Computer forensics and digital investigation with Encase Forensic v7 (도서, 2014) [Alabama State University Library]
컨텐츠로 이동
Computer forensics and digital investigation with Encase Forensic v7

Computer forensics and digital investigation with Encase Forensic v7

저자: Suzanne Widup
출판사: New York : McGraw-Hill Education, [2014]
판/형식:   인쇄본 : 영어모든 판과 형식 보기
요약:
"This practical, professional book provides a scenario-based guide to the industry's #1 digital forensics tool, EnCase Forensic Computer Forensics and Digital Investigation with EnCase Forensic shows how to uncover digital evidence in a fast, cost-effective, organized, and repeatable manner using the industry's leading digital investigation software. Part I addresses forensic readiness, setting up the software, and
Alabama State University Library 네트워크에 연결되지 않았음 온라인 콘텐츠 및 서비스에 대한 이용은 도서관에서 인증을 요구할 수 있습니다. Off-Campus Access
이 항목의 온라인 사본 가지러 가는 중… 이 항목의 온라인 사본 가지러 가는 중…

도서관에서 사본 찾기

해당 항목에 대한 위치와 이용가능성을 보기 해당 항목에 대한 위치와 이용가능성을 보기

WorldCat

전세계 도서관에서 찾기
이 항목을 소유하고 있는 전세계 도서관

상세정보

문서 유형 도서
모든 저자 / 참여자: Suzanne Widup
ISBN: 9780071807913 0071807918
OCLC 번호: 878667780
메모: Includes index.
설명: xx, 426 pages : illustrations ; 23 cm
내용: Machine generated contents note: ch. 1 The Road to Readiness --
Forensic Readiness --
Policies --
Methodology --
Procedures --
Organizing the Work --
Infrastructure Considerations --
The Lab --
Staffing --
Summary --
ch. 2 Getting Started --
Installing the Software --
DVD Installation --
Downloaded Installation --
Creating a New Case in EnCase --
The EnCase Home Screen --
The Case Screen --
Customizing the Interface --
The Case Options --
The Global Options --
Adding Your First Evidence --
Navigating ECase --
The Tree Pane --
The Table Pane --
The View Pane --
Summary --
ch. 3 EnCase Concepts --
The EnCase Case File --
Case Backups --
The EnCase Evidence File --
Reacquiring Evidence --
Using Encryption with Ex01 and Lx01 Files --
Using Encryption to Share Files with Other Parties --
Using Encryption in a Multi-Investigator Environment --
EnCase Configuration (ini) Files --
Case Templates --
Summary --
ch. 4 Adding Evidence --
Case Study: The NIST CFReDS Hacking Case. Contents note continued: Creating a Case Plan --
Adding Evidence: Acquisitionvith EnCase Forensic --
Add Local Device --
Add Network Preview --
Add Evidence File --
Add Raw Image --
Acquire Smartphone --
Add Crossover, Preview --
EnCase Imager --
Summary --
ch. 5 Processing Evidence --
Creating the NIST Hacking Case --
Adding and Verifying the Evidence --
Setting the Time Zone in EnCase --
The EnCase Evidence Processor --
Process Prioritization --
Default or Red-Flagged Modules --
Optional Modules --
Our First Evidence Processor Run --
Summary --
ch. 6 Documenting Evidence --
Initial Case Documentation --
Files with Internal Structure --
Viewing the Evidence Processor Results --
Bookmarking Evidence Items --
Types of Bookmarks --
Viewing Bookmarks --
The Blue Check --
The Selected Box --
The Set Include (Home Plate) --
Tagging --
Managing Tags --
Summary --
ch. 7 Further Inspection --
More on the Evidence Processor Modules --
The System Info Parser (Continued). Contents note continued: The File Carver --
The Windows Artifact Parser --
Other Modules --
Archive --
Internet --
Thumbnails --
Email --
Registry --
Summary --
ch. 8 Analyzing the Case --
The Case Analyzer --
Windows Artifacts --
Customizing the Case Analyzer --
Case Analyzer Report Conventions --
SQLite Manager (Firefox) --
SQL Basics --
Customizing Our Report --
Parsing Email --
Outlook Express --
Web-Based Email --
Summary --
ch. 9 Keywords and Searching --
Keywords and Searching --
Logical vs. Physical Searches --
Searching in the Evidence Processor --
Viewing Search Results --
Searching in the Evidence Browser --
Evidence and Cache Locations --
Troubleshooting the Evidence Cache --
Index Searches --
Search Operators --
Using GREP Operators --
The GREP Wildcards --
Grouping and GREP --
Ranges and logical Operators --
Summary --
ch. 10 Conditions and Filters --
Conditions --
Running an Existing Condition --
Creating a New Condition --
Condition Logic --
Nesting Terms. Contents note continued: Running the Condition --
Filters --
Running a Filter --
Editing a Filter --
Adding a New Filter --
Sharing a Filter --
Summary --
ch. 11 Hash Analysis and Timelines --
Working with Hash Sets and Libraries --
Creating a New Hash Library --
Adding Case Results to Your Hash Library --
Importing the NSRL Hash Library --
Importing Legacy Hash Results into Your Hash Library --
Running Queries Against Your Hash Libraries --
Using Hash libraries for Hash Analysis --
Viewing Timeline Data in EnCase --
Summary --
ch. 12 Reporting --
Generating Your Report --
Customizing Existing Report Templates --
Report Object Code --
Changing the Graphic on the Title Page --
