目錄(169章)
倒序
- 封面
- 版權信息
- Credits
- Disclaimer
- About the Author
- About the Reviewers
- www.PacktPub.com
- Why subscribe?
- Customer Feedback
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Downloading the example code
- Errata
- Piracy
- Questions
- Introduction to Digital Forensics
- What is digital forensics?
- Digital forensics methodology
- A brief history of digital forensics
- The need for digital forensics as technology advances
- Commercial tools available in the field of digital forensics
- Operating systems and open source tools for digital forensics
- Digital evidence and forensics toolkit Linux
- Computer Aided INvestigative Environment
- Kali Linux
- The need for multiple forensics tools in digital investigations
- Anti-forensics: threats to digital forensics
- Encryption
- Online and offline anonymity
- Summary
- Installing Kali Linux
- Software version
- Downloading Kali Linux
- Installing Kali Linux
- Installing Kali Linux in VirtualBox
- Preparing the Kali Linux virtual machine
- Installing Kali Linux on the virtual machine
- Partitioning the disk
- Exploring Kali Linux
- Summary
- Understanding Filesystems and Storage Media
- Storage media
- IBM and the history of storage media
- Removable storage media
- Magnetic tape drives
- Floppy disks
- Evolution of the floppy disk
- Optical storage media
- Compact disks
- Digital versatile disks
- Blu-ray disk
- Flash storage media
- USB flash drives
- Flash memory cards
- Hard disk drives
- IDE HDDs
- SATA HDDs
- Solid-state drives
- Filesystems and operating systems
- What about the data?
- Data states
- Metadata
- Slack space
- Data volatility
- The paging file and its importance in digital forensics
- Summary
- Incident Response and Data Acquisition
- Digital evidence acquisitions and procedures
- Incident response and first responders
- Documentation and evidence collection
- Physical evidence collection and preservation
- Physical acquisition tools
- Order of volatility
- Chain of Custody
- Powered-on versus powered-off device acquisition
- Powered-on devices
- Powered-off devices
- Write blocking
- Data imaging and hashing
- Message Digest (MD5) hash
- Secure Hashing Algorithm (SHA)
- Device and data acquisition guidelines and best practices
- Summary
- Evidence Acquisition and Preservation with DC3DD and Guymager
- Drive and partition recognition in Linux
- Device identification using the fdisk command
- Maintaining evidence integrity
- Using DC3DD in Kali Linux
- File-splitting using DC3DD
- Verifying hashes of split image files
- Erasing a drive using DC3DD
- Image acquisition using Guymager
- Running Guymager
- Acquiring evidence with Guymager
- Hash verification
- Summary
- File Recovery and Data Carving with Foremost Scalpel and Bulk Extractor
- Forensic test images used in Foremost and Scalpel
- Using Foremost for file recovery and data carving
- Viewing Foremost results
- Using Scalpel for data carving
- Specifying file types in Scalpel
- Using Scalpel for file carving
- Viewing results of Scalpel
- Comparing Foremost and Scalpel
- Bulk_extractor
- Forensic test image for Bulk_extractor
- Using Bulk_extractor
- Viewing results of Bulk_extractor
- Summary
- Memory Forensics with Volatility
- About the Volatility Framework
- Downloading test images for use with Volatility
- Image location
- Using Volatility in Kali Linux
- Choosing a profile in Volatility
- The imageinfo plugin
- Process identification and analysis
- The pslist command
- The pstree command
- The psscan command
- The psxview plugin
- Analyzing network services and connections
- The connections command
- The connscan command
- The sockets plugin
- DLL analysis
- The verinfo command
- The dlllist plugin
- The getsids command
- Registry analysis
- The hivescan plugin
- The hivelist plugin
- Password dumping
- Timeline of events
- The timeliner plugin
- Malware analysis
- Summary
- Autopsy – The Sleuth Kit
- Introduction to Autopsy – The Sleuth Kit
- Sample image file used in Autopsy
- Digital forensics with Autopsy
- Starting Autopsy
- Creating a new case
- Analysis using Autopsy
- Sorting files
- Reopening cases in Autopsy
- Summary
- Network and Internet Capture Analysis with Xplico
- Software required
- Starting Xplico in Kali Linux
- Starting Xplico in DEFT Linux 8.2
- Packet capture analysis using Xplico
- HTTP and web analysis using Xplico
- VoIP analysis using Xplico
- Email analysis using Xplico
- SMTP exercise using Wireshark sample file
- Summary
- Revealing Evidence Using DFF
- Installing DFF
- Starting the DFF GUI
- Recovering deleted files with DFF
- File analysis with DFF
- Summary 更新時間:2021-07-02 21:34:07
推薦閱讀
- 幾何原本
- 尖叫的數學:令人驚嘆的數學之美
- Foundations of Blockchain
- 圖解博弈論
- GMAT批判性推理:邏輯分類精講
- 高等數學習題全解(下冊)
- 走近費曼叢書:費曼講物理:相對論
- 紅發克拉拉的數學奇想
- 數理邏輯
- Abaqus有限元分析從入門到精通(2022版)
- 10堂極簡概率課
- 愛情數學(TED 思想的力量系列)
- 概率論與數理統計
- 燒腦的邏輯題
- 高等數學習題全解與學習指導(下冊)
- 線性代數
- 自然哲學的數學原理(漢譯世界學術名著叢書)
- ABAQUS 2018有限元分析從入門到精通
- 數據科學與機器學習:數學與統計方法
- 面朝大海:我的數學教學
- SPSS寶典
- 極簡數學
- 高維數據非負矩陣分解方法
- 博弈論:決策制勝的法則(萬物皆數學)
- 珠算與點鈔實訓教程
- 寫給青少年的數學故事(下):幾何妙想
- 智能前沿:群智能優化算法及應用
- ANSYS Workbench 2020完全自學一本通
- MATLAB科學計算從入門到精通
- 數學之美
