Integrating Python with Leading Computer Forensic Platforms takes a definitive look at how and why the integration of Python advances the field of digital forensics. In addition, the book includes practical, never seen Python examples that can be immediately put to use. Noted author Chet Hosmer demonstrates more » how to extend four key Forensic Platforms using Python, including EnCase by Guidance Software, MPE+ by AccessData, The Open Source Autopsy/SleuthKit by Brian Carrier and WetStone Technologies, and Live Acquisition and Triage Tool US-LATT. This book is for practitioners, forensic investigators, educators, students, private investigators, or anyone advancing digital forensics for investigating cybercrime.
Additionally, the open source availability of the examples allows for sharing and growth within the industry. This book is the first to provide details on how to directly integrate Python into key forensic platforms.
* Provides hands-on tools, code samples, detailed instruction, and documentation that can be immediately put to use
* Shows how to integrate Python with popular digital forensic platforms, including EnCase, MPE+, The Open Source Autopsy/SleuthKit, and US-LATT
* Presents complete coverage of how to use Open Source Python scripts to extend and modify popular digital forensic Platforms « less
A practical guide to analyzing iOS devices with the latest forensics tools and techniques
* This book is a comprehensive update to Learning iOS Forensics
* This practical book will not only cover the critical aspects of digital forensics, but also mobile forensics
* Whether you’re a forensic analyst or an iOS developer, there’s something in this book for you
* The authors, more » Mattia Epifani and Pasquale Stirparo, are respected members of the community, they go into extensive detail to cover critical topics
Mobile forensics is used within many different domains, but is chiefly employed in the field of information security. By understanding common attack vectors and vulnerability points, security professionals can develop measures and examine system architectures to harden security on iOS devices. This book is a complete manual on the identification, acquisition, and analysis of iOS devices, updated to iOS 8 and 9.
You will learn by doing, with various case studies. The book covers different devices, operating system, and apps. There is a completely renewed section on third-party apps with a detailed analysis of the most interesting artifacts. By investigating compromised devices, you can work out the identity of the attacker, as well as what was taken, when, why, where, and how the attack was conducted.
WHAT YOU WILL LEARN
* Identify an iOS device between various models (iPhone, iPad, iPod Touch) and verify the iOS version installed
* Crack or bypass the protection passcode chosen by the user
* Acquire, at the most detailed level, the content of an iOS Device (physical, advanced logical, or logical)
* Recover information from a local backup and eventually crack the backup password
* Download back-up information stored on iCloud
* Analyze system, user, and third-party information from a device, a backup, or iCloud
* Examine malicious apps to identify data and credential thefts « less
Implement maximum control, security, and compliance processes in Azure cloud environmentsInMicrosoft Azure Security Infrastructure, three leading experts show how to plan, deploy, and operate Microsoft Azure with outstanding levels of control, security, and compliance. You’ll learn how to prepare infrastructure more » with Microsoft’s integrated tools, prebuilt templates, and managed services–and use these to help safely build and manage any enterprise, mobile, web, or Internet of Things (IoT) system. The authors guide you through enforcing, managing, and verifying robust security at physical, network, host, application, and data layers. You’ll learn best practices for security-aware deployment, operational management, threat mitigation, and continuous improvement–so you can help protect all your data, make services resilient to attack, and stay in control no matter how your cloud systems evolve.
Three Microsoft Azure experts show you how to:
• Understand cloud security boundaries and responsibilities
• Plan for compliance, risk management, identity/access management, operational security, and endpoint and data protection
• Explore Azure’s defense-in-depth security architecture
• Use Azure network security patterns and best practices
• Help safeguard data via encryption, storage redundancy, rights management, database security, and storage security
• Help protect virtual machines with Microsoft Antimalware for Azure Cloud Services and Virtual Machines
• Use the Microsoft Azure Key Vault service to help secure cryptographic keys and other confidential information
• Monitor and help protect Azure and on-premises resources with Azure Security Center and Operations Management Suite
• Effectively model threats and plan protection for IoT systems
• Use Azure security tools for operations, incident response, and forensic investigation « less
Securing Digital Evidence with Linux Tools
Forensic image acquisition is an important part of postmortem incident response and evidence collection. Digital forensic investigators acquire, preserve, and manage digital evidence to support civil and criminal cases; examine organizational policy violations; resolve disputes; and analyze cyber attacks.
