Amazon cover image
Image from Amazon.com

Practical forensic imaging : securing digital evidence with Linux tools / Bruce Nikkel.

By: Publisher: San Francisco : No Starch Press, c2016Description: xxvi, 292 p. : ill. ; 23 cmISBN:
  • 9781593277932
  • 1593277938
Subject(s): DDC classification:
  • 363.25 23 NIK
Tags from this library: No tags from this library for this title. Log in to add tags.
Star ratings
    Average rating: 0.0 (0 votes)
Holdings
Item type Current library Call number Copy number Status Date due Barcode
Book Closed Access Book Closed Access Engineering Library 363.25 NIK 1 (Browse shelf(Opens below)) 1 Available BUML24010234

TABLE OF CONTENTS


Storage media overview for postmortem acquisition --
magnetic storage media
non-volatile memory
optical storage media
interfaces and physical connectors
commands, protocols and Bridges
special topics
closing thoughts


Linux as a forensic acquisition platform --
linux and OSS in a forensic context
linux kernel and storage devices
linux kernel and filesystems
linux distributions and shells
closing thoughts


Forensic image formats and acquisition tools --
raw images
forensic formats
squashFS as a forensic evidence container
closing thoughts


Forensic imaging preparation and setup --
maintain an audit trail
organize collected evidence and command output
assess acquisition infrastructure logistics
establish forensic write-blocking protection
closing thoughts


Attaching physical media to an acquisition host --
examine subject PC hardware
attach subject disk to an acquisition host
query the subject disk for information
enable access to hidden sectors
ATA password security and self encrypting drives
e.tc


Forensic image acquisition --
acquire an image with dd tools
acquire an image with forensic formats
preserve digital evidence with cryptography
manage drive failure and errors
image acquisition over a network
e.tc

Forensic image management --
manage image compression
manage split images
verify the integrity of a forensic image
convert between image formats
e.tc

Accessing logical, virtual, and operating system encrypted images --

Extracting subsets of forensic images.
assess partition layout and filesystems
partition extraction
other piecewise data extraction
closing thoughts

Includes Index. P 276-292

There are no comments on this title.

to post a comment.