Forensic Computing: A Practitioner's GuideSpringer Science & Business Media, 2000 - 295 páginas This volume shows how information held in computer systems can be recovered and how it may be deliberately hidden or subverted for criminal purposes. Forensic Computing: A Practitioner's Guide is illustrated by plenty of case studies and worked examples, to help practitioners and students gain a clear understanding of: how to recover information from computer systems in such a way as to ensure that its integrity cannot be challenged and that it will be accepted as admissible evidence in court; the principles involved in password protection and data encryption; the evaluation procedures used in circumventing these safeguards; the particular legal issues associated with computer-generated evidence; and how to ensure admissibility of such evidence. |
Índice
1 Forensic Computing | 3 |
Origin of the Book | 4 |
Structure of the Book | 5 |
References | 7 |
2 Understanding Information | 9 |
Binary Systems and Memory | 10 |
Addressing | 11 |
Number Systems | 13 |
Encoding Methods and Formats for Hard Disks | 103 |
The Formatting Process | 114 |
Hard Disk Interfaces | 117 |
IDEATA Problems and Workarounds | 126 |
The POSTBoot Sequence | 137 |
The Master Boot Record and Partitions | 148 |
FATs Directories and File Systems | 159 |
Hiding and Recovering Information | 170 |
Characters | 24 |
Computer Programs | 25 |
File Types and Signatures | 27 |
Word Processing Formats | 28 |
Magic Numbers | 31 |
Graphic Formats | 32 |
Archive formats | 37 |
Other Applications | 39 |
Quick View Plus | 40 |
References | 42 |
3 IT Systems Concepts | 43 |
Two Black Boxes | 44 |
The Worked Example | 47 |
Program Data Rules and Objects | 55 |
Software Development | 57 |
Breaking Sequence | 59 |
An Information Processing System | 62 |
Exercises | 63 |
4 PC Hardware and Inside the Box | 67 |
The Buses and the Motherboard | 69 |
Intel Processors and the Design of the PC | 78 |
The Pentium Pentium Pro Pentium II and Pentium III | 83 |
A Few Words about Memory | 84 |
Backing Store Devices | 87 |
External Peripherals | 89 |
References | 91 |
5 Disk Geometry | 93 |
Five Main Issues | 94 |
Formation of Addressable Elements | 96 |
Encoding Methods and Formats for Floppy Disks | 97 |
Construction of Hard Disk Systems | 102 |
RAID | 173 |
References | 175 |
6 The Treatment of PCs | 179 |
The ACPO Good Practice Guide | 180 |
Search and Seizure | 181 |
Computer Examination Initial Steps | 189 |
Imaging and Copying | 191 |
References | 199 |
7 The Treatment of Electronic Organizers | 201 |
Application of the ACPO Good Practice Guide Principles | 208 |
Examination of Organizers and What May Be Possible | 210 |
A Final Word about Electronic Organizers | 217 |
8 Looking Ahead Just a Little Bit | 219 |
Bigger and Bigger Disks | 220 |
Networked Systems Add to the Problems | 222 |
Encryption | 223 |
A Final Word | 227 |
References | 228 |
Bibliography | 229 |
Codes | 237 |
Appendix 2 Some Common File Format Signatures | 241 |
Appendix 3 A Typical Set of POST Codes | 245 |
Codes and Error Messages | 249 |
Appendix 5 Disk Partition Types | 253 |
Appendix 6 Extended Partitions | 257 |
Appendix 7 Registers and Order Code for the Intel 8086 | 262 |
Answers to Exercises | 270 |
Glossary | 278 |
292 | |
Palavras e frases frequentes
01 load 02 store ACPO address bus algorithm ASCII big endian binary patterns boot sector byte 31 byte 33 byte byte address byte register CHS address cluster counter register cylinders data bus devices disk drive Disk Editor display DRAM electronic electronic organizers encoding encryption endian format evidence example execute expansion card extended partition file format file system floppy disk forensic computing analyst four bytes Gbyte Graphics hard disk hardware head hexadecimal IDE/ATA immediate byte immediate word instruction INT 13h BIOS Intel interface interpret Jump short kbyte little endian low-level format machine master boot record Mbyte motherboard MS-DOS number of sectors offset operating system organizer partition table password Pentium physical primary partition processor real mode Seagate sectors per track sequence shown in Fig socket standard subtract switched Technology translation Western Digital Windows word register
Referências a este livro
Cybercrime: Incident Response and Digital Forensics Robert Schperberg,Kenneth C. Brancik Pré-visualização indisponível - 2005 |