Want to know what computer forensics examiners really do? This book is intended to cover the essential basics of computer forensics, and it is especially designed for those new to the field. Many new stories and television shows highlight the role of forensics investigators in solving cases. It all seems so exciting, doesn't it? Computer forensics is really not that different from what we see on TV. It's quite a bit less glamorous, but similar in nature. To be honest, all forensics examiners lead lives that are a little less glamorous than what TV tells us.
After a crime or incident has occurred that involves a computer, a specialist trained in computer forensics can examine the computer to find clues as to what happened . That is the role of the computer forensics examiner . The specialist could work with law enforcement (LE) or with a corporate incident response team. Although the rules governing each activity can be dramatically different, the approach to the investigation is roughly the same.
This book covers the field of computer forensics, including the basic elements, concepts, tools, and common activities that will prepare you with a solid under- standing of the field. You will be able to participate in investigations and under- stand the process of finding, collecting, and analyzing evidence. Although this book is not a definitive training guide for specific forensic tools, you will learn how to perform the most common tasks that you will encounter in an investigation.
The world's heightened awareness of security since the attacks of September 11, 2001, has also provided more nontechnical people with a view of security issues that were previously discussed only in security specialist circles. Computers play a central role in all activities, both legal and illegal. The material in this book can be applied to both criminal investigations and incident response activities. You don't have to be a member of law enforcement to benefit from the material presented here. Nontechnical people can also benefit from this book in that it covers the basic approach computer examiners take in an investigation.
If you like the comprehensive introduction to computer forensics we present in this book, you can pursue the topic further in several ways. Most major forensic tools vendors offer their own training on their products and their use in investigations. See Chapter 8, 'Common Forensics Tools,' and Appendix D, 'Forensics Tools,' for more information. Appendix B, 'Forensics Resources,' contains many references to where you can get more information. If you decide to pursue computer forensic certification, Appendix C, 'Forensics Certifications,' provides a list of common certifications and contact information for each. If your job involves computer investigations, this book can help you expand your knowledge and abilities . Keep it handy as a resource as you acquire more experience and knowledge. And good luck with your pursuit!