Alabama State University Library

My account Off-Campus Access E-Reserves Digital Collections Course Reserve

Search

Search for Library Items Search for Lists Search for Contacts Search for a Library

WorldCat

WorldCat Home About WorldCat Help Get E-mail Updates

My account (Sign in) WorldCat( )

Library Home

Cite/Export

Cite/Export

Copy a citation

APA (6th ed.)

Chicago (Author-Date, 15th ed.)

Harvard (18th ed.)

MLA (7th ed.)

Turabian (6th ed.)

Export a citation
Export to RefWorks Export to EndNote / Reference Manager Export to EasyBib
Export to EndNote / Reference Manager(non-Latin) Cancel
Note: Citations are based on reference standards. However, formatting rules can vary widely between applications and fields of interest or study. The specific requirements or preferences of your reviewing publisher, classroom teacher, institution or organization should be applied.
Print
E-mail

E-mail

All fields are required.

The E-mail Address(es) field is required. Please enter recipient e-mail address(es).

The E-mail Address(es) you entered is(are) not in a valid format. Please re-enter recipient e-mail address(es).

You may send this item to up to five recipients.
Enter recipient e-mail address(es): Separate up to five addresses with commas (,)
The name field is required. Please enter your name.
Enter your name: Subject:
The E-mail message field is required. Please enter the message.
E-mail Message: I thought you might be interested in this item at http://alasu.worldcat.org/oclc/1152994721 Title: Computer forensics and digital investigation with Encase Forensic v7 Author: Suzanne Widup Publisher: New York : McGraw-Hill Education, [2014] ISBN/ISSN: 9780071807913 0071807918 OCLC:1152994721

Please verify that you are not a robot.

Cancel
Share
Permalink

Permalink

Copy this URL to link to this page:

Chat with a librarian

Computer forensics and digital investigation with Encase Forensic v7

Author:	Suzanne Widup
Publisher:	New York : McGraw-Hill Education, [2014]
Edition/Format:	eBook : Document : EnglishView all editions and formats
Summary:	"This practical, professional book provides a scenario-based guide to the industry's #1 digital forensics tool, EnCase Forensic Computer Forensics and Digital Investigation with EnCase Forensic shows how to uncover digital evidence in a fast, cost-effective, organized, and repeatable manner using the industry's leading digital investigation software. Part I addresses forensic readiness, setting up the software, and

You are not connected to the Alabama State University Library network. Access to online content and services may require you to authenticate with your library. Off-Campus Access

Getting this item's online copy...

Find a copy in the library

Getting this item's location and availability...