Practical more » Forensic Imaging takes a detailed look at how to secure and manage digital evidence using Linux-based command line tools. This essential guide walks you through the entire forensic acquisition process and covers a wide range of practical scenarios and situations related to the imaging of storage media.
You'll learn how to:
* Perform forensic imaging of magnetic hard disks, SSDs and flash drives, optical discs, magnetic tapes, and legacy technologies
* Protect attached evidence media from accidental modification
* Manage large forensic image files, storage capacity, image format conversion, compression, splitting, duplication, secure transfer and storage, and secure disposal
* Preserve and verify evidence integrity with cryptographic and piecewise hashing, public key signatures, and RFC-3161 timestamping
* Work with newer drive and interface technologies like NVME, SATA Express, 4K-native sector drives, SSHDs, SAS, UASP/USB3x, and Thunderbolt
* Manage drive security such as ATA passwords; encrypted thumb drives; Opal self-encrypting drives; OS-encrypted drives using BitLocker, FileVault, and TrueCrypt; and others
* Acquire usable images from more complex or challenging situations such as RAID systems, virtual machine images, and damaged media
With its unique focus on digital forensic acquisition and evidence preservation, Practical Forensic Imaging is a valuable resource for experienced digital forensic investigators wanting to advance their Linux skills and experienced Linux administrators wanting to learn digital forensics. This is a must-have reference for every digital forensics lab. « less
Advanced Digital Forensic Analysis of the Windows Registry
Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry, Second Edition, provides the most in-depth guide to forensic investigations involving Windows Registry. This book is one-of-a-kind, giving the background of the Registry to help users develop an understanding of the more » structure of registry hive files, as well as information stored within keys and values that can have a significant impact on forensic investigations. Tools and techniques for post morten analysis are discussed at length to take users beyond the current use of viewers and into real analysis of data contained in the Registry. This second edition continues a ground-up approach to understanding so that the treasure trove of the Registry can be mined on a regular and continuing basis.
* Named a Best Digital Forensics Book by InfoSec Reviews
* Packed with real-world examples using freely available open source tools
* Provides a deep explanation and understanding of the Windows Registry ― perhaps the least understood and employed source of information within Windows systems
* Includes a companion website that contains the code and author-created tools discussed in the book
* Features updated, current tools and techniques
* Contains completely updated content throughout, with all new coverage of the latest versions of Windows « less
Enhance your computer forensics knowledge through illustrations, tips, tricks, and practical real-world scenarios
Written by a specialist in digital crime, this book helps you leverage the power of the FTK platform to conduct penetrating computer forensic investigations. With a step-by-step approach, it clarifies even the most complex processes.
ABOUT THIS BOOK
* Receive step-by-step guidance on conducting computer more » investigations
* Explore the functionality of FTK Imager and learn to use its features effectively
* Conduct increasingly challenging and more applicable digital investigations for generating effective evidence using the FTK platform
WHO THIS BOOK IS FOR
This tutorial-based guide is great for you if you want to conduct digital investigations with an integrated platform. Whether you are new to Computer Forensics or have some experience, this book will help you get started with FTK so you can analyze evidence effectively and efficiently. If you are a law enforcement official, corporate security, or IT professional who needs to evaluate the evidentiary value of digital evidence, then this book is ideal for you.
WHAT YOU WILL LEARN
* Get started with Computer Forensics using the FTK platform to conduct your digital investigation
* Acquire different types of digital devices with integrity
* Find evidence in Windows registry hives using Registry View
* Understand the use of PRTK for password recovery
* Narrowing the case using filters and keyword searches
* Analyze Internet artifacts and e-mail messages
* Report results using the bookmarks features
* Learn tips and tricks to get the most out of your digital investigation results
With the increase of electronic crimes and the need to constantly audit the proper use of resources, companies need qualified professionals and appropriate tools to carry out these activities. The FTK platform, with the ability to collect and analyze digital evidence quickly and with integrity, is a great solution to help professionals achieve these goals. It is extremely useful for conducting digital investigations, helping you conduct a thorough investigation through a single tool and ensure the integrity of evidence. It is hard to find technical information on this tool and that's where this book will come in handy, helping professionals perform their activities with greater excellence.
