Computer Forensics Incident Response Essential (Paperback)

Warren G. Kruse II, Jay G. Heiser



Written by two experts in digital investigation, Computer Forensics provides extensive information on how to handle the computer as evidence. Kruse and Heiser walk the student through the complete forensics process蕞瞞rom the initial collection of evidence through the final report. Topics include an overview of the forensic relevance of encryption, the examination of digital evidence for clues, and the most effective way to present your evidence and conclusions in court. Unique forensic issues associated with both the Unix and the Windows NT/2000 operating systems are thoroughly covered.

Table of Contents

1. Introduction to Computer Forensics.
2. Tracking an Offender.
3. The Basics of Hard Drives and Storage.
4. Encryption and Forensics.
5. Data Hiding.
6. Hostile Code.
7. Your Electronic Toolkit.
8. Investigating Windows Computers.
9. Introduction to Unix for Forensic Examiners.
10. Compromising a Unix Host.
11. Investigating a Unix Host.
12. Introduction to the Criminal Justice System.
13. Conclusion.
Appendix A. Internet Data Center Response Plan.
Appendix B. Incident Response Triage Questionnaire.
Appendix C. How to Become a Unix Guru.
Appendix D. Exporting a Windows 2000 Personal Certificate.
Appendix E. How to Crowbar Unix Hosts.
Appendix F. Creating a Linux Boot CD.
Appendix G. Contents of a Forensic CD.
Annotated Bibliography.


由兩位數位調查專家撰寫,《電腦取證》提供了關於如何將電腦作為證據處理的詳細資訊。Kruse和Heiser將引導讀者從收集證據的初步階段到最終報告的整個取證過程。主題包括加密的取證相關概述,尋找數位證據的線索,以及在法庭上有效呈現證據和結論的最佳方式。該書還詳細介紹了與Unix和Windows NT/2000操作系統相關的獨特取證問題。

1. 電腦取證簡介。
2. 追蹤犯罪者。
3. 硬碟和儲存基礎知識。
4. 加密和取證。
5. 資料隱藏。
6. 惡意程式碼。
7. 電子工具箱。
8. 調查Windows電腦。
9. Unix入門指南。
10. 入侵Unix主機。
11. 調查Unix主機。
12. 刑事司法系統簡介。
13. 結論。
附錄A. 網際網路資料中心應變計劃。
附錄B. 事件應變篩選問卷。
附錄C. 如何成為Unix專家。
附錄D. 匯出Windows 2000個人憑證。
附錄E. 如何破解Unix主機。
附錄F. 創建Linux啟動光碟。
附錄G. 取證光碟內容。