This is not an incident response handbook. This was the first line of the introduction for the first edition. Little did we know at the time how much computer forensics would change since the book was first published in 2004. Computer forensics is changing the way investigations are done, even investigations previously thought to be outside the four corners of technology investigations. If you look at what happened with the economy in 2008 and 2009, the subprime mortgage meltdown, the credit crisis, and all of the associated fraud that has been uncovered, you can see the vital role that computer forensics plays in the process. Before the prevalence of technology in corporations, all investigators had to go on were paper documents and financial transactions. With the addition of computer forensics as a tool, we can better identify not only what happened at a certain point in time, but also, in some cases, the intent of the individuals involved. Multibillion-dollar fraud schemes are being blown open by the discovery of a single e-mail or thumb drive. Computer forensics is front and center in changing the way these investigations are conducted.
Part I Preparing for an Incident
▼ 1 The Forensics Process . .
▼ 2 Computer Fundamentals
▼ 3 Forensic Lab Environment Preparation
Part II Collecting the Evidence
▼ 4 Forensically Sound Evidence Collection
▼ 5 Remote Investigations and Collections
Part III Forensic Investigation Techniques
▼ 6 Microsoft Windows Systems Analysis
▼ 7 Linux Analysis
▼ 8 Macintosh Analysis .
▼ 9 Defeating Anti-forensic Techniques .
▼ 10 Enterprise Storage Analysis .
▼ 11 E-mail Analysis
▼ 12 Tracking User Activity
▼ 13 Forensic Analysis of Mobile Devices
Part IV Presenting Your Findings
▼ 14 Documenting the Investigation
▼ 15 The Justice System
Part V Putting It All Together
▼ 16 IP Theft .
▼ 17 Employee Misconduct
▼ 18 Employee Fraud .
▼ 19 Corporate Fraud
▼ 20 Organized Cyber Crime .
▼ 21 Consumer Fraud
▼ A Searching Techniques