Official (ISC)2 Guide to the CCFP CBK

Official (ISC)2 Guide to the CCFP CBK

  • ただいまウェブストアではご注文を受け付けておりません。 ⇒古書を探す
  • 製本 Hardcover:ハードカバー版/ページ数 946 p.
  • 言語 ENG
  • 商品コード 9781482262476
  • DDC分類 004

Full Description


Cyber forensic knowledge requirements have expanded and evolved just as fast as the nature of digital information has-requiring cyber forensics professionals to understand far more than just hard drive intrusion analysis. The Certified Cyber Forensics Professional (CCFPSM) designation ensures that certification holders possess the necessary breadth, depth of knowledge, and analytical skills needed to address modern cyber forensics challenges. Official (ISC)2(R) Guide to the CCFP(R) CBK(R) supplies an authoritative review of the key concepts and requirements of the Certified Cyber Forensics Professional (CCFP(R)) Common Body of Knowledge (CBK(R)). Encompassing all of the knowledge elements needed to demonstrate competency in cyber forensics, it covers the six domains: Legal and Ethical Principles, Investigations, Forensic Science, Digital Forensics, Application Forensics, and Hybrid and Emerging Technologies.Compiled by leading digital forensics experts from around the world, the book provides the practical understanding in forensics techniques and procedures, standards of practice, and legal and ethical principles required to ensure accurate, complete, and reliable digital evidence that is admissible in a court of law. This official guide supplies a global perspective of key topics within the cyber forensics field, including chain of custody, evidence analysis, network forensics, and cloud forensics. It also explains how to apply forensics techniques to other information security disciplines, such as e-discovery, malware analysis, or incident response. Utilize this book as your fundamental study tool for achieving the CCFP certification the first time around. Beyond that, it will serve as a reliable resource for cyber forensics knowledge throughout your career.

