CHFI computer hacking forensic investigator certification all in one exam guide 1st edition
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (17.34 MB, 536 trang )
Copyright©2015byMcGraw-HillEducation.Allrightsreserved.Exceptas
permittedundertheUnitedStatesCopyrightActof1976,nopartofthis
publicationmaybereproducedordistributedinanyformorbyanymeans,or
storedinadatabaseorretrievalsystem,withoutthepriorwrittenpermissionof
thepublisher,withtheexceptionthattheprogramlistingsmaybeentered,
stored,andexecutedinacomputersystem,buttheymaynotbereproducedfor
publication.
ISBN:978-0-07-183155-0
MHID:0-07-183155-X
ThematerialinthiseBookalsoappearsintheprintversionofthistitle:ISBN:
978-0-07-183156-7,MHID:0-07-183156-8.
eBookconversionbycodeMantra
Version1.0
Alltrademarksaretrademarksoftheirrespectiveowners.Ratherthanputa
trademarksymbolaftereveryoccurrenceofatrademarkedname,weusenames
inaneditorialfashiononly,andtothebenefitofthetrademarkowner,withno
intentionofinfringementofthetrademark.Wheresuchdesignationsappearin
thisbook,theyhavebeenprintedwithinitialcaps.
McGraw-HillEducationeBooksareavailableatspecialquantitydiscountstouse
aspremiumsandsalespromotionsorforuseincorporatetrainingprograms.To
contactarepresentative,pleasevisittheContactUspageat
www.mhprofessional.com.
Alltrademarksorcopyrightsmentionedhereinarethepossessionoftheir
respectiveownersandMcGraw-HillEducationmakesnoclaimofownershipby
thementionofproductsthatcontainthesemarks.
Figure4-2courtesyofErrantX.
Figure6-3courtesyofEvan-Amoswithpermissiongrantedunderthetermsof
theCreativeCommonsAttribution-ShareAlike3.0Unportedlicense,
/>Figure10-6courtesyofViljoViitanen.
Figurell-5courtesyofAle2006-from-enwithpermissiongrantedunderthe
termsoftheCreativeCommonsAttribution-ShareAlike3.0Unportedlicense,
/>
InformationhasbeenobtainedbyMcGraw-HillEducationfromsources
believedtobereliable.However,becauseofthepossibilityofhumanor
mechanicalerrorbyoursources,McGraw-HillEducation,orothers,McGrawHillEducationdoesnotguaranteetheaccuracy,adequacy,orcompletenessof
anyinformationandisnotresponsibleforanyerrorsoromissionsortheresults
obtainedfromtheuseofsuchinformation.
TERMSOFUSE
ThisisacopyrightedworkandMcGraw-HillEducationanditslicensorsreserve
allrightsinandtothework.Useofthisworkissubjecttotheseterms.Exceptas
permittedundertheCopyrightActof1976andtherighttostoreandretrieveone
copyofthework,youmaynotdecompile,disassemble,reverseengineer,
reproduce,modify,createderivativeworksbasedupon,transmit,distribute,
disseminate,sell,publishorsublicensetheworkoranypartofitwithout
McGraw-HillEducation’spriorconsent.Youmayusetheworkforyourown
noncommercialandpersonaluse;anyotheruseoftheworkisstrictlyprohibited.
Yourrighttousetheworkmaybeterminatedifyoufailtocomplywiththese
terms.
THEWORKISPROVIDED“ASIS.”MCGRAW-HILLEDUCATIONAND
ITSLICENSORSMAKENOGUARANTEESORWARRANTIESASTO
THEACCURACY,ADEQUACYORCOMPLETENESSOFORRESULTS
TOBEOBTAINEDFROMUSINGTHEWORK,INCLUDINGANY
INFORMATIONTHATCANBEACCESSEDTHROUGHTHEWORKVIA
HYPERLINKOROTHERWISE,ANDEXPRESSLYDISCLAIMANY
WARRANTY,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITED
TOIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFOR
APARTICULARPURPOSE.McGraw-HillEducationanditslicensorsdonot
warrantorguaranteethatthefunctionscontainedintheworkwillmeetyour
requirementsorthatitsoperationwillbeuninterruptedorerrorfree.Neither
McGraw-HillEducationnoritslicensorsshallbeliabletoyouoranyoneelsefor
anyinaccuracy,errororomission,regardlessofcause,intheworkorforany
damagesresultingtherefrom.McGraw-HillEducationhasnoresponsibilityfor
thecontentofanyinformationaccessedthroughthework.Underno
circumstancesshallMcGraw-HillEducationand/oritslicensorsbeliableforany
indirect,incidental,special,punitive,consequentialorsimilardamagesthat
resultfromtheuseoforinabilitytousethework,evenifanyofthemhasbeen
advisedofthepossibilityofsuchdamages.Thislimitationofliabilityshallapply
toanyclaimorcausewhatsoeverwhethersuchclaimorcausearisesincontract,
tortorotherwise.
Thisbookisdedicatedtomywife,HelynPultz.
ABOUTTHEAUTHOR
CharlesBrooks,MsCIS,CISSP,CEH,CHFI,CTT+,CCNA,CWNA,CWSP,is
awriterandeducatorwithabackgroundinITthatspans30years,withthelast
15yearsininformationsecurityandeducation.Since1998,hehasbeeninvolved
ininformationsecurity,firstasatechnicalleadfortheVPNAdvantageIPsecmanagedserviceatGenuity,Inc.,andthenasoverallsoftwarearchitectforthe
project.AtEMC,Charlesdevelopedanddeliveredcomputer-basedand
instructor-basedtrainingingeneralinformationsecurityandstoragesecurity.At
RSA,Charlesdevelopedcoursesincloudsecurityfundamentals,network
analysis,andadvancedanalysisandforensics.Hehaswrittenandcontributedto
severaltechnicaltrainingbooks,aswellascontinuedtodevelopgraduate-level
coursesinnetworksecurity,securesoftwaredevelopment,softwaresecurity
testing,andsecuringvirtualizedandcloudinfrastructures.Charleshastaughtat
severalcollegesandtechnicalinstitutesintheGreaterBostonarea,andcurrently
teachesatBrandeisUniversityintheRabbSchool/GPSMSISprogram,aswell
asfacilitatingonlinecoursesatBostonUniversity.Charlesiscurrentlythe
owner/principalconsultantatSecurityTechnicalEducation.
AbouttheTechnicalEditor
BobbyE.Rogersisaninformationsecurityengineerworkingforamajor
hospitalinthesoutheasternUnitedStates.Hispreviousexperienceincludes
workingasacontractorforDepartmentofDefenseagencies,helpingtosecure,
certify,andaccredittheirinformationsystems.Hisdutiesincludeinformation
systemsecurityengineering,riskmanagement,andcertificationand
accreditationefforts.Heretiredafter21yearsintheUnitedStatesAirForce,
servingasanetworksecurityengineerandinstructor,andhassecurednetworks
allovertheworld.Bobbyhasamaster’sdegreeininformationassurance(IA),
andispursuingadoctoraldegreeinIAfromCapitolCollege,Maryland