Table of Contents

Cover image

Title page

Copyright

About the Authors

Acknowledgments

Cory Altheide

Harlan Carvey

Introduction

Intended Audience

Layout of the Book

What is not Covered

Chapter 1. Digital Forensics with Open Source Tools

Welcome to “Digital Forensics with Open Source Tools”

What is “Digital Forensics?”

What is “Open Source?”

Benefits of Open Source Tools

Summary

References

Chapter 2. Open Source Examination Platform

Preparing the Examination System

Using Linux as the Host

Using Windows as the Host

Summary

References

Chapter 3. Disk and File System Analysis

Media Analysis Concepts

The Sleuth Kit

Partitioning and Disk Layouts

Special Containers

Hashing

Carving

Forensic Imaging

Summary

References

Chapter 4. Windows Systems and Artifacts

Introduction

Windows File Systems

Registry

Event Logs

Prefetch Files

Shortcut Files

Windows Executables

Summary

References

Chapter 5. Linux Systems and Artifacts

Introduction

Linux File Systems

Linux Boot Process and Services

Linux System Organization and Artifacts

User Accounts

Home Directories

Logs

Scheduling Tasks

Summary

References

Chapter 6. Mac OS X Systems and Artifacts

Introduction

OS X File System Artifacts

OS X System Artifacts

User Artifacts

Summary

References

Chapter 7. Internet Artifacts

Introduction

Browser Artifacts

Mail Artifacts

Summary

References

Chapter 8. File Analysis

File Analysis Concepts

Images

Audio

Video

Archives

Documents

Summary

References

Chapter 9. Automating Analysis and Extending Capabilities

Introduction

Graphical Investigation Environments

Automating Artifact Extraction

Timelines

Summary

References

Appendix A. Free, Non-open Tools of Note

Introduction

Chapter 3: Disk and File System Analysis

Chapter 4: Windows Systems and Artifacts

Chapter 7: Internet Artifacts

Chapter 8: File Analysis

Chapter 9: Automating Analysis and Extending Capabilities

Validation and Testing Resources

Index