Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Learn Computer Forensics – 2nd edition
Learn Computer Forensics – 2nd edition

Learn Computer Forensics – 2nd edition: Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence , Second Edition

eBook
$9.99 $39.99
Paperback
$49.99
Audiobook
$9.99 $46.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Learn Computer Forensics – 2nd edition

The Forensic Analysis Process

We will now discuss the forensic analysis process. As a forensic investigator, you will need to create a strategy that will enable you to conduct an efficient investigation. You also need to make sure you are familiar with your tools and the results that they will provide. Without a process, you will waste time examining data that will not impact your investigation, and you will not be able to rely on your tools. In addition, you want to make sure you get valid results from the tools you deploy. Finally, to be thorough and efficient, you must use critical thinking to determine the best investigation or exam method.

While there are similarities in every investigation, you will find differences that will require you to have an exam strategy to be efficient. I am not a fan of keeping an examination checklist because there will be areas that aren’t relevant, such as different operating systems, physical topography of the network, criminal elements, and suspects. These variables ensure that no two examinations or investigations are the same and will require the investigator to execute a different strategy for each of them.

The forensic analysis process is made up of five subsets:

  • Pre-investigation considerations
  • Understanding case information and legal issues
  • Understanding data acquisition
  • Understanding the analysis process
  • Reporting your findings

The upcoming sections will discuss each of these in greater detail.

Pre-investigation considerations

The pre-investigation is where you determine your capabilities and equipment specifications to conduct a forensic exam, regardless of whether it is in the field or a lab environment. Now is the time to determine your hardware, personnel, and training budget. Some of those costs will not be a one-time expenditure but will be an ongoing budget expenditure. The equipment must be updated, personnel training must be maintained, and the purchase of new technology as it becomes available.

Being a digital forensic investigator is not about buying the equipment, going to a training class, and never updating either of these afterward. As technology changes, so do the methods of hiding data or conducting criminal activities, so the investigator must be ready to adjust to these changes.

Before you are ready to begin the investigation, you must prepare yourself. This will allow for greater efficiency and a better work product. This includes preparing your equipment and becoming familiar with the current laws and legal decisions and the organization’s policies and procedures.

Some equipment will be reusable, and some will not. For the single-use items, make sure someone replaces them as soon as the incident concludes.

Note

I cannot tell you how many times I have responded to the scene with my “to go” kit only to find that another detective had already used it and not replaced the consumable equipment. It was my mistake for not checking it before I departed to go to the crime scene, and it was my partner’s mistake for not replacing the items.

We will now discuss the equipment you will use as an investigator.

The forensic workstation

Whenever you get forensic investigators together, a common topic of conversation is the forensic workstation. How much Random Access Memory (RAM)? How many Solid State Drives (SSD) drives? Which Central Processing Unit (CPU)? Which Operating System (OS)? These are all questions that you might commonly hear. There is always a difference of opinion about the configuration of a forensic workstation. None of the views are incorrect because the investigator’s workstation configuration depends on their budget and the cases that are being investigated.

Forensic workstations are not cheap. Depending on the skill level of the investigator, they can either build their own or purchase a pre-made forensic workstation. Several vendors will configure a workstation to your specification. For example, consider the vendor SUMURI (https://sumuri.com) and their TALINO workstations. The base model costs approximately $8,000 and comes with:

  • Intel Core i9-10900X 3.7 GHz 10-Core LGA 2066 processor
  • 32GB of DDR4 2666 MHz RAM
  • 500GB M.2 NVMe SSD

That is a basic forensic workstation, and you still must add storage for the forensic images. The high-end version costs over $18,000 and comes with:

  • Dual Intel Xeon Gold 5220 18-Core processors
  • 128GB DDR4 RAM
  • 1TB SSD for the operating system
  • 1TB M.2 NVMe SSD for temporary files and processing
  • 2TB M.2 NVMe SSD for databases
  • Eight 6TB hard drives configured in RAID 10 for evidence
  • A 30-series GDDR6 Graphics Processing Unit (GPU) such as the NVIDIA RTX 3070 or 3080

