© 2018

Introductory Computer Forensics

A Hands-on Practical Approach


Table of contents

  1. Front Matter
    Pages i-xxiii
  2. Fundamentals of Computer Systems and Computer Forensics

    1. Front Matter
      Pages 1-1
    2. Xiaodong Lin
      Pages 3-36
    3. Xiaodong Lin
      Pages 37-52
    4. Xiaodong Lin
      Pages 53-89
  3. File System Forensic Analysis

    1. Front Matter
      Pages 91-91
    2. Xiaodong Lin
      Pages 93-114
    3. Xiaodong Lin
      Pages 115-144
    4. Xiaodong Lin
      Pages 145-161
    5. Xiaodong Lin
      Pages 163-197
    6. Xiaodong Lin
      Pages 199-210
    7. Xiaodong Lin
      Pages 211-233
    8. Xiaodong Lin
      Pages 235-244
    9. Xiaodong Lin
      Pages 245-255
    10. Xiaodong Lin
      Pages 257-269
    11. Xiaodong Lin
      Pages 271-301
  4. Forensic Log Analysis

    1. Front Matter
      Pages 303-303
    2. Xiaodong Lin
      Pages 305-332
  5. Mobile Device Forensics

    1. Front Matter
      Pages 333-333
    2. Xiaodong Lin
      Pages 335-371

About this book


This textbook provides an introduction to digital forensics, a rapidly evolving field for solving crimes. Beginning with the basic concepts of computer forensics, each of the book’s 21 chapters focuses on a particular forensic topic composed of two parts: background knowledge and hands-on experience through practice exercises. Each theoretical or background section concludes with a series of review questions, which are prepared to test students’ understanding of the materials, while the practice exercises are intended to afford students the opportunity to apply the concepts introduced in the section on background knowledge.

 This experience-oriented textbook is meant to assist students in gaining a better understanding of digital forensics through hands-on practice in collecting and preserving digital evidence by completing various exercises. With 20 student-directed, inquiry-based practice exercises, students will better understand digital forensic concepts and learn digital forensic investigation techniques.

 This textbook is intended for upper undergraduate and graduate-level students who are taking digital-forensic related courses or working in digital forensics research. It can also be used by digital forensics practitioners, IT security analysts, and security engineers working in the IT security industry, particular IT professionals responsible for digital investigation and incident handling or researchers working in these related fields as a reference book.



Digital forensics Computer forensics Computer security File system analysis File carving Memory forensic analysis Malware analysis Mobile device analysis Log forensic analysis Multimedia forensics Security logging Image steganography Hands on

Authors and affiliations

  1. 1.Department of Physics and Computer Science, Faculty of ScienceWilfrid Laurier UniversityWaterlooCanada

About the authors

Xiaodong Lin received the PhD degree in Information Engineering from Beijing University of Posts and Telecommunications, China, and the PhD degree (with Outstanding Achievement in Graduate Studies Award) in Electrical and Computer Engineering from the University of Waterloo, Canada. He is currently working as an Associate Professor in the School of Computer Science at the University of Guelph, Canada. His research interests include wireless communications and network security, computer forensics, software security, and applied cryptography. With the increasing advance of wireless technology and the worldwide wireless network deployment, wireless networks have been on an upswing to enable ubiquitous Internet access. Making these wireless networks secure has become a major priority to keep our cyber world safe. In the past years, his research has focused on securing vehicular ad-hoc networks (VANETs), which is an emerging wireless network paradigm. He is elevated to IEEE Fellow for his contributions in secure and privacy-preserving vehicular communications. Also, He has been researching digital forensics extensively. For example, his work on automated forensic analysis of Android applications appears at DFRWS USA 2018, a top research conference in the field of digital forensics.

Dr. Lin serves as an Associate Editor for many international journals. He has served or is serving as a guest editor for many special issues of IEEE, Elsevier and Springer journals and as a symposium chair or track chair for IEEE/ACM conferences. He also served on many program committees. He was Chair of Communications and Information Security Technical Committee (CISTC) (2016-2017), IEEE Communications Society (ComSoc). He is a Fellow of the IEEE. He is also a CISSP (Certified Information Systems Security Professional).

Bibliographic information