Official (ISC)2 Guide to the CCFP CBK

Official (ISC)2 Guide to the CCFP CBK

  • ただいまウェブストアではご注文を受け付けておりません。 ⇒古書を探す
  • 製本 Hardcover:ハードカバー版/ページ数 946 p.
  • 言語 ENG
  • 商品コード 9781482262476
  • DDC分類 004

Full Description


Cyber forensic knowledge requirements have expanded and evolved just as fast as the nature of digital information has-requiring cyber forensics professionals to understand far more than just hard drive intrusion analysis. The Certified Cyber Forensics Professional (CCFPSM) designation ensures that certification holders possess the necessary breadth, depth of knowledge, and analytical skills needed to address modern cyber forensics challenges. Official (ISC)2(R) Guide to the CCFP(R) CBK(R) supplies an authoritative review of the key concepts and requirements of the Certified Cyber Forensics Professional (CCFP(R)) Common Body of Knowledge (CBK(R)). Encompassing all of the knowledge elements needed to demonstrate competency in cyber forensics, it covers the six domains: Legal and Ethical Principles, Investigations, Forensic Science, Digital Forensics, Application Forensics, and Hybrid and Emerging Technologies.Compiled by leading digital forensics experts from around the world, the book provides the practical understanding in forensics techniques and procedures, standards of practice, and legal and ethical principles required to ensure accurate, complete, and reliable digital evidence that is admissible in a court of law. This official guide supplies a global perspective of key topics within the cyber forensics field, including chain of custody, evidence analysis, network forensics, and cloud forensics. It also explains how to apply forensics techniques to other information security disciplines, such as e-discovery, malware analysis, or incident response. Utilize this book as your fundamental study tool for achieving the CCFP certification the first time around. Beyond that, it will serve as a reliable resource for cyber forensics knowledge throughout your career.

Table of Contents

Foreword                                           xvii
Introduction xxi
Authors xxvii
Editors xxxiii
Contributors xxxvii
Domain 1 Legal and Ethical Principles 1 (128)
References 7 (2)
Chapter 1 The Nature of Evidence and its 9 (18)
Characteristics
Cyber Forensics 12 (10)
Digital Evidence 14 (1)
The Investigative Process 15 (3)
Use of Evidence in Legal Proceedings 18 (1)
Authenticity and Reliability 19 (3)
Terms to Know 22 (1)
Points to Ponder 23 (1)
References 24 (3)
Chapter 2 Chain of Custody 27 (16)
Initiating a Chain of Custody 30 (1)
Logging and Tracking Evidence 31 (2)
Marking, Securing, and Protecting Evidence 33 (4)
Computers and Laptops 34 (1)
Removable Media 34 (1)
Cell Phones and Other Electronic Devices 35 (2)
Storing Evidence 37 (1)
Transferring Evidence within an Agency 38 (1)
Transferring Evidence to Another Agency 39 (2)
Points to Ponder 41 (2)
Chapter 3 Rules of Procedure 43 (20)
Roles and Responsibilities of Investigators 46 (3)
Roles and Responsibilities of Forensic 49 (3)
Examiners
Roles and Responsibilities of Experts 52 (1)
Rules of Procedure and Rules of Evidence 52 (1)
Types of Witnesses 53 (7)
The Rules of Expert Testimony 54 (2)
Admissibility of Evidence 56 (4)
Terms to Know 60 (1)
Points to Ponder 61 (2)
Chapter 4 Role of the Expert Witness 63 (16)
Scientific and Technical Evidence and the 66 (8)
Problem "Junk Science"
Expert Testimony Standards and Key Court 66 (4)
Cases
Qualifying as an Expert in Court 70 (1)
Expert Roles 70 (1)
Scientific Conclusions, Opinions and 71 (1)
Recommendations
