ORGANIZATION OF THIS BOOK

This book is organized into six parts, including the appendixes (which include a glossary of computer forensic and information warfare terms).

Part I: Overview of Computer Forensics Technology

Part One discusses computer forensics fundamentals; types of computer forensics technology; and vendor and computer forensics services.

• Chapter 1, 'Computer Forensics Fundamentals,' provides an overview of computer forensics types and techniques, and their electronic evidence and capture.

• Chapter 2, 'Types of Computer Forensics Technology,' covers the basic issues dealing with Windows NT, Windows 2000; and Windows XP and, their use within law enforcement computer forensic technology. In other words, it covers security and computer evidence issues associated with Windows NT, Windows 2000, and Windows XP.

• Chapter 3, 'Types of Vendor and Computer Forensics Services,' covers how a swift and measured forensic incident response-drawing on sound policies, vendor tools and support-allow an organization to contain the potential damage of an attack and effectively seek compensation or prosecution. In addition to the preceding, this chapter also covers the following computer forensic services: forensic incident response; evidence collection; forensic analysis; expert witness; forensic litigation and insurance claims support; training; and forensic process improvement.

Part II: Computer Forensics Evidence and Capture

The second part of this book discusses data recovery; evidence collection and data seizure; duplication and preservation of digital evidence; and computer image verification and authentication.

• Chapter 4, 'Data Recovery,' answers many questions about the ins and outs of data recovery as it relates to computer forensics.

• Chapter 5, 'Evidence Collection and Data Seizure,' points out the difficulties in collecting evidence and seizing data and what must be done to overcome them. Not everything is covered here-it should be used as a guide only, and you should seek further information for your specific circumstances.

• Chapter 6, 'Duplication and Preservation of Digital Evidence,' is a discussion on how to keep Murphy's law from ruining your case. When it comes to computer evidence processing, Murphy is always looking over your shoulder. He stands ready to strike at just the wrong moment.

• Chapter 7, 'Computer Image Verification and Authentication,' discusses the overall security of a computer image verification and authentication system and how it rests with the combination of security measures.

Part III: Computer Forensics Analysis

Part Three covers the discovery of electronic evidence; identification of data; reconstructing past events; and networks.

• Chapter 8, 'Discovery of Electronic Evidence,' addresses the consideration of the process of information discovery. The fact that information discovery only deals with logical evidence (electronic data), means that you can avoid much of the tedium required by search and seizure to ensure evidence integrity and the chain of custody.

• Chapter 9, 'Identification of Data,' specifically focuses on the long-recognized value of deterrence-through threat of retaliation-as an effective means of defense. The means for enabling deterrence in the cyberrealm will be introduced here.

• Chapter 10, 'Reconstructing Past Events,' illustrates the reconstruction of past events with as little distortion or bias as possible.

• Chapter 11, 'Networks,' introduces a solution to the dilemma of network forensics. Network forensics is the principle of reconstructing the activities leading to an event and determining the answer to 'What did they do?' and 'How did they do it?'

Part IV: Countermeasures: Information Warfare

Part Four discusses how to fight against macro threats-defensive strategies for governments and industry groups; the information warfare arsenal and tactics of the military; the information warfare arsenal and tactics of terrorists and rogues; the information warfare arsenal and tactics of private companies; the information warfare arsenal of the future; surveillance tools for information warfare of the future; and civilian casualties-the victims and refugees of information warfare.

• Chapter 12, 'Fighting against Macro Threats: Defensive Strategies for Governments and Industry Groups,' is an in-depth examination of the implications of IW for the U.S. and allied infrastructures that depend on the unimpeded management of information that is also required in the fight against macro threats-defensive strategies for governments and industry groups.

• Chapter 13, 'The Information Warfare Arsenal and Tactics of the Military,' focuses on two goals. First, you need to find a way to protect yourself against catastrophic events. Second, you need to build a firm foundation on which you can make steady progress by continually raising the cost of mounting an attack and mitigating the expected damage of the information warfare arsenal and tactics of the military.

• Chapter 14, 'The Information Warfare Arsenal and Tactics of Terrorists and Rogues,' recommends a number of specific steps that could better prepare the U.S. military and private companies to confront 'the new terrorism' and its information warfare arsenal and tactics.

• Chapter 15, 'The Information Warfare Arsenal and Tactics of Private Companies,' deals with the IW tools and strategies of private companies and how they're used against the aggressors. It will also help to realistically guide the process of moving forward in dealing with the information warfare arsenal and tactics of private companies.

• Chapter 16, 'The Information Warfare Arsenal of the Future,' discusses how the increasing dependence on sophisticated information systems brings with it an increased vulnerability to hostile elements, terrorists among them, in dealing with the information warfare arsenal of the future.

• Chapter 17, 'Surveillance Tools for Information Warfare of the Future,' discusses the basic concepts and principles that must be understood and that can help guide the process of moving forward in dealing with the surveillance tools for the information warfare of the future.

• Chapter 18, 'Civilian Casualties-The Victims and Refugees of Information Warfare,' considers the application of civilian information operations (CIOs) to the conventional warfare environment. Although the array of CIO tools and techniques has been presented as discrete elements in a schematic diagram, the CIO environment is complex, multidimensional, interactive, and still developing.

Part V: Results and Future Directions

Finally, Part Five discusses advanced computer forensics, with a summary, conclusions, and recommendations.

• Chapter 19, 'Advanced Computer Forensics,' introduces numerous solutions for those of you who are in the process of conducting advanced computer forensics through the use of encryption for protection and hacking back with advanced hacker trackers.

• Chapter 20, 'Summary, Conclusions, and Recommendations,' No summary chapter on computer forensics would be complete without an examination of costs involved. This final chapter is concerned with how to conduct a relevant and meaningful review of computer forensic analysis software tools. It is also the intent of this chapter to initiate discussions to solidify the various computer forensics requirements. Finally, this chapter recommends the establishment of computer forensics standards for the exchange of digital evidence between sovereign nations and is intended to elicit constructive discussions regarding digital evidence.

Part IX: Appendixes

Five appendixes provide additional resources that are available for computer forensics. Appendix A is a list of frequently asked questions. Appendix B is a list of computer forensic resources. Appendix C contains links to computer forensics and related law enforcement Web pages. Appendix D contains more computer forensics case studies. Appendix E lists the CD ROM contents. The book ends with a glossary of computer forensics and information-warfare-related terms.