- Gebundenes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
An explanation of the basic principles of data
This book explains the basic principles of data as building blocks of electronic evidential matter, which are used in a cyber forensics investigations. The entire text is written with no reference to a particular operation system or environment, thus it is applicable to all work environments, cyber investigation scenarios, and technologies. The text is written in a step-by-step manner, beginning with the elementary building blocks of data progressing upwards to the representation and storage of information. It inlcudes practical examples and illustrations throughout to guide the reader.…mehr
Andere Kunden interessierten sich auch für
- Darrell D. DorrellFinancial Forensics Body of Knowledge, + Website81,99 €
- Delena D. SpannFraud Analytics43,99 €
- Erik LaykinInvestigative Computer Forensics91,99 €
- Eddy H. J. VaassenAccounting Information Systems and Internal Control70,99 €
- David A. MontagueEssentials of Online Payment39,99 €
- Andrew CoburnSolving Cyber Risk43,99 €
- Graeme EdwardsCybercrime Investigators Handbook71,99 €
-
-
-
An explanation of the basic principles of data
This book explains the basic principles of data as building blocks of electronic evidential matter, which are used in a cyber forensics investigations. The entire text is written with no reference to a particular operation system or environment, thus it is applicable to all work environments, cyber investigation scenarios, and technologies. The text is written in a step-by-step manner, beginning with the elementary building blocks of data progressing upwards to the representation and storage of information. It inlcudes practical examples and illustrations throughout to guide the reader.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
This book explains the basic principles of data as building blocks of electronic evidential matter, which are used in a cyber forensics investigations. The entire text is written with no reference to a particular operation system or environment, thus it is applicable to all work environments, cyber investigation scenarios, and technologies. The text is written in a step-by-step manner, beginning with the elementary building blocks of data progressing upwards to the representation and storage of information. It inlcudes practical examples and illustrations throughout to guide the reader.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Wiley Corporate F&A .
- Verlag: Wiley & Sons
- 1. Auflage
- Seitenzahl: 368
- Erscheinungstermin: 1. Mai 2012
- Englisch
- Abmessung: 235mm x 157mm x 24mm
- Gewicht: 682g
- ISBN-13: 9781118273661
- ISBN-10: 1118273664
- Artikelnr.: 34448793
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
- Wiley Corporate F&A .
- Verlag: Wiley & Sons
- 1. Auflage
- Seitenzahl: 368
- Erscheinungstermin: 1. Mai 2012
- Englisch
- Abmessung: 235mm x 157mm x 24mm
- Gewicht: 682g
- ISBN-13: 9781118273661
- ISBN-10: 1118273664
- Artikelnr.: 34448793
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
ALBERT J. MARCELLA, JR., PHD, CISA, CISM, is President of Business Automation Consultants, LLC, a global information technology and management consulting firm providing IT management consulting, audit and security reviews, and training. He is an internationally recognized public speaker, researcher, workshop and seminar leader, and an author of numerous articles and books on various IT, audit, and security related subjects. FREDERIC GUILLOSSOU, CISSP, CCE, is an Information Security Analyst with TALX, a division of Equifax. He regularly trains on intrusion prevention systems and has successfully led a number of forensic investigations in the field.