One bottleneck that a forensic investigator may face with their forensic workstation is data transfer. I suggest using SSDs because they have much higher throughput than the typical spinning disk does. A fast CPU and a large amount of RAM enable maximum performance for forensic analysis. However, these machines are not portable, and you are not always able to perform the analysis or to acquire the data from the relative comfort of your workstation. A forensic laptop is also an expensive piece of equipment. At the time of printing, the TALINO OMEGA comes with:

  • Intel Core i9-11900K processor
  • 64GB DDR4 2933 MHz RAM
  • 500GB M.2 NVMe SSD for the operating system
  • 250GB M.2 NVMe SSD for temporary files and processing
  • 1TB M.2 NVMe SSD for database
  • 2TB M.2 NVMe SSD for evidence files
  • NVIDIA GeForce RTX 3080 GPU with 16GB GDDR6 video memory

Note

You will need to include Gigabit Ethernet on both workstations to communicate on the local area network.

As you can see, you can never have too much CPU, RAM, or storage space on your forensic workstations. The equipment I described is on the higher end; you can conduct digital forensic examinations with less expensive equipment and still achieve the same results. In addition, the more high-end equipment will decrease the time involved. If you are a member of a multinational corporation or a large law enforcement agency, you may have the budget for high-end equipment. A smaller law enforcement agency, a smaller organization, or a single practitioner will have to determine what cost is more appropriate for their situation.

Sometimes you must leave the lab, which means you need additional portable equipment. We will now discuss the equipment required in your response kit.

The response kit

The digital evidence is not always delivered to your workspace. Sometimes, you may have to respond to a third-party location to acquire that evidence. The collection of that evidence is the basic building block for any digital forensic examination you may conduct. Like conducting an examination in your workspace, you need the proper tools and supporting equipment to accomplish this task. You need to create a response kit that includes documentary paperwork, pens, and storage containers to store digital evidence.

A response kit is unique to each digital forensic investigator. No kit is perfect; all kits are always subject to improvement. The goal of your response kit is to have everything you need to collect digital evidence, and we will go over some equipment that, in my experience, I have found helpful:

  • Digital camera: Capable of still and video recording. You need to document the scene as it was when you arrived. If you testify in official proceedings, you will show the fact-finder precisely what you saw as you arrived. Some organizations also video record all the actions of the digital forensic investigator’s activities as they collect digital evidence.

    Note

    A word of advice: I would disable the microphone so as not to record audio. You may have extended discussions about how to proceed using language that may be regarded as less professional. These discussions and use of language could be used as a distraction by the opposing side in the presentation of evidence.

