gives an overview of computer crimes, forensic methods, and laboratories. It then addresses the tools, techniques, and methods used to perform computer forensics and investigation. Finally, it explores emerging technologies as well as future directions of this interesting and cutting-edge field.

Key Features

  • The Second Edition includes all new content. A complete re-write of the first edition
  • The latest data and statistics on computer forensics
  • Chapter restructuring with new chapters on:
        • Email Forensics
        • Windows Forensics
        • Mac Forensics
        • Linux Forensics
        • Mobile Forensics

This title is available with Virtual Security Cloud Labs – delivered in a first-of-its-kind cloud computing environment- that provides a fully immersive mock IT infrastructure enabling hands-on-experiential learning. An integrated lab manual is available to assist you with these labs.

Lab #1: Applying the Daubert Standard to Forensic Evidence
Lab #2: Documenting a Workstation Configuration using Common
Forensic Tools
Lab #3: Uncovering New Digital Evidence Using Bootable Forensic
Lab #4: Creating a Forensic System Case File for Analyzing Forensic Evidence
Lab #5: Analyzing Images to Identify Suspicious or Modified Files
Lab #6: Recognizing the Use of Steganography in Image Files
Lab #7: Automating E-mail Evidence Discovery Using P2 Commander
Lab #8: Decoding an FTP Protocol Session for Forensic Evidence
Lab #9: Identifying and Documenting Evidence from a Forensic
Lab #10: Conducting an Incident Response Investigation for a
Suspicious Login
Part 1: The System Forensics Landscape
Chapter 1: Introduction to Forensics
Chapter 2: Overview of Computer Crime
Chapter 3: Forensics Methods and Labs
Part 2: Technical Overview: System Forensics Tools, Techniques, and Methods
Chapter 4: Collecting, Seizing, and Protecting Evidence
Chapter 5: Understanding Information-Hiding Techniques
Chapter 6: Recovering Data
Chapter 7: Email Forensics
Chapter 8: Windows Forensics
Chapter 9: Linux Forensics
Chapter 10: Mac Forensics
Chapter 11: Mobile Forensics
Chapter 12: Performing Network Analysis
Part 3: Incident Response and Resources
Chapter 13: Incident and Intrusion Response
Chapter 14: Trends and Future Directions
Chapter 15: System Forensics Resources
  1. Identify the role of computer forensics in responding to crimes and solving business challenges.
  2. Examine system forensics issues, laws, and skills.
  3. Examine the purpose and structure of a digital forensics lab.
  4. Examine the evidence life cycle.
  5. Procure evidence in physical and virtualized environments.
  6. Examine the impact of sequestration on the evidence-gathering process.
  7. Collect evidence in network and e-mail environments.
  8. Examine automated digital forensic analysis.
  9. Report investigative findings of potential evidentiary value.
  10. Examine the constraints on digital forensic investigations.

Instructor Resources include:

  • PowerPoint Lectures
  • Instructor’s Guide
  • Test and Quiz Items
  • Sample Syllabus
  • Case Scenarios/Handouts
  • Handouts
  • Projects
  • Study Guide
  • Time on Task
  • Content Map