Bearing, Demeanor, and Appearance 72 (1)
Correcting Testimony 72 (1)
Depositions 72 (2)
Legal Terms to Know 74 (2)
Points to Ponder 76 (1)
References 77 (2)
Chapter 5 Codes of Ethics 79 (44)
Demystifying the Code of Ethics 86 (1)
Ethical Decision Making 87 (1)
The Need for Ethics in Digital Forensics 88 (51)
The Training of Ethics in Digital Forensics 139
The Regulation of Ethics in Digital 90 (1)
Forensics
The Privacy and Confidentiality Issues of 91 (3)
Digital Forensics
Work-Product Doctrine 91 (1)
Attorney-Client Privilege and 92 (2)
Confidentiality
The Special Obligations of Litigation 94 (3)
Support in Digital Forensics
The Legality of Investigation Techniques in 97 (2)
Digital Forensics
Ethics 99 (6)
(ISC)イ Code of Ethics 99 (2)
AAFS Code of Ethics 101 (1)
ISFCE Code of Ethics and Professional 101 (4)
Responsibility
Points to Ponder 105 (1)
Endnotes 106 (17)
Domain 1 Review Questions 123 (6)
Domain 2 Investigations 129 (164)
Chapter 6 The Investigative Process 135 (34)
The Investigation Process 142 (24)
Addressing the Complaint 142 (4)
Case Preparation Phase 146 (2)
Routine Investigative Activities: A 148 (2)
Jumping-Off Point for Any Investigation
The Perishable Nature of Data 150 (2)
Team Effort 152 (4)
Seeking Out Sources of Data 156 (4)
Let the Experts Do It 160 (2)
Putting It All Together 162 (1)
Follow-Up 163 (3)
References 166 (3)
Chapter 7 Evidence Management 169 (14)
Evidence Issues 172 (8)
Evidence Preservation 174 (2)
Tracking Evidence 176 (1)
Disposing of Evidence 177 (3)
Points to Ponder 180 (1)
For Further Thought 180 (1)
References 181 (2)
Chapter 8 Criminal Investigations 183 (12)
Criminal versus Civil Actions 186 (6)
Launching a Criminal Investigation 186 (2)
Elements of a Crime 188 (1)
What is a Crime? 189 (3)
Points to Ponder 192 (1)
For Further Thought 192 (1)
References 193 (2)
Chapter 9 Civil Investigations 195 (20)
Civil Investigator 198 (2)
Civil versus Criminal 200 (11)
Methods, Privileges, and Limitations of 201 (3)
Civil Investigators
Nature of Litigants 204 (2)
Torts and Delicts 206 (2)
Burden of Proof 208 (3)
Points to Ponder 211 (1)
References 212 (3)
Chapter 10 Administrative Investigations 215 (22)
A Definition of Administrative 222 (11)
Investigations
Employee Misbehavior and Corruption 223 (1)
The Role of the Inspector General 224 (1)
Evidence Found in Workplace Technology 225 (5)
Confidentiality 230 (3)
Points to Ponder 233 (1)
References 234 (3)
Chapter 11 Forensic Response to Security 237 (20)
Incidents
Implementing an Incident Response Plan 242 (2)
Ensuring Business Continuity 244 (10)
Understanding and Limiting Liability 247 (2)
Avoiding Legal Issues 249 (2)
Attaining Certification 251 (3)
Points to Ponder 254 (3)
Chapter 12 Electronic Discovery 257 (14)
Defining Discovery 260 (1)
Understanding Spoliation 261 (1)
Noting Changes in E-Discovery Law 262 (1)
Limiting Scope of Discovery 263 (1)
Choosing Forensic or Non-Forensic 264 (1)
E-Discovery
Forensic E-Discovery 264 (1)
Non-Forensic E-Discovery 265 (1)
Following an E-Discovery Standard 265 (2)
Reviewing Liability 267 (2)
Points to Ponder 269 (2)
Chapter 13 Intellectual Property 271 (16)
Investigations
Intellectual Property Investigations 274 (11)
Types of Intellectual Property 274 (3)
Investigation Steps 277 (6)
Potential Criminal Action 283 (1)
Liability 283 (2)
Points to Ponder 285 (2)
Domain 2: Review Questions 287 (6)
Domain 3 Forensic Science 293 (112)
Chapter 14 Fundamental Principles 299 (22)
Introduction to Forensic Science 304 (14)
Locard's Principle of Transference 306 (1)
The Inman-Rudin Paradigm 307 (2)
