First Responders Guide to Computer Forensics: Advanced Topics

Abstract

This handbook expands on the technical material presented in SEI handbook CMU/SEI-2005-HB-001, First Responders Guide to Computer Forensics. While the latter presented techniques for forensically sound collection of data and explained the fundamentals of admissibility pertaining to electronic files, this handbook covers more advanced technical operations such as process characterization and spoofed email. It describes advanced methodologies, tools, and procedures for applying computer forensics when performing routine log file reviews, network alert verifications, and other routine interactions with systems and networks. The material will help system and network professionals to safely preserve technical information related to network alerts and other security issues