- Computer Forensic Investigation Cases
- Incident Response And Forensics
- Police Investigation Procedures
- Computer Forensics In Criminal Investigations
- Computer Forensics Investigative Process
- Crime Scene Investigation Procedures
Part of a series on |
Forensic science |
---|
Computer forensics analysis is not limited only to computer media
Computer forensics (also known as computer forensic science[1]) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.
Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.
Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted as reliable within U.S. and European court systems.
- 3Forensic process
- 7Further reading
Department of Justice Office of Justice Programs National Institute of Justice Special REPORT Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition. Computer forensics (also known as computer forensic. IEEE Conference on Computer Vision and Pattern. System Forensics, Investigation, and Response.
Overview[edit]
In the early 1980s personal computers became more accessible to consumers, leading to their increased use in criminal activity (for example, to help commit fraud). At the same time, several new 'computer crimes' were recognized (such as cracking). The discipline of computer forensics emerged during this time as a method to recover and investigate digital evidence for use in court. Since then computer crime and computer related crime has grown, and has jumped 67% between 2002 and 2003.[2] Today it is used to investigate a wide variety of crime, including child pornography, fraud, espionage, cyberstalking, murder and rape. The discipline also features in civil proceedings as a form of information gathering (for example, Electronic discovery)
Forensic techniques and expert knowledge are used to explain the current state of a digital artifact, such as a computer system, storage medium (e.g. hard disk or CD-ROM), or an electronic document (e.g. an email message or JPEG image).[3] The scope of a forensic analysis can vary from simple information retrieval to reconstructing a series of events. In a 2002 book, Computer Forensics, authors Kruse and Heiser define computer forensics as involving 'the preservation, identification, extraction, documentation and interpretation of computer data'.[4] They go on to describe the discipline as 'more of an art than a science', indicating that forensic methodology is backed by flexibility and extensive domain knowledge. However, while several methods can be used to extract evidence from a given computer the strategies used by law enforcement are fairly rigid and lack the flexibility found in the civilian world.[5]
Use as evidence[edit]
In court, computer forensic evidence is subject to the usual requirements for digital evidence. This requires that information be authentic, reliably obtained, and admissible.[6] Different countries have specific guidelines and practices for evidence recovery. In the United Kingdom, examiners often follow Association of Chief Police Officers guidelines that help ensure the authenticity and integrity of evidence. While voluntary, the guidelines are widely accepted in British courts.
Computer forensics has been used as evidence in criminal law since the mid-1980s, some notable examples include:[7]
- BTK Killer: Dennis Rader was convicted of a string of serial killings that occurred over a period of sixteen years. Towards the end of this period, Rader sent letters to the police on a floppy disk. Metadata within the documents implicated an author named 'Dennis' at 'Christ Lutheran Church'; this evidence helped lead to Rader's arrest.
- Joseph E. Duncan III: A spreadsheet recovered from Duncan's computer contained evidence that showed him planning his crimes. Prosecutors used this to show premeditation and secure the death penalty.[8]
- Sharon Lopatka: Hundreds of emails on Lopatka's computer lead investigators to her killer, Robert Glass.[7]
- Corcoran Group: This case confirmed parties' duties to preserve digital evidence when litigation has commenced or is reasonably anticipated. Hard drives were analyzed by a computer forensics expert who could not find relevant emails the Defendants should have had. Though the expert found no evidence of deletion on the hard drives, evidence came out that the defendants were found to have intentionally destroyed emails, and misled and failed to disclose material facts to the plaintiffs and the court.
- Dr. Conrad Murray: Dr. Conrad Murray, the doctor of the deceased Michael Jackson, was convicted partially by digital evidence on his computer. This evidence included medical documentation showing lethal amounts of propofol.
Forensic process[edit]
A portable Tableau write blocker attached to a Hard Drive
Computer forensic investigations usually follow the standard digital forensic process or phases which are acquisition, examination, analysis and reporting. Investigations are performed on static data (i.e. acquired images) rather than 'live' systems. This is a change from early forensic practices where a lack of specialist tools led to investigators commonly working on live data.
