- Full Description
In the second edition of this very successful book, Tony Sammes and Brian Jenkinson show how information held in computer systems can be recovered and how it may be deliberately hidden or subverted for criminal purposes. 'Forensic Computing: A Practitioner's Guide' is illustrated by plenty of case studies and worked examples, and will help practitioners and students gain a clear understanding of: - how to recover information from computer systems in such a way as to ensure that its integrity cannot be challenged and that it will be accepted as admissible evidence in court the principles involved in password protection and data encryption - the evaluation procedures used in circumventing these safeguards - the particular legal issues associated with computer-generated evidence and how to ensure admissibility of such evidence. This edition is fully expanded and updated with treatment of metadata files, NFTS systems, CHS and LBA addressing, and alternate data streams.
- Table of Contents
Table of Contents
- Forensic Computing.
- Understanding Information.
- IT Systems Concepts.
- PC Hardware and Inside the Box.
- Disk Geometry.
- The New Technology File System.
- The Treatment of PCs.
- The Treatment of Electronic Organisers.
- Looking ahead (just a little bit more).
- Appendices: Common Character Codes; Some Common File Format Signatures; A Typical Set of POST Codes; Typical BIOS Beep Codes and Error Messages; Disk Partition Table Types; Extended Partitions; Registers and Order Code for the INtel 8086; NFTS Boot Sector and BIOS Parameter Block; MFT Header and Attribute Maps; The Relationship between CHS and LBA Addressing; Alternate Data Streams
- a Brief Explanation.