Learn to pull ?digital fingerprints? from alternate data storage (ADS) devices including: iPod, Xbox, digital cameras and more from the cyber sleuths who train the Secret Service, FBI, and Department of Defense in bleeding edge digital forensics techniques. This book sets a new forensic methodology standard for investigators to use. This book begins by describing how alternate data storage devices are used to both move and hide data. From here a series of case studies using bleeding edge forensic analysis tools demonstrate to readers how to perform forensic investigations on a variety of ADS devices including: Apple iPods, Digital Video Recorders, Cameras, Gaming Consoles (Xbox, PS2, and PSP), Bluetooth devices, and more using state of the art tools. Finally, the book takes a look into the future at ?not yet every day? devices which will soon be common repositories for hiding and moving data for both legitimate and illegitimate purposes.

At a conference, I had a conversation with a federal agent about a child pornography case that he had worked on. He and his colleagues had raided the suspect's home as usual, but noticed that the suspect was strangely unalarmed and even smirking as the agents copied all the data from his computers. He continuously proclaimed his innocence. The agent remembered a presentation I had given about iPods being used to store data and noticed that the suspect had an iPod on his desk. According to the warrant served on the suspect, the agents were permitted to seize all electronic equipment capable of storing data. The agent picked up the iPod, and suddenly the suspect's demeanor and attitude changed-he turned pale and became agitated. Before the raid was finished, the suspect had confessed that he routinely erased his computers' hard drives after transferring all of his child pornography photographs to his iPod. The evidence resulted in a conviction.

Chapter 1 Digital Forensics and Analyzing Data

Introduction

The Evolution of Computer Forensics

Phases of Digital Forensics

 Collection

Preparation

Difficulties When Collecting

Evidence from Nontraditional Devices

Hardware Documentation Difficulties

Difficulties When Collecting

Data from Raid Arrays, SAN, and NAS Devices

Difficulties When Collecting

Data from Virtual Machines

Difficulties When Conducting

Memory Acquisition and Analysis

 Examination

Utility of Hash Sets

Difficulties Associated with

Examining a System with Full Disk Encryption

Alternative Forensic Processes

 Analysis

Analysis of a Single Computer

Analysis of an Enterprise Event

Tools for Data Analysis

 Reporting

Summary

References

Solutions Fast Track

Frequently Asked Questions

Chapter 2 Seizure of Digital Information

Chapter 3 Introduction to Handheld Forensics

Chapter 4 PDA,Blackberry,and iPod Forensic Anlysis

Chapter 5 E-mail Forensics

Chapter 6 Router Forensics

Chapter 7 Legal Issues of Intercepting WiFi Transmissions

Chapter 8 CD and DVD Forensics

Chapter 9 MP3 Forensics

Index