THE INITIAL CONTACT Chapter Questions CLIENT SITE ARRIVAL Chapter Questions EVIDENCE COLLECTION PROCEDURES Detailed Procedures for Obtaining a Bitstream Backup of a Hard Drive Chapter Questions EVIDENCE COLLECTION AND ANALYSIS TOOLS SafeBack GetTime FileList, FileCnvt, and Excel© GetFree Swap Files and GetSwap GetSlack Temporary Files TextSearch Plus CRCMD5 DiskSig Chapter Questions ACCESSDATA'S FORENSIC TOOL KIT Creating a Case Working on an Existing Case Chapter Questions GUIDANCE SOFTWARE'S ENCASE Chapter Questions ILOOK INVESTIGATOR Chapter Questions PASSWORD RECOVERY Chapter Questions QUESTIONS AND ANSWERS BY SUBJECT AREA Evidence Collection Legal Evidence Analysis UNIX Military Hackers BackTracing (TraceBack) Logs Encryption Government Networking E-Mail RECOMMENDED REFERENCE MATERIALS PERL and C Scripts UNIX, Windows, NetWare, and Macintosh Computer Internals Computer Networking Web Sites of Interest CASE STUDY Recommendations APPENDIX A: GLOSSARY APPENDIX B: PORT NUMBERS USED BY MALICIOUS TROJAN HORSE PROGRAMS APPENDIX C: ATTACK SIGNATURES APPENDIX D: UNIX/LINUX COMMANDS APPENDIX E: CISCO PIX FIREWALL COMMANDS PIX Command Reference APPENDIX F: DISCOVERING UNAUTHORIZED ACCESS TO YOUR COMPUTER APPENDIX G: ELECTROMAGNETIC FIELD ANALYSIS (EFA) "TICKLER" APPENDIX H: THE INTELLIGENCE COMMUNITY SINCE 9/11 APPENDIX I: ANSWERS TO CHAPTER QUESTIONSSUBJECT AREA Evidence Collection Legal Evidence Analysis UNIX Military Hackers BackTracing (TraceBack) Logs Encryption Government Networking E-Mail RECOMMENDED REFERENCE MATERIALS PERL and C Scripts UNIX, Windows, NetWare, and Macintosh Computer Internals Computer Networking Web Sites of Interest CASE STUDY Recommendations APPENDIX A: GLOSSARY APPENDIX B: PORT NUMBERS USED BY MALICIOUS TROJAN HORSE PROGRAMS APPENDIX C: ATTACK SIGNATURES APPENDIX D: UNIX/LINUX COMMANDS APPENDIX E: CISCO PIX FIREWALL COMMANDS PIX Command Reference APPENDIX F: DISCOVERING UNAUTHORIZED ACCESS TO YOUR COMPUTER APPENDIX G: ELECTROMAGNETIC FIELD ANALYSIS (EFA) "TICKLER" APPENDIX H: THE INTELLIGENCE COMMUNITY SINCE 9/11 APPENDIX I: ANSWERS TO CHAPTER QUESTIONSELECTROMAGNETIC FIELD ANALYSIS (EFA) "TICKLER" APPENDIX H: THE INTELLIGENCE COMMUNITY SINCE 9/11 APPENDIX I: ANSWERS TO CHAPTER QUESTIONS.