Preface xiii
Acknowledgments xvii
Chapter 1: The Fundamentals of Data 1
Base 2 Numbering System: Binary and Character Encoding 2
Communication in a Two-State Universe 3
Electricity and Magnetism 3
Building Blocks: The Origins of Data 4
Growing the Building Blocks of Data 5
Moving Beyond Base 2 7
American Standard Code for Information Interchange 7
Character Codes: The Basis for Processing Textual Data 10
Extended ASCII and Unicode 10
Summary 12
Notes 13
Chapter 2: Binary to Decimal 15
American Standard Code for Information Interchange 16
Computer as a Calculator 16
Why Is This Important in Forensics? 18
Data Representation 18
Converting Binary to Decimal 19
Conversion Analysis 20
A Forensic Case Example: An Application of the Math 20
Decimal to Binary: Recap for Review 22
Summary 23
Chapter 3: The Power of HEX: Finding Slivers of Data 25
What the HEX? 26
Bits and Bytes and Nibbles 27
Nibbles and Bits 29
Binary to HEX Conversion 30
Binary (HEX) Editor 34
The Needle within the Haystack 39
Summary 41
Notes 42
Chapter 4: Files 43
Opening 44
Files, File Structures, and File Formats 44
File Extensions 45
Changing a File's Extension to Evade Detection 47
Files and the HEX Editor 53
File Signature 55
ASCII Is Not Text or HEX 57
Value of File Signatures 58
Complex Files: Compound, Compressed, and Encrypted Files 59
Why Do Compound Files Exist? 60
Compressed Files 61
Forensics and Encrypted Files 64
The Structure of Ciphers 65
Summary 66
Notes 67
Appendix 4A: Common File Extensions 68
Appendix 4B: File Signature Database 73
Appendix 4C: Magic Number Defi nition 77
Appendix 4D: Compound Document Header 79
Chapter 5: The Boot Process and the Master Boot Record (MBR) 85
Booting Up 87
Primary Functions of the Boot Process 87
Forensic Imaging and Evidence Collection 90
Summarizing the BIOS 92
BIOS Setup Utility: Step by Step 92
The Master Boot Record (MBR) 96
Partition Table 102
Hard Disk Partition 103
Summary 110
Notes 111
Chapter 6: Endianness and the Partition Table 113
The Flavor of Endianness 114
Endianness 116
The Origins of Endian 117
Partition Table within the Master Boot Record 117
Summary 125
Notes 127
Chapter 7: Volume versus Partition 129
Tech Review 130
Cylinder, Head, Sector, and Logical Block Addressing 132
Volumes and Partitions 138
Summary 142
Notes 144
Chapter 8: File Systems-FAT 12/16 145
Tech Review 145
File Systems 147
Metadata 149
File Allocation Table (FAT) File System 153
Slack 157
HEX Review Note 160
Directory Entries 161
File Allocation Table (FAT) 163
How Is Cluster Size Determined? 167
Expanded Cluster Size 169
Directory Entries and the FAT 170
FAT Filing System Limitations 174
Directory Entry Limitations 176
Summary 177
Appendix 8A: Partition Table Fields 179
Appendix 8B: File Allocation Table Values 180
Appendix 8C: Directory Entry Byte Offset Description 181
Appendix 8D: FAT 12/16 Byte Offset Values 182
Appendix 8E: FAT 32 Byte Offset Values 184
Appendix 8F: The Power of 2 186
Chapter 9: File Systems-NTFS and Beyond 189
New Technology File System 189
Partition Boot Record 190
Master File Table 191
NTFS Summary 195
exFAT 196
Alternative Filing System Concepts 196
Summary 203
Notes 204
Appendix 9A: Common NTFS System Defined Attributes 205
Chapter 10: Cyber Forensics: Investigative Smart Practices 207
The Forensic Process 209
Forensic Investigative Smart Practices 211
Step 1: The Initial Contact, the Request 211
Step 2: Evidence Handling 216
Step 3: Acquisition of Evidence 221
Step 4: Data Preparation 229
Time 238
Summary 239
Note 240
Chapter 11: Time and Forensics 241
What Is Time? 241
Network Time Protocol 243
Timestamp Data 244
Keeping Track of Time 245