  • Latex or nitrile gloves: These protect several aspects of the evidence collection — you are not leaving your fingerprints, and you are also protecting yourself from potential biohazards that may be on the scene. I am talking about blood, urine, feces, and any other biological fluid you can think of.
  • Notepads: You need to document your actions on the scene. A notepad is a perfect repository to maintain that information. You can take notes about who you talk to, who secured the scene, and the basic facts of the case. When you begin the investigation, a lot of information will come at you, and it could be easy for you to forget a specific action if you do not record it. Some organizations also make a hand-written sketch of where the digital evidence is being collected. Your organization’s policies and procedures will determine whether a sketch is required.
  • Organizational paperwork: This could be a property report for seizing evidence, and it lists exactly what was taken, where it was taken from, and any specific identifying marks or serial numbers on the item being taken. You can also include labels or tags to identify items that contain digital evidence.
  • Paper storage bags/antistatic bags: You have to put the containers of digital evidence somewhere to prevent any unauthorized access. Digital evidence is very fragile, and you want to make sure you do not store it in a manner where static electricity can be generated. Static electricity can render the storage media inoperative, and you will lose access to any data.
  • Storage media: Hard drives can be a traditional spinning disk or SSD and USB devices. A corporate digital forensic investigator will not shut down a server to create a forensic image. Instead, they will collect the specific datasets in the form of log files, RAM, or user directories and store them on the appropriately sized storage media.
  • Write blocking devices: This could be a hardware device, such as the Tableau TK8u USB 3.0 forensic bridge (https://security.opentext.com/tableau/hardware/details/t8u), which allows you to access a storage device without changing its contents. We will discuss the acquisition of evidence in much greater detail in Chapter 3, Acquisition of Evidence. Alternatively, you can use a forensic boot disk, such as SUMURI’s PALADIN, a Linux distribution based on Ubuntu that allows the collection of digital evidence in a forensically sound manner. SUMURI offers PALADIN as a free download at https://sumuri.com/software/paladin.
  • Frequency shielding material: This could include commercial aluminum foil, Faraday bags, or any container that will block radio transmissions. You will use this when you seize a mobile device to prevent the user from remotely wiping or resetting the device. Be aware, however, that when you place the device in these containers, the battery will quickly deplete, as it will attempt to reconnect to the network. If you have access to the mobile device’s menu, you can put the device into airplane mode. Then, the device will no longer attempt to connect to the network. Ensure you document any changes you make to the device.
  • A toolkit: A small precision toolkit with multiple screwdriver bits is used to disassemble laptops, desktops, or mobile devices to access the digital storage container. You want to make sure you have a variety of screw heads to match what the various manufacturers use. Sometimes, the manufacturers will use two or three different screw heads when assembling their devices.
  • Miscellaneous items: This can include extra power cables, data cables, USB hubs, screws, or anything else that might be difficult to acquire when you are at the subject’s location in the middle of the night, and no stores are available for you to purchase the missing item. If you are responding to a commercial site, keep a spare mouse and keyboard in case you need to access a server and they are not available. (If you are conducting network-based investigations, you may also want to include a network tap.) This subset comprises items you don’t think are needed until you are onsite and need them.
  • A forensic laptop: Make sure all your software is up to date. I recommend creating a folder containing digital versions of any forms you will use, any processes you need to document, and any applications you find helpful in carrying out your tasks.
  • Encryption: If you are traveling out of the country to get to the target site, you might want to encrypt the target drives that contain the acquired data you need to analyze. It is not uncommon for security services or customs to seize devices. This will ensure the data you acquired will not be compromised.
  • Software security keys: This is also referred to as a dongle. You will find commercial versions of software that require you to insert a USB-based security key to use it. You want to make sure you have them with you because the software cannot be used without the security key inserted.

Note

A program called VirtualHere (http://virtualhere.com/home) allows you to use your USB devices remotely. This will require a network connection at your destination and at your home location where the USB keys are plugged in. If you are unsure about the quality of your network connection, I recommend taking the keys with you.

Now, the important question is this: how do you carry all of this from one location to another?

My recommendation is a Pelican-type case that is watertight and crush-proof to protect the equipment. Also, include a TSA-compliant locking device if you must travel via commercial air in the United States.

The list of items we have just discussed is only a recommendation. You will add/subtract from this list to meet the needs of the task at hand. There is no right or wrong answer when stocking your response kit. The budget, the organization, and the task at hand will dictate what equipment is needed.

A government/law enforcement digital forensic investigator may acquire full forensic images at the scene, and they will need larger storage capacity devices. As you become more experienced, you will accurately determine what equipment you need to perform your duties.

The result is that you need to have a response kit when leaving the office to acquire digital data or respond to any incident. How you stock that kit is entirely up to you as the forensic investigator. This is all about making your job easier and more efficient.

That has covered some of the hardware and physical items needed. We will now move on to discussing software.

Forensic software

This is the software that you will use to analyze data. You have a choice of utilizing commercial software designed for the forensic process or open-source tools. You want to make sure that you use fully licensed software in your work environment.

