Nejste připojen/-a do sítě Alabama State University Library. Pro přístup k online obsahu a službám může být nevyhnutné se přihlásit jako uživatel knihovny.
Off-Campus Access
Zpřístupňování online kopie dokumentu...Vyhledat exemplář v knihovně
Získávání informací o lokaci a dostupnosti tohoto dokumentu...WorldCat
Vyhledat v knihovnách obecně
Knihovny na světě vlastní tento dokument
Detaily
| Typ dokumentu | Kniha |
|---|---|
| Všichni autoři/tvůrci: |
Suzanne Widup |
| ISBN: | 9780071807913 0071807918 |
| OCLC číslo: | 878667780 |
| Poznámky: | Includes index. |
| Popis: | xx, 426 pages : illustrations ; 23 cm |
| Obsahy: | Machine generated contents note: ch. 1 The Road to Readiness -- Forensic Readiness -- Policies -- Methodology -- Procedures -- Organizing the Work -- Infrastructure Considerations -- The Lab -- Staffing -- Summary -- ch. 2 Getting Started -- Installing the Software -- DVD Installation -- Downloaded Installation -- Creating a New Case in EnCase -- The EnCase Home Screen -- The Case Screen -- Customizing the Interface -- The Case Options -- The Global Options -- Adding Your First Evidence -- Navigating ECase -- The Tree Pane -- The Table Pane -- The View Pane -- Summary -- ch. 3 EnCase Concepts -- The EnCase Case File -- Case Backups -- The EnCase Evidence File -- Reacquiring Evidence -- Using Encryption with Ex01 and Lx01 Files -- Using Encryption to Share Files with Other Parties -- Using Encryption in a Multi-Investigator Environment -- EnCase Configuration (ini) Files -- Case Templates -- Summary -- ch. 4 Adding Evidence -- Case Study: The NIST CFReDS Hacking Case. Contents note continued: Creating a Case Plan -- Adding Evidence: Acquisitionvith EnCase Forensic -- Add Local Device -- Add Network Preview -- Add Evidence File -- Add Raw Image -- Acquire Smartphone -- Add Crossover, Preview -- EnCase Imager -- Summary -- ch. 5 Processing Evidence -- Creating the NIST Hacking Case -- Adding and Verifying the Evidence -- Setting the Time Zone in EnCase -- The EnCase Evidence Processor -- Process Prioritization -- Default or Red-Flagged Modules -- Optional Modules -- Our First Evidence Processor Run -- Summary -- ch. 6 Documenting Evidence -- Initial Case Documentation -- Files with Internal Structure -- Viewing the Evidence Processor Results -- Bookmarking Evidence Items -- Types of Bookmarks -- Viewing Bookmarks -- The Blue Check -- The Selected Box -- The Set Include (Home Plate) -- Tagging -- Managing Tags -- Summary -- ch. 7 Further Inspection -- More on the Evidence Processor Modules -- The System Info Parser (Continued). Contents note continued: The File Carver -- The Windows Artifact Parser -- Other Modules -- Archive -- Internet -- Thumbnails -- Email -- Registry -- Summary -- ch. 8 Analyzing the Case -- The Case Analyzer -- Windows Artifacts -- Customizing the Case Analyzer -- Case Analyzer Report Conventions -- SQLite Manager (Firefox) -- SQL Basics -- Customizing Our Report -- Parsing Email -- Outlook Express -- Web-Based Email -- Summary -- ch. 9 Keywords and Searching -- Keywords and Searching -- Logical vs. Physical Searches -- Searching in the Evidence Processor -- Viewing Search Results -- Searching in the Evidence Browser -- Evidence and Cache Locations -- Troubleshooting the Evidence Cache -- Index Searches -- Search Operators -- Using GREP Operators -- The GREP Wildcards -- Grouping and GREP -- Ranges and logical Operators -- Summary -- ch. 10 Conditions and Filters -- Conditions -- Running an Existing Condition -- Creating a New Condition -- Condition Logic -- Nesting Terms. Contents note continued: Running the Condition -- Filters -- Running a Filter -- Editing a Filter -- Adding a New Filter -- Sharing a Filter -- Summary -- ch. 11 Hash Analysis and Timelines -- Working with Hash Sets and Libraries -- Creating a New Hash Library -- Adding Case Results to Your Hash Library -- Importing the NSRL Hash Library -- Importing Legacy Hash Results into Your Hash Library -- Running Queries Against Your Hash Libraries -- Using Hash libraries for Hash Analysis -- Viewing Timeline Data in EnCase -- Summary -- ch. 12 Reporting -- Generating Your Report -- Customizing Existing Report Templates -- Report Object Code -- Changing the Graphic on the Title Page -- Creating a New Report Template -- Using Styles -- Building the Report Tree Hierarchy -- Associating Bookmark Folders with Report Sections -- Controlling Which Sections Display -- Summary -- ch. 13 Wrapping