Clock Models and Time Bounding: The Foundations of Forensic Time 247
MS-DOS 32-Bit Timestamp: Date and Time 248
Date Determination 250
Time Determination 254
Time Inaccuracy 258
Summary 259
Notes 260
Chapter 12: Investigation: Incident Closure 263
Forensic Investigative Smart Practices 264
Step 5: Investigation (Continued) 264
Step 6: Communicate Findings 265
Characteristics of a Good Cyber Forensic Report 266
Report Contents 268
Step 7: Retention and Curation of Evidence 269
Step 8: Investigation Wrap-Up and Conclusion 273
Investigator's Role as an Expert Witness 273
Summary 279
Notes 280
Chapter 13: A Cyber Forensic Process Summary 283
Binary 284
Binary-Decimal-ASCII 285
Data Versus Code 287
HEX 288
From Raw Data to Files 288
Accessing Files 289
Endianness 290
Partitions 291
File Systems 291
Time 292
The Investigation Process 292
Summary 295
Appendix: Forensic Investigations, ABC Inc. 297
Glossary 303
About the Authors 327
Index 329
Acknowledgments xvii
Chapter 1: The Fundamentals of Data 1
Base 2 Numbering System: Binary and Character Encoding 2
Communication in a Two-State Universe 3
Electricity and Magnetism 3
Building Blocks: The Origins of Data 4
Growing the Building Blocks of Data 5
Moving Beyond Base 2 7
American Standard Code for Information Interchange 7
Character Codes: The Basis for Processing Textual Data 10
Extended ASCII and Unicode 10
Summary 12
Notes 13
Chapter 2: Binary to Decimal 15
American Standard Code for Information Interchange 16
Computer as a Calculator 16
Why Is This Important in Forensics? 18
Data Representation 18
Converting Binary to Decimal 19
Conversion Analysis 20
A Forensic Case Example: An Application of the Math 20
Decimal to Binary: Recap for Review 22
Summary 23
Chapter 3: The Power of HEX: Finding Slivers of Data 25
What the HEX? 26
Bits and Bytes and Nibbles 27
Nibbles and Bits 29
Binary to HEX Conversion 30
Binary (HEX) Editor 34
The Needle within the Haystack 39
Summary 41
Notes 42
Chapter 4: Files 43
Opening 44
Files, File Structures, and File Formats 44
File Extensions 45
Changing a File's Extension to Evade Detection 47
Files and the HEX Editor 53
File Signature 55
ASCII Is Not Text or HEX 57
Value of File Signatures 58
Complex Files: Compound, Compressed, and Encrypted Files 59
Why Do Compound Files Exist? 60
Compressed Files 61
Forensics and Encrypted Files 64
The Structure of Ciphers 65
Summary 66
Notes 67
Appendix 4A: Common File Extensions 68
Appendix 4B: File Signature Database 73
Appendix 4C: Magic Number Defi nition 77
Appendix 4D: Compound Document Header 79
Chapter 5: The Boot Process and the Master Boot Record (MBR) 85
Booting Up 87
Primary Functions of the Boot Process 87
Forensic Imaging and Evidence Collection 90
Summarizing the BIOS 92
BIOS Setup Utility: Step by Step 92
The Master Boot Record (MBR) 96
Partition Table 102
Hard Disk Partition 103
Summary 110
Notes 111
Chapter 6: Endianness and the Partition Table 113
The Flavor of Endianness 114
Endianness 116
The Origins of Endian 117
Partition Table within the Master Boot Record 117
Summary 125
Notes 127
Chapter 7: Volume versus Partition 129
Tech Review 130
Cylinder, Head, Sector, and Logical Block Addressing 132
Volumes and Partitions 138
Summary 142
Notes 144
Chapter 8: File Systems-FAT 12/16 145
Tech Review 145
File Systems 147
Metadata 149
File Allocation Table (FAT) File System 153
Slack 157
HEX Review Note 160
Directory Entries 161
File Allocation Table (FAT) 163
How Is Cluster Size Determined? 167
Expanded Cluster Size 169
Directory Entries and the FAT 170
FAT Filing System Limitations 174
Directory Entry Limitations 176
Summary 177
Appendix 8A: Partition Table Fields 179
Appendix 8B: File Allocation Table Values 180