Techniques[edit]
A number of techniques are used during computer forensics investigations and much has been written on the many techniques used by law enforcement in particular.
- Cross-drive analysis
- A forensic technique that correlates information found on multiple hard drives. The process, still being researched, can be used to identify social networks and to perform anomaly detection.[9][10]
- Live analysis
- The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence. The practice is useful when dealing with Encrypting File Systems, for example, where the encryption keys may be collected and, in some instances, the logical hard drive volume may be imaged (known as a live acquisition) before the computer is shut down.
- Deleted files
- A common technique used in computer forensics is the recovery of deleted files. Modern forensic software have their own tools for recovering or carving out deleted data.[11] Most operating systems and file systems do not always erase physical file data, allowing investigators to reconstruct it from the physical disk sectors. File carving involves searching for known file headers within the disk image and reconstructing deleted materials.
- Stochastic forensics
- A method which uses stochastic properties of the computer system to investigate activities lacking digital artifacts. Its chief use is to investigate data theft.
- Steganography
- One of the techniques used to hide data is via steganography, the process of hiding data inside of a picture or digital image. An example would be to hide pornographic images of children or other information that a given criminal does not want to have discovered. Computer forensics professionals can fight this by looking at the hash of the file and comparing it to the original image (if available.) While the image appears exactly the same, the hash changes as the data changes.[12]
Volatile data[edit]
When seizing evidence, if the machine is still active, any information stored solely in RAM that is not recovered before powering down may be lost.[8] One application of 'live analysis' is to recover RAM data (for example, using Microsoft's COFEE tool, WinDD, WindowsSCOPE) prior to removing an exhibit. CaptureGUARD Gateway bypasses Windows login for locked computers, allowing for the analysis and acquisition of physical memory on a locked computer.
RAM can be analyzed for prior content after power loss, because the electrical charge stored in the memory cells takes time to dissipate, an effect exploited by the cold boot attack. The length of time that data is recoverable is increased by low temperatures and higher cell voltages. Holding unpowered RAM below −60 °C helps preserve residual data by an order of magnitude, improving the chances of successful recovery. However, it can be impractical to do this during a field examination.[13]
Some of the tools needed to extract volatile data, however, require that a computer be in a forensic lab, both to maintain a legitimate chain of evidence, and to facilitate work on the machine. If necessary, law enforcement applies techniques to move a live, running desktop computer. These include a mouse jiggler, which moves the mouse rapidly in small movements and prevents the computer from going to sleep accidentally. Usually, an uninterruptible power supply (UPS) provides power during transit.
However, one of the easiest ways to capture data is by actually saving the RAM data to disk. Various file systems that have journaling features such as NTFS and ReiserFS keep a large portion of the RAM data on the main storage media during operation, and these page files can be reassembled to reconstruct what was in RAM at that time.[14]
Analysis tools[edit]
A number of open source and commercial tools exist for computer forensics investigation. Typical forensic analysis includes a manual review of material on the media, reviewing the Windows registry for suspect information, discovering and cracking passwords, keyword searches for topics related to the crime, and extracting e-mail and pictures for review.[7]
Certifications[edit]
There are several computer forensics certifications available, such as the ISFCE Certified Computer Examiner, Digital Forensics Investigation Professional (DFIP) and IACRB Certified Computer Forensics Examiner.
The top vendor independent certification (especially within EU) is considered the [CCFP - Certified Cyber Forensics Professional [1]].[15]
Others, worth to mention for USA or APAC are the:IACIS (the International Association of Computer Investigative Specialists) offers the Certified Computer Forensic Examiner (CFCE) program.
ISFCS (the The International Society of Forensic Computer Examiners®) offers the Certified Computer Examiner (CCE) program.
Asian School of Cyber Laws offers international level certifications in Digital Evidence Analysis and in Digital Forensic Investigation. These Courses are available in online and class room mode.
