Practical forensic imaging : securing digital evidence with Linux tools / Bruce Nikkel.

By: Nikkel, Bruce [author.]
Material type: TextTextPublisher: San Francisco : No Starch Press, c2016Description: xxvi, 292 p. : ill. ; 23 cmContent type: text Media type: unmediated Carrier type: volumeISBN: 9781593277932; 1593277938Subject(s): Linux | Computer crimes -- Investigation | Data recovery (Computer science) | Data encryption (Computer science) | Evidence, CriminalAdditional physical formats: Online version:: Practical forensic imagingDDC classification: 363.25/9680285586
Tags from this library: No tags from this library for this title. Log in to add tags.
    Average rating: 0.0 (0 votes)
Item type Current location Call number Copy number Status Date due Barcode
Book Closed Access Book Closed Access Engineering Library
363.25/9680285586 NIK 1 (Browse shelf) 1 Available 0027633

Storage media overview for postmortem acquisition --
magnetic storage media
non-volatile memory
optical storage media
interfaces and physical connectors
commands, protocols and Bridges
special topics
closing thoughts


Linux as a forensic acquisition platform --
linux and OSS in a forensic context
linux kernel and storage devices
linux kernel and filesystems
linux distributions and shells
closing thoughts


Forensic image formats and acquisition tools --
raw images
forensic formats
squashFS as a forensic evidence container
closing thoughts


Forensic imaging preparation and setup --
maintain an audit trail
organize collected evidence and command output
assess acquisition infrastructure logistics
establish forensic write-blocking protection
closing thoughts


Attaching physical media to an acquisition host --
examine subject PC hardware
attach subject disk to an acquisition host
query the subject disk for information
enable access to hidden sectors
ATA password security and self encrypting drives
e.tc


Forensic image acquisition --
acquire an image with dd tools
acquire an image with forensic formats
preserve digital evidence with cryptography
manage drive failure and errors
image acquisition over a network
e.tc

Forensic image management --
manage image compression
manage split images
verify the integrity of a forensic image
convert between image formats
e.tc

Accessing logical, virtual, and operating system encrypted images --

Extracting subsets of forensic images.
assess partition layout and filesystems
partition extraction
other piecewise data extraction
closing thoughts

Includes Index

There are no comments for this item.

to post a comment.


© Busitema University, 2022. All rights reserved.