{"product_id":"cyber-forensics-isbn-9781118273661","title":"Cyber Forensics","description":"\u003cb\u003eAn explanation of the basic principles of data\u003c\/b\u003e\u003cbr\u003e \u003cbr\u003e   \u003cp\u003eThis book explains the basic principles of data as building blocks of electronic evidential matter, which are used in a cyber forensics investigations. The entire text is written with no reference to a particular operation system or environment, thus it is applicable to all work environments, cyber investigation scenarios, and technologies.  The text is written in a step-by-step manner, beginning with the elementary building blocks of data progressing upwards to the representation and storage of information.  It inlcudes practical examples and illustrations throughout to guide the reader.\u003c\/p\u003e  \u003cp\u003ePreface xiii\u003c\/p\u003e \u003cp\u003eAcknowledgments xvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1: The Fundamentals of Data\u003c\/b\u003e 1\u003c\/p\u003e \u003cp\u003eBase 2 Numbering System: Binary and Character Encoding 2\u003c\/p\u003e \u003cp\u003eCommunication in a Two-State Universe 3\u003c\/p\u003e \u003cp\u003eElectricity and Magnetism 3\u003c\/p\u003e \u003cp\u003eBuilding Blocks: The Origins of Data 4\u003c\/p\u003e \u003cp\u003eGrowing the Building Blocks of Data 5\u003c\/p\u003e \u003cp\u003eMoving Beyond Base 2 7\u003c\/p\u003e \u003cp\u003eAmerican Standard Code for Information Interchange 7\u003c\/p\u003e \u003cp\u003eCharacter Codes: The Basis for Processing Textual Data 10\u003c\/p\u003e \u003cp\u003eExtended ASCII and Unicode 10\u003c\/p\u003e \u003cp\u003eSummary 12\u003c\/p\u003e \u003cp\u003eNotes 13\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2: Binary to Decimal 15\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAmerican Standard Code for Information Interchange 16\u003c\/p\u003e \u003cp\u003eComputer as a Calculator 16\u003c\/p\u003e \u003cp\u003eWhy Is This Important in Forensics? 18\u003c\/p\u003e \u003cp\u003eData Representation 18\u003c\/p\u003e \u003cp\u003eConverting Binary to Decimal 19\u003c\/p\u003e \u003cp\u003eConversion Analysis 20\u003c\/p\u003e \u003cp\u003eA Forensic Case Example: An Application of the Math 20\u003c\/p\u003e \u003cp\u003eDecimal to Binary: Recap for Review 22\u003c\/p\u003e \u003cp\u003eSummary 23\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3: The Power of HEX: Finding Slivers of Data 25\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat the HEX? 26\u003c\/p\u003e \u003cp\u003eBits and Bytes and Nibbles 27\u003c\/p\u003e \u003cp\u003eNibbles and Bits 29\u003c\/p\u003e \u003cp\u003eBinary to HEX Conversion 30\u003c\/p\u003e \u003cp\u003eBinary (HEX) Editor 34\u003c\/p\u003e \u003cp\u003eThe Needle within the Haystack 39\u003c\/p\u003e \u003cp\u003eSummary 41\u003c\/p\u003e \u003cp\u003eNotes 42\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4: Files 43\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOpening 44\u003c\/p\u003e \u003cp\u003eFiles, File Structures, and File Formats 44\u003c\/p\u003e \u003cp\u003eFile Extensions 45\u003c\/p\u003e \u003cp\u003eChanging a File’s Extension to Evade Detection 47\u003c\/p\u003e \u003cp\u003eFiles and the HEX Editor 53\u003c\/p\u003e \u003cp\u003eFile Signature 55\u003c\/p\u003e \u003cp\u003eASCII Is Not Text or HEX 57\u003c\/p\u003e \u003cp\u003eValue of File Signatures 58\u003c\/p\u003e \u003cp\u003eComplex Files: Compound, Compressed, and Encrypted Files 59\u003c\/p\u003e \u003cp\u003eWhy Do Compound Files Exist? 60\u003c\/p\u003e \u003cp\u003eCompressed Files 61\u003c\/p\u003e \u003cp\u003eForensics and Encrypted Files 64\u003c\/p\u003e \u003cp\u003eThe Structure of Ciphers 65\u003c\/p\u003e \u003cp\u003eSummary 66\u003c\/p\u003e \u003cp\u003eNotes 67\u003c\/p\u003e \u003cp\u003eAppendix 4A: Common File Extensions 68\u003c\/p\u003e \u003cp\u003eAppendix 4B: File Signature Database 73\u003c\/p\u003e \u003cp\u003eAppendix 4C: Magic Number Defi nition 77\u003c\/p\u003e \u003cp\u003eAppendix 4D: Compound Document Header 79\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5: The Boot Process and the Master Boot Record (MBR) 85\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBooting Up 87\u003c\/p\u003e \u003cp\u003ePrimary Functions of the Boot Process 87\u003c\/p\u003e \u003cp\u003eForensic Imaging and Evidence Collection 90\u003c\/p\u003e \u003cp\u003eSummarizing the