Cyber Forensics: From Data to Digital Evidence

As a cyber forensic investigator, simply pressing buttons or ticking off options on forensic software—without understanding what is happening behind the scenes—creates a gaping hole in your company's infosecurity. Painting a broad picture of the field, Cyber Forensics provides you with the specific knowledge you need to not only find key data in forensic investigations but also speak confidently about the validity of the data identified, accessed, and analyzed as part of a comprehensive cyber forensic investigation.

Authors Albert Marcella and Frederic Guillossou—both forensic and IT specialists—begin by explaining the origins of data. From there, the authors address concepts related to data storage, boot records, partitions, volumes, and file systems, and how each of these is interrelated and essential in a cyber forensic investigation. They then analyze the roles these concepts play in an investigation and what type of evidential data may be identified within each of these areas.

Providing a thorough foundation to this emerging field, this step-by-step reference covers:

• Converting binary to decimal
• The power of HEX
• Forensics and encrypted files
• Master Boot Record (MBR)
• Volume versus Partition
• FAT filing system limitations
• New technology file system
• Forensic Investigative Smart Practices
• MS-DOS 32-bit time stamp: date and time
• Characteristics of a good cyber forensic report
• A cyber forensic process summary

Ronelle Sawyer and Jose McCarthy—two fictional characters—are used throughout the book to illuminate specific IT and cyber forensic concepts and discuss critical cyber forensic processes. Their activities and actions bring cyber forensic concepts to life by providing you with specific examples of the applications. Cyber Forensics also examines Endianness and time—two important yet often overlooked topics—that drastically impact almost every cyber-based investigation.

Progressing logically from data to digital evidence, Cyber Forensics provides you with the most comprehensive examination and discussion of the science of cyber forensic investigations, what is happening behind the scenes to data and why, what to look for, and where to find it, so you can conduct cyber forensic investigations with a better understanding of the technologies involved.

About the Authors

Albert J. Marcella Jr., PhD, CISA, CISM is president of Business Automation Consultants, LLC, a global information technology and management-consulting firm providing information technology (IT) management consulting and IT audit and security reviews and training for an international clientele.

Dr. Marcella is an internationally recognized public speaker, researcher, author, and workshop and seminar leader with more than 34 years of experience in IT audit, security, and assessing internal controls. An author of numerous articles and 26 books on various IT-, audit-, and security-related subjects, Dr. Marcella's work has appeared in the ISACA Journal, Disaster Recovery Journal, Journal of Forensic & Investigative Accounting, EDPACS, ISSA Journal, Continuity Insights, The Journal of Applied Business Research, and Internal Auditor Magazine.

Dr. Marcella is the Institute of Internal Auditors Leon R. Radde Educator of the Year (2000) Award recipient. Dr. Marcella has taught IT audit seminar courses for the Institute of Internal Auditors (IIA), and continues to teach a variety of IT and IT audit related programs for the Information Systems Audit and Control Association (ISACA).

Frederic Guillossou, MA, CISSP, CCE has more than eight years' experience working in the Information Security field, including private and corporate sectors. His security experience includes incident response, digital forensics, project management, network security, IPS management, and anti-malware.

Mr. Guillossou has worked in the information security field for a financial institution for much of his career and has familiarized himself with regulatory standards such as PCI, ISO 27001, NIST, SOX, and SEC. He worked closely with in- and outside counsel, fraud investigators, human resource departments, and auditors.

During his career, Mr. Guillossou has investigated the loss of intellectual property, labor/human resource issues, and other internal investigations.