Many commercial based forensic software companies are now also offering proprietary certifications on their products. For example, Guidance Software offering the (EnCE) certification on their tool EnCase, AccessData offering (ACE) certification on their tool FTK, PassMark Software offering (OCE) certification on their tool OSForensics, and X-Ways Software Technology offering (X-PERT) certification for their software, X-Ways Forensics.[16]
See also[edit]
References[edit]
- ^Michael G. Noblett; Mark M. Pollitt; Lawrence A. Presley (October 2000). 'Recovering and examining computer forensic evidence'. Retrieved 26 July 2010.
- ^Leigland, R (September 2004). 'A Formalization of Digital Forensics'(PDF).
- ^A Yasinsac; RF Erbacher; DG Marks; MM Pollitt (2003). 'Computer forensics education'. IEEE Security & Privacy. CiteSeerX10.1.1.1.9510.Missing or empty
|url=
(help) - ^Warren G. Kruse; Jay G. Heiser (2002). Computer forensics: incident response essentials. Addison-Wesley. p. 392. ISBN978-0-201-70719-9. Retrieved 6 December 2010.
- ^Gunsch, G (August 2002). 'An Examination of Digital Forensic Models'(PDF).
- ^Adams, R. (2012). ''The Advanced Data Acquisition Model (ADAM): A process model for digital forensic practice'.
- ^ abcCasey, Eoghan (2004). Digital Evidence and Computer Crime, Second Edition. Elsevier. ISBN978-0-12-163104-8.
- ^ abVarious (2009). Eoghan Casey (ed.). Handbook of Digital Forensics and Investigation. Academic Press. p. 567. ISBN978-0-12-374267-4. Retrieved 27 August 2010.
- ^Garfinkel, S. (August 2006). 'Forensic Feature Extraction and Cross-Drive Analysis'(PDF).
- ^'EXP-SA: Prediction and Detection of Network Membership through Automated Hard Drive Analysis'.
- ^Aaron Phillip; David Cowen; Chris Davis (2009). Hacking Exposed: Computer Forensics. McGraw Hill Professional. p. 544. ISBN978-0-07-162677-4. Retrieved 27 August 2010.
- ^Dunbar, B (January 2001). 'A detailed look at Steganographic Techniques and their use in an Open-Systems Environment'.
- ^J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten (2008-02-21). 'Lest We Remember: Cold Boot Attacks on Encryption Keys'. Princeton University. Retrieved 2009-11-20.Cite journal requires
|journal=
(help)CS1 maint: multiple names: authors list (link) - ^Geiger, M (March 2005). 'Evaluating Commercial Counter-Forensic Tools'(PDF).
- ^'CCFP Salaries surveys'. ITJobsWatch. Retrieved 2017-06-15.
- ^'X-PERT Certification Program'. X-pert.eu. Retrieved 2015-11-26.
Further reading[edit]
- A Practice Guide to Computer Forensics, First Edition (Paperback) by David Benton (Author), Frank Grindstaff (Author)
- Casey, Eoghan; Stellatos, Gerasimos J. (2008). 'The impact of full disk encryption on digital forensics'. Operating Systems Review. 42 (3): 93–98. CiteSeerX10.1.1.178.3917. doi:10.1145/1368506.1368519.
- YiZhen Huang; YangJing Long (2008). 'Demosaicking recognition with applications in digital photo authentication based on a quadratic pixel correlation model'(PDF). Proc. IEEE Conference on Computer Vision and Pattern Recognition: 1–8. Archived from the original(PDF) on 2010-06-17. Retrieved 2009-12-18.Cite uses deprecated parameter
|dead-url=
(help) - Incident Response and Computer Forensics, Second Edition (Paperback) by Chris Prosise (Author), Kevin Mandia (Author), Matt Pepe (Author) 'Truth is stranger than fiction...' (more)
- Ross, S.; Gow, A. (1999). Digital archaeology? Rescuing Neglected or Damaged Data Resources(PDF). Bristol & London: British Library and Joint Information Systems Committee. ISBN978-1-900508-51-3.
- George M. Mohay (2003). Computer and intrusion forensics. Artech House. p. 395. ISBN978-1-58053-369-0.
