CYBER FORENSICS

From Data to Digital Evidence

As a cyber forensic investigator, simply pressing buttons or ticking off options on forensic software—without understanding what is happening behind the scenes—creates a gaping hole in your company's infosecurity. Painting a broad picture of the field, Cyber Forensics provides you with the specific knowledge you need to not only find key data in forensic investigations but also speak confidently about the validity of the data identified, accessed, and analyzed as part of a comprehensive cyber forensic investigation.

Authors Albert Marcella and Frederic Guillossou—both forensic and IT specialists—begin by explaining the origins of data. From there, the authors address concepts related to data storage, boot records, partitions, volumes, and file systems, and how each of these is interrelated and essential in a cyber forensic investigation. They then analyze the roles these concepts play in an investigation and what type of evidential data may be identified within each of these areas.

Providing a thorough foundation to this emerging field, this step-by-step reference covers:

• Converting binary to decimal
• The power of HEX
• Forensics and encrypted files
• Master Boot Record (MBR)
• Volume versus Partition
• FAT filing system limitations
• New technology file system
• Forensic Investigative Smart Practices
• MS-DOS 32-bit time stamp: date and time
• Characteristics of a good cyber forensic report
• A cyber forensic process summary

Ronelle Sawyer and Jose McCarthy—two fictional characters—are used throughout the book to illuminate specific IT and cyber forensic concepts and discuss critical cyber forensic processes. Their activities and actions bring cyber forensic concepts to life by providing you with specific examples of the applications. Cyber Forensics also examines Endianness and time—two important yet often overlooked topics—that drastically impact almost every cyber-based investigation.

Progressing logically from data to digital evidence, Cyber Forensics provides you with the most comprehensive examination and discussion of the science of cyber forensic investigations, what is happening behind the scenes to data and why, what to look for, and where to find it, so you can conduct cyber forensic investigations with a better understanding of the technologies involved.