This tutorial leads by example, providing you with everything you need to use FTK and the tools included such as FTK Imager, Registry View, and PRTK in order to enhance your Computer Forensics knowledge in an easier and more efficient way.
You will be introduced to the background of Computer Forensics, which include the types of digital devices that can be acquired and how to prepare for a new case of investigation. You will become acquainted with the FTK architecture and learn how to leverage its features in order to help you find the evidence as fast as possible. Through this book, you will also learn the memory forensics technique using the memory dump feature of FTK Imager. Furthermore, you will learn how to extract some important information such as process and DLL information, Sockets, and Driver List Open Handles.
To conclude your tutorial, you will learn how to extract information from Windows Registry and how to recover passwords from the system and files. You will find this book an invaluable supplement to teach you all the steps required for the completion of investigations on digital media and to generate consistent and irrefutable evidence in court. « less
THE DEFINITIVE GUIDE TO INCIDENT RESPONSE--UPDATED FOR THE FIRST TIME IN A DECADE!
Thoroughly revised to cover the latest and most effective tools and techniques, Incident Response & Computer Forensics, Third Edition arms you with the information you need to get your organization out of trouble when more » data breaches occur. This practical resource covers the entire lifecycle of incident response, including preparation, data collection, data analysis, and remediation. Real-world case studies reveal the methods behind--and remediation strategies for--today's most insidious attacks.
* Architect an infrastructure that allows for methodical investigation and remediation
* Develop leads, identify indicators of compromise, and determine incident scope
* Collect and preserve live data
* Perform forensic duplication
* Analyze data from networks, enterprise services, and applications
* Investigate Windows and Mac OS X systems
* Perform malware triage
* Write detailed incident response reports
* Create and implement comprehensive remediation plans « less
The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting more » attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks.
Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating potential legal evidence. In full, this and the other four books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker's path through a client system.
The series and accompanying labs help prepare the security student or professional to profile an intruder's footprint and gather all necessary information and evidence to support prosecution in a court of law. Investigating Wireless Networks and Devices discusses how to investigate wireless attacks, as well as PDA, i-Pod, i-Phone and BlackBerry forensics. « less
Computer Forensics Secrets & Solutions
"Provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties it all the complex pieces together with real-world case studies. ...Delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform more » computer forensic investigations." --Brian H. Karney, COO, AccessData Corporation
The latest strategies for investigating cyber-crime
Identify and investigate computer criminals of all stripes with help from this fully updated. real-world resource. Hacking Exposed Computer Forensics, Second Edition explains how to construct a high-tech forensic lab, collect prosecutable evidence, discover e-mail and system file clues, track wireless activity, and recover obscured documents. Learn how to re-create an attacker's footsteps, communicate with counsel, prepare court-ready reports, and work through legal and organizational challenges. Case studies straight from today's headlines cover IP theft, mortgage fraud, employee misconduct, securities fraud, embezzlement, organized crime, and consumer fraud cases.
* Effectively uncover, capture, and prepare evidence for investigation
* Store and process collected data in a highly secure digital forensic lab
* Restore deleted documents, partitions, user activities, and file systems
* Analyze evidence gathered from Windows, Linux, and Macintosh systems
* Use the latest Web and client-based e-mail tools to extract relevant artifacts
* Overcome the hacker's anti-forensic, encryption, and obscurity techniques
* Unlock clues stored in cell phones, PDAs, and Windows Mobile devices
* Prepare legal documents that will hold up to judicial and defense scrutiny « less
Computer Forensics Toolkit
* Incident response and forensic investigation are the processes of detecting attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks
* This much-needed reference covers the methodologies for incident response and computer forensics, Federal Computer more » Crime law information and evidence requirements, legal issues, and working with law enforcement
* Details how to detect, collect, and eradicate breaches in e-mail and malicious code
* CD-ROM is packed with useful tools that help capture and protect forensic data; search volumes, drives, and servers for evidence; and rebuild systems quickly after evidence has been obtained « less