Computer Evidence: Collection & Preservation (Networking Series) - Softcover

Brown, Christopher LT

3.67

12 ratings by Goodreads

9781584504054: Computer Evidence: Collection & Preservation (Networking Series)

Softcover

ISBN 10: 1584504056 ISBN 13: 9781584504054

Publisher: Charles River Media, 2005

View all copies of this ISBN edition:

Computer Evidence: Collection and Preservation teaches law enforcement and computer forensics investigators how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. The book focuses on collection and preservation because these two phases of computer forensics are the most critical to evidence acceptance, but are not thoroughly covered in text or courses. Throughout the book, a constant eye is kept on evidence dynamics and the impact investigators can have on data integrity while collecting evidence. The simple act of a computer forensics investigator shutting down a suspect's computer changes the state of the computer as well as many of its files, so a good understanding of evidence dynamics is essential when doing computer forensics work. Broken up into five parts, Computer Forensics & Evidence Dynamics, Information Systems, Data Storage Systems & Media, Artifact Collection, and Archiving & Maintaining Evidence, the book places specific focus on how investigators and their tools are interacting with digital evidence. By reading and using this task-oriented guide, computer forensics investigators will be able to ensure case integrity during the most crucial phases of the computer forensics process.

"synopsis" may belong to another edition of this title.

About the Author:

Christopher L. T. Brown, CISSP, is the founder and CTO of Technology Pathways. He is the chief architect of the Technology Pathways ProDiscover family of security products. Prior to his position with Technology Pathways, Mr. Brown served in key technology positions at several companies including GlobalApp, Inc., CompuVision, Inc., and StoragePoint, Inc. He is retired from a career with the U.S. Navy, where he managed a large team of technicians working in the area of information warfare and network security operations. In addition to his demanding duties as ProDiscover's chief architect, Mr. Brown teaches network security and computer forensics at the University of California at San Diego and has written numerous books on Windows, Security, the Internet, and forensics. He served as president of the San Diego HTCIA chapter in 2006, first vice president in 2005, second vice president in 2003, and was the 2007 HTCIA International conference chair. He attended UCSD and holds numerous career certifications from (ISC)2, Microsoft, Cisco, CompTIA, and CITRIX.

Review:

Acknowledgments Introduction PART I COMPUTER FORENSICS AND EVIDENCE DYNAMICS Chapter 1 Computer Forensics Essentials Chapter 2 Rules of Evidence, Case Law, and Regulation Chapter 3 Evidence Dynamics PART II INFORMATION SYSTEMS Chapter 4 Interview, Policy, and Audit Chapter 5 Network Topology and Architecture Chapter 6 Volatile Data PART III DATA STORAGE SYSTEMS AND MEDIA Chapter 7 Physical Disk Technologies Chapter 8 SAN, NAS, and RAID Chapter 9 Removable Media PART IV ARTIFACT COLLECTION Chapter 10 Tools, Preparation, and Documentation Chapter 11 Collecting Volatile Data Chapter 12 Imaging Methodologies Chapter 13 Large System Collection PART V ARCHIVING AND MAINTAINING EVIDENCE Chapter 14 The Forensics Workstation Chapter 15 The Forensics Lab Chapter 16 What's Next Appendix A Sample Chain of Custody Form Appendix B Evidence Collection Worksheet Appendix C Evidence Access Worksheet Appendix D Forensics Field Kit Appendix E Hexadecimal Flags for Partition Types Appendix F Forensics Tools for Digital Evidence Collection Appendix G Agencies, Contacts, and Resources Appendix H Investigator's Cisco Router Command Cheat Sheet Appendix I About the CD-ROM Index

"About this title" may belong to another edition of this title.