Real Digital Forensics: Computer Security and Incident Response

Preface. Acknowledgments. About the Authors. Case Studies. I. LIVE INCIDENT RESPONSE. 1. Windows Live Response. 2. Unix Live Response. II. NETWORK-BASED FORENSICS. 3. Collecting Network-Based Evidence. 4. Analyzing Network-Based Evidence for a Windows Intrusion. 5. Analyzing Network-Based Evidence for a Unix Intrusion. III. ACQUIRING A FORENSIC DUPLICATION. 6. Before You Jump Right In... 7. Commercial-Based Forensic Duplications. 8. Noncommercial-Based Forensic Duplications. IV. FORENSIC ANALYSIS TECHNIQUES. 9. Common Forensic Analysis Techniques. 10. Web Browsing Activity Reconstruction. 11. E-Mail Activity Reconstruction. 12. Microsoft Windows Registry Reconstruction. 13. Forensic Tool Analysis: An Introduction to Using Linux for Analyzing Files of Unknown Origin. 14. Forensic Tool Analysis: A Hands-On Analysis of the Linux File aio. 15. Forensic Tool Analysis: Analyzing Files of Unknown Origin (Windows). V. CREATING A COMPLETE FORENSIC TOOL KIT. 16. Building the Ultimate Response CD. 17. Making Your CD-ROM a Bootable Environment. VI. MOBILEDEVICE FORENSICS. 18. Forensic Duplication and Analysis of Personal Digital Assistants. 19. Forensic Duplication of USB and Compact Flash Memory Devices. 20. Forensic Analysis of USB and Compact Flash Memory Devices. VII. ONELINE-BASED FORENSCIS. 21. Tracing E-Mail. 22. Domain Name Ownership. Appendix: An Introduction to Perl. Index.