BIOS 92\u003c\/p\u003e \u003cp\u003eBIOS Setup Utility: Step by Step 92\u003c\/p\u003e \u003cp\u003eThe Master Boot Record (MBR) 96\u003c\/p\u003e \u003cp\u003ePartition Table 102\u003c\/p\u003e \u003cp\u003eHard Disk Partition 103\u003c\/p\u003e \u003cp\u003eSummary 110\u003c\/p\u003e \u003cp\u003eNotes 111\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6: Endianness and the Partition Table 113\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Flavor of Endianness 114\u003c\/p\u003e \u003cp\u003eEndianness 116\u003c\/p\u003e \u003cp\u003eThe Origins of Endian 117\u003c\/p\u003e \u003cp\u003ePartition Table within the Master Boot Record 117\u003c\/p\u003e \u003cp\u003eSummary 125\u003c\/p\u003e \u003cp\u003eNotes 127\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7: Volume versus Partition 129\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTech Review 130\u003c\/p\u003e \u003cp\u003eCylinder, Head, Sector, and Logical Block Addressing 132\u003c\/p\u003e \u003cp\u003eVolumes and Partitions 138\u003c\/p\u003e \u003cp\u003eSummary 142\u003c\/p\u003e \u003cp\u003eNotes 144\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8: File Systems—FAT 12\/16 145\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTech Review 145\u003c\/p\u003e \u003cp\u003eFile Systems 147\u003c\/p\u003e \u003cp\u003eMetadata 149\u003c\/p\u003e \u003cp\u003eFile Allocation Table (FAT) File System 153\u003c\/p\u003e \u003cp\u003eSlack 157\u003c\/p\u003e \u003cp\u003eHEX Review Note 160\u003c\/p\u003e \u003cp\u003eDirectory Entries 161\u003c\/p\u003e \u003cp\u003eFile Allocation Table (FAT) 163\u003c\/p\u003e \u003cp\u003eHow Is Cluster Size Determined? 167\u003c\/p\u003e \u003cp\u003eExpanded Cluster Size 169\u003c\/p\u003e \u003cp\u003eDirectory Entries and the FAT 170\u003c\/p\u003e \u003cp\u003eFAT Filing System Limitations 174\u003c\/p\u003e \u003cp\u003eDirectory Entry Limitations 176\u003c\/p\u003e \u003cp\u003eSummary 177\u003c\/p\u003e \u003cp\u003eAppendix 8A: Partition Table Fields 179\u003c\/p\u003e \u003cp\u003eAppendix 8B: File Allocation Table Values 180\u003c\/p\u003e \u003cp\u003eAppendix 8C: Directory Entry Byte Offset Description 181\u003c\/p\u003e \u003cp\u003eAppendix 8D: FAT 12\/16 Byte Offset Values 182\u003c\/p\u003e \u003cp\u003eAppendix 8E: FAT 32 Byte Offset Values 184\u003c\/p\u003e \u003cp\u003eAppendix 8F: The Power of 2 186\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9: File Systems—NTFS and Beyond 189\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNew Technology File System 189\u003c\/p\u003e \u003cp\u003ePartition Boot Record 190\u003c\/p\u003e \u003cp\u003eMaster File Table 191\u003c\/p\u003e \u003cp\u003eNTFS Summary 195\u003c\/p\u003e \u003cp\u003eexFAT 196\u003c\/p\u003e \u003cp\u003eAlternative Filing System Concepts 196\u003c\/p\u003e \u003cp\u003eSummary 203\u003c\/p\u003e \u003cp\u003eNotes 204\u003c\/p\u003e \u003cp\u003eAppendix 9A: Common NTFS System Defined Attributes 205\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10: Cyber Forensics: Investigative Smart Practices 207\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Forensic Process 209\u003c\/p\u003e \u003cp\u003eForensic Investigative Smart Practices 211\u003c\/p\u003e \u003cp\u003eStep 1: The Initial Contact, the Request 211\u003c\/p\u003e \u003cp\u003eStep 2: Evidence Handling 216\u003c\/p\u003e \u003cp\u003eStep 3: Acquisition of Evidence 221\u003c\/p\u003e \u003cp\u003eStep 4: Data Preparation 229\u003c\/p\u003e \u003cp\u003eTime 238\u003c\/p\u003e \u003cp\u003eSummary 239\u003c\/p\u003e \u003cp\u003eNote 240\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11: Time and Forensics 241\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Is Time? 241\u003c\/p\u003e \u003cp\u003eNetwork Time Protocol 243\u003c\/p\u003e \u003cp\u003eTimestamp Data 244\u003c\/p\u003e \u003cp\u003eKeeping Track of Time 245\u003c\/p\u003e \u003cp\u003eClock Models and Time Bounding: The Foundations of Forensic Time 247\u003c\/p\u003e \u003cp\u003eMS-DOS 32-Bit Timestamp: Date and Time 248\u003c\/p\u003e \u003cp\u003eDate Determination 250\u003c\/p\u003e \u003cp\u003eTime Determination 254\u003c\/p\u003e \u003cp\u003eTime Inaccuracy 258\u003c\/p\u003e \u003cp\u003eSummary 259\u003c\/p\u003e \u003cp\u003eNotes 260\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12: Investigation: Incident Closure 263\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eForensic