There is nothing more embarrassing than an organization using pirated software to investigate and have that fact come out in the administrative or judicial proceeding. It will be a severe hit to your reputation if you use pirated software to conduct your investigation, and it will call into question your integrity, your ethics, the results of your inquiry, and the results provided by the forensic tool. I cannot stress this enough: you must use fully licensed software in the forensic process. So, what is the difference between open-source and commercially available tools?

Vendors make open-source software freely available for anyone to use. Typically, there are no restrictions on its use; you can use it for educational, profit, or testing purposes. The positive aspect is that it is available at no cost in most situations. The downside is that you will have little or no technical support if something goes wrong. It will depend entirely on your skillset and level of comfort working with these tools. In addition, many open-source tools use a command-line interface (CLI) and not a graphical user interface (GUI), which can intimidate new users.

A commercial tool will typically have better customer support, documentation, and timely updates. The downside is that you are paying for those services. In reality, most of the time anything that a commercial forensic tool can do, an open-source tool can do the same thing. A commercial tool may carry out multiple functions, while with an open-source framework you may have to use different open-source tools to accomplish the same task.

Neither choice is wrong. As a digital forensic investigator, you must know where the data came from and ensure that the tool provides an accurate representation of the data. It does not matter if the tool is an open-source or commercial version; you must validate the results provided by any tool. We will talk about validation a little further on in this chapter.

I often get questions about whether a particular piece of software is court-approved. Forensic software is not court-approved, but you need to explain in the administrative/judicial process whether the tool you used produces reliable results and is accepted within the forensic community.

In the United States, this is known as the Daubert standard, which comes from the Supreme Court case Daubert v. Merrell Dow Pharmaceuticals Inc., 509 U.S. 579 (1993). This standard is used to determine whether an expert witness’s testimony is based on scientifically valid reasoning and can be appropriately applied to the facts of the matter. The factors the court considered are as follows:

  • Whether the theory or technique can be or has been tested
  • Whether it has been subjected to peer review and publication
  • The known or potential error rate
  • The existence and maintenance of standards
  • Its acceptance within the scientific community

Initially, the courts only used the standard for scientific testimony. That changed with the Kumho Tire Co. v. Carmichael 526 U.S. 137 (1999) case; the Supreme Court clarified that the factors used in the Daubert decision could also apply to non-scientific testimony, that is, the testimony of engineers and other experts who are not scientists. So, as you can see, it is not so much the software being used but the expertise of the digital forensic investigator. Commercial forensic tools simplify the process and sometimes have a find evidence button. However, as the digital forensic investigator, you still must know where the forensic tool extracted the artifact from within the filesystem. (Your local jurisdiction may have different opinions.)

The National Institute of Standards and Technology (NIST) has sponsored the Computer Forensic Tool Testing Project (CFTT) (https://www.nist.gov/itl/ssd/software-quality-group/computer-forensics-tool-testing-program-cftt), which has established a methodology for testing computer forensic software tools through the development of general tool specifications, test procedures, test criteria, test sets, and test hardware. This project provides a source for testing the results of forensic tools on its website. They also offer a collection of testing media to conduct your validation of forensic software. It is part of your best practices to validate the results of your forensic tools at least annually or whenever the tool is updated. It does not matter whether you are a government or private sector digital forensic investigator: you need to have confidence in your tools and be able to testify that you have tested and validated the process.

In 2011, this validation process was called into question during the trial of Casey Anthony. Casey Anthony was being tried on the following charges: first-degree murder, aggravated child abuse, aggravated manslaughter of a child, and four counts of providing false information to police, who were investigating the death of her child. During the trial there was a significant assertion by the prosecution was that someone searched for the term “chloroform” 84 times on Anthony’s computer. While the trial was ongoing, it was discovered that the forensic tool used by the digital forensic investigators had misinterpreted the values in the internet history database. The user had only visited the site one time, not 84 as reported. The software designer of the forensic tool realized the mistake while the trial was ongoing and notified the trial team of the error. My recommendation is that you have multiple forensic tools to validate your findings. For example, you could have two commercial forensic tools, one commercial and one open-source forensic tool, or two open-source forensic tools, but you need to validate your findings.

