IIE Logo

Cover image for Digital forensics with open source tools
Title:
Digital forensics with open source tools
Author:
Altheide, Cory.
ISBN:
9781597495868
Personal Author:
Altheide, Cory.
Publication Information:
Waltham, MA : Syngress, c2011.
Physical Description:
xvii, 264 p. : ill. ; 24 cm.
Contents:
Machine generated contents note: Welcome to "Digital Forensics with Open Source Tools" -- What Is "Digital Forensics?" -- Goals of Forensic Analysis -- The Digital Forensics Process -- What Is "Open Source?" -- "Free" vs. "Open" -- Open Source Licenses -- Benefits of Open Source Tools -- Education -- Portability and Flexibility -- Price -- Ground Truth -- Summary -- References -- Preparing the Examination System -- Building Software -- Installing Interpreters -- Working with Image Files -- Working with File Systems -- Using Linux as the Host -- Extracting Software -- GNU Build System -- Version Control Systems -- Installing Interpreters -- Working with Images -- Using Windows as the Host -- Building Software -- Installing Interpreters -- Working with Images -- Working with File Systems -- Summary -- References -- Media Analysis Concepts -- File System Abstraction Model -- The Sleuth Kit -- Installing the Sleuth Kit -- Sleuth Kit Tools -- Partitioning and Disk Layouts --

Contents note continued: Partition Identification and Recovery -- Redundant Array of Inexpensive Disks -- Special Containers -- Virtual Machine Disk Images -- Forensic Containers -- Hashing -- Carving -- Foremost -- Forensic Imaging -- Deleted Data -- File Slack -- dd -- dcfldd -- dc3dd -- Summary -- References -- Introduction -- Windows File Systems -- File Allocation Table -- New Technology File System -- File System Summary -- Registry -- Event Logs -- Prefetch Files -- Shortcut Files -- Windows Executables -- Summary -- References -- Introduction -- Linux File Systems -- File System Layer -- File Name Layer -- Metadata Layer -- Data Unit Layer -- Journal Tools -- Deleted Data -- Linux Logical Volume Manager -- Linux Boot Process and Services -- System V -- BSD -- Linux System Organization and Artifacts -- Partitioning -- Filesystem Hierarchy -- Ownership and Permissions -- File Attributes -- Hidden Files -- /tmp -- User Accounts -- Home Directories -- Shell History -- ssh --

Contents note continued: GNOME Windows Manager Artifacts -- Logs -- User Activity Logs -- Syslog -- Command Line Log Processing -- Scheduling Tasks -- Summary -- References -- Introduction -- OS X File System Artifacts -- HFS+ Structures -- OS X System Artifacts -- Property Lists -- Bundles -- System Startup and Services -- Kexts -- Network Configuration -- Hidden Directories -- Installed Applications -- Swap and Hibernation dataData -- System Logs -- User Artifacts -- Home Directories -- Summary -- References -- Introduction -- Browser Artifacts -- Internet Explorer -- Firefox -- Chrome -- Safari -- Mail Artifacts -- Personal Storage Table -- mbox and maildir -- Summary -- References -- File Analysis Concepts -- Content Identification -- Content Examination -- Metadata Extraction -- Images -- JPEG -- GIF -- PNG -- TIFF -- Audio -- WAV -- MPEG-3/MP3 -- MPEG-4 Audio (AAC/M4A) -- ASF/WMA -- Video -- MPEG-1 and MPEG-2 -- M PEG-4 Video (MP4) -- AV I -- ASF/WMV -- MOV (Quickti ) --

Contents note continued: MKV -- Archives -- ZIP -- RAR -- 7-zip -- TAR, GZIP, and BZIP2 -- Documents -- OLE Compound Files (Office Documents) -- Office Open XML -- OpenDocument Format -- Rich Text Format -- PDF -- Summary -- References -- Introduction -- Graphical Investigation Environments -- PyFLAG -- Digital Forensics Framework -- Automating Artifact Extraction -- Fiwalk -- Timelines -- Relative Times -- Inferred Times -- Embedded Times -- Periodicity -- Frequency Patterns and Outliers (Least Frequency of Occurrence) -- Summary -- References -- Introduction -- ch. 3 Disk and File System Analysis -- FTK Imager -- ProDiscover Free -- ch. 4 Windows Systems and Artifacts -- Windows File Analysis -- Event Log Explorer -- Log Parser -- ch. 7 Internet Artifacts -- NirSoft Tools -- Woanware Tools -- ch. 8 File Analysis -- Mitec.cz: Structured Storage Viewer -- OffVis -- FileInsight -- ch. 9 Automating Analysis and Extending Capabilities -- Mandiant: Highlighter -- CaseNotes --

Contents note continued: Validation and Testing Resources -- Digital Corpora -- Digital Forensics Tool Testing Images -- Electronic Discovery Reference Model -- Digital Forensics Research Workshop Challenges -- Additional Images -- References.
Subject Term:
Computer crimes -- Investigation.

Open source software.

Forensic sciences.
Added Author:
Carvey, Harlan A.
Copies: