没有合适的资源?快使用搜索试试~ 我知道了~
Syngress - The Official CHFI Study Guide Exam
需积分: 3 9 下载量 112 浏览量
2008-12-09
13:23:10
上传
评论 2
收藏 14.52MB PDF 举报
温馨提示
18/159 Syngress - The Official CHFI Study Guide Exam
资源推荐
资源详情
资源评论
Dave Kleiman Technical Editor
Kevin Cardwell
Timothy Clinton
Michael Cross
Michael Gregg
Jesse Varsalone
Craig Wright
for Computer Hacking Forensics Investigators
465_SG_CHFI_FM.qxd 10/15/07 9:50 AM Page i
Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively
“Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS
and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or
consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or
limitation of liability for consequential or incidental damages, the above limitation may not apply to you.
You should always use reasonable care, including backup and other appropriate precautions, when working with
computers, networks, data, and files.
Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,”“Ask the Author UPDATE®,”
and “Hack Proofing®,” are registered trademarks of Elsevier, Inc. “Syngress:The Definition of a Serious Security
Library”™,“Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of
Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective
companies.
PUBLISHED BY
Syngress Publishing, Inc.
Elsevier, Inc.
30 Corporate Drive
Burlington, MA 01803
The Official CHFI Study Guide (Exam 312-49) for Computer Hacking Forensic Investigators
Copyright © 2007 by Elsevier, Inc. All rights reserved. Printed in the United States of America. Except as permitted
under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by
any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with
the exception that the program listings may be entered, stored, and executed in a computer system, but they may
not be reproduced for publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN 13: 978-159749-197-6
Publisher: Amorette Pedersen Project Manager: Gary Byrne
Managing Editor: Andrew Williams Page Layout and Art: Patricia Lupien
Technical Editor: Dave Kleiman Copy Editors: Audrey Doyle,Adrienne Rebello,
Cover Designer: Michael Kavish Mike McGee
Indexer: Nara Wood
For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director; email
m.pedersen@elsevier.com.
465_SG_CHFI_FM.qxd 10/15/07 9:50 AM Page ii
iii
Technical Editor
Dave Kleiman (CAS, CCE, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE, MVP) has worked in the information
technology security sector since 1990. Currently, he runs an independent computer forensic company,
DaveKleiman.com, which specializes in litigation support, computer forensic investigations, incident response, and
intrusion analysis. He developed a Windows operating system lockdown tool, S-Lok, which surpasses NSA, NIST,
and Microsoft Common Criteria Guidelines.
Dave was a contributing author for Microsoft Log Parser Toolkit (Syngress Publishing, ISBN: 1-932266-52-6),
Security Log Management: Identifying Patterns in the Chaos (Syngress Publishing, ISBN: 1597490423), and How to
Cheat at Windows System Administration (Syngress Publishing ISBN: 1597491055). Dave was technical editor for
Perfect Passwords: Selection, Protection, Authentication (Syngress Publishing, ISBN: 1597490415); Winternals
Defragmentation, Recovery, and Administration Field Guide (Syngress Publishing, ISBN: 1597490792); Windows Forensic
Analysis: Including DVD Toolkit (Syngress Publishing, ISBN: 159749156X); and CD and DVD Forensics (Syngress
Publishing, ISBN: 1597491284). He was also a technical reviewer for Enemy at the Water Cooler: Real Life Stories of
Insider Threats (Syngress Publishing, ISBN: 1597491292)
He is frequently a speaker at many national security conferences and is a regular contributor to security-
related newsletters, Web sites, and Internet forums. Dave is a member of many professional security organizations,
including the Miami Electronic Crimes Task Force (MECTF), International Association of Counter Terrorism and
Security Professionals (IACSP), International Society of Forensic Computer Examiners® (ISFCE), Information
Systems Audit and Control Association® (ISACA), High Technology Crime Investigation Association (HTCIA),
Association of Certified Fraud Examiners (ACFE), and the High Tech Crime Consortium (HTCC). He is also
the Sector Chief for Information Technology at the FBI’s InfraGard®.
Kevin Cardwell (CEH, ECSA, LPT) works as a freelance consultant and provides consulting services for compa-
nies throughout the U.S., U.K., and Europe. He is an adjunct associate professor for the University of Maryland
University College, where he participated in the team that developed the Information Assurance Program for
Graduate Students, which is recognized as a Center of Excellence program by the National Security Agency
(NSA). He is an instructor and technical editor for computer forensics and hacking courses. He has presented at
the Blackhat USA Conference.
