05924nam 2200817Ia 450 991082700800332120200520144314.01-119-20345-71-280-59139-097866136212211-118-28268-X1-118-28731-2(CKB)2670000000167012(EBL)822015(OCoLC)767974727(SSID)ssj0000661677(PQKBManifestationID)11463238(PQKBTitleCode)TC0000661677(PQKBWorkID)10710985(PQKB)11651203(Au-PeEL)EBL822015(CaPaEBR)ebr10560535(CaONFJC)MIL362122(CaSebORM)9781118273661(MiAaPQ)EBC822015(OCoLC)810071460(OCoLC)ocn810071460 (EXLCZ)99267000000016701220111123d2012 uy 0engur|n|---|||||txtccrCyber forensics from data to digital evidence /Albert J. Marcella, Jr., Frederic Guillossou1st editionHoboken, NJ Wiley20121 online resource (366 p.)Wiley Corporate F&A seriesDescription based upon print version of record.1-118-27366-4 Includes bibliographical references and index.Cyber Forensics: From Data to Digital Evidence; Contents; Preface; Acknowledgments; Chapter 1: The Fundamentals of Data; Base 2 Numbering System: Binary and Character Encoding; Communication in a Two-State Universe; Electricity and Magnetism; Building Blocks: The Origins of Data; Growing the Building Blocks of Data; Moving Beyond Base 2; American Standard Code for Information Interchange; Character Codes: The Basis for Processing Textual Data; Extended ASCII and Unicode; Summary; Notes; Chapter 2: Binary to Decimal; American Standard Code for Information Interchange; Computer as a CalculatorWhy Is This Important in Forensics?Data Representation; Converting Binary to Decimal; Conversion Analysis; A Forensic Case Example: An Application of the Math; Decimal to Binary: Recap for Review; Summary; Chapter 3: The Power of HEX: Finding Slivers of Data; What the HEX?; Bits and Bytes and Nibbles; Nibbles and Bits; Binary to HEX Conversion; Binary (HEX) Editor; The Needle within the Haystack; Summary; Notes; Chapter 4: Files; Opening; Files, File Structures, and File Formats; File Extensions; Changing a File's Extension to Evade Detection; Files and the HEX Editor; File SignatureASCII Is Not Text or HEXValue of File Signatures; Complex Files: Compound, Compressed, and Encrypted Files; Why Do Compound Files Exist?; Compressed Files; Forensics and Encrypted Files; The Structure of Ciphers; Summary; Notes; Appendix 4A: Common File Extensions; Appendix 4B: File Signature Database; Appendix 4C: Magic Number Definition; Appendix 4D: Compound Document Header; Chapter 5: The Boot Process and the Master Boot Record (MBR); Booting Up; Primary Functions of the Boot Process; Forensic Imaging and Evidence Collection; Summarizing the BIOS; BIOS Setup Utility: Step by StepThe Master Boot Record (MBR)Partition Table; Hard Disk Partition; Summary; Notes; Chapter 6: Endianness and the Partition Table; The Flavor of Endianness; Endianness; The Origins of Endian; Partition Table within the Master Boot Record; Summary; Notes; Chapter 7: Volume versus Partition; Tech Review; Cylinder, Head, Sector, and Logical Block Addressing; Volumes and Partitions; Summary; Notes; Chapter 8: File Systems-FAT 12/16; Tech Review; File Systems; Metadata; File Allocation Table (FAT) File System; Slack; HEX Review Note; Directory Entries; File Allocation Table (FAT)How Is Cluster Size Determined?Expanded Cluster Size; Directory Entries and the FAT; FAT Filing System Limitations; Directory Entry Limitations; Summary; Appendix 8A: Partition Table Fields; Appendix 8B: File Allocation Table Values; Appendix 8C: Directory Entry Byte Offset Description; Appendix 8D: FAT 12/16 Byte Offset Values; Appendix 8E: FAT 32 Byte Offset Values; Appendix 8F: The Power of 2; Chapter 9: File Systems-NTFS and Beyond; New Technology File System; Partition Boot Record; Master File Table; NTFS Summary; exFAT; Alternative Filing System Concepts; Summary; NotesAppendix 9A: Common NTFS System Defined AttributesAn explanation of the basic principles of data This book explains the basic principles of data as building blocks of electronic evidential matter, which are used in a cyber forensics investigations. The entire text is written with no reference to a particular operation system or environment, thus it is applicable to all work environments, cyber investigation scenarios, and technologies. The text is written in a step-by-step manner, beginning with the elementary building blocks of data progressing upwards to the representation and storage of information. It inlcudes practical exaWiley corporate F & A.Forensic sciencesTechnological innovationsElectronic evidenceEvidence, CriminalCriminal investigationComputer crimesInvestigationForensic sciencesTechnological innovations.Electronic evidence.Evidence, Criminal.Criminal investigation.Computer crimesInvestigation.363.250285BUS001000bisacshMarcella Albert J1682943Guillossou Frederic1970-1682944MiAaPQMiAaPQMiAaPQBOOK9910827008003321Cyber forensics4053385UNINA