Cybercrime, Cyber-Aided Crime and Digital Evidence
Incident Response
Collecting Evidence
Triage
Analyzing Data and Writing Reports
Part III: Get Practical
Collecting Data
Indexing and Searching
Cracking
Finding Artifacts
Some Common Questions and Tasks
FTK Specifics
Open-Source or Freeware Tools
Part IV: Memory Forensics
Memory Analysis
Memory Analysis Tools
Memory Analysis in Criminal Investigations
Malware Analysis
Appendix A: Solutions
Appendix B: Useful Scripts
Appendix C: Sample Report (Template)
Appendix D: List of Time Zones
Appendix E: Complete Jitsi Chat Log
Joakim Kävrestad is a lecturer and researcher at the University of Skövde, Sweden, and an AccessData Certified Examiner. He also serves as a forensic consultant, with several years of experience as a forensic expert with the Swedish police.
This practical and accessible textbook/reference describes the theory and methodology of digital forensic examinations, presenting examples developed in collaboration with police authorities to ensure relevance to real-world practice. The coverage includes discussions on forensic artifacts and constraints, as well as forensic tools used for law enforcement and in the corporate sector. Emphasis is placed on reinforcing sound forensic thinking, and gaining experience in common tasks through hands-on exercises.
This enhanced second edition has been expanded with new material on incident response tasks and computer memory analysis.
Topics and features:
Outlines what computer forensics is, and what it can do, as well as what its limitations are
Discusses both the theoretical foundations and the fundamentals of forensic methodology
Reviews broad principles that are applicable worldwide
Explains how to find and interpret several important artifacts
Describes free and open source software tools, along with the AccessData Forensic Toolkit
Features exercises and review questions throughout, with solutions provided in the appendices
Includes numerous practical examples, and provides supporting video lectures online
This easy-to-follow primer is an essential resource for students of computer forensics, and will also serve as a valuable reference for practitioners seeking instruction on performing forensic examinations.
Joakim Kävrestad is a lecturer and researcher at the University of Skövde, Sweden, and an AccessData Certified Examiner. He also serves as a forensic consultant, with several years of experience as a forensic expert with the Swedish police.