Investigative Smart Practices 264\u003c\/p\u003e \u003cp\u003eStep 5: Investigation (Continued) 264\u003c\/p\u003e \u003cp\u003eStep 6: Communicate Findings 265\u003c\/p\u003e \u003cp\u003eCharacteristics of a Good Cyber Forensic Report 266\u003c\/p\u003e \u003cp\u003eReport Contents 268\u003c\/p\u003e \u003cp\u003eStep 7: Retention and Curation of Evidence 269\u003c\/p\u003e \u003cp\u003eStep 8: Investigation Wrap-Up and Conclusion 273\u003c\/p\u003e \u003cp\u003eInvestigator’s Role as an Expert Witness 273\u003c\/p\u003e \u003cp\u003eSummary 279\u003c\/p\u003e \u003cp\u003eNotes 280\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13: A Cyber Forensic Process Summary 283\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBinary 284\u003c\/p\u003e \u003cp\u003eBinary—Decimal—ASCII 285\u003c\/p\u003e \u003cp\u003eData Versus Code 287\u003c\/p\u003e \u003cp\u003eHEX 288\u003c\/p\u003e \u003cp\u003eFrom Raw Data to Files 288\u003c\/p\u003e \u003cp\u003eAccessing Files 289\u003c\/p\u003e \u003cp\u003eEndianness 290\u003c\/p\u003e \u003cp\u003ePartitions 291\u003c\/p\u003e \u003cp\u003eFile Systems 291\u003c\/p\u003e \u003cp\u003eTime 292\u003c\/p\u003e \u003cp\u003eThe Investigation Process 292\u003c\/p\u003e \u003cp\u003eSummary 295\u003c\/p\u003e \u003cp\u003eAppendix: Forensic Investigations, ABC Inc. 297\u003c\/p\u003e \u003cp\u003eGlossary 303\u003c\/p\u003e \u003cp\u003eAbout the Authors 327\u003c\/p\u003e \u003cp\u003eIndex 329\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eALBERT J. MARCELLA, J\u003csmall\u003eR\u003c\/small\u003e., P\u003csmall\u003eH\u003c\/small\u003eD, CISA, CISM,\u003c\/b\u003e is President of Business Automation Consultants, LLC, a global information technology and management consulting firm providing IT management consulting, audit and security reviews, and training. He is an internationally recognized public speaker, researcher, workshop and seminar leader, and an author of numerous articles and books on various IT, audit, and security related subjects. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eFREDERIC GUILLOSSOU, CISSP, CCE,\u003c\/b\u003e is an Information Security Analyst with TALX, a division of Equifax. He regularly trains on intrusion prevention systems and has successfully led a number of forensic investigations in the field.   \u003c\/p\u003e\u003cp\u003eCyber forensics: From Data to Digital Evidence\u003c\/p\u003e \u003cp\u003eAs a cyber forensic investigator, simply pressing buttons or ticking off options on forensic software—without understanding what is happening behind the scenes—creates a gaping hole in your company's infosecurity. Painting a broad picture of the field, Cyber Forensics provides you with the specific knowledge you need to not only find key data in forensic investigations but also speak confidently about the validity of the data identified, accessed, and analyzed as part of a comprehensive cyber forensic investigation.\u003c\/p\u003e \u003cp\u003eAuthors Albert Marcella and Frederic Guillossou—both forensic and IT specialists—begin by explaining the origins of data. From there, the authors address concepts related to data storage, boot records, partitions, volumes, and file systems, and how each of these is interrelated and essential in a cyber forensic investigation. They then analyze the roles these concepts play in an investigation and what type of evidential data may be identified within each of these areas.\u003c\/p\u003e \u003cp\u003eProviding a thorough foundation to this emerging field, this step-by-step reference covers:\u003c\/p\u003e \u003cul\u003e \u003cli\u003e \u003cp\u003eConverting binary to decimal\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eThe power of HEX\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eForensics and encrypted files\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eMaster Boot Record (MBR)\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eVolume versus Partition\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eFAT filing system limitations\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eNew technology file system\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eForensic Investigative Smart Practices\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eMS-DOS 32-bit time stamp: date and time\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eCharacteristics of a good cyber forensic report\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eA cyber forensic process summary\u003c\/p\u003e \u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eRonelle Sawyer and Jose McCarthy—two fictional characters—are used throughout the book to illuminate specific IT and cyber forensic concepts and discuss critical cyber forensic processes. Their activities and actions bring cyber forensic concepts to life by providing you with specific examples of the applications. Cyber Forensics also examines Endianness and time—two important yet often overlooked topics—that drastically impact almost every cyber-based investigation.