ISBN 0321240693, publisher: Addison Wesley Professional / Penguin Books div. of Pearson Education, October 2005

Learn the computer forensics craft with this book and DVD set. An interactive experience that helps readers master the tools and techniques of forensic analysis by investigating real cases. Practical hands-on approach to solving problems encountered when performing computer-related investigations.

From binary memory dumps to log files, this DVD-ROM's intrusion data was generated by attacking live systems using the same tools and methods real-world attackers use. It was then captured and analyzed using the same tools the authors employ in their own investigations. This book relies heavily on open source tools, so you can perform virtually every task without investing in any commercial software.

Read reviews of this book on Amazon.com or see the publisher's description.

ISBN 0321268172, publisher: Addison-Wesley Professional, April 2005

File System Forensic Analysis is a reference for how volume and file systems work. It goes into what the on-disk data looks like, what happens when files are created and deleted, where data can be hidden, etc. Basically, it shows what is going on behind the scenes of analysis tools and gives hexdumps of the various data structures and steps through them. It covers Windows and Unix partitioning and file systems.

Read reviews of this book on Amazon.com or see the publisher's description.

ISBN 020163497X, publisher: Addison Wesley Professional, January 2005

The authors draw on their extensive firsthand experience to cover everything from file systems to memory, kernel hacks to malware. Along they way, they expose a wide variety of computer forensics myths that stand in the way of success. You'll find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for using many of today's most powerful forensic tools. The authors are singularly well-qualified to write this book: They personally created many of those tools--from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.

This book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links. See also The Coroner's Toolkit (TCT) on Computer Forensics Software page.

Read reviews of this book on Amazon.com or see the publisher's description

ISBN: 978-0-470-09762-5, publisher: Sybex, April 2007

Conduct Cutting-Edge Forensic Investigations of Computer Crimes. Whether it's phishing, bank fraud, or unlawful hacking, computer crimes are on the rise, and law enforcement personnel who investigate these crimes must learn how to properly gather forensic evidence in the computer age. The book also covers the emerging field of "live forensics," where investigators examine a system to obtain evidence while it is still running, thus preserving live data that may be lost if the system is shut down. Coverage includes:
* Responding to a reported computer intrusion
* Conducting the initial interview with the victims
* Understanding how attackers exploit Windows networks
* Deciphering Windows file systems, registries, and more
* Analyzing data rapidly using live analysis techniques
* Examining suspects' computers
* Using EnCase(r) for Windows event log analysis
* Presenting technically complicated material to juries

Read reviews of this book on Amazon.com or see the publisher's description

ISBN: 0-201-70719-5, publisher: Addison Wesley Professional, Copyright: 2002

Written by two experts in digital investigation, Computer Forensics provides extensive information on how to handle the computer as evidence. Kruse and Heiser walk the student through the complete forensics process from the initial collection of evidence through the final report. Topics include an overview of the forensic relevance of encryption, the examination of digital evidence for clues, and the most effective way to present your evidence and conclusions in court. Unique forensic issues associated with both the Unix and the Windows NT/2000 operating systems are thoroughly covered.

Read reviews of this book on Amazon.com or see the publisher's descripion.

Author's Web site: http://www.computer-forensic.com/kruse.html

ISBN: 0130907588 publisher: The Citadel, July 2003

This book fully defines computer-related crime and the legal issues involved in its investigation. It provides a framework for the development of a computer crime unit. It includes an exhaustive discussion of legal and social issues, fully defines computer crime, and provides specific examples of criminal activities involving computers, while discussing the phenomenon in the context of the criminal justice system. Computer Forensics and Cyber Crime provides a comprehensive analysis of current case law, constitutional challenges, and government legislation. For computer crime investigators, police chiefs, sheriffs, district attorneys, public defenders, and defense attorneys.

Read reviews of this book on Amazon.com or see the publisher's description.

ISBN 0321200985, publisher: Penguin Books, August 2004

Carvey uses real-world examples to cover every significant incident response, recovery, and forensics technique. He delivers a complete incident response toolset that combines today's best open source and freeware tools, his own exclusive software and scripts, and step-by-step instructions for using them. Coverage includes: Developing a practical methodology for responding to potential attacks, Preparing your systems to prevent and detect incidents, Recognizing the signatures of an attack—in time to act, Uncovering attacks that evade detection by Event Viewer, Task Manager, and other Windows GUI tools, Using the Forensic Server Project to automate data collection during live investigations, Analyzing live forensics data in order to determine what occurred.

CD-ROM contains incident response and forensics toolkit code developed by the author, sample network packet captures, as well as data collected from compromised systems using the Forensic Server Project. You can also access Carvey's website at http://www.windows-ir.com/ for code samples, updates, and errata.

Read reviews of this book on Amazon.com or see the publisher's description.

ISBN 1-58450-018-2, publisher: Charles River Media, May 2002

This book/CD package provides a complete overview of computer forensics from its definition to "crime scene investigation," seizure of data, determining the "fingerprints" of the crime, and tracking down the criminal. The book focuses on "solving the crime" rather than information security.