Appendix 8C: Directory Entry Byte Offset Description 181
Appendix 8D: FAT 12/16 Byte Offset Values 182
Appendix 8E: FAT 32 Byte Offset Values 184
Appendix 8F: The Power of 2 186
Chapter 9: File Systems-NTFS and Beyond 189
New Technology File System 189
Partition Boot Record 190
Master File Table 191
NTFS Summary 195
exFAT 196
Alternative Filing System Concepts 196
Summary 203
Notes 204
Appendix 9A: Common NTFS System Defined Attributes 205
Chapter 10: Cyber Forensics: Investigative Smart Practices 207
The Forensic Process 209
Forensic Investigative Smart Practices 211
Step 1: The Initial Contact, the Request 211
Step 2: Evidence Handling 216
Step 3: Acquisition of Evidence 221
Step 4: Data Preparation 229
Time 238
Summary 239
Note 240
Chapter 11: Time and Forensics 241
What Is Time? 241
Network Time Protocol 243
Timestamp Data 244
Keeping Track of Time 245
Clock Models and Time Bounding: The Foundations of Forensic Time 247
MS-DOS 32-Bit Timestamp: Date and Time 248
Date Determination 250
Time Determination 254
Time Inaccuracy 258
Summary 259
Notes 260
Chapter 12: Investigation: Incident Closure 263
Forensic Investigative Smart Practices 264
Step 5: Investigation (Continued) 264
Step 6: Communicate Findings 265
Characteristics of a Good Cyber Forensic Report 266
Report Contents 268
Step 7: Retention and Curation of Evidence 269
Step 8: Investigation Wrap-Up and Conclusion 273
Investigator's Role as an Expert Witness 273
Summary 279
Notes 280
Chapter 13: A Cyber Forensic Process Summary 283
Binary 284
Binary-Decimal-ASCII 285
Data Versus Code 287
HEX 288
From Raw Data to Files 288
Accessing Files 289
Endianness 290
Partitions 291
File Systems 291
Time 292
The Investigation Process 292
Summary 295
Appendix: Forensic Investigations, ABC Inc. 297
Glossary 303
About the Authors 327
Index 329
Preface xiii
Acknowledgments xvii
Chapter 1: The Fundamentals of Data 1
Base 2 Numbering System: Binary and Character Encoding 2
Communication in a Two-State Universe 3
Electricity and Magnetism 3
Building Blocks: The Origins of Data 4
Growing the Building Blocks of Data 5
Moving Beyond Base 2 7
American Standard Code for Information Interchange 7
Character Codes: The Basis for Processing Textual Data 10
Extended ASCII and Unicode 10
Summary 12
Notes 13
Chapter 2: Binary to Decimal 15
American Standard Code for Information Interchange 16
Computer as a Calculator 16
Why Is This Important in Forensics? 18
Data Representation 18
Converting Binary to Decimal 19
Conversion Analysis 20
A Forensic Case Example: An Application of the Math 20
Decimal to Binary: Recap for Review 22
Summary 23
Chapter 3: The Power of HEX: Finding Slivers of Data 25
What the HEX? 26
Bits and Bytes and Nibbles 27
Nibbles and Bits 29
Binary to HEX Conversion 30
Binary (HEX) Editor 34
The Needle within the Haystack 39
Summary 41
Notes 42
Chapter 4: Files 43
Opening 44
Files, File Structures, and File Formats 44
File Extensions 45
Changing a File's Extension to Evade Detection 47
Files and the HEX Editor 53
File Signature 55
ASCII Is Not Text or HEX 57
Value of File Signatures 58
Complex Files: Compound, Compressed, and Encrypted Files 59
Why Do Compound Files Exist? 60
Compressed Files 61
Forensics and Encrypted Files 64
The Structure of Ciphers 65
Summary 66
Notes 67
Appendix 4A: Common File Extensions 68
Appendix 4B: File Signature Database 73
Appendix 4C: Magic Number Defi nition 77
Appendix 4D: Compound Document Header 79
Chapter 5: The Boot Process and the Master Boot Record (MBR) 85
Booting Up 87
Primary Functions of the Boot Process 87
Forensic Imaging and Evidence Collection 90
Summarizing the BIOS 92
BIOS Setup Utility: Step by Step 92
