Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Learn Computer Forensics

You're reading from   Learn Computer Forensics A beginner's guide to searching, analyzing, and securing digital evidence

Arrow left icon
Product type Paperback
Published in Apr 2020
Publisher Packt
ISBN-13 9781838648176
Length 368 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
William Oettinger William Oettinger
Author Profile Icon William Oettinger
William Oettinger
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Section 1: Acquiring Evidence
2. Chapter 1: Types of Computer-Based Investigations FREE CHAPTER 3. Chapter 2: The Forensic Analysis Process 4. Chapter 3: Acquisition of Evidence 5. Chapter 4: Computer Systems 6. Section 2: Investigation
7. Chapter 5: Computer Investigation Process 8. Chapter 6: Windows Artifact Analysis 9. Chapter 7: RAM Memory Forensic Analysis 10. Chapter 8: Email Forensics – Investigation Techniques 11. Chapter 9: Internet Artifacts 12. Section 3: Reporting
13. Chapter 10: Report Writing 14. Chapter 11: Expert Witness Ethics 15. Assessments 16. Other Books You May Enjoy

Understanding the analysis process

Once you have collected data from the scene, you return to your lab and it is now time to start your forensic analysis. You will find yourself quickly overwhelmed by the sheer amount of data you will find in storage devices. You have to quickly determine whether the information contained within the storage containers is pertinent to your investigation. This is the point where the information gathering that occurred in the case information and legal issues step of the process will play an essential part.

Therefore, you have to capture the five Ws of the investigation (previously mentioned in Chapter 1, Types of Computer-Based Investigations). Tie the activity on the computer system with a specific user and identify that user as a real-life person.

If the investigation already has a live suspect identified, you correlate that suspect and the user on the computer system. Some guidelines we are about to discuss can be done with...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime