电子取证 Computer Forensics JumpStart, 2nd Edition.pdf
Computer Forensics Jumpstart Second edition Computer Forensics Jumpstart Second edition Michael G. solomon K Rudolph Ed tittel Neil broom Diane barrett WILEY wile ey Publishing, inc. Acquisitions Editor: Agatha Kim Development Editor: Stef Jones Technical Editor: Neil Broom Production editor: dassi zeidel Copy Editor: Sara E. Wilson Editorial Manager: Pete gaughan Production Manager: Tim Tate Vice President and Executive group publisher: richard Wadley Vice President and Publisher: Neil edde Book Designer: Judy Fung Compositor: James D. Kramer, Happenstance Type-O-Rama Proofreader: Publication Services. Inc. Indexer: Nancy Guenther Project Coordinator, Cover: Katherine Crocker Cover Designer: Ryan Sneed Cover Image: O Tetra Images/ Getty Images Copyright o 2011 by Wiley Publishing, Inc, Indianapolis, Indiana Published simultaneously in Canada ISBN:978-0-470-93166-0 ISBN:978-1-118-06757-4(ebk ISBN:978-1-118-06765-9(ebk ISBN:978-1-118-06764-2(ebk No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through pay ment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA01923,(978)750-8400, fax(978)646-8600 Requests te the Publisher for permission should be addressed to the Permissions Department, John Wiley Sons, Inc, 111 River Street, Hoboken Nj07030,(201)748-6011,fax(201)748-6008,oronlineathttp://www.wiley.com/go/permissions Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warran- ties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U. S at(877)762-2974, outside the U.S. at(317)572-3993 or fax(317)572-4002 Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books Library of Congress Cataloging-in-Publication Data is available from the publisher TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley Sons, Inc and/ or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc, is not associated with any product or vendor mentioned in this book 10987654321 Dear reader Thank you for choosing Computer Forensics Jump Start, Second Edition. This book is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experi ence with a gift for teaching Sybex was founded in 1976. More than 30 years later, we're still committed to producing consistently excep tional books. With each of our titles, were working hard to set a new standard for the industry. From the paper we print on, to the authors we work with, our goal is to bring you the best books available I hope you see all that reflected in these pages. I'd be very interested to hear your comments and get your feedback on how we're doing Feel free to let me know what you think about this or any other Sybex book by sendingmeanemailatnedd@wiley.com.Ifyouthinkyou'vefoundatechnicalerrorinthisbook,pleasevisit http://sybex.custhelp.comCustomerfeedbackiscriticaltooureffortsatSybex Best regards Neil edde Vice president and publish Sybex, an Imprint of wiley To begin with, id like to welcome Mary kyle to our merry band, and to thank her for bull- dogging this project in fine fashion thanks also to Kim Lindros, agatha Kim, Jeff kellum, and the rest of the Sybex/Wiley gang. Dearer to my heart, I'd like to thank my lovely wife Dina, and my son, Gregory, for once again putting up with the old man when he's in the throes of creating and finishing another book. You two make everything else worthwhile, and I'm really looking forward to a fun, frenetic, and distraction- free holiday season. Best to one and all, and thanks to our readers who provide the justification for all this learning and hard work. May it do much good, and very little harm Ed Tittel To God, who has richly blessed me in so many ways, and to my wife and best friend, Stacey Michael. solomon To Richard Kane K Rudolph To my mother, you gave me everything. I love you. Neil B Acknowledgments The authors of this book are a sizable and rowdy crowd, including Michael g. Solomon, Diane Barrett, K Rudolph, Neil Broom, and Ed Tittel. We'll start off by thanking each other for hanging together, rather than Kyle Inks and Kim Lindros, both of whom help herd the rest of us cats across the finish line. To our Waterside ar separately, in compiling this second edition. Next, we'd like to thank our able and capable project managers, Mary agent, Carole Jelen, who help put the deal together and shot trouble whenever and wherever she saw it Thanks and keep up the good work! After that, it's time for the folks at Sybex/Wiley to take a bow and accept our thanks too: Agatha Kim, our intrepid acquisitions editor; Stef Jones, our masterful development editor; Jenni Housh, our editorial assistant and Jill of all processes and procedures; Dassi Zeidel, our amazing production editor; as well as Pete Gaughan, our dazzling editorial manager. We're sure there are plenty of others we would be thanking, if onl we knew their names and roles. Please accept this shout out, in lieu of something more personal and informed Believe it or not, we are quite grateful! And finally, to all the vendors who contributed software, hardware, and even the rights to reproduce screenshots or photographs: Thanks for creating the technologies that helped to make this book possible, and we hope also, its contents useful. We literally could not have done it without you Ed Tittel Thanks to the wonderful team that made this a fun and productive project. Mary did an outstanding