When forensic investigations involve digital activity, the proper handling of media evidence is critical. Digital forensic investigators acquire, preserve, and manage digital evidence to support civil and criminal cases, examine policy violations, resolve disputes, and analyze cyber attacks.
“Practical Forensic Imaging” ($49.95, 320 pages), a new book from No Starch Press, takes a detailed look at how to use open source command line tools to secure and manage digital evidence—something that is becoming increasingly important with the growth of private sector forensic labs. This is the first book to focus entirely on the forensic acquisition of modern storage media, making it an incomparable resource for digital forensics professionals.
In “Practical Forensic Imaging” (http://tinyurl.com/zkw5bqb), cybercrime and digital forensics expert Bruce Nikkel guides readers through the entire forensic acquisition process, providing practical scenarios that show, step-by-step, how to use Linux-based tools to acquire and manage forensic images from a wide range of storage media technologies. Readers learn how to:
° Image hard disks, SSDs and flash drives, optical disks, magnetic tapes, and legacy technologies;
° Protect evidence media with forensic write-blocking technologies;
° Preserve evidence with cryptographic hashing, signatures, and timestamps;
° Acquire images from protected drives, RAIDs, VMs, and damaged media;
° Manage large forensic image files, image formats, and lab storage capacity;
° Securely transfer, store, and dispose of forensic images
Nikkel is the director of Cyber-Crime / IT Investigation & Forensics at a global financial institution where he has managed the IT forensics unit since 2005. He is an editor for “Digital Investigation” and has published research in the digital forensics field. Nikkel holds a PhD in network forensics.