Creating a New Report Template --
Using Styles --
Building the Report Tree Hierarchy --
Associating Bookmark Folders with Report Sections --
Controlling Which Sections Display --
Summary --
ch. 13 Wrapping Lip the Case --
Evidence Lifecycle Management --
The Digital Evidence Lifecycle --
Acquisition Phase. Contents note continued: Processing Phase --
Analysis Phase --
Presentation Phase --
Archival Phase --
Disposal Phase --
Case Closure Criteria --
Inactive Case Review --
Archiving a Case --
Preparing a Case Package --
Physical Media Considerations --
Summary --
ch. 14 EnCase Portable and App Central --
EnCase Portable Basics --
What Is Included --
Installing from the Downloaded Product --
Installing from the DVD --
Preparing EnCase Portable for Redeployment After Use --
Restoring Using EnCase Forensic-Requires Forensic Dangle --
Restoring Using the DVD- Does Not Require a Forensic Dangle --
Restoring Using an Update File-Does Not Require a Forensic Dangle --
Preparing Additional Storage Devices for Use with Portable --
Preparing Storage Devices with EnCase Forensics-Scripted Method --
Preparing Storage Devices with Windows Explorer-Quick Method --
Managing and Configuring EnCase Portable --
The Portable Management Interface --
File Types in EnCase Portable. Contents note continued: Running Jobs in the Field --
Collecting from a Powerid-On Computer --
Collecting from a Powered-Off Computer --
The Report Builder --
On-Scene Analysis --
After the Collection --
Back at the Forensic Lab --
EnCase App Central --
Summary --
ch. 15 An EnScript Primer --
The Basics of EnScript --
The EnScript Environment --
The EnScript Help Function --
The EnScript Types Tab and the Class Browser --
Anatomy of an EnStript --
Our First EnScript --
Variables --
Variables and Their Scope --
Operators --
Looping Constructs-Controlling the Flow of an EnScript --
The If, Else If, and Else Statements --
The For Statement --
The While and Do While Statements --
The Break and Continue Statements --
The Switch, Case, Default Statement --
The Foreach, Forall and Forroot Statements --
The Ternary Operator --
The Debugger --
Functions --
Passing by Reference or Value --
Classes --
What Is a Class? --
The Aircraft Class --
The Constructor --
Summary. Contents note continued: Appendix A Rosetta Stone for Window Operating Systems --
Appendix B EnCase Version 7 Keyboard Shortcuts --
EnCase Keyboard Shortcuts Quick Reference --
Appendix C Sample Run Books --
Creating a New Case (Chapter 2) --
Relocating Evidence Manually (Chapter 2) --
Backing Up the Current Case (Chapter 3) --
Reacquiring .E01/. Ex01 Evidence-(Chapter 3) --
Reacquiring .L01/. Lx01 Evidence (Chapter 3) --
Encrypting an Evidence File (See Reacquiring Evidence) --
Adding/Acquiring a Local irate (Chapter 4) --
Adding an EnCase Evidence File (Logical or Physical) (Chapter 4) --
Adding a Raw Image (Chapter 4) --
Acquiring a Smartphone (Chapter 4) --
Creating a New Case (Chapter 5) --
Verifying an Evidence File without Opening a Case (Chapter 5) --
Setting the lime Zone (Chapter 5) --
Processing and Preparation of Initial Case Evidence (Chapter 5) --
Mounting Files with Internal Structure (Compound Files) Individually (Chapter 6). Contents note continued: Manually Verifying Evidence (Chapter 6) --
Regenerating the Case.sqlite Database (Chapter 8) --
Searching in the Evidence Browser (Chapter 9) --
Running an Existing Condition (Chapter 10) --
Running an Existing Filter (Chapter 10) --
Creating a Hash Library (Chapter 11) --
Creating a New Hash Set Inside the library (Chapter 11) --
Adding Results to Your Hash Library from a Case (Chapter 11) --
Importing the NSRLHash Library (Chapter 11) --
Generating a Report (Chapter 12) --
Creating a New Report Template (Chapter 12) --
Preparing a Case Package for Archiving (Chapter 13) --
Wiping a Drive with Encase (Chapter 13) --
Restoring the EnCase Portable USB Device (Chapter 14) --
Using EnCase Forensics-Requires Forensic Dangle --
Using the DVD-No Forensic Dangle Required --
Using the File Update-No Forensic Dangle Required --
Preparing Additional Storage Devices for Use with EnCase Portable (Chapter 14) --
Launching EnCase Portable Management (Chapter 14). Contents note continued: Collecting from a Powered-On Computer (Chapter 14) --
Collecting from a Powered-Off Computer (Chapter 14) --
Importing Evidence from EnCase Portable into EnCase Forensic (Chapter 14) --
Appendix D EnScript Class Hierarchy.
책임: Suzanne Widup.

초록:

This practical, professional book provides a scenario-based guide to the industry's #1 digital forensics tool, EnCase Forensic.  더 읽기…
해당 항목에 대한 메모 불러오기 해당 항목에 대한 메모 불러오기

리뷰

사용자-기여 리뷰

태그

첫번째 되기

유사 항목

요청하신 것을 확인하기

이 항목을 이미 요청하셨을 수도 있습니다. 만약 이 요청을 계속해서 진행하시려면 Ok을 선택하세요.

윈도우 닫기

WorldCat에 로그인 하십시오 

계정이 없으세요? 아주 간단한 절차를 통하여 무료 계정을 만드실 수 있습니다.