Acknowledgments Introduction PART I COMPUTER FORENSICS AND EVIDENCE DYNAMICS Chapter 1 Computer Forensics Essentials Chapter 2 Rules of Evidence, Case Law, and Regulation Chapter 3 Evidence Dynamics PART II INFORMATION SYSTEMS Chapter 4 Interview, Policy, and Audit Chapter 5 Network Topology and Architecture Chapter 6 Volatile Data PART III DATA STORAGE SYSTEMS AND MEDIA Chapter 7 Physical Disk Technologies Chapter 8 SAN, NAS, and RAID Chapter 9 Removable Media PART IV ARTIFACT COLLECTION Chapter 10 Tools, Preparation, and Documentation Chapter 11 Collecting Volatile Data Chapter 12 Imaging Methodologies Chapter 13 Large System Collection PART V ARCHIVING AND MAINTAINING EVIDENCE Chapter 14 The Forensics Workstation Chapter 15 The Forensics Lab Chapter 16 What's Next Appendix A Sample Chain of Custody Form Appendix B Evidence Collection Worksheet Appendix C Evidence Access Worksheet Appendix D Forensics Field Kit Appendix E Hexadecimal Flags for Partition Types Appendix F Forensics Tools for Digital Evidence Collection Appendix G Agencies, Contacts, and Resources Appendix H Investigator's Cisco Router Command Cheat Sheet Appendix I About the CD-ROM Index
Computer Evidence: Collection & Preservation teaches law enforcement and computer forensics investigators how to collect evidence effectively to preserve its reliability and usefulness in prosecution. The book focuses on collection and preservation because these two phases of computer forensics are the most critical to evidence acceptance, but are not thoroughly covered in text or courses. Intended to be a desktop reference and field guide, this book teaches law enforcement and computer forensics investigators what forces act on data during evidence identification, collection, and storage. The simple act of a computer forensics investigator shutting down a suspect's computer changes the state of the computer as well as many of its files, so a good understanding of evidence dynamics is essential when doing computer forensics work. Broken up into five parts, Computer Forensics & Evidence Dynamics, Information Systems, Data Storage Systems & Media, Artifact Collection, and Archiving & Maintaining Evidence, the book places specific focus on how investigators and their tools are interacting with digital evidence.
By reading and using this task-oriented guide the computer forensics investigator will be able to ensure case integrity during the most crucial phases of the computer forensics process.