computer forensics and investigations (4th ed.)

    Nelson, B., Phillips, A., and Steuart, C. (2010). Guide to computer forensics and in" rel="nofollow">investigations (4th ed.). Course Technology.ISBN-13: 978-1435498839 1. The “Defense in" rel="nofollow">in Depth” strategy lays out three basic layers, or “modes of protection,” when it comes to thin" rel="nofollow">inkin" rel="nofollow">ing about ways of protectin" rel="nofollow">ing and main" rel="nofollow">intain" rel="nofollow">inin" rel="nofollow">ing in" rel="nofollow">information systems.  Where in" rel="nofollow">in this DiD model do you see in" rel="nofollow">information, digital or computer forensics fittin" rel="nofollow">ing in" rel="nofollow">in? Illustrate your thin" rel="nofollow">inkin" rel="nofollow">ing with an example.2. How does the presence of computer networkin" rel="nofollow">ing capabilities and connections change the way the forensics in" rel="nofollow">investigator should go about securin" rel="nofollow">ing the in" rel="nofollow">incident scene?3. Consider a local area network, attached to the Internet, with email capabilities provided to LAN users. What are some of the capabilities already built in" rel="nofollow">in to these systems that might aid the in" rel="nofollow">investigator? How might you put those to use? Would that be a live acquisition, or a postmortem one?4. What sort of in" rel="nofollow">information is in" rel="nofollow">in an email header, which might pertain" rel="nofollow">in to a forensics in" rel="nofollow">investigation? How could an in" rel="nofollow">investigator determin" rel="nofollow">ine whether the in" rel="nofollow">information in" rel="nofollow">in the header has been tampered with?  What about the contents of email messages themselves? How would you fin" rel="nofollow">ind these, and extract them as potential evidence?5. What are the many different kin" rel="nofollow">inds of addresses you might need to identify in" rel="nofollow">in a network or email-based in" rel="nofollow">investigation, and how would you go about correlatin" rel="nofollow">ing events in" rel="nofollow">in the in" rel="nofollow">incident with these addresses and with the people responsible for them or affected by them?