The Philosophy of Science 309 (2)
The Scientific Method 311 (2)
The Characteristics of Forensic Science 313 (5)
References 318 (3)
Chapter 15 Forensic Science Processes 321 (20)
The Purpose of Forensic Examination 326 (2)
Identification 328 (4)
The Digital Evidence Categorization Model 330 (2)
Individualization/Classification 332 (1)
Association 333 (1)
Reconstruction 334 (5)
Relational Analysis 334 (1)
Functional Analysis 335 (1)
Temporal Analysis 336 (3)
References 339 (2)
Chapter 16 Forensic Analysis and Examination 341 (14)
Documentation and Case Notes 344 (9)
Examination/Investigation Goals 345 (1)
Hypothesis Formulation/Criteria 346 (1)
Experimental Design and Tool Selection 347 (3)
Examination Plan Execution 350 (1)
Results Review and Evaluation 350 (1)
Conclusion and Opinion Formulation 351 (2)
Points to Ponder 353 (1)
For Further Thought 353 (2)
Chapter 17 Report Writing and Presentation 355 (14)
Rational for Reporting 358 (1)
Preparing for the Reporting Phase 358 (1)
Designing Your Report 359 (3)
Incorporation of Examination Results in 362 (2)
the Report
Conclusions and Opinions 364 (1)
Clarity and Scientific Accuracy 365 (1)
Report/Presentation appropriate to the 365 (2)
Audience and Venue
Points to Ponder 367 (2)
For Further Thought 367 (2)
Chapter 18 Quality Assurance in Forensic 369 (30)
Science
Introduction 374 (4)
Quality, Quality Control, and Quality 375 (3)
Assurance
Quality Assurance Practices in Digital 378 (9)
Forensics
General Quality Assurance in the Digital 379 (4)
Forensic Process
Quality Assurance Practices with Regards 383 (1)
Laboratory Software
Quality Assurance Practices Regarding 384 (3)
Laboratory Hardware
Forensic Practitioner Certification and 387 (4)
Licensing
Formal Laboratory Accreditation Programs 389 (2)
Issues with Quality Assurance in Forensic 391 (4)
Science
References 395 (4)
Domain 3: Review Questions 399 (6)
Domain 4 Digital Forensics 405 (232)
Chapter 19 Media and File System Forensics 413 (32)
Locations where Evidence May Reside 416 (2)
Storage Media 416 (1)
Hardware, Firmware, Interfaces 417 (1)
Disk Geometry and Partitioning 418 (10)
Disk Geometry 418 (1)
Disks, Volumes, and Partitions 419 (1)
DOS Partitions 419 (6)
Dynamic Disks and RAID Systems 425 (1)
RAID Implementation 426 (2)
File Systems 428 (7)
NTFS File System 428 (1)
MFT Concepts 429 (1)
MFT Entry Attributes 430 (1)
MFT Entry's Internal Structure 431 (2)
MFT's Index Attributes for Directories 433 (1)
MFT's $DATA Attribute 433 (2)
NTFS File System Forensics 435 (1)
File Metadata 435 (1)
Encrypted Drive 436 (1)
Corrupted/Damaged Media 437 (1)
Media/File System Forensic Process Steps 438 (3)
Points to Ponder 441 (1)
References 442 (3)
Chapter 20 Computer and Operating System 445 (26)
Forensics
Technical Background 448 (1)
Live Forensics 449 (5)
Operating Systems 454 (14)
References 468 (3)
Chapter 21 Network Forensics 471 (26)
Network Forensics 474 (19)
TCP/IP 474 (19)
Points to Ponder 493 (1)
For Further Thought 493 (1)
References 494 (3)
Chapter 22 Mobile Device Forensics 497 (24)
Evidence Collection and Preservation 502 (2)
Types of Mobile Devices 504 (6)
GPS Devices 504 (1)
Cell Phones/Tablets 504 (1)
Vendor Identification 504 (1)
Carrier Identification 505 (1)
Network Identification/Classification 506 (2)
Physical Characteristics of a Cell Phone 508 (1)
Smart Phones vs. Feature Phones 509 (1)
Examination Preparation 510 (1)
Tools 510 (1)
Tool Classification 511 (3)
Processing and Examination 514 (1)
Verification 515 (1)
Reporting 516 (2)
References 518 (3)
Chapter 23 Embedded Device Forensics 521 (14)