Some open-source forensic tools include the following:

  • Autopsy: Autopsy is a fully functioning suite of forensic tools that allows you to conduct a complete forensic examination. It costs nothing and can be found at https://www.autopsy.com.
  • SIFT Workstation: SIFT is a virtual machine that uses the Ubuntu operating system with multiple forensic tools pre-installed. It is free and can be found at https://digital-forensics.sans.org/community/downloads.
  • PALADIN Forensic Suite: PALADIN is a live Linux distribution based on Ubuntu and has implemented several open-source forensic tools in a user interface called the PALADIN toolbox. It is free and can be found at https://sumuri.com/software/paladin/.
  • CAINE: Computer-Aided Investigative Environment (CAINE) is a digital forensics project that provides a GUI and many open-source forensic tools for free. You can find it at https://www.caine-live.net/.

These are just a few of the open-source forensic suites available. There may be others out there that I haven’t mentioned, or you may wish to use single-purpose tools. As long as you achieve the goal of finding the artifact to reveal the truth about the matter being investigated, it does not matter which tool you use. The key is to use your training and experience to explain the pertinence of the artifact and how you determined the tool is providing reliable results.

Here are some commercial forensic tools available for Windows-based users:

Here are some Macintosh-based tools:

A Linux-based tool is SMART (http://www.asrdata.com/forensic-software/smart-for-linux/).

This is just a sample of the commercial forensic tools available for use. Each tool will have its strengths and weaknesses, which can be debated endlessly with your fellow practitioners.

Right now, I prefer X-Ways as my primary tool, and I supplement it with FEX and Belkasoft Evidence Center.

You can have all the tools, software, and hardware, but how effective will you be without training? So next up are some training options for you to consider.

Forensic investigator training

If you travel on the path of a career in digital forensics, you will need to continually upgrade your skills and training, which must be considered an ongoing expense. Just because someone goes through a 40-hour course does not automatically make them a digital forensic investigator. Instead, they are taking the first steps down that career path, but they will need to continue to attend training sessions and associate with other like-minded peers.

Certification is not a guarantee that the user knows what they are doing. Instead, certification shows that the user met the minimum level to achieve that certification. There are many certifications available, and some are more worthwhile than others. Before joining an organization and participating in its certification process, you must do your due diligence and research the costs, availability, and whether that certification is accepted within the forensic community. Most certifying organizations will require annual dues and a yearly training requirement to recertify the certification. There are tool- and vendor-specific certifications where you are being tested on your ability to use the vendor’s forensic tool and an understanding of the fundamentals of digital forensics. At the other end of the spectrum is tool-agnostic certifications. You can use any tool to complete the certification process.

This is a list of some of the certifications available:

Now that we have explored the equipment and training options, you still must prepare by understanding the legal and case information pertaining to the specifics of an investigation. So, we will discuss legal issues next.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Investigate the core methods of computer forensics to procure and secure advanced digital evidence skillfully
  • Record the digital evidence collected and organize a forensic examination on it
  • Perform an assortment of Windows scientific examinations to analyze and overcome complex challenges

Description

Computer Forensics, being a broad topic, involves a variety of skills which will involve seizing electronic evidence, acquiring data from electronic evidence, data analysis, and finally developing a forensic report. This book will help you to build up the skills you need to work in a highly technical environment. This book's ideal goal is to get you up and running with forensics tools and techniques to successfully investigate crime and corporate misconduct. You will discover ways to collect personal information about an individual from online sources. You will also learn how criminal investigations are performed online while preserving data such as e-mails, images, and videos that may be important to a case. You will further explore networking and understand Network Topologies, IP Addressing, and Network Devices. Finally, you will how to write a proper forensic report, the most exciting portion of the forensic exam process. By the end of this book, you will have developed a clear understanding of how to acquire, analyze, and present digital evidence, like a proficient computer forensics investigator.

