| 000 | 02590nam a22002777a 4500 | ||
|---|---|---|---|
| 003 | OSt | ||
| 005 | 20240112081236.0 | ||
| 008 | 210924b ||||| |||| 00| 0 eng d | ||
| 020 | _a9781593277932 | ||
| 020 | _a1593277938 | ||
| 040 |
_aBUL _cBUL _dBUL _beng _erda |
||
| 082 | 0 | 0 |
_a363.25 _223 _bNIK |
| 100 | 1 | _aNikkel, Bruce, | |
| 245 | 1 | 0 |
_aPractical forensic imaging : _bsecuring digital evidence with Linux tools / _cBruce Nikkel. |
| 264 | 1 |
_aSan Francisco : _bNo Starch Press, _cc2016 |
|
| 300 |
_axxvi, 292 p. : _bill. ; _c23 cm. |
||
| 500 | _aTABLE OF CONTENTS Storage media overview for postmortem acquisition -- magnetic storage media non-volatile memory optical storage media interfaces and physical connectors commands, protocols and Bridges special topics closing thoughts Linux as a forensic acquisition platform -- linux and OSS in a forensic context linux kernel and storage devices linux kernel and filesystems linux distributions and shells closing thoughts Forensic image formats and acquisition tools -- raw images forensic formats squashFS as a forensic evidence container closing thoughts Forensic imaging preparation and setup -- maintain an audit trail organize collected evidence and command output assess acquisition infrastructure logistics establish forensic write-blocking protection closing thoughts Attaching physical media to an acquisition host -- examine subject PC hardware attach subject disk to an acquisition host query the subject disk for information enable access to hidden sectors ATA password security and self encrypting drives e.tc Forensic image acquisition -- acquire an image with dd tools acquire an image with forensic formats preserve digital evidence with cryptography manage drive failure and errors image acquisition over a network e.tc Forensic image management -- manage image compression manage split images verify the integrity of a forensic image convert between image formats e.tc Accessing logical, virtual, and operating system encrypted images -- Extracting subsets of forensic images. assess partition layout and filesystems partition extraction other piecewise data extraction closing thoughts | ||
| 504 | _aIncludes Index. P 276-292 | ||
| 630 | 0 | 0 | _aLinux. |
| 650 | 0 |
_aComputer crimes _xInvestigation. |
|
| 650 | 0 | _aData recovery (Computer science) | |
| 650 | 0 | _aData encryption (Computer science) | |
| 650 | 0 | _aEvidence, Criminal. | |
| 942 |
_2ddc _cBOOK-CA _h363.25 _i1 _kNIK _m363.25 NIK |
||
| 999 |
_c6436 _d6436 |
||