Bill Nelson - Guide to Computer Forensics and Investigations: Processing Digital Evidence

COPYRIGHT 2019, 2016 Cengage Learning, Inc.

ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced or distributed in any form or by any means, except as permitted by U.S. copyright law, without the prior written permission of the copyright owner.

For permission to use material from this text or product, submit all requests online at www.cengage.com/permissions.

ISBN: 978-1-337-56894-4

20 Channel Center Street

Boston MA 02210

USA

Cengage is a leading provider of customized learning solutions with employees residing in nearly 40 different countries and sales in more than 125 countries around the world. Find your local representative at www.cengage.com.

Cengage products are represented in Canada by Nelson Education, Ltd.

To learn more about Cengage platforms and services, visit www.cengage.com.

To register or access your online learning solution or purchase materials for your course, visit www.cengagebrain.com.

Guide to Computer Forensics and Investigations is now in its sixth edition. As digital technology and cyberspace have evolved from their early roots as basic communication platforms into the hyper-connected world we live in today, so has the demand for people who have the knowledge and skills to investigate legal and technical issues involving computers and digital technology. My sincere compliments to the authors and publishing staff who have made this textbook such a remarkable resource for thousands of students and practitioners worldwide.

Computers, the Internet, and the worlds digital ecosystem are all instrumental in how we conduct our daily lives. When the founding fathers of the modern computing era were designing the digital infrastructure as we know it today, security and temporal accountability issues were not at the top of their list of things to do. The technological advancement of these systems over the past 10 years has changed the way we learn, socialize, and conduct business. Finding digital data that can be used as evidence to incriminate or exonerate a suspect accused in a legal or administrative proceeding is not an easy task.

Cyberthreats have become pervasive in modern society. They range from simple computer viruses to complex ransomware and cyber extortion schemes. The ability to conduct sophisticated digital forensics investigations has become a requirement in both the government and commercial sectors. Currently, the organizations and agencies whose job it is to investigate both criminal and civil matters involving the use of rapidly developing digital technology often struggle to keep up with the ever-changing digital landscape. Additionally, finding trained and qualified people to conduct these types of inquiries has been challenging.

Today, an entire industry has evolved for the purpose of investigating events occurring in cyberspace to include incidents involving international and corporate espionage, massive data breaches, and even cyberterrorism. The opportunities for employment in this field are expanding every day. Professionals in this exciting field of endeavor are now in high demand and are expected to have multiple skill sets in areas such as malware analysis, cloud computing, social media, and mobile device forensics.

Guide to Computer Forensics and Investigations can now be found in both academic and professional environments as a reliable source of current technical information and practical exercises concerning investigations involving the latest digital technologies. Its my belief that this book, combined with an enthusiastic and knowledgeable facilitator, makes for a fascinating course of instruction.

As I have stated to many of my students in the past, its not just laptop computers and servers that harbor the binary code of ones and zeros, but an infinite array of digital devices. If one of these devices retains evidence of a crime, its up to newly trained and educated digital detectives to find the evidence in a forensically sound manner. This book will assist both students and practitioners in accomplishing this goal.

Respectfully,

John A. Sgromolo

As a Senior Special Agent, John was one of the founding members of the NCIS Computer Crime Investigations Group. John left government service to run his own company, Digital Forensics, Inc., and has taught hundreds of law enforcement and corporate students nationwide in the art and science of digital forensics investigations. Currently, he serves as a senior consultant for Verizons Global Security Services, where he helps manage the Threat Intel Response Service.

Computer forensics, now most commonly called digital forensics, has been a professional field for many years, but most well-established experts in the field have been self-taught. The growth of the Internet and the worldwide proliferation of computers have increased the need for digital investigations. Computers can be used to commit crimes, and crimes can be recorded on computers, including company policy violations, embezzlement, e-mail harassment, murder, leaks of proprietary information, and even terrorism. Law enforcement, network administrators, attorneys, and private investigators now rely on the skills of professional digital forensics experts to investigate criminal and civil cases.

This book is not intended to provide comprehensive training in digital forensics. It does, however, give you a solid foundation by introducing digital forensics to those who are new to the field. Other books on digital forensics are targeted to experts; this book is intended for novices who have a thorough grounding in computer and networking basics.

The new generation of digital forensics experts needs more initial training because operating systems, computer and mobile device hardware, and forensics software tools are changing more quickly. This book covers current and past operating systems and a range of hardware, from basic workstations and high-end network servers to a wide array of mobile devices. Although this book focuses on a few forensics software tools, it also reviews and discusses other currently available tools.