job of man- aging the flow of tons of content and materials, as well as managing the authors and editors. Our technical edi- tor, Neil, made all of our work better through his insightful comments and suggestions. And finally, ed and K are both outstanding authors who make it all look easy I'd love to work with this team again olomon This book would not have been possible without the support of Mary Kyle, Michael G. Solomon, Ed Titte Neil Broom, John B Ippolito, Sam Carter, and Richard Kane. I am deeply grateful for their fantastic sugges tions and unbelievable patience. I am fortunate and happy to be surrounded by such great people K Rudolph Thank you to my aunt, Jeanne Starnes, for your great advice, help, and love throughout the years. Special thanks to Gary Harbin for showing me how to build my first computer--look what you started. Bryan Bain, Lee Ann Bain, David Klukowski, Kenny Wilkins, and Doug Moore, you all made my first IT job great. Thank you for helping me get started in the field Thanks to Brad Reninger and Will Dean for working so hard every day to make trc sue cessful. Your professionalism, dedication, and friendship are what make the company great. It is always a pleasure to work with legal professionals as dedicated as Jennifer Georges, Brian Saulnier, Hank Fellows, and Christine tenley Shauna Waters, thank you for always being upbeat and for teaching me how to sell. Thanks to the wonderful people at Intelligent Computer Solutions, especially Ezra Kohavi, Gonen Ravid, San Casas, Karen Benzakein, and viviana Meneses, who help me stay on the cutting edge of new technology in this ever-changing field. Thank you, Amber Schroader and Shannon Honea at Paraben, for all the support. And finally, thank you to Ted Augustine and Chris Brown at Technology Pathways. Chris, you have been a great friend and a wonderful mentor 一 Neil broom About the authors Ed Tittel is a 28-year veteran of the IT industry. After spending his first seven years writing code (mostly for data- base engines and applications), he switched to a networking focus. After working for Excelan/Novell from 1987to 1994. he became a full-time freelance writer, consultant and trainer. He has contributed to more than 100 books on a variety of subjects, including the Sybex Cissp Study guide, fifth Edition, and many For dummies titles. He also blogs regularly for TechTarget. com, and writes for a variety of IT certification-oriented Web sites Michael G. Solomon, CISSP, PMP, CISM, GSEC, is a full-time security speaker, consultant, and author special izing in achieving and maintaining secure IT environments. An It professional and consultant since 1987, he has worked on projects for more than 100 major organizations and authored and contributed to numer ous books and training courses. From 1998 to 2001, he was an instructor in the Kennesaw State University's Computer Science and Information Sciences(CSIS)department, where he taught courses on software project management, C++ programming, computer organization and architecture and data communications. michael holds an M.S. in Mathematics and Computer Science from Emory University (1998), a B.S. in Computer Science rom Kennesaw State University (1987), and is currently pursuing a Ph. D. in Computer Science and Informatics at Emory University. He has also contributed to various security certification books for LAN Wrights, including TICSA Training Guide(Que, 2002 )and an accompanying Instructor Resource Kit(Que, 2002), CISSP Stud Guide(sybex, 2003), as well as Security+ Training Guide(Que, 2003). Michael coauthored Information Security luminated (ones Bartlett, 2005), Security+ Lab Guide( sybex, 2005), Computer Forensics Jump Start (Sybex, 2005), PMP Exam Cram2(Que, 2005)and authored and provided the on-camera delivery of learnKey's CISSP Prep and PMp Prep e-Learning course K Rudolph is the founder and clo( Chief Inspiration Officer) of Native Intelligence, Inc. She is a Certified Information Systems Security Professional (CiSSP)with a degree from Johns Hopkins University. K creates entertaining educational materials that have been presented to more than 400,000 learners and translated into five languages. She has contributed to eight books on security topics including the handbook of information Security, Computer Security Handbook, System Forensics, Investigation, and Response, and NIST Special Publication 800-16, Information Technology security Training Requirements: A Role- and Performance-Based Model k has presented at numerous conferences, including the Computer Security Institute Security Exchange (CSI SX)Conference, CSI Annual Security Conferences, New York Cyber Security Conferences, and Information Assurance and Security Conferences held by the Fissea, Flac, and egov. she has been a speaker for Security Awareness Day events held by the Army, Census Bureau, DLA, IHS, IRS, NOAA, NRC, and the government of Johnson County, Kansas. K volunteers with(ISC)2's Safe and Secure Online program, which b rings awareness presentations for 11-to 14-year-olds to local schools. In March 2006, the Federal Information Systems Security Educators'Association(FISSEA) honored K as the Security Educator of the Year. K is interested in just about everything, including contact juggling, mind mapping, storytelling, core work, aviation, teaching analogies, and photogra