Index_E | Computer Forensics JumpStart

E

e-mail

investigating spammer, 53-54

spam, 225, 272

terrorists' use of, 151

E-mail Detective, 251

E-mail Examiner, 178

e-mail headers, 122-126 , 123 , 269

EBCDIC (Extended Binary Coded Decimal Interchange Code), converting, 112

ElcomSoft, 263

electromagnetic fields, 269

Electronic Crimes Task Force, 249

electronic data, challenges to introduction in court , 12

electronic discovery, 2, 269

electronic storage devices, expectation of privacy, 43

ElectronicDataInvestigator, 196

electrostatic discharge (ESD), 200, 201, 269

employees , expectation of privacy, 43

EnCase, 70, 113, 165-166 , 172-174 , 173 , 250

Certified Examiner Program, 258

encrypt, 146, 269

encrypted data, 154-159

decrypting , 155-156

brute force attack, 158

chosen plaintext attack, 158-159

known plaintext attack, 158

identifying files, 154-155

real world scenario, 157-158

encryption

basics, 146-147

common practices, 147-154

private key algorithm, 148-150

public key algorithm, 150-151

steganography, 151-152

strengths and weaknesses, 152-154

key length, 153

key management, 153-154

end users, training on cybercrime , 15-18

Enron, 10

Enterprise System, 230

ESS Data Recovery, 250

/etc/passwd file, 143

/etc/shadow file, 143

ethical standards, 222

Event Viewer (Windows), 41, 41

evidence

accidental destruction, 96-97

admissibility in court of law, 65-68 , 267

relevance and, 66

techniques to ensure, 66-68

analysis, 85-88

extracting relevant data, 87-88

knowing location, 85-87

sampling data, 88

chain of custody, 60-65

controls, 61-62

definition, 60

protecting, 67

computer evidence

explained, 52

incidents and, 52

real world scenario, 63

documentation, 64-65

hidden, real world scenario, 135

identification, 74-80

documents, 79-80

physical hardware, 75-76

removable storage, 76-79

leave no trace policy, 68-69

hardware write blocker, 69, 70

read-only image, 68-69

software write blocker, 69, 70

presentation, 88-92

audience characteristics, 89-91

organization of, 91

simplicity in, 92

preservation, 80-84

handling live system, 81-82

initial state, 83-84

power supply, 82-83

search and seizure, 58-60

search warrant , 59-60

subpoena, 59

voluntary surrender, 58-59

transporting, 201

types, 52-58

demonstrative evidence, 57-58

documentary evidence, 55-56 , 79-80 , 268

real evidence, 53-55 , 271

relevant evidence, 66, 271

testimonial evidence, 56-57 , 272

trace evidence, 135-136 , 272

evidence collection order, 96-97

Evidence Eliminator, 79

evidence log, 64-65, 65

Evidor, 196

executive summary in analysis report, 206

expert witness , 222-224, 269

in computer forensics, 225-226

ext2/ext3 (Second/Third Extended Filesystems), 40

Extended Binary Coded Decimal Interchange Code (EBCDIC), 269

converting, 112

extension checker, 87, 269

extracting information from data, 117

goal of search, 118-129

deleted files, 126-127

e-mail headers, 122-126

Internet files, 118-122

passwords, 127-129

hidden evidence, 131-134

individual thought processes, 129-130

picking low-hanging fruit, 130-131

trace evidence, 135-136

EZQuest Cobra+ Slim FireWire USB drive, 34