During a 22-year period in the U.S. Navy, Kevin tested and evaluated surveillance and weapon system soft-
ware. Some of this work was on projects like the Multi-Sensor Torpedo Alertment Processor (MSTRAP),Tactical
Decision Support System (TDSS), Computer Aided Dead Reckoning Tracer (CADRT), Advanced Radar
Periscope Discrimination and Detection (ARPDD), and the Remote Mine Hunting System (RMHS). He has
worked as both a software and systems engineer on a variety of Department of Defense projects and was selected
to head the team that built a Network Operations Center (NOC) that provided services to the command ashore
and ships at sea in the Norwegian Sea and Atlantic Ocean. He served as the leading chief of information security
at the NOC for six years prior to retiring from the U.S. Navy. During this time he was the leader of a five-person
Red Team.
Contributors
465_SG_CHFI_FM.qxd 10/15/07 9:50 AM Page iii
iv
Kevin wishes to thank his mother, Sally; girlfriend, Loredana; and daughter,Aspen, all of whom are sources
of his inspiration. Kevin holds a master’s degree from Southern Methodist University and is a member of the
IEEE and ACM. Kevin currently resides in Cornwall, England.
Marcus J. Carey (CISSP, CTT+) is the president of Sun Tzu Data, a leading information assurance and infras-
tructure architecture firm based out of central Maryland. Marcus’ specialty is network architecture, network secu-
rity, and network intrusion investigations. He served over eight years in the U.S. Navy’s cryptology field. During
his military service Marcus engineered, monitored, and defended the U.S. Department of Defense’s secure net-
works.
Marcus holds a master’s degree from Capitol College, where he also serves as professor of information assur-
ance. Marcus currently resides in central Maryland with his family, Mandy, Erran, Kaley, and Christopher.
Timothy Clinton has held multiple roles in the EDD/ESI vendor space. He is currently employed as forensics
operations manager for the National Technology Center division of Document Technologies, Inc. (DTI), a major
ESI service. Since joining the DTI team, Mr. Clinton has served in multiple roles, including EDD production
manager, technical architect, and forensic investigator. He has conducted and managed investigations for numerous
civil cases regarding matters for Fortune 50 of law. Mr. Clinton’s most notable achievement while at DTI is being
responsible for the design and implementation of a showcase data forensics laboratory in Atlanta, Georgia.
Edward Collins (CISSP, CEH, Security+, MCSE:Security, MCT) is a senior security analyst for CIAN, Inc.,
where he is responsible for conducting penetration tests, threat analysis, and security audits. CIAN (www.cian-
center.com) provides commercial businesses and government agencies with all aspects of information security
management, including access control, penetration testing, audit procedures, incident response handling, intrusion
detection, and risk management. Edward is also a training consultant, specializing in MCSE and Security+ certifi-
cations. Edward’s background includes positions as information technology manager at Aurora Flight Sciences and
senior information technology consultant at Titan Corporation.
James “Jim” Cornell (CFCE, CISSP, CEECS) is an employee of Computer Sciences Corp. (CSC) and an
instructor/course developer at the Defense Cyber Investigations Training Academy (DCITA), which is part of the
Defense Cyber Crime Center (DC3) in Maryland. At the academy he teaches network intrusions and investiga-
tions, online undercover techniques, and advanced log analysis. He has over 26 years of law enforcement and over
35 years of electronics and computer experience. He is a member/coach of the International Association of
Computer Investigative Specialists (IACIS) and a member of the International Information Systems Forensics
Association (IISFA) and the International Information Systems Security Certification Consortium (ISC2). He is
currently completing the Certified Technical Trainer (CTT+) process and is a repeat speaker at the annual
Department of Defense Cyber Crime Conference.
He would like to thank his mother for more than he can say, his wife for her patience and support, and
Gilberto for being the best friend ever.
Michael Cross (MCSE, MCP+I, CNA, Network+) is an internet specialist/programmer with the Niagara
Regional Police Service. In addition to designing and maintaining the Niagara Regional Police’s Web site
(www.nrps.com) and intranet, he has also provided support and worked in the areas of programming, hardware,
database administration, graphic design, and network administration. In 2007, he was awarded a Police
Commendation for work he did in developing a system to track high-risk offenders and sexual offenders in the
Niagara Region. As part of an information technology team that provides support to a user base of over 1,000
civilian and uniformed users, his theory is that when the users carry guns, you tend to be more motivated in
solving their problems.
Michael was the first computer forensic analyst in the Niagara Regional Police Service’s history, and for five
years he performed computer forensic examinations on computers involved in criminal investigations.The com-
puters he examined for evidence were involved in a wide range of crimes, inclusive to homicides, fraud, and pos-
session of child pornography. In addition to this, he successfully tracked numerous individuals electronically, as in
cases involving threatening e-mail. He has consulted and assisted in numerous cases dealing with computer-
related/Internet crimes and served as an expert witness on computers for criminal trials.
Michael has previously taught as an instructor for IT training courses on the Internet, Web development, pro-
gramming, networking, and hardware repair. He is also seasoned in providing and assisting in presentations on
465_SG_CHFI_FM.qxd 10/15/07 9:50 AM Page iv
剩余955页未读,继续阅读
资源评论
prog_6103
- 粉丝: 176
- 资源: 72
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功