Who is this book for?

This book is for IT beginners, students, or an investigator in the public or private sector. This book will also help IT professionals who are new to incident response and digital forensics and are looking at choosing cybersecurity as their career. Individuals planning to pass the Certified Forensic Computer Examiner (CFCE) certification will also find this book useful.

What you will learn

  • Explore the investigative process, rules of evidence, legal process, and ethical guidelines
  • Understand the difference between sectors, clusters, volumes, and file slack
  • Validate forensic equipment, computer program, and examination methods
  • Create and validate forensically sterile media
  • Gain the ability to draw conclusions based on the exam discoveries
  • Record discoveries utilizing the technically correct terminology
  • Discover the limitations and guidelines for RAM Capture and its tools
  • Explore timeline analysis, media analysis, string searches, and recovery of deleted data

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 29, 2022
Length: 434 pages
Edition : 2nd
Language : English
ISBN-13 : 9781803239071
Category :
Concepts :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Jul 29, 2022
Length: 434 pages
Edition : 2nd
Language : English
ISBN-13 : 9781803239071
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 146.97
Digital Forensics and Incident Response
$54.99
Learn Computer Forensics – 2nd edition
$49.99
Cybersecurity – Attack and Defense Strategies, 3rd edition
$41.99
Total $ 146.97 Stars icon
Banner background image

Table of Contents

16 Chapters
Types of Computer-Based Investigations Chevron down icon Chevron up icon
The Forensic Analysis Process Chevron down icon Chevron up icon
Acquisition of Evidence Chevron down icon Chevron up icon
Computer Systems Chevron down icon Chevron up icon
Computer Investigation Process Chevron down icon Chevron up icon
Windows Artifact Analysis Chevron down icon Chevron up icon
RAM Memory Forensic Analysis Chevron down icon Chevron up icon
Email Forensics – Investigation Techniques Chevron down icon Chevron up icon
Internet Artifacts Chevron down icon Chevron up icon
Online Investigations Chevron down icon Chevron up icon
Networking Basics Chevron down icon Chevron up icon
Report Writing Chevron down icon Chevron up icon
Expert Witness Ethics Chevron down icon Chevron up icon
Assessments Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.8
(63 Ratings)
5 star 85.7%
4 star 12.7%
3 star 1.6%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Tony Chan Dec 22, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I am working in help desk and actively seeking a job in cybersecurity. This is a great book for learning about computer forensics. I highly recommend it to anyone trying to get into the field.
Amazon Verified review Amazon
gagan Dec 09, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I purchased this book to lear some forensics. This book provide me vast knowledge. I will recommend this book .this is great start for beginners.
Amazon Verified review Amazon
Bryan Guinn Oct 20, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book reminded me to tap into the knowledge I gained from a class I took with my mom many years ago on criminal investigations.This book introduces the reader to the different topics of computer-based investigations, from criminal acts investigated to potentially illegal actions performed by an employee or third parties. It details the critical thinking in the planning of providing digital investigative services while showing why digital evidence is one of the most volatile pieces of evidence an investigator can handle and how the mishandling of digital evidence can severely impact an investigation.This book is a great read, and I would highly recommend it whether you will be doing any computer forensics it’s great to learn more given how much we rely on technology in this digital age.
Amazon Verified review Amazon
D. Bisbey Jul 29, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I have spent time with this book and can honestly say it’s concise and everything is well explained. This subject can be daunting, but this book guides and leads you through.I would highly recommend this book to newbies and experts alike.A highly recommended book!
Amazon Verified review Amazon
Seth Keyser Dec 17, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is a great resource for building a strong foundational platform in computer forensics. It covers a wide range of core forensic principles for the forensic investigator that can be applied during an investigation or what I refer to as root cause analysis.The book is well written and laid-out, which allows the reader to follow along and understand the material presented to the reader. I really enjoyed this book and highly recommend it to anyone getting into computer forensics. Well done!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.