Skip to main content
Elsevier
View Cart

The Basics of Digital Forensics

The Primer for Getting Started in Digital Forensics

  • 2nd Edition - December 9, 2014
  • Latest edition
  • Author: John Sammons
  • Language: English

The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book offers guidance on how to conduct examinations by discussin… Read more

World Book Day celebration

Where learning shapes lives

Up to 25% off trusted resources that support research, study, and discovery.

Explore resources

Description

The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book offers guidance on how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered.

The new Second Edition of this book provides the reader with real-world examples and all the key technologies used in digital forensics, as well as new coverage of network intrusion response, how hard drives are organized, and electronic discovery. This valuable resource also covers how to incorporate quality assurance into an investigation, how to prioritize evidence items to examine (triage), case processing, and what goes into making an expert witness.

Key features

  • Learn what Digital Forensics entails
  • Build a toolkit and prepare an investigative plan
  • Understand the common artifacts to look for in an exam
  • Second Edition features all-new coverage of hard drives, triage, network intrusion response, and electronic discovery; as well as updated case studies and expert interviews

Readership

Digital forensics professionals and enthusiasts; information security professionals; legal professionals; law enforcement officers; students in digital forensics degree programs

Table of contents

  • Dedication
  • Preface
  • Acknowledgments
  • Chapter 1: Introduction
    • Abstract
    • Introduction
    • What is forensic science?
    • What is digital forensics?
    • Uses of digital forensics
    • The digital forensics process
    • Locard’s exchange principle
    • Scientific method
    • Organizations of note
    • Role of the forensic examiner in the judicial system
    • Summary
  • Chapter 2: Key technical concepts
    • Abstract
    • Introduction
    • Bits, bytes, and numbering schemes
    • File extensions and file signatures
    • Storage and memory
    • Computing environments
    • Data types
    • File systems
    • Allocated and unallocated space
    • How magnetic hard drives store data
    • Summary
  • Chapter 3: Labs and tools
    • Abstract
    • Introduction
    • Forensic laboratories
    • Policies and procedures
    • Quality assurance
    • Digital forensic tools
    • Additional resources
    • Alert!
    • Accreditation
    • Summary
  • Chapter 4: Collecting evidence
    • Abstract
    • Introduction
    • Crime scenes and collecting evidence
    • Alert!
    • Alert!
    • Documenting the scene
    • Chain of custody
    • Cloning
    • Alert!
    • Live system versus dead system
    • More advanced
    • Alert!
    • Hashing
    • Final report
    • Summary
  • Chapter 5: Windows system artifacts
    • Abstract
    • Introduction
    • Deleted data
    • More advanced
    • Hibernation file (hiberfile.sys)
    • Registry
    • Print spooling
    • Recycle bin
    • Alert!
    • More advanced
    • Metadata
    • Alert!
    • Thumbnail cache
    • Most recently used
    • Restore points and shadow copy
    • Prefetch
    • Link files
    • Summary
  • Chapter 6: Anti-forensics
    • Abstract
    • Introduction
    • Hiding data
    • Password attacks
    • Additional resources
    • Steganography
    • Data destruction
    • More advanced
    • Summary
  • Chapter 7: Legal
    • Abstract
    • Introduction
    • The fourth amendment
    • Criminal law—searches without a warrant
    • More advanced
    • Alert!
    • Searching with a warrant
    • Electronic discovery
    • Alert!
    • Expert testimony
    • Additional resources
    • Summary
  • Chapter 8: Internet and e-mail
    • Abstract
    • Introduction
    • Internet overview
    • Additional resources
    • More advanced
    • Web browsers—Internet Explorer
    • More advanced
    • E-mail
    • Alert!
    • Social networking sites
    • Additional resources
    • Summary
  • Chapter 9: Network forensics
    • Abstract
    • Introduction
    • Network fundamentals
    • Network security tools
    • Network attacks
    • Alert!
    • Incident response
    • Network evidence and investigations
    • Additional resources
    • Summary
  • Chapter 10: Mobile device forensics
    • Abstract
    • Introduction
    • Cellular networks
    • Operating systems
    • Cell phone evidence
    • Cell phone forensic tools
    • Global positioning systems
    • Summary
  • Chapter 11: Looking ahead: challenges and concerns
    • Abstract
    • Introduction
    • Standards and controls
    • Cloud forensics
    • Additional resources
    • Alert!
    • Solid state drives
    • More advanced
    • Speed of change
    • Additional resources
    • Summary
  • Index

Review quotes

"...this book is well named. It is an entry-level primer to digital forensics, and could be used as an introductory book in a beginning computer forensics course."—Journal of Digital Forensics, Security and Law, Vol 9, No 1

Product details

  • Edition: 2
  • Latest edition
  • Published: December 15, 2014
  • Language: English

About the author

JS

John Sammons

John Sammons is a distinguished scholar and educator in digital forensics, currently serving as a Professor at Marshall University and Associate Director of the Institute for Cyber Security. With a background as a Huntington Police officer, he has been recognized for his investigative work by the U.S. Department of Justice.

He is the author and co-author of several notable books, including the acclaimed "The Basics of Digital Forensics," which was nominated for Digital Forensics Book of the Year in 2013. John also contributed to the digital forensics chapter of Douglas Ubelaker’s "Forensic Science: Current Issues, Future Directions."

In addition to his academic roles, he is the Fusion Center Liaison Officer for the West Virginia Intelligence Fusion Center and founded the Appalachian Institute of Digital Evidence, a non-profit focused on research and training in digital evidence. John holds multiple certifications and is a member of several professional organizations, including the American Academy of Forensic Sciences and the FBI Infragard. Before joining Marshall, he co-founded Second Creek Technologies, a digital forensics firm. He also teaches advanced digital forensics and firearms to graduate students and provides training for legal and law enforcement professionals.
Affiliations and expertise
Associate Professor and Director of the Digital Forensics and Information Assurance program, Marshall University, Huntington, WV, USA

View book on ScienceDirect

Read The Basics of Digital Forensics on ScienceDirect