- Chuck Easttom (2013). System Forensics, Investigation, and Response. Jones & Bartlett. p. 318. ISBN978-1284031058.
Related journals[edit]
External links[edit]
- US NIST Digital Data Acquisition Tool Specification (PDF)
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Computer_forensics&oldid=905297326'
Download Book Computer Forensics Investigation Procedures And Response Chfi in PDF format. You can Read Online Computer Forensics Investigation Procedures And Response Chfi here in PDF, EPUB, Mobi or Docx formats.Exam Prep For Computer Forensics Investigation Procedures And Response Chfi
Author :Dave MasonISBN :
Genre :
File Size : 28.61 MB
Format :PDF, ePub, Mobi
Download :545
Read :876
5,600 Exam Prep questions and answers. Ebooks, Textbooks, Courses, Books Simplified as questions and answers by Rico Publications. Very effective study tools especially when you only have a limited amount of time. They work with your textbook or without a textbook and can help you to review and learn essential terms, people, places, events, and key concepts.
Computer Forensics Investigation Procedures And Response Chfi
Author :EC-CouncilISBN :9781305883475
Genre :Computers
File Size : 81.65 MB
Format :PDF, ePub, Docs
Download :898
Read :1094
The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of four books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks. Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating potential legal evidence. In full, this and the other three books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker’s path through a client system. The series and accompanying labs help prepare the security student or professional to profile an intruder’s footprint and gather all necessary information and evidence to support prosecution in a court of law. The first book in the Computer Forensics series is Investigation Procedures and Response. Coverage includes a basic understanding of the importance of computer forensics, how to set up a secure lab, the process for forensic investigation including first responder responsibilities, how to handle various incidents and information on the various reports used by computer forensic investigators. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
Exam Prep For Bundle Computer Forensics Investigation Procedures And Response Chfi 2nd Mindtap Information Security 1 Term 6 Months Printed Access Card
Author :David MasonISBN :PKEY:QA3060115
![Computer forensic investigation cases Computer forensic investigation cases](https://guideimg.alibaba.com/images/shop/2015/10/09/14/forensic-computer-crime-investigation-2-international-forensic-science-and-investigation_10695014.jpeg)
Genre :Education
File Size : 85.32 MB
Format :PDF, ePub, Docs
Download :701
Read :661
5,600 Exam Prep questions and answers. Ebooks, Textbooks, Courses, Books Simplified as questions and answers by Rico Publications. Very effective study tools especially when you only have a limited amount of time. They work with your textbook or without a textbook and can help you to review and learn essential terms, people, places, events, and key concepts.
Computer Forensics Investigation Procedures And Response
Author :EC-CouncilISBN :9781435483491
Genre :Computers
File Size : 65.54 MB
Format :PDF, Kindle
Download :139
Read :618
The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks. Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating potential legal evidence. In full, this and the other four books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker’s path through a client system. The series and accompanying labs help prepare the security student or professional to profile an intruder’s footprint and gather all necessary information and evidence to support prosecution in a court of law. The first book in the Computer Forensics series is Investigation Procedures and Response. Coverage includes a basic understanding of the importance of computer forensics, how to set up a secure lab, the process for forensic investigation including first responder responsibilities, how to handle various incidents and information on the various reports used by computer forensic investigators. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
The Official Chfi Study Guide Exam 312 49
Author :Dave KleimanISBN :9780080555713
Genre :Computers
File Size : 48.96 MB
Format :PDF
Download :720
Read :1274
This is the official CHFI (Computer Hacking Forensics Investigator) study guide for professionals studying for the forensics exams and for professionals needing the skills to identify an intruder's footprints and properly gather the necessary evidence to prosecute. The EC-Council offers certification for ethical hacking and computer forensics. Their ethical hacker exam has become very popular as an industry gauge and we expect the forensics exam to follow suit. Material is presented in a logical learning sequence: a section builds upon previous sections and a chapter on previous chapters. All concepts, simple and complex, are defined and explained when they appear for the first time. This book includes: Exam objectives covered in a chapter are clearly explained in the beginning of the chapter, Notes and Alerts highlight crucial points, Exam’s Eye View emphasizes the important points from the exam’s perspective, Key Terms present definitions of key terms used in the chapter, Review Questions contains the questions modeled after real exam questions based on the material covered in the chapter. Answers to the questions are presented with explanations. Also included is a full practice exam modeled after the real exam. The only study guide for CHFI, provides 100% coverage of all exam objectives. CHFI Training runs hundreds of dollars for self tests to thousands of dollars for classroom training.
