Practical forensic imaging : securing digital evidence with Linux tools /
Nikkel, Bruce,
Practical forensic imaging : securing digital evidence with Linux tools / Bruce Nikkel. - xxvi, 292 p. : ill. ; 23 cm.
TABLE OF CONTENTS
Storage media overview for postmortem acquisition --
magnetic storage media
non-volatile memory
optical storage media
interfaces and physical connectors
commands, protocols and Bridges
special topics
closing thoughts
Linux as a forensic acquisition platform --
linux and OSS in a forensic context
linux kernel and storage devices
linux kernel and filesystems
linux distributions and shells
closing thoughts
Forensic image formats and acquisition tools --
raw images
forensic formats
squashFS as a forensic evidence container
closing thoughts
Forensic imaging preparation and setup --
maintain an audit trail
organize collected evidence and command output
assess acquisition infrastructure logistics
establish forensic write-blocking protection
closing thoughts
Attaching physical media to an acquisition host --
examine subject PC hardware
attach subject disk to an acquisition host
query the subject disk for information
enable access to hidden sectors
ATA password security and self encrypting drives
e.tc
Forensic image acquisition --
acquire an image with dd tools
acquire an image with forensic formats
preserve digital evidence with cryptography
manage drive failure and errors
image acquisition over a network
e.tc
Forensic image management --
manage image compression
manage split images
verify the integrity of a forensic image
convert between image formats
e.tc
Accessing logical, virtual, and operating system encrypted images --
Extracting subsets of forensic images.
assess partition layout and filesystems
partition extraction
other piecewise data extraction
closing thoughts
Includes Index. P 276-292
9781593277932 1593277938
Linux.
Computer crimes--Investigation.
Data recovery (Computer science)
Data encryption (Computer science)
Evidence, Criminal.
363.25 / NIK
Practical forensic imaging : securing digital evidence with Linux tools / Bruce Nikkel. - xxvi, 292 p. : ill. ; 23 cm.
TABLE OF CONTENTS
Storage media overview for postmortem acquisition --
magnetic storage media
non-volatile memory
optical storage media
interfaces and physical connectors
commands, protocols and Bridges
special topics
closing thoughts
Linux as a forensic acquisition platform --
linux and OSS in a forensic context
linux kernel and storage devices
linux kernel and filesystems
linux distributions and shells
closing thoughts
Forensic image formats and acquisition tools --
raw images
forensic formats
squashFS as a forensic evidence container
closing thoughts
Forensic imaging preparation and setup --
maintain an audit trail
organize collected evidence and command output
assess acquisition infrastructure logistics
establish forensic write-blocking protection
closing thoughts
Attaching physical media to an acquisition host --
examine subject PC hardware
attach subject disk to an acquisition host
query the subject disk for information
enable access to hidden sectors
ATA password security and self encrypting drives
e.tc
Forensic image acquisition --
acquire an image with dd tools
acquire an image with forensic formats
preserve digital evidence with cryptography
manage drive failure and errors
image acquisition over a network
e.tc
Forensic image management --
manage image compression
manage split images
verify the integrity of a forensic image
convert between image formats
e.tc
Accessing logical, virtual, and operating system encrypted images --
Extracting subsets of forensic images.
assess partition layout and filesystems
partition extraction
other piecewise data extraction
closing thoughts
Includes Index. P 276-292
9781593277932 1593277938
Linux.
Computer crimes--Investigation.
Data recovery (Computer science)
Data encryption (Computer science)
Evidence, Criminal.
363.25 / NIK