目錄(169章)
倒序
- 封面
- 版權信息
- Credits
- Disclaimer
- About the Author
- About the Reviewers
- www.PacktPub.com
- Why subscribe?
- Customer Feedback
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Downloading the example code
- Errata
- Piracy
- Questions
- Introduction to Digital Forensics
- What is digital forensics?
- Digital forensics methodology
- A brief history of digital forensics
- The need for digital forensics as technology advances
- Commercial tools available in the field of digital forensics
- Operating systems and open source tools for digital forensics
- Digital evidence and forensics toolkit Linux
- Computer Aided INvestigative Environment
- Kali Linux
- The need for multiple forensics tools in digital investigations
- Anti-forensics: threats to digital forensics
- Encryption
- Online and offline anonymity
- Summary
- Installing Kali Linux
- Software version
- Downloading Kali Linux
- Installing Kali Linux
- Installing Kali Linux in VirtualBox
- Preparing the Kali Linux virtual machine
- Installing Kali Linux on the virtual machine
- Partitioning the disk
- Exploring Kali Linux
- Summary
- Understanding Filesystems and Storage Media
- Storage media
- IBM and the history of storage media
- Removable storage media
- Magnetic tape drives
- Floppy disks
- Evolution of the floppy disk
- Optical storage media
- Compact disks
- Digital versatile disks
- Blu-ray disk
- Flash storage media
- USB flash drives
- Flash memory cards
- Hard disk drives
- IDE HDDs
- SATA HDDs
- Solid-state drives
- Filesystems and operating systems
- What about the data?
- Data states
- Metadata
- Slack space
- Data volatility
- The paging file and its importance in digital forensics
- Summary
- Incident Response and Data Acquisition
- Digital evidence acquisitions and procedures
- Incident response and first responders
- Documentation and evidence collection
- Physical evidence collection and preservation
- Physical acquisition tools
- Order of volatility
- Chain of Custody
- Powered-on versus powered-off device acquisition
- Powered-on devices
- Powered-off devices
- Write blocking
- Data imaging and hashing
- Message Digest (MD5) hash
- Secure Hashing Algorithm (SHA)
- Device and data acquisition guidelines and best practices
- Summary
- Evidence Acquisition and Preservation with DC3DD and Guymager
- Drive and partition recognition in Linux
- Device identification using the fdisk command
- Maintaining evidence integrity
- Using DC3DD in Kali Linux
- File-splitting using DC3DD
- Verifying hashes of split image files
- Erasing a drive using DC3DD
- Image acquisition using Guymager
- Running Guymager
- Acquiring evidence with Guymager
- Hash verification
- Summary
- File Recovery and Data Carving with Foremost Scalpel and Bulk Extractor
- Forensic test images used in Foremost and Scalpel
- Using Foremost for file recovery and data carving
- Viewing Foremost results
- Using Scalpel for data carving
- Specifying file types in Scalpel
- Using Scalpel for file carving
- Viewing results of Scalpel
- Comparing Foremost and Scalpel
- Bulk_extractor
- Forensic test image for Bulk_extractor
- Using Bulk_extractor
- Viewing results of Bulk_extractor
- Summary
- Memory Forensics with Volatility
- About the Volatility Framework
- Downloading test images for use with Volatility
- Image location
- Using Volatility in Kali Linux
- Choosing a profile in Volatility
- The imageinfo plugin
- Process identification and analysis
- The pslist command
- The pstree command
- The psscan command
- The psxview plugin
- Analyzing network services and connections
- The connections command
- The connscan command
- The sockets plugin
- DLL analysis
- The verinfo command
- The dlllist plugin
- The getsids command
- Registry analysis
- The hivescan plugin
- The hivelist plugin
- Password dumping
- Timeline of events
- The timeliner plugin
- Malware analysis
- Summary
- Autopsy – The Sleuth Kit
- Introduction to Autopsy – The Sleuth Kit
- Sample image file used in Autopsy
- Digital forensics with Autopsy
- Starting Autopsy
- Creating a new case
- Analysis using Autopsy
- Sorting files
- Reopening cases in Autopsy
- Summary
- Network and Internet Capture Analysis with Xplico
- Software required
- Starting Xplico in Kali Linux
- Starting Xplico in DEFT Linux 8.2
- Packet capture analysis using Xplico
- HTTP and web analysis using Xplico
- VoIP analysis using Xplico
- Email analysis using Xplico
- SMTP exercise using Wireshark sample file
- Summary
- Revealing Evidence Using DFF
- Installing DFF
- Starting the DFF GUI
- Recovering deleted files with DFF
- File analysis with DFF
- Summary 更新時間:2021-07-02 21:34:07
推薦閱讀
- Advanced Blockchain Development
- 迷人的邏輯題
- Origin 9.0科技繪圖與數據分析超級學習手冊
- 數學也可以這樣學:自然、空間和時間里的數學
- 數學實驗教程
- 你學的數學可能是假的
- 數學的力量
- 高等數學(下冊)
- Hands-On Blockchain with Hyperledger
- 愛情數學(TED 思想的力量系列)
- Hyperledger Cookbook
- 幾何公差那些事兒
- 代數的歷史:人類對未知量的不舍追蹤(修訂版)
- 你沒想到的數學
- 實用高等數學
- 人大附小的課堂四聲(人大附小七彩教育成果叢書)
- 自然哲學的數學原理(漢譯世界學術名著叢書)
- 高等數學習題全解(上冊)
- 數學也可以這樣學:大自然中的幾何學
- Improving your C# Skills
- ANSYS Workbench機械工程應用精華30例
- 線性代數簡明教程
- 圓錐曲線論
- 數書九章
- 跟愛因斯坦一起玩數學(初級篇)
- 數學與人類文明
- 解析幾何(第三版)
- 寫給青少年的數學故事(上):代數奇思
- 漫話數學美
- 神秘的數學之謎