Technical Background526 (1)
Types of Devices 527 (8)
Chapter 24 Multimedia and Content Forensics 535 (26)
Introduction to Multimedia Evidence 538 (1)
The Role of Multimedia Evidence in 538 (1)
Investigations
Multimedia File Formats 539 (10)
Embedded Multimedia 549 (2)
Steganography 551 (7)
References 558 (3)
Chapter 25 Virtual System Forensics 561 (20)
Types of Virtual Machines 564 (2)
Types of Virtual Machines 566 (15)
Products 566 (2)
VMWare Workstation 568 (6)
VMWare Fusion 574 (1)
Virtual PC 575 (1)
Parallels 576 (1)
VirtualBox 576 (2)
Virtualization Forensics 578 (3)
Chapter 26 Forensic Techniques and Tools 581 (28)
Getting Started 586 (19)
Points to Ponder 605 (1)
For Further Thought 605 (1)
References 606 (3)
Chapter 27 Anti-Forensic Techniques and Tools 609 (22)
Hiding Techniques 614 (15)
Encryption 614 (2)
Steganography 616 (3)
Packing 619 (2)
Destruction Techniques and Tools 621 (3)
Spoofing 624 (5)
References 629 (1)
Points to Ponder 629 (2)
Domain 4: Review Questions 631 (6)
Domain 5 Application Forensics 637 (114)
Chapter 28 Software Forensics 643 (24)
File Formats 648 (3)
Internal File Metadata 651 (3)
Traces of Execution 654 (3)
HKLM\Software 657 (3)
Software Analysis 660 (5)
Points to Ponder 665 (1)
For Further Thought 665 (2)
Chapter 29 Web, Email, and Messaging Forensics 667 (20)
Web Forensics 670 (2)
How the Internet Works 670 (2)
Email Forensics 672 (10)
Messaging Forensics 682 (5)
Chapter 30 Database Forensics 687 (24)
The Need for Data 692 (14)
Points to Ponder 706 (1)
References 707 (4)
Chapter 31 Malware Forensics 711 (34)
Introduction to Malware 716 (3)
Types of Malware 719 (16)
Malware Analysis 735 (5)
Points to Ponder 740 (3)
References 743 (2)
Domain 5: Review Questions 745 (6)
Domain 6 Hybrid and Emerging Technologies 751 (150)
Chapter 32 Cloud Forensics 759 (24)
Cloud Computing 764 (3)
The Five Essential Characteristics of 764 (1)
Cloud Computing
Types of Cloud Service Models 765 (1)
Types of Cloud Deployment Models 766 (1)
Service Level Agreements 767 (1)
Cloud Forensics 767 (14)
Dimensions of Cloud Forensics 770 (4)
Challenges for Forensic Investigators 774 (3)
Jurisdictional Issues 777 (4)
References 781 (2)
Chapter 33 Social Networks 783 (20)
Types and Applications of Social Networks 786 (17)
Evidentiary Basis of Social Media 788 (1)
Location of Social Networking Information 789 (7)
Third Party Doctrine 796 (7)
Chapter 34 The Big Data Paradigm 803 (28)
Digital Surveillance Technology (DST) 808 (17)
Points to Ponder 825 (1)
References 826 (5)
Chapter 35 Control Systems 831 (18)
Control Systems 834 (1)
SCADA 835 (7)
Distributed Control System 842 (1)
Forensics on Control Systems 843 (4)
References 847 (1)
Points to Ponder 847 (1)
For Further Thought 847 (2)
Chapter 36 Critical Infrastructure 849 (24)
Critical Infrastructure 852 (16)
Critical Infrastructure and SCADA 856 (2)
Critical Infrastructure at the 858 (1)
Organizational Level
IT and Communications Sectors 858 (1)
Transmission Line Redundancy 859 (2)
Digital Threat Detection, Prevention, and 861 (2)
Mitigation
Computer Forensics and Critical 863 (5)
Infrastructure
Points to Ponder 868 (1)
References 869 (4)
Chapter 37 Online Gaming and 873 (22)
Virtual/Augmented Reality
Online Gaming 876 (1)
Virtual Reality 877 (2)
Augmented Reality vs. Virtual Reality 879 (1)
Augmented Reality 879 (13)
Uses of Augmented Reality 884 (5)
Social Challenges of Augmented Reality 889 (3)
Points to Ponder 892 (1)
For Further Thought 892 (3)
Domain 6: Review Questions 895 (6)
Answers to Domain Review Questions 901 (34)
Index 935