Computer Forensics Procedures and Methods

Abstract : Computer forensics involves the preservation, identification, extraction and documentationof digital evidence in the form of magnetically, optically, or electronically stored media. Itis a relatively new science that is becoming increasingly important as criminalsaggressively expand the use of technology in their enterprise of illegal activities. Thischapter is a technical  introduction and overview to some of the fundamental methods and procedures of computer forensics. The topics covered parallel the order in which computer forensic procedures are typically conducted, beginning with process of creating a bit-stream image of the evidence and subsequent verification of the evidence using one-wayhash functions. Two forms of forensic analysis are covered, including logical and physicalanalysis procedures. Analytic procedures we demonstrate include hash and signatureanalysis; keyword and email searches; recovery and analysis of cookies, print spool andapplication residual files; slack and unallocated space analysis; manual recovery of deletedfiles; behavioral timelines creation; and collecting evidence from running systems. Weclose the chapter by describing several commercial tools.

Read more & Download in here