目錄(169章)
倒序
- 封面
- 版權信息
- Credits
- Disclaimer
- About the Author
- About the Reviewers
- www.PacktPub.com
- Why subscribe?
- Customer Feedback
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Downloading the example code
- Errata
- Piracy
- Questions
- Introduction to Digital Forensics
- What is digital forensics?
- Digital forensics methodology
- A brief history of digital forensics
- The need for digital forensics as technology advances
- Commercial tools available in the field of digital forensics
- Operating systems and open source tools for digital forensics
- Digital evidence and forensics toolkit Linux
- Computer Aided INvestigative Environment
- Kali Linux
- The need for multiple forensics tools in digital investigations
- Anti-forensics: threats to digital forensics
- Encryption
- Online and offline anonymity
- Summary
- Installing Kali Linux
- Software version
- Downloading Kali Linux
- Installing Kali Linux
- Installing Kali Linux in VirtualBox
- Preparing the Kali Linux virtual machine
- Installing Kali Linux on the virtual machine
- Partitioning the disk
- Exploring Kali Linux
- Summary
- Understanding Filesystems and Storage Media
- Storage media
- IBM and the history of storage media
- Removable storage media
- Magnetic tape drives
- Floppy disks
- Evolution of the floppy disk
- Optical storage media
- Compact disks
- Digital versatile disks
- Blu-ray disk
- Flash storage media
- USB flash drives
- Flash memory cards
- Hard disk drives
- IDE HDDs
- SATA HDDs
- Solid-state drives
- Filesystems and operating systems
- What about the data?
- Data states
- Metadata
- Slack space
- Data volatility
- The paging file and its importance in digital forensics
- Summary
- Incident Response and Data Acquisition
- Digital evidence acquisitions and procedures
- Incident response and first responders
- Documentation and evidence collection
- Physical evidence collection and preservation
- Physical acquisition tools
- Order of volatility
- Chain of Custody
- Powered-on versus powered-off device acquisition
- Powered-on devices
- Powered-off devices
- Write blocking
- Data imaging and hashing
- Message Digest (MD5) hash
- Secure Hashing Algorithm (SHA)
- Device and data acquisition guidelines and best practices
- Summary
- Evidence Acquisition and Preservation with DC3DD and Guymager
- Drive and partition recognition in Linux
- Device identification using the fdisk command
- Maintaining evidence integrity
- Using DC3DD in Kali Linux
- File-splitting using DC3DD
- Verifying hashes of split image files
- Erasing a drive using DC3DD
- Image acquisition using Guymager
- Running Guymager
- Acquiring evidence with Guymager
- Hash verification
- Summary
- File Recovery and Data Carving with Foremost Scalpel and Bulk Extractor
- Forensic test images used in Foremost and Scalpel
- Using Foremost for file recovery and data carving
- Viewing Foremost results
- Using Scalpel for data carving
- Specifying file types in Scalpel
- Using Scalpel for file carving
- Viewing results of Scalpel
- Comparing Foremost and Scalpel
- Bulk_extractor
- Forensic test image for Bulk_extractor
- Using Bulk_extractor
- Viewing results of Bulk_extractor
- Summary
- Memory Forensics with Volatility
- About the Volatility Framework
- Downloading test images for use with Volatility
- Image location
- Using Volatility in Kali Linux
- Choosing a profile in Volatility
- The imageinfo plugin
- Process identification and analysis
- The pslist command
- The pstree command
- The psscan command
- The psxview plugin
- Analyzing network services and connections
- The connections command
- The connscan command
- The sockets plugin
- DLL analysis
- The verinfo command
- The dlllist plugin
- The getsids command
- Registry analysis
- The hivescan plugin
- The hivelist plugin
- Password dumping
- Timeline of events
- The timeliner plugin
- Malware analysis
- Summary
- Autopsy – The Sleuth Kit
- Introduction to Autopsy – The Sleuth Kit
- Sample image file used in Autopsy
- Digital forensics with Autopsy
- Starting Autopsy
- Creating a new case
- Analysis using Autopsy
- Sorting files
- Reopening cases in Autopsy
- Summary
- Network and Internet Capture Analysis with Xplico
- Software required
- Starting Xplico in Kali Linux
- Starting Xplico in DEFT Linux 8.2
- Packet capture analysis using Xplico
- HTTP and web analysis using Xplico
- VoIP analysis using Xplico
- Email analysis using Xplico
- SMTP exercise using Wireshark sample file
- Summary
- Revealing Evidence Using DFF
- Installing DFF
- Starting the DFF GUI
- Recovering deleted files with DFF
- File analysis with DFF
- Summary 更新時間:2021-07-02 21:34:07
推薦閱讀
- 奇妙數學史:數字與生活
- 線性代數
- Blockchain for Business 2019
- 耀世數學明珠
- Foundations of Blockchain
- 數學也可以這樣學:自然、空間和時間里的數學
- 紅發克拉拉的數學奇想
- 現代數值計算(第2版)
- 數學的故事
- 特殊函數概論習題解答
- Digital Forensics with Kali Linux
- 黎曼猜想漫談:一場攀登數學高峰的天才盛宴
- 高等數學習題全解(上冊)
- 第四屆(2018)北京高校數學微課程教學設計競賽優秀作品與教改論文集錦
- 概率論思想方法的歷史研究
- 歐幾里得之窗
- 別萊利曼的趣味代數學
- 全局優化理論幾種算法的改進研究
- 復分析:可視化方法
- 二十世紀數學哲學:一個自然主義者的評述
- 概率論與數理統計
- 極簡數學
- 線性代數
- 解析幾何(第三版)
- 橢圓曲線密碼快速算法理論
- 文化偉人代表作圖釋書系:自然哲學的數學原理
- 珠算技術
- 數學底層引擎相鄰論和重合法
- 線性代數與概率統計學習指南:富媒體
- 貝葉斯方法:概率編程與貝葉斯推斷