Chfi Computer Hacking Forensic Investigator Certification All In One Exam Guide
Author :Charles L. BrooksISBN :9780071831550
Genre :Computers
File Size : 39.86 MB
Format :PDF, ePub, Docs
Download :610
Read :302
An all-new exam guide for version 8 of the Computer Hacking Forensic Investigator (CHFI) exam from EC-Council Get complete coverage of all the material included on version 8 of the EC-Council's Computer Hacking Forensic Investigator exam from this comprehensive resource. Written by an expert information security professional and educator, this authoritative guide addresses the tools and techniques required to successfully conduct a computer forensic investigation. You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass this challenging exam, this definitive volume also serves as an essential on-the-job reference. CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide covers all exam topics, including: Computer forensics investigation process Setting up a computer forensics lab First responder procedures Search and seizure laws Collecting and transporting digital evidence Understanding hard disks and file systems Recovering deleted files and partitions Windows forensics Forensics investigations using the AccessData Forensic Toolkit (FTK) and Guidance Software's EnCase Forensic Network, wireless, and mobile forensics Investigating web attacks Preparing investigative reports Becoming an expert witness Electronic content includes: 300 practice exam questions Test engine that provides full-length practice exams and customized quizzes by chapter or by exam domain
Practical Cyber Forensics
Author :Niranjan ReddyISBN :9781484244609
Genre :Computers
File Size : 36.56 MB
![Investigation Investigation](/uploads/1/2/6/0/126032333/219700648.jpg)
Download :756
Computer Forensic Investigation Cases
Read :774
Become an effective cyber forensics investigator and gain a collection of practical, efficient techniques to get the job done. Diving straight into a discussion of anti-forensic techniques, this book shows you the many ways to effectively detect them. Now that you know what you are looking for, you’ll shift your focus to network forensics, where you cover the various tools available to make your network forensics process less complicated. Following this, you will work with cloud and mobile forensic techniques by considering the concept of forensics as a service (FaSS), giving you cutting-edge skills that will future-proof your career. Building on this, you will learn the process of breaking down malware attacks, web attacks, and email scams with case studies to give you a clearer view of the techniques to be followed. Another tricky technique is SSD forensics, so the author covers this in detail to give you the alternative analysis techniques you’ll need. To keep you up to speed on contemporary forensics, Practical Cyber Forensics includes a chapter on Bitcoin forensics, where key crypto-currency forensic techniques will be shared. Finally, you will see how to prepare accurate investigative reports. What You Will Learn Carry out forensic investigation on Windows, Linux, and macOS systems Detect and counter anti-forensic techniques Deploy network, cloud, and mobile forensics Investigate web and malware attacks Write efficient investigative reports Who This Book Is For Intermediate infosec professionals looking for a practical approach to investigative cyber forensics techniques.