\u003c\/p\u003e \u003cp\u003eProgressing logically from data to digital evidence, Cyber Forensics provides you with the most comprehensive examination and discussion of the science of cyber forensic investigations, what is happening behind the scenes to data and why, what to look for, and where to find it, so you can conduct cyber forensic investigations with a better understanding of the technologies involved.\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eCYBER FORENSICS\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eFrom Data to Digital Evidence \u003c\/p\u003e\u003cp\u003eAs a cyber forensic investigator, simply pressing buttons or ticking off options on forensic software—without understanding what is happening behind the scenes—creates a gaping hole in your company's infosecurity. Painting a broad picture of the field, \u003ci\u003eCyber Forensics\u003c\/i\u003e provides you with the specific knowledge you need to not only find key data in forensic investigations but also speak confidently about the validity of the data identified, accessed, and analyzed as part of a comprehensive cyber forensic investigation. \u003c\/p\u003e\u003cp\u003eAuthors Albert Marcella and Frederic Guillossou—both forensic and IT specialists—begin by explaining the origins of data. From there, the authors address concepts related to data storage, boot records, partitions, volumes, and file systems, and how each of these is interrelated and essential in a cyber forensic investigation. They then analyze the roles these concepts play in an investigation and what type of evidential data may be identified within each of these areas. \u003c\/p\u003e\u003cp\u003eProviding a thorough foundation to this emerging field, this step-by-step reference covers: \u003c\/p\u003e\u003cul\u003e \u003cli\u003eConverting binary to decimal\u003c\/li\u003e \u003cli\u003eThe power of HEX\u003c\/li\u003e \u003cli\u003eForensics and encrypted files\u003c\/li\u003e \u003cli\u003eMaster Boot Record (MBR)\u003c\/li\u003e \u003cli\u003eVolume versus Partition\u003c\/li\u003e \u003cli\u003eFAT filing system limitations\u003c\/li\u003e \u003cli\u003eNew technology file system\u003c\/li\u003e \u003cli\u003eForensic Investigative Smart Practices\u003c\/li\u003e \u003cli\u003eMS-DOS 32-bit time stamp: date and time\u003c\/li\u003e \u003cli\u003eCharacteristics of a good cyber forensic report\u003c\/li\u003e \u003cli\u003eA cyber forensic process summary\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eRonelle Sawyer and Jose McCarthy—two fictional characters—are used throughout the book to illuminate specific IT and cyber forensic concepts and discuss critical cyber forensic processes. Their activities and actions bring cyber forensic concepts to life by providing you with specific examples of the applications. \u003ci\u003eCyber Forensics\u003c\/i\u003e also examines Endianness and time—two important yet often overlooked topics—that drastically impact almost every cyber-based investigation. \u003c\/p\u003e\u003cp\u003eProgressing logically from data to digital evidence, \u003ci\u003eCyber Forensics\u003c\/i\u003e provides you with the most comprehensive examination and discussion of the science of cyber forensic investigations, what is happening behind the scenes to data and why, what to look for, and where to find it, so you can conduct cyber forensic investigations with a better understanding of the technologies involved.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989017542885,"sku":"NP9781118273661","price":80.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781118273661.jpg?v=1761782452","url":"https:\/\/k12savings.com\/products\/cyber-forensics-isbn-9781118273661","provider":"K12savings","version":"1.0","type":"link"}