WorldCat

Find it in libraries globally

Worldwide libraries own this item

Details

Genre/Form:	Electronic books
Material Type:	Document, Internet resource
Document Type:	Internet Resource, Computer File
All Authors / Contributors:	Suzanne Widup Find more information about:
ISBN:	9780071807913 0071807918
OCLC Number:	1152994721
Notes:	Includes index.
Description:	1 online resource (xx, 426 pages :) illustrations.
Contents:	Note continued: Appendix A Rosetta Stone for Window Operating Systems -- Appendix B EnCase Version 7 Keyboard Shortcuts -- EnCase Keyboard Shortcuts Quick Reference -- Appendix C Sample Run Books -- Creating a New Case (Chapter 2) -- Relocating Evidence Manually (Chapter 2) -- Backing Up the Current Case (Chapter 3) -- Reacquiring .E01/. Ex01 Evidence-(Chapter 3) -- Reacquiring .L01/. Lx01 Evidence (Chapter 3) -- Encrypting an Evidence File (See Reacquiring Evidence) -- Adding/Acquiring a Local irate (Chapter 4) -- Adding an EnCase Evidence File (Logical or Physical) (Chapter 4) -- Adding a Raw Image (Chapter 4) -- Acquiring a Smartphone (Chapter 4) -- Creating a New Case (Chapter 5) -- Verifying an Evidence File without Opening a Case (Chapter 5) -- Setting the lime Zone (Chapter 5) -- Processing and Preparation of Initial Case Evidence (Chapter 5) -- Mounting Files with Internal Structure (Compound Files) Individually (Chapter 6). Note continued: Collecting from a Powered-On Computer (Chapter 14) -- Collecting from a Powered-Off Computer (Chapter 14) -- Importing Evidence from EnCase Portable into EnCase Forensic (Chapter 14) -- Appendix D EnScript Class Hierarchy. Note continued: Creating a Case Plan -- Adding Evidence: Acquisitionvith EnCase Forensic -- Add Local Device -- Add Network Preview -- Add Evidence File -- Add Raw Image -- Acquire Smartphone -- Add Crossover, Preview -- EnCase Imager -- Summary -- chapter 5 Processing Evidence -- Creating the NIST Hacking Case -- Adding and Verifying the Evidence -- Setting the Time Zone in EnCase -- The EnCase Evidence Processor -- Process Prioritization -- Default or Red-Flagged Modules -- Optional Modules -- Our First Evidence Processor Run -- Summary -- chapter 6 Documenting Evidence -- Initial Case Documentation -- Files with Internal Structure -- Viewing the Evidence Processor Results -- Bookmarking Evidence Items -- Types of Bookmarks -- Viewing Bookmarks -- The Blue Check -- The Selected Box -- The Set Include (Home Plate) -- Tagging -- Managing Tags -- Summary -- chapter 7 Further Inspection -- More on the Evidence Processor Modules -- The System Info Parser (Continued). Note continued: Manually Verifying Evidence (Chapter 6) -- Regenerating the Case.sqlite Database (Chapter 8) -- Searching in the Evidence Browser (Chapter 9) -- Running an Existing Condition (Chapter 10) -- Running an Existing Filter (Chapter 10) -- Creating a Hash Library (Chapter 11) -- Creating a New Hash Set Inside the library (Chapter 11) -- Adding Results to Your Hash Library from a Case (Chapter 11) -- Importing the NSRLHash Library (Chapter 11) -- Generating a Report (Chapter 12) -- Creating a New Report Template (Chapter 12) -- Preparing a Case Package for Archiving (Chapter 13) -- Wiping a Drive with Encase (Chapter 13) -- Restoring the EnCase Portable USB Device (Chapter 14) -- Using EnCase Forensics-Requires Forensic Dangle -- Using the DVD-No Forensic Dangle Required -- Using the File Update-No Forensic Dangle Required -- Preparing Additional Storage Devices for Use with EnCase Portable (Chapter 14) -- Launching EnCase Portable Management (Chapter 14). Note continued: Processing Phase -- Analysis Phase -- Presentation Phase -- Archival Phase -- Disposal Phase -- Case Closure Criteria -- Inactive Case Review -- Archiving a Case -- Preparing a Case Package -- Physical Media Considerations -- Summary -- chapter 14 EnCase Portable and App Central -- EnCase Portable Basics -- What Is Included -- Installing from the Downloaded Product -- Installing from the DVD -- Preparing EnCase Portable for Redeployment After Use -- Restoring Using EnCase Forensic-Requires Forensic Dangle -- Restoring Using the DVD- Does Not Require a Forensic Dangle -- Restoring Using an Update File-Does Not Require a Forensic Dangle -- Preparing Additional Storage Devices for Use with Portable -- Preparing Storage Devices with EnCase Forensics-Scripted Method -- Preparing Storage Devices with Windows Explorer-Quick Method -- Managing and Configuring EnCase Portable -- The Portable Management Interface -- File Types in EnCase Portable. Note continued: Running Jobs in the Field -- Collecting from a Powerid-On Computer -- Collecting from a Powered-Off Computer -- The Report Builder -- On-Scene Analysis -- After the Collection -- Back at the Forensic Lab -- EnCase App Central -- Summary -- chapter 15 An EnScript Primer -- The Basics of EnScript -- The EnScript Environment -- The EnScript Help Function -- The EnScript Types Tab and the Class Browser -- Anatomy of an EnStript -- Our First EnScript -- Variables -- Variables and Their Scope -- Operators -- Looping Constructs-Controlling the Flow of an EnScript -- The If, Else If, and Else Statements -- The For Statement -- The While and Do While Statements -- The Break and Continue Statements -- The Switch, Case, Default Statement -- The Foreach, Forall and Forroot Statements -- The Ternary Operator -- The Debugger -- Functions -- Passing by Reference or Value -- Classes -- What Is a Class? -- The Aircraft Class -- The Constructor -- Summary. Note continued: Running the Condition -- Filters -- Running a Filter -- Editing a Filter -- Adding a New Filter -- Sharing a Filter -- Summary -- chapter 11 Hash Analysis and Timelines -- Working with Hash Sets and Libraries -- Creating a New Hash Library -- Adding Case Results to Your Hash Library -- Importing the NSRL Hash Library -- Importing Legacy Hash Results into Your Hash Library -- Running Queries Against Your Hash Libraries -- Using Hash libraries for Hash Analysis -- Viewing Timeline Data in EnCase -- Summary -- chapter 12 Reporting -- Generating Your Report -- Customizing Existing Report Templates -- Report Object Code -- Changing the Graphic on the Title Page -- Creating a New Report Template -- Using Styles -- Building the Report Tree Hierarchy -- Associating Bookmark Folders with Report Sections -- Controlling Which Sections Display -- Summary -- chapter 13 Wrapping Lip the Case -- Evidence Lifecycle Management -- The Digital Evidence Lifecycle -- Acquisition Phase. Note continued: The File Carver -- The Windows Artifact Parser -- Other Modules -- Archive -- Internet -- Thumbnails -- Email -- Registry -- Summary -- chapter 8 Analyzing the Case -- The Case Analyzer -- Windows Artifacts -- Customizing the Case Analyzer -- Case Analyzer Report Conventions -- SQLite Manager (Firefox) -- SQL Basics -- Customizing Our Report -- Parsing Email -- Outlook Express -- Web-Based Email -- Summary -- chapter 9 Keywords and Searching -- Keywords and Searching -- Logical vs. Physical Searches -- Searching in the Evidence Processor -- Viewing Search Results -- Searching in the Evidence Browser -- Evidence and Cache Locations -- Troubleshooting the Evidence Cache -- Index Searches -- Search Operators -- Using GREP Operators -- The GREP Wildcards -- Grouping and GREP -- Ranges and logical Operators -- Summary -- chapter 10 Conditions and Filters -- Conditions -- Running an Existing Condition -- Creating a New Condition -- Condition Logic -- Nesting Terms. Machine generated contents note: chapter 1 The Road to Readiness -- Forensic Readiness -- Policies -- Methodology -- Procedures -- Organizing the Work -- Infrastructure Considerations -- The Lab -- Staffing -- Summary -- chapter 2 Getting Started -- Installing the Software -- DVD Installation -- Downloaded Installation -- Creating a New Case in EnCase -- The EnCase Home Screen -- The Case Screen -- Customizing the Interface -- The Case Options -- The Global Options -- Adding Your First Evidence -- Navigating ECase -- The Tree Pane -- The Table Pane -- The View Pane -- Summary -- chapter 3 EnCase Concepts -- The EnCase Case File -- Case Backups -- The EnCase Evidence File -- Reacquiring Evidence -- Using Encryption with Ex01 and Lx01 Files -- Using Encryption to Share Files with Other Parties -- Using Encryption in a Multi-Investigator Environment -- EnCase Configuration (ini) Files -- Case Templates -- Summary -- chapter 4 Adding Evidence -- Case Study: The NIST CFReDS Hacking Case.
Responsibility:	Suzanne Widup.
More information:

Abstract:

"This practical, professional book provides a scenario-based guide to the industry's #1 digital forensics tool, EnCase Forensic Computer Forensics and Digital Investigation with EnCase Forensic shows how to uncover digital evidence in a fast, cost-effective, organized, and repeatable manner using the industry's leading digital investigation software. Part I addresses forensic readiness, setting up the software, and the basic interface. Part II lays out the case study used and how to navigate it step-by-step using the software. Part III details how to find clues and go deeper into investigations (finding hidden and deleted data). Part IV walks you through how to analyze the data, refine, and manipulate the results. Part V discusses the options for automating frequent tasks using EnCase Portable and the EnScript programming language. Sharpens the competitive edge of forensics practitioners through practice with the industry's #1 tool, EnCase Forensic Provides invaluable professional advice on the best working methods of digital forensic specialists An affordable learning option for this widely used tool Walks you through all the latest features to this first major software update in six years--EnCase Forensic v7 performs mobile device forensics (iPad, iPhone, Android, Blackberry, etc.), includes a completely revamped user interface, and streamlined organization of file, data, and report functions Commonly accessible evidence file toolkit allows you to put the book's case examples to the test "--

"Maximize the powerful tools and features of the industry-leading digital investigation software. Computer Forensics and Digital Investigation with EnCase Forensic reveals, step by step, how to detect illicit activity, capture and verify evidence, recover deleted and encrypted artifacts, prepare court-ready documents, and ensure legal and regulatory compliance. The book illustrates each concept using downloadable evidence from the National Institute of Standards and Technology CFReDS. Customizable sample procedures are included throughout this practical guide.- Install EnCase Forensic v7 and customize the user interface - Prepare your investigation and set up a new case - Collect and verify evidence from suspect computers and networks - Use the EnCase Evidence Processor and Case Analyzer - Uncover clues using keyword searches and filter results through GREP - Work with bookmarks, timelines, hash sets, and libraries - Handle case closure, final disposition, and evidence destruction - Carry out field investigations using EnCase Portable - Learn to program in EnCase EnScript.

Retrieving notes about this item

Reviews

User-contributed reviews

You:	Sign In \| Register \| My WorldCat \| My Lists \| My Watchlist \| My Reviews \| My Tags \| My Saved Searches
WorldCat:	Home \| About \| Help \| Search

More like this

Subjects

Similar Items