- Series: Networking & Security
- Paperback: 416 pages
- Publisher: Charles River Media; 1 edition (October 3, 2005)
- Language: English
- ISBN-10: 1584504056
- ISBN-13: 978-1584504054
- Product Dimensions: 9.3 x 7.4 x 0.8 inches
- Shipping Weight: 1.8 pounds
- Average Customer Review: 4 customer reviews
- Amazon Best Sellers Rank: #5,312,650 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Computer Evidence: Collection & Preservation (Networking & Security) 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
All Books, All the Time
Read author interviews, book reviews, editors picks, and more at the Amazon Book Review. Read it now
Customers who viewed this item also viewed
Acknowledgments Introduction PART I COMPUTER FORENSICS AND EVIDENCE DYNAMICS Chapter 1 Computer Forensics Essentials Chapter 2 Rules of Evidence, Case Law, and Regulation Chapter 3 Evidence Dynamics PART II INFORMATION SYSTEMS Chapter 4 Interview, Policy, and Audit Chapter 5 Network Topology and Architecture Chapter 6 Volatile Data PART III DATA STORAGE SYSTEMS AND MEDIA Chapter 7 Physical Disk Technologies Chapter 8 SAN, NAS, and RAID Chapter 9 Removable Media PART IV ARTIFACT COLLECTION Chapter 10 Tools, Preparation, and Documentation Chapter 11 Collecting Volatile Data Chapter 12 Imaging Methodologies Chapter 13 Large System Collection PART V ARCHIVING AND MAINTAINING EVIDENCE Chapter 14 The Forensics Workstation Chapter 15 The Forensics Lab Chapter 16 What's Next Appendix A Sample Chain of Custody Form Appendix B Evidence Collection Worksheet Appendix C Evidence Access Worksheet Appendix D Forensics Field Kit Appendix E Hexadecimal Flags for Partition Types Appendix F Forensics Tools for Digital Evidence Collection Appendix G Agencies, Contacts, and Resources Appendix H Investigator's Cisco Router Command Cheat Sheet Appendix I About the CD-ROM Index
About the Author
Christopher L. T. Brown, CISSP, is the founder and CTO of Technology Pathways. He is the chief architect of the Technology Pathways ProDiscover family of security products. Prior to his position with Technology Pathways, Mr. Brown served in key technology positions at several companies including GlobalApp, Inc., CompuVision, Inc., and StoragePoint, Inc. He is retired from a career with the U.S. Navy, where he managed a large team of technicians working in the area of information warfare and network security operations. In addition to his demanding duties as ProDiscover's chief architect, Mr. Brown teaches network security and computer forensics at the University of California at San Diego and has written numerous books on Windows, Security, the Internet, and forensics. He served as president of the San Diego HTCIA chapter in 2006, first vice president in 2005, second vice president in 2003, and was the 2007 HTCIA International conference chair. He attended UCSD and holds numerous career certifications from (ISC)2, Microsoft, Cisco, CompTIA, and CITRIX.
Top customer reviews
Evidence dynamics is covered in detail and the author does a better job of this than any other forensics book I have read. Evidence dynamics is how to keep the evidence from disappearing or changing. Just the act of shutting down a computer changes temporary files, open processes, swap file information, and many other items that may be necessary for a thorough investigation. Even the appendixes are valuable and contain several excellent sample forms including chain of custody, evidence collection, and evidence access worksheets. If you are involved in either the collection or the maintenance of data for a potential court case then you will be interested in this book. Alternatively, if you are trying to discredit an expert witness then the information presented here may also provide areas of attack. Either way Computer Evidence Collection and Preservation is highly recommended.
This book goes into every aspect of getting forensics information off of a computer. It starts with examining the computer, if it is on, then extracting the information from places like temporary internet storage. Of course there's a lot that needs to be done with the hard drive, and if you can find back up disks, tapes or memory devices.
In addition, there are hardware and software tools that can be used to extract information from the system. A general coverage of these is given, along with sources. Some of these are included on the CD-ROM included with the book.
This book is intended for use in a legal environment, so there is discussion on maintaining the chain of evidence to ensure that it doesn't get thrown out of court. Should you be on the other side in a trial, this gives you something to ask of the investigators to be sure that they have followed the rules.
Basically this is the most complete, most thorough book on the subject written by one of the experts in the business.
CR Flowers CCE