Chuck Easttom - Digital Forensics, Investigation, and Response

World Headquarters

Jones & Bartlett Learning

25 Mall Road, 6th Floor

Burlington, MA 01803

978-443-5000

www.jblearning.com

Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to .

Copyright 2022 by Jones & Bartlett Learning, LLC, an Ascend Learning Company

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.

The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Digital Forensics, Investigation, and Response, Fourth Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product.

There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious but are used for instructional purposes only.

24449-6

Production Credits

VP, Product Management: Christine Emerton

Director of Product Management: Laura Pagluica

Product Manager: Ned Hinman

Tech Editor: Jeffrey Parker

Content Strategist: Melissa Duffy

Content Strategist: Paula Gregory

Project Manager: Kristen Rogers

Senior Project Specialist: Dan Stone

Digital Project Specialist: Rachel DiMaggio

Marketing Manager: Suzy Balk

Product Fulfillment Manager: Wendy Kilborn

Composition: Straive

Cover Design: Briana Yates

Text Design: Kristin E. Parker

Content Services Manager: Colleen Lamy

Media Development Editor: Faith Brosnan

Rights & Permissions Manager: John Rusk

Rights Specialist: Benjamin Roy

Cover Image (Title Page, Part Opener, Chapter Opener): phyZick/Shutterstock

Printing and Binding: McNaughton & Gunn

Library of Congress Cataloging-in-Publication Data

Names: Easttom, Chuck, author.

Title: Digital forensics, investigation, and response / Chuck Easttom.

Other titles: System forensics, investigation, and response

Description: Fourth edition. | Burlington, Massachusetts : Jones & Bartlett Learning, [2022] | Includes index.

Identifiers: LCCN 2021003216 | ISBN 9781284226065 (paperback)

Subjects: LCSH: Computer crimes--Investigation--Textbooks.

Classification: LCC HV8079.C65 E37 2022 | DDC 363.25/968--dc23

LC record available at https://lccn.loc.gov/20210032166048

Printed in the United States of America

25 24 23 22 21 10 9 8 7 6 5 4 3 2 1

phyZick/Shutterstock

phyZick/Shutterstock

This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com). Designed for courses and curriculums in IT Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information security principles packed with real-world applications and examples. Authored by Certified Information Systems Security Professionals, they deliver comprehensive information on all aspects of information security. Reviewed word-for-word by leading technical experts in the field, these books are not just current, but forward-thinkingputting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow as well.

Computer crimes call for forensics specialistspeople who know how to find and follow the evidence. But even aside from criminal investigations, incident response requires forensic skills. This book begins by examining the fundamentals of system forensics: what forensics is, an overview of computer crime, the challenges of system forensics, and forensic methods and labs. The second part of this book addresses the tools, techniques, and methods used to perform computer forensics and investigation. These include collecting evidence, investigating information hiding, recovering data, and scrutinizing email. It also discusses how to perform forensics in the Windows, Linux, and Macintosh operating systems; on mobile devices; and on networks. Finally, the third part explores incident and intrusion response, emerging technologies and future directions of this field, and additional system forensics resources.

All aspects of the book have been updated, to include recent changes in Windows, Macintosh, and mobile devices. For example, , New Trends, introduces a general methodology of smart TV forensics.

This text is accompanied by Cybersecurity Cloud Labs. These hands-on virtual labs provide immersive mock IT infrastructures where students can learn and practice foundational cybersecurity skills as an extension of the lessons in this textbook. For more information or to purchase the labs, visit go.jblearning.com/forensics4e.

The writing style of this book is practical and conversational. Each chapter begins with a statement of learning objectives. Step-by-step examples of information security concepts and procedures are presented throughout the text. Illustrations are used both to clarify the material and to vary the presentation. The text is sprinkled with Notes, Tips, FYIs, Warnings, and sidebars to alert the reader to additional helpful information related to the subject under discussion. Chapter assessments appear at the end of each chapter, with solutions provided at the back of the book.

Chapter summaries are included in the text to provide a rapid review or preview of the material and to help students understand the relative importance of the concepts presented.

This material is suitable for undergraduate or graduate computer science majors or information science majors, students at a two-year technical college or community college who have a basic technical background, or readers who have a basic understanding of IT security and want to expand their knowledge.