Learn the workflows professionals use to triage systems, uncover hidden activity, recover deleted evidence, crack encrypted containers, analyze Windows memory, and detect tampering using realistic hands-on forensic datasets.
Key Features:
- Master field-tested workflows for triage, acquisition, and cross-platform analysis
- Uncover hidden activity, recover evidence, defeat encryption, and detect tampering
- Build hands-on investigation skills using realistic datasets across major platforms
- Purchase of the print or Kindle book includes a free PDF ebook
Book Description:
Modern investigations and incident response efforts live and die by digital evidence. Digital Forensics Cookbook uses realistic datasets and practical workflows drawn from real investigations to uncover the truth hidden inside computers, mobile devices, and online accounts.
Rather than focusing on theory alone, this book moves you through the investigative process from triage and acquisition to artifact analysis, memory forensics, encryption challenges, malware triage, and detecting anti-forensic behavior. Along the way, you'll perform remote artifact collection, analyze evidence across Windows, macOS, Linux, iOS, and Android systems, investigate cloud-synced accounts, recover deleted data, manually carve evidence when tools fail, and identify attempts to hide or manipulate data.
As you progress through the book, you'll learn how to write and apply regular expressions and SQLite queries, build system timelines, baseline systems, automate analysis, verify findings across independent sources, generate custom password dictionaries to crack encrypted containers, detect metadata tampering designed to mislead investigators, and analyze Windows memory. By the end, you won't just know how to run forensic tools; you'll understand how investigators think, enabling you to turn scattered digital traces into clear, defensible conclusions.
What You Will Learn:
- Perform triage and acquire evidence during live investigations
- Collect artifacts remotely using incident response workflows
- Analyze evidence across Windows, macOS, Linux, iOS, and Android
- Recover deleted data and manually carve evidence when tools fail
- Crack encrypted containers using custom password dictionaries
- Use regex and SQLite queries to uncover hidden investigative clues
- Detect anti-forensic techniques and metadata tampering
- Analyze Windows memory using Volatility to uncover live artifacts
Who this book is for:
This book is for digital forensic investigators, incident responders, and security professionals who want to build practical investigation skills using real-world workflows and realistic datasets. It's also ideal for students and analysts entering the field who want hands-on experience recovering evidence, analyzing artifacts, and thinking like an investigator.
Table of Contents
- Targeted On-Scene Triage
- Network Intrusion Response and Remote Triage
- Physical and Cloud-Based Evidence Acquisition
- Microsoft Windows
- Apple macOS and Linux
- Apple iOS and Android
- Analysis Automation
- User Artifacts
- Manual Analysis and Techniques
- Overcoming Anti-Forensics
- Memory Forensics
外文書商品之書封,為出版社提供之樣本。實際出貨商品,以出版社所提供之現有版本為主。部份書籍,因出版社供應狀況特殊,匯率將依實際狀況做調整。
無庫存之商品,在您完成訂單程序之後,將以空運的方式為你下單調貨。為了縮短等待的時間,建議您將外文書與其他商品分開下單,以獲得最快的取貨速度,平均調貨時間為1~2個月。
為了保護您的權益,「三民網路書店」提供會員七日商品鑑賞期(收到商品為起始日)。
若要辦理退貨,請在商品鑑賞期內寄回,且商品必須是全新狀態與完整包裝(商品、附件、發票、隨貨贈品等)否則恕不接受退貨。