The Master Boot Record (MBR) 96
Partition Table 102
Hard Disk Partition 103
Summary 110
Notes 111
Chapter 6: Endianness and the Partition Table 113
The Flavor of Endianness 114
Endianness 116
The Origins of Endian 117
Partition Table within the Master Boot Record 117
Summary 125
Notes 127
Chapter 7: Volume versus Partition 129
Tech Review 130
Cylinder, Head, Sector, and Logical Block Addressing 132
Volumes and Partitions 138
Summary 142
Notes 144
Chapter 8: File Systems-FAT 12/16 145
Tech Review 145
File Systems 147
Metadata 149
File Allocation Table (FAT) File System 153
Slack 157
HEX Review Note 160
Directory Entries 161
File Allocation Table (FAT) 163
How Is Cluster Size Determined? 167
Expanded Cluster Size 169
Directory Entries and the FAT 170
FAT Filing System Limitations 174
Directory Entry Limitations 176
Summary 177
Appendix 8A: Partition Table Fields 179
Appendix 8B: File Allocation Table Values 180
Appendix 8C: Directory Entry Byte Offset Description 181
Appendix 8D: FAT 12/16 Byte Offset Values 182
Appendix 8E: FAT 32 Byte Offset Values 184
Appendix 8F: The Power of 2 186
Chapter 9: File Systems-NTFS and Beyond 189
New Technology File System 189
Partition Boot Record 190
Master File Table 191
NTFS Summary 195
exFAT 196
Alternative Filing System Concepts 196
Summary 203
Notes 204
Appendix 9A: Common NTFS System Defined Attributes 205
Chapter 10: Cyber Forensics: Investigative Smart Practices 207
The Forensic Process 209
Forensic Investigative Smart Practices 211
Step 1: The Initial Contact, the Request 211
Step 2: Evidence Handling 216
Step 3: Acquisition of Evidence 221
Step 4: Data Preparation 229
Time 238
Summary 239
Note 240
Chapter 11: Time and Forensics 241
What Is Time? 241
Network Time Protocol 243
Timestamp Data 244
Keeping Track of Time 245
Clock Models and Time Bounding: The Foundations of Forensic Time 247
MS-DOS 32-Bit Timestamp: Date and Time 248
Date Determination 250
Time Determination 254
Time Inaccuracy 258
Summary 259
Notes 260
Chapter 12: Investigation: Incident Closure 263
Forensic Investigative Smart Practices 264
Step 5: Investigation (Continued) 264
Step 6: Communicate Findings 265
Characteristics of a Good Cyber Forensic Report 266
Report Contents 268
Step 7: Retention and Curation of Evidence 269
Step 8: Investigation Wrap-Up and Conclusion 273
Investigator's Role as an Expert Witness 273
Summary 279
Notes 280
Chapter 13: A Cyber Forensic Process Summary 283
Binary 284
Binary-Decimal-ASCII 285
Data Versus Code 287
HEX 288
From Raw Data to Files 288
Accessing Files 289
Endianness 290
Partitions 291
File Systems 291
Time 292
The Investigation Process 292
Summary 295
Appendix: Forensic Investigations, ABC Inc. 297
Glossary 303
About the Authors 327
Index 329
Acknowledgments xvii
Chapter 1: The Fundamentals of Data 1
Base 2 Numbering System: Binary and Character Encoding 2
Communication in a Two-State Universe 3
Electricity and Magnetism 3
Building Blocks: The Origins of Data 4
Growing the Building Blocks of Data 5
Moving Beyond Base 2 7
American Standard Code for Information Interchange 7
Character Codes: The Basis for Processing Textual Data 10
Extended ASCII and Unicode 10
Summary 12
Notes 13
Chapter 2: Binary to Decimal 15
American Standard Code for Information Interchange 16
Computer as a Calculator 16
Why Is This Important in Forensics? 18
Data Representation 18
Converting Binary to Decimal 19
Conversion Analysis 20
A Forensic Case Example: An Application of the Math 20
Decimal to Binary: Recap for Review 22
Summary 23
Chapter 3: The Power of HEX: Finding Slivers of Data 25
What the HEX? 26
Bits and Bytes and Nibbles 27
Nibbles and Bits 29
