The Digital Forensics Workbook is available through Amazon and university libraries/outlets.

The Digital Forensics Workbook is filled with activities for digital forensic examiners, who want to gain (more) hands-on practice acquiring and analyzing data. The workbook will allow the examiners to focus on the data they collected so they can later conduct in-depth analysis, i.e., add interpretation to raw data, not just become tool dependents. The workbook is not meant to be exhaustive; however, it was written to address a variety of topics. The content was arranged logically so it would follow a pattern resembling parts or all of a forensic investigation. The book starts with acquiring digital evidence, moves into recovering key data from the file system and operating system, and then addresses the capture and analysis of various artifacts. The workbook then has activities on examining network traffic, memory, and data from mobile devices.

In all there are over 60 hands-on activities in the workbook for examiners to perform. The goal of the activities is to provide sufficient hands-on learning activities so the reader can then apply them in day-to-day work. The workbook uses over 40 different tools, nearly all of which are freely accessible. 

Table of Contents

The following chapters are included in the Digital Forensics Workbook:

Chapter 1 - Introduction
Chapter 2 - Software Write Blocking
Chapter 3 - Creating Forensic Images
Chapter 4 - File System Identification
Chapter 5 - Mounting Forensic Images
Chapter 6 - Recovering Files from Forensic Images
Chapter 7 - Artifacts in the Registry
Chapter 8 - Hashing
Chapter 9 - File Signature Analysis
Chapter 10 - File Analysis
Chapter 11 - Internet History
Chapter 12 - E-mail Header Analysis
Chapter 13 - Prefetch Files
Chapter 14 - Shortcuts/Link (.LNK) Files and Jump Lists
Chapter 15 - Thumbnail Caches
Chapter 16 - GREP Searches
Chapter 17 - File Carving
Chapter 18 - Timestamps and Timelines
Chapter 19 - Recovering Passwords
Chapter 20 - Mounting Images as Virtual Machines
Chapter 21 - Memory Acquisition and Analysis
Chapter 22 - Network Traffic
Chapter 23 - Mobile Apps and Data
Chapter 24 - Answers
About the Author

Chapter Layout

Chapters are arranged in the following fashion:

  • There is a brief narrative to orient the reader to the topic.
  • There are one or more hands-on activities, which include:
    • An objective for each activity.
    • A list of the tools to be used to complete each activity.
    • Step-by-step instructions on how to complete each activity, complete with figures.
    • A list of results for each activity so the reader can compare his/her work with those in the Workbook.
  • Additional exercises are provided in Chapters 4-19 and 21-23 with answers to the questions in Chapter 24.