Guide to Computer Forensics and Investigations 4e

ISBN-13: 9781435498839 / ISBN-10: 1435498836

Bill Nelson, IT Forensics, Inc.
Amelia Phillips, Highline Community College
Christopher Steuart, ITForensics, Inc. and University of Washington
Published by Cengage Learning, ©2010
Available Now

Learners will master the skills necessary to launch and complete a successful computer investigation with the updated fourth edition of this popular book, GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS. This resource guides readers through conducting a high-tech investigation, from acquiring digital evidence to reporting its findings. Updated coverage includes new software and technologies as well as up-to-date reference sections. Learn how to set up a forensics lab, how to acquire the proper and necessary tools, and how to conduct the investigation and subsequent digital analysis. The book features free downloads of the latest forensic software, so readers can become familiar with the tools of the trade.


  • STEP-BY-STEP EXPLANATIONS: Provides explanations on how to use the most popular forensic tools.
  • EXPANDED DISCUSSION ON ETHICS, COMPUTER FORENSICS AND THE LAW: Provides specific guidance on dealing with civil and criminal matters relating to the law and technology.
  • COMPUTER FORENSICS OPERATIONS METHODOLOGIES: Discussions on how to manage a corporate computer forensics operation in today''s business environment.
  • EXTENSIVE LEARNING TOOLS: Review Questions, Hands-On Projects, and Case Projects that allow readers to practice skills they have learned.
  • FREE SOFTWARE: Free software works with running case studies, giving readers the opportunity to test their new skills and tying the content to professional practice. Videos of drive acquisitions and related activities for computer forensics are also included on the DVD.

1: Computer Forensics and Investigation Processes.
2: Understanding Computing Investigations.
3: The Investigator's Office and Laboratory.
4: Data Acquisitions.
5: Processing Crime and Incident Scenes.
6: Working with Windows and DOS Systems.
7: Current Computer Forensics Tools.
8: Macintosh and Linux Boot Processes and File Systems.
9: Computer Forensics Analysis.
10: Recovering Graphics Files.
11: Virtual Machines, Network Forensics, and Live Acquisitions.
12: E-mail Investigations.
13: Cell Phone and Mobile Device Forensics.
14: Report Writing for High-Tech Investigations.
15: Expert Testimony in High-Tech Investigations.
16: Ethics and High-Tech Investigations.
Appendix A: Certification and Testing Processes for Computer Forensics.
Appendix B: ComputerForensics References.
Appendix C: Computer Forensics Lab Configuration.
Appendix D: DOS-Based Computer Forensics Tools.
  • Updated to include Vista.
  • Expanded discussion on Microsoft''s NTFS and MFT.
  • Advance NTFS data carving techniques.
  • Updated tools and applications references for the computing forensics examiner.
  • Updated reference sections for computing forensics resources.
Bill Nelson
Bill Nelson has been a computer forensics examiner for a Fortune 50 company for the past 12 years and has developed high-tech investigation programs for professional organizations and colleges. His previous experience includes AFIS software engineering and reserve police work.

Amelia Phillips
Amelia Phillips graduated from the Massachusetts Institute of Technology with B.S. degrees in Astronautical engineering and Archaeology along with an MBA in Technology Management. She is working on her PhD in Computer Security. After working as an engineer at the Jet Propulsion Lab, she worked with e-commerce sites and began her training in computer forensics/network security to prevent credit card numbers from being stolen from sensitive e-commerce databases. She designed certificate and AAS programs for community colleges in e-commerce, network security, digital forensics, and data recovery. She is currently Chair of the Pure and Applied Science Division at Highline Community College in Seattle WA. Amelia is a Fulbright Scholar who taught at the Polytechnic of Nambia in 2005 and 2006.

Christopher Steuart
Christopher Steuart is Vice President and General Counsel of ITForensics, Inc. in the greater Seattle area. He has also worked as a computer forensics examiner and information systems security specialist for a Fortune 50 company and served in the US Army. He is also General Counsel for Computer Investigators Northwest (CTIN). He has presented digital forensics seminars in regional and national forums, including the American Society for Industrial Security (ASIS), Agora, Northwest Computer Technology Crime Analysis Seminar (NCT) and CTIN.