Binary to HEX Conversion 30
Binary (HEX) Editor 34
The Needle within the Haystack 39
Summary 41
Notes 42
Chapter 4: Files 43
Opening 44
Files, File Structures, and File Formats 44
File Extensions 45
Changing a File's Extension to Evade Detection 47
Files and the HEX Editor 53
File Signature 55
ASCII Is Not Text or HEX 57
Value of File Signatures 58
Complex Files: Compound, Compressed, and Encrypted Files 59
Why Do Compound Files Exist? 60
Compressed Files 61
Forensics and Encrypted Files 64
The Structure of Ciphers 65
Summary 66
Notes 67
Appendix 4A: Common File Extensions 68
Appendix 4B: File Signature Database 73
Appendix 4C: Magic Number Defi nition 77
Appendix 4D: Compound Document Header 79
Chapter 5: The Boot Process and the Master Boot Record (MBR) 85
Booting Up 87
Primary Functions of the Boot Process 87
Forensic Imaging and Evidence Collection 90
Summarizing the BIOS 92
BIOS Setup Utility: Step by Step 92
The Master Boot Record (MBR) 96
Partition Table 102
Hard Disk Partition 103
Summary 110
Notes 111
Chapter 6: Endianness and the Partition Table 113
The Flavor of Endianness 114
Endianness 116
The Origins of Endian 117
Partition Table within the Master Boot Record 117
Summary 125
Notes 127
Chapter 7: Volume versus Partition 129
Tech Review 130
Cylinder, Head, Sector, and Logical Block Addressing 132
Volumes and Partitions 138
Summary 142
Notes 144
Chapter 8: File Systems-FAT 12/16 145
Tech Review 145
File Systems 147
Metadata 149
File Allocation Table (FAT) File System 153
Slack 157
HEX Review Note 160
Directory Entries 161
File Allocation Table (FAT) 163
How Is Cluster Size Determined? 167
Expanded Cluster Size 169
Directory Entries and the FAT 170
FAT Filing System Limitations 174
Directory Entry Limitations 176
Summary 177
Appendix 8A: Partition Table Fields 179
Appendix 8B: File Allocation Table Values 180
Appendix 8C: Directory Entry Byte Offset Description 181
Appendix 8D: FAT 12/16 Byte Offset Values 182
Appendix 8E: FAT 32 Byte Offset Values 184
Appendix 8F: The Power of 2 186
Chapter 9: File Systems-NTFS and Beyond 189
New Technology File System 189
Partition Boot Record 190
Master File Table 191
NTFS Summary 195
exFAT 196
Alternative Filing System Concepts 196
Summary 203
Notes 204
Appendix 9A: Common NTFS System Defined Attributes 205
Chapter 10: Cyber Forensics: Investigative Smart Practices 207
The Forensic Process 209
Forensic Investigative Smart Practices 211
Step 1: The Initial Contact, the Request 211
Step 2: Evidence Handling 216
Step 3: Acquisition of Evidence 221
Step 4: Data Preparation 229
Time 238
Summary 239
Note 240
Chapter 11: Time and Forensics 241
What Is Time? 241
Network Time Protocol 243
Timestamp Data 244
Keeping Track of Time 245
Clock Models and Time Bounding: The Foundations of Forensic Time 247
MS-DOS 32-Bit Timestamp: Date and Time 248
Date Determination 250
Time Determination 254
Time Inaccuracy 258
Summary 259
Notes 260
Chapter 12: Investigation: Incident Closure 263
Forensic Investigative Smart Practices 264
Step 5: Investigation (Continued) 264
Step 6: Communicate Findings 265
Characteristics of a Good Cyber Forensic Report 266
Report Contents 268
Step 7: Retention and Curation of Evidence 269
Step 8: Investigation Wrap-Up and Conclusion 273
Investigator's Role as an Expert Witness 273
Summary 279
Notes 280
Chapter 13: A Cyber Forensic Process Summary 283
Binary 284
Binary-Decimal-ASCII 285
Data Versus Code 287
HEX 288
From Raw Data to Files 288
Accessing Files 289
Endianness 290
Partitions 291
File Systems 291
Time 292
The Investigation Process 292
Summary 295
Appendix: Forensic Investigations, ABC Inc. 297
Glossary 303
About the Authors 327
Index 329