Digital Forensics With Kali Linux
Author :Shiva V. N ParasramISBN :9781788629577
Genre :Computers
File Size : 83.57 MB
Format :PDF
Download :391
Read :407
Learn the skills you need to take advantage of Kali Linux for digital forensics investigations using this comprehensive guide Key Features Master powerful Kali Linux tools for digital investigation and analysis Perform evidence acquisition, preservation, and analysis using various tools within Kali Linux Implement the concept of cryptographic hashing and imaging using Kali Linux Perform memory forensics with Volatility and internet forensics with Xplico. Discover the capabilities of professional forensic tools such as Autopsy and DFF (Digital Forensic Framework) used by law enforcement and military personnel alike Book Description Kali Linux is a Linux-based distribution used mainly for penetration testing and digital forensics. It has a wide range of tools to help in forensics investigations and incident response mechanisms. You will start by understanding the fundamentals of digital forensics and setting up your Kali Linux environment to perform different investigation practices. The book will delve into the realm of operating systems and the various formats for file storage, including secret hiding places unseen by the end user or even the operating system. The book will also teach you to create forensic images of data and maintain integrity using hashing tools. Next, you will also master some advanced topics such as autopsies and acquiring investigation data from the network, operating system memory, and so on. The book introduces you to powerful tools that will take your forensic abilities and investigations to a professional level, catering for all aspects of full digital forensic investigations from hashing to reporting. By the end of this book, you will have had hands-on experience in implementing all the pillars of digital forensics—acquisition, extraction, analysis, and presentation using Kali Linux tools. What you will learn Get to grips with the fundamentals of digital forensics and explore best practices Understand the workings of file systems, storage, and data fundamentals Discover incident response procedures and best practices Use DC3DD and Guymager for acquisition and preservation techniques Recover deleted data with Foremost and Scalpel Find evidence of accessed programs and malicious programs using Volatility. Perform network and internet capture analysis with Xplico Carry out professional digital forensics investigations using the DFF and Autopsy automated forensic suites Who this book is for This book is targeted at forensics and digital investigators, security analysts, or any stakeholder interested in learning digital forensics using Kali Linux. Basic knowledge of Kali Linux will be an advantage.
Computer Forensics With Ftk
Author :Fernando CarboneISBN :9781783559039
Genre :Computers
File Size : 86.54 MB
Format :PDF, Mobi
Download :553
Read :709
This tutorial contains detailed instructions with useful integrated examples that help you understand the main features of FTK and how you can use it to analyze evidence. This book has clear and concise guidance in an easily accessible format. This tutorial-based guide is great for you if you want to conduct digital investigations with an integrated platform. Whether you are new to Computer Forensics or have some experience, this book will help you get started with FTK so you can analyze evidence effectively and efficiently. If you are a law enforcement official, corporate security, or IT professional who needs to evaluate the evidentiary value of digital evidence, then this book is ideal for you.
Computer Forensics
Author :Linda VoloninoISBN :UVA:X030107968
Genre :Computers
File Size : 83.23 MB
Incident Response And Forensics
Format :PDF, ePub
Download :
Police Investigation Procedures
760Read :
Computer Forensics In Criminal Investigations
1236Computer Forensics Investigative Process
Master the techniques for gathering electronic evidence and explore the new frontier of crime investigation. The demand for computer forensics experts greatly exceeds the supply. With the rapid growth of technology in all parts of our lives, criminal activity must be tracked down and investigated using electronic methods that require up-to-date techniques and knowledge of the latest software tools. Authors Linda Volonino, Jana Godwin, and Reynaldo Anzaldua share their expertise to give you the legal, technical, and investigative skills you need to launch your career in computer forensics. You can also use Computer Forensics: Principles and Practices to help you advance in careers such as criminal justice, accounting, law enforcement, and federal investigation. Computer Forensics Principles and Practices gives you in-depth understanding of: Using the correct investigative tools and procedures to maximize effectiveness of evidence gathering. Keeping evidence in pristine condition so it will be admissible in a legal action. . Investigating large-scale attacks such as identity theft, fraud, phishing, extortion, and malware infections. The legal foundations for proper handling of traditional and electronic evidence such as the Federal Rules of Evidence and Procedure as well as the Fourth Amendment and other laws regarding search warrants and civil rights. Practical tools such as FTK, EnCase, Passware, Ethereal, LADS, WinHex, GIMP, Camouflage, and Snort. This book is filled with tools to help you move beyond simply learning concepts and help you apply them. These tools include: . In Practice tutorials: Apply concepts and learn by doing. . Exercises and Projects: Assignments show you how to employ your new skills. Case Studies: Apply what you learn in real-world scenarios. The companion Web site (www.prenhall.com/security) includes: . Additional testing materials and projects to reinforce book lessons. . Downloadable checklists and templates used in the book. . Links to additional topics and resources to assist you in your professional development. '