Contents

Domain 1Evidence and its Characteristics Cyber Forensics Digital Evidence The Investigative Process Use of Evidence in Legal Proceedings Authenticity and Reliability Terms to Know Points to Ponder References Chain of Custody Initiating a Chain of Custody Logging and Tracking Evidence Marking, Securing, and Protecting Evidence Computers and Laptops Removable Media Cell Phones and Other Electronic Devices Storing Evidence Transferring Evidence within an Agency Transferring Evidence to Another Agency Rules of Procedure Roles and Responsibilities of Investigators Roles and Responsibilities of Forensic Examiners Roles and Responsibilities of Experts Admissibility of Evidence Terms to Know Points to Ponder Role of the Expert Witness Types of Witnesses The Rules of Expert Testimony Expert Testimony Standards and Key Court Cases Qualifying as an Expert in Court Expert Roles Scientific Conclusions, Opinions and Recommendations Bearing, Demeanor, and Appearance Correcting Testimony Depositions Legal Terms to Know Codes of Ethics Demystifying the Code of Ethics Ethical Decision Making The Need for Ethics in Digital Forensics The Training of Ethics in Digital Forensics The Regulation of Ethics in Digital Forensics The Privacy and Confidentiality Issues of Digital Forensics Work-Product Doctrine Attorney-Client Privilege and Confidentiality The Special Obligations of Litigation Support in Digital Forensics The Legality of Investigation Techniques in Digital Forensics Ethics (ISC)2 Code of Ethics AAFS Code of Ethics ISFCE Code of Ethics and Professional Responsibility Points to Ponder Endnotes Domain 1: Review Questions Domain 2: Investigations The Investigative Process The Investigation Process Addressing the Complaint Case Preparation Phase Routine Investigative Activities: A Jumping-Off Point for Any Investigation The Perishable Nature of Data Team Effort Seeking Out Sources of Data Let the Experts Do It Putting It All Together Follow-Up References Evidence Management Evidence Issues Evidence Preservation Tracking Evidence Disposing of Evidence Points to Ponder For Further Thought References Criminal Investigations Criminal versus Civil Actions Launching a Criminal Investigation Elements of a Crime What is a Crime? Points to Ponder For Further Thought References Civil Investigations Civil Investigator Civil versus Criminal Methods, Privileges, and Limitations of Civil Investigators Nature of Litigants Torts Burden of Proof Points to Ponder References Administrative Investigations A Definition of Administrative Investigations Employee Misbehavior and Corruption The Role of the Inspector General Evidence Found in Workplace Technology Confidentiality Points to Ponder References Forensic Response to Security Incidents Implementing an Incident Response Plan Ensuring Business Continuity Understanding and Limiting Liability Avoiding Legal Issues Attaining Certification Points to Ponder Electronic Discovery Defining Discovery Understanding Spoliation Noting Changes in E-Discovery Law Limiting Scope of Discovery Choosing Forensic or Non-Forensic E-Discovery Forensic E-Discovery Non-Forensic E-Discovery Following an E-Discovery Standard Reviewing Liability Points to Ponder Intellectual Property Investigations Intellectual Property Investigations Types of Intellectual Property Investigation Steps Potential Criminal Action Liability Points to Ponder Domain 2: Review Questions Domain 3: Forensic Science Fundamental Principles Introduction to Forensic Science Locard's Principle of Transference The Inman-Rudin Paradigm The Philosophy of Science The Scientific Method The Characteristics of Forensic Science References Forensic Science Processes The Purpose of Forensic Examination Identification The Digital Evidence Categorization Model Individualization/Classification Association Reconstruction Relational Analysis Functional Analysis Temporal Analysis References Forensic Analysis and Examination Documentation and Case Notes Examination/Investigation Goals Hypothesis Formulation/Criteria Experimental Design and Tool Selection Examination Plan Execution Results Review and Evaluation Conclusion and Opinion Formulation Points to Ponder For Further Thought Report Writing and Presentation Rational for Reporting Preparing for the Reporting Phase Designing Your Report Incorporation of Examination Results in the Report Conclusions and Opinions Clarity and Scientific Accuracy Report/Presentation appropriate to the Audience and Venue Points to Ponder For Further Thought Quality Assurance in Forensic Science Introduction Quality, Quality Control, and Quality Assurance Quality Assurance Practices in Digital Forensics General Quality Assurance in the Digital Forensic Process Quality Assurance Practices with Regards Laboratory Software Quality Assurance Practices Regarding Laboratory Hardware Forensic Practitioner Certification and Licensing Formal Laboratory Accreditation Programs Issues with Quality Assurance in Forensic Science References Domain 3: Review Questions Domain 4: Digital Forensics Media and File System Forensics Locations where Evidence May Reside Storage Media Hardware, Firmware, Interfaces Disk Geometry and Partitioning Disk Geometry Disks, Volumes, and Partitions DOS Partitions Dynamic Disks and RAID Systems RAID Implementation File Systems NTFS File System MFT Concepts MFT Entry Attributes MFT Entry's Internal Structure MFT's Index Attributes for Directories MFT's $DATA Attribute NTFS File System Forensics File Metadata Encrypted Drive Corrupted/Damaged Media Media/File System Forensic Process Steps Points to Ponder References Computer and Operating System Forensics Technical Background Live Forensics Operating Systems References Network Forensics Network Forensics TCP/IP Points to Ponder For Further Thought References Mobile Device Forensics Evidence Collection and Preservation Types of Mobile Devices GPS Devices Cell Phones/Tablets Vendor Identification Carrier Identification Network Identification/Classification Physical Characteristics of a Cell Phone Smart Phones vs. Feature Phones Examination Preparation Tools Tool Classification Processing and Examination Verification Reporting References Embedded Device Forensics Technical Background Types of Devices Multimedia and Content Forensics Introduction to Multimedia Evidence The Role of Multimedia Evidence in Investigations Multimedia File Formats Embedded Multimedia Steganography References Virtual System Forensics Types of Virtual Machines Types of Virtual Machines Products VMWare Workstation VMWare Fusion Virtual PC Parallels VirtualBox Virtualization Forensics Forensic Techniques and Tools Getting Started Points to Ponder For Further Thought References Anti-Forensic Techniques and Tools Hiding Techniques Encryption Steganography Packing Destruction Techniques and Tools Spoofing References Points to Ponder Domain 4: Review Questions Domain 5: Application Forensics Software Forensics File Formats Internal File Metadata Traces of Execution HKLM\Software Software Analysis Points to Ponder For Further Thought Web, Email, and Messaging Forensics Web Forensics How the Internet Works Email Forensics Messaging Forensics Database Forensics The Need for Data Points to Ponder References Malware Forensics Introduction to Malware Types of Malware Malware Analysis Points to Ponder References Domain 5: Review Questions Domain 6: Hybrid and Emerging Technologies Cloud Forensics Cloud Computing The Five Essential Characteristics of Cloud Computing Types of Cloud Service Models Types of Cloud Deployment Models Service Level Agreements Cloud Forensics Dimensions of Cloud Forensics Challenges for Forensic Investigators Jurisdictional Issues References Social Networks Types and Applications of Social Networks Evidentiary Basis of Social Media Location of Social Networking Information Third Party Doctrine The Big Data Paradigm Digital Surveillance Technology (DST) Points to Ponder References Control Systems Control Systems SCADA Distributed Control System Forensics on Control Systems References Points to Ponder For Further Thought Critical Infrastructure Critical Infrastructure Critical Infrastructure and SCADA Critical Infrastructure at the Organizational Level IT and Communications Sectors Transmission Line Redundancy Digital Threat Detection, Prevention, and Mitigation Computer Forensics and Critical Infrastructure Points to Ponder References Online Gaming and Virtual/Augmented Reality Online Gaming Virtual Reality Augmented Reality vs. Virtual Reality Augmented Reality Uses of Augmented Reality Social Challenges of Augmented Reality Points to Ponder For Further Thought Domain 6: Review Questions Appendix A: Answers to Domain Review Questions Index