Selected Topics: Computer Forensics Fundamentals; Data Recovery; Evidence Collection And Data Seizure; Duplication And Preservation Of Digital Evidence; Electronic Evidence Reconstructing Past Events; Deterrence through Attacker ID; Destruction of e-mail; Is the US Government Prepared for Information Warfare; The Dark World of the Cyber Underground; Protection against Random Terrorist Information Warfare Tactics; The Cyber Foot Print and Criminal Tacking; The Individual Exposed; Case Studies. CD includes tools, presentations, and demos of the latest computer forensics software, including partition images from The Forensic Challenge.

Read reviews of this book on Amazon.com or see the publisher's descripion.

ISBN 0121631044, publisher: Academic Press; 2 edition March 8, 2004.

This work explains how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence. As well as gaining a practical understanding of how computers and networks function and how they can be used as evidence of a crime, readers will learn about relevant legal issues and will be introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations. The book draws from four fields: Law, Computer Science, Forensic Science, and Behavioral Evidence Analysis.

In place of the CD-ROM in the first edition of this book, an interactive Web site: http://www.disclosedigital.com/ provides practical exercises based on actual cases to demonstrate key aspects of investigating computer related crimes and to help the reader apply the concepts in this book to his/her own investigations.

Read reviews of this book on Amazon.com or see the publisher's description.

ISBN: 0-619-21706-5, publisher: Thomson, March 2005

This second edition has been revised to include two new running cases and updated technology coverage. Guide to Computer Forensics and Investigation presents methods to properly conduct a computer forensics investigation beginning with a discussion of ethics, while mapping to the objectives of the International Association of Computer Investigative Specialists (IACIS) certification. Students should have a working knowledge of hardware and operating systems to maximize their success on projects and exercises throughout the text.

Note: most online reviews refer to the first edition of this book, the second edition has been vastly improved!

Read reviews of this book on Amazon.com , Dymocks Booksellers (first edition reviews, see the note above) or the publisher's description

ISBN 0121631036, publisher: Academic Press, October 2001

This unique handbook presents the detailed technical information that users need to solve these crimes by showing them how to locate evidence in computer hard drives, shared networks, wireless devices, or embedded systems. It describes the high-tech tools that are available on the market today and provides real case examples. Features: Helps readers master the forensic analysis of computer systems with a three-part approach covering tools, technology, and case studies. The Tools section provices the details on leading hardware and software programs - such as EnCase, Dragon, and ForensiX - with each chapter written by that product's creator. The section ends with an objective comparison of the strengths and limitations of each tool. The main Technology section provides the technical "how to" information for collecting and analyzing digital evidence in common situations, starting with computers, moving on to networks, and culminating with embedded systems. The Case Examples section gives readers a sense of the technical, legal, and practical challenges that arise in real computer investigations.

Read reviews of this book on Amazon.com or see the publisher's description see also this Web site http://www.disclosedigital.com/ for supporting materials and downloads.

ISBN 007222696X, publisher: McGraw-Hill Osborne Media; 2 edition: July 2003

Written by FBI insiders, this updated best-seller offers a look at the legal, procedural, and technical steps of incident response and computer forensics. Including new chapters on forensic analysis and remediation, and real-world case studies, this revealing book shows how to counteract and conquer today's hack attacks.

Topics covered: Monitoring computer systems for evidence of malicious activity, and reacting to such activity when it's detected. With coverage of Windows and Unix systems as well as non-platform-specific resources like Web services and routers, the book covers the fundamentals of incident response, processes for gathering evidence of an attack, and tools for making forensic work easier.

Read reviews of this book on Amazon.com or see the publisher's description.

ISBN: 0-07-225675-3, publisher: McGraw-Hill Osborne, Copyright: 2005

Investigate computer crime, corporate malfeasance, and hacker break-ins quickly and effectively with help from this practical and comprehensive resource. You’ll get expert information on crucial procedures to successfully prosecute violators while avoiding the pitfalls of illicit searches, privacy violations, and illegally obtained evidence. It’s all here--from collecting actionable evidence, re-creating the criminal timeline, and zeroing in on a suspect to uncovering obscured and deleted code, unlocking encrypted files, and preparing lawful affidavits. Plus, you’ll get in-depth coverage of the latest PDA and cell phone investigation techniques and real-world case studies.

Read reviews of this book on Amazon.com or see the publisher's descripion.

ISBN 978-1584504054, publisher: Charles River Media, October 2005

The book teaches law enforcement and computer forensics investigators how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. The book focuses on collection and preservation because these two phases of computer forensics are the most critical to evidence acceptance, but are not thoroughly covered in text or courses. Throughout the book, a constant eye is kept on evidence dynamics and the impact investigators can have on data integrity while collecting evidence. The simple act of a computer forensics investigator shutting down a suspect's computer changes the state of the computer as well as many of its fi les, so a good understanding of evidence dynamics is essential when doing computer forensics work.

The author, C.L.T. Brown, is the founder and CTO of Technology Pathways LLC. See the Software page on this site for Technology Pathways LLC ProDiscover software.

Read reviews of this book on Amazon.com or see the publisher's description