Lip the Case -- Evidence Lifecycle Management -- The Digital Evidence Lifecycle -- Acquisition Phase. Contents note continued: Processing Phase -- Analysis Phase -- Presentation Phase -- Archival Phase -- Disposal Phase -- Case Closure Criteria -- Inactive Case Review -- Archiving a Case -- Preparing a Case Package -- Physical Media Considerations -- Summary -- ch. 14 EnCase Portable and App Central -- EnCase Portable Basics -- What Is Included -- Installing from the Downloaded Product -- Installing from the DVD -- Preparing EnCase Portable for Redeployment After Use -- Restoring Using EnCase Forensic-Requires Forensic Dangle -- Restoring Using the DVD- Does Not Require a Forensic Dangle -- Restoring Using an Update File-Does Not Require a Forensic Dangle -- Preparing Additional Storage Devices for Use with Portable -- Preparing Storage Devices with EnCase Forensics-Scripted Method -- Preparing Storage Devices with Windows Explorer-Quick Method -- Managing and Configuring EnCase Portable -- The Portable Management Interface -- File Types in EnCase Portable. Contents note continued: Running Jobs in the Field -- Collecting from a Powerid-On Computer -- Collecting from a Powered-Off Computer -- The Report Builder -- On-Scene Analysis -- After the Collection -- Back at the Forensic Lab -- EnCase App Central -- Summary -- ch. 15 An EnScript Primer -- The Basics of EnScript -- The EnScript Environment -- The EnScript Help Function -- The EnScript Types Tab and the Class Browser -- Anatomy of an EnStript -- Our First EnScript -- Variables -- Variables and Their Scope -- Operators -- Looping Constructs-Controlling the Flow of an EnScript -- The If, Else If, and Else Statements -- The For Statement -- The While and Do While Statements -- The Break and Continue Statements -- The Switch, Case, Default Statement -- The Foreach, Forall and Forroot Statements -- The Ternary Operator -- The Debugger -- Functions -- Passing by Reference or Value -- Classes -- What Is a Class? -- The Aircraft Class -- The Constructor -- Summary. Contents note continued: Appendix A Rosetta Stone for Window Operating Systems -- Appendix B EnCase Version 7 Keyboard Shortcuts -- EnCase Keyboard Shortcuts Quick Reference -- Appendix C Sample Run Books -- Creating a New Case (Chapter 2) -- Relocating Evidence Manually (Chapter 2) -- Backing Up the Current Case (Chapter 3) -- Reacquiring .E01/. Ex01 Evidence-(Chapter 3) -- Reacquiring .L01/. Lx01 Evidence (Chapter 3) -- Encrypting an Evidence File (See Reacquiring Evidence) -- Adding/Acquiring a Local irate (Chapter 4) -- Adding an EnCase Evidence File (Logical or Physical) (Chapter 4) -- Adding a Raw Image (Chapter 4) -- Acquiring a Smartphone (Chapter 4) -- Creating a New Case (Chapter 5) -- Verifying an Evidence File without Opening a Case (Chapter 5) -- Setting the lime Zone (Chapter 5) -- Processing and Preparation of Initial Case Evidence (Chapter 5) -- Mounting Files with Internal Structure (Compound Files) Individually (Chapter 6). Contents note continued: Manually Verifying Evidence (Chapter 6) -- Regenerating the Case.sqlite Database (Chapter 8) -- Searching in the Evidence Browser (Chapter 9) -- Running an Existing Condition (Chapter 10) -- Running an Existing Filter (Chapter 10) -- Creating a Hash Library (Chapter 11) -- Creating a New Hash Set Inside the library (Chapter 11) -- Adding Results to Your Hash Library from a Case (Chapter 11) -- Importing the NSRLHash Library (Chapter 11) -- Generating a Report (Chapter 12) -- Creating a New Report Template (Chapter 12) -- Preparing a Case Package for Archiving (Chapter 13) -- Wiping a Drive with Encase (Chapter 13) -- Restoring the EnCase Portable USB Device (Chapter 14) -- Using EnCase Forensics-Requires Forensic Dangle -- Using the DVD-No Forensic Dangle Required -- Using the File Update-No Forensic Dangle Required -- Preparing Additional Storage Devices for Use with EnCase Portable (Chapter 14) -- Launching EnCase Portable Management (Chapter 14). Contents note continued: Collecting from a Powered-On Computer (Chapter 14) -- Collecting from a Powered-Off Computer (Chapter 14) -- Importing Evidence from EnCase Portable into EnCase Forensic (Chapter 14) -- Appendix D EnScript Class Hierarchy. |
| Odpovědnost: | Suzanne Widup. |
Anotace:
This practical, professional book provides a scenario-based guide to the industry's #1 digital forensics tool, EnCase Forensic.
Přečíst více...
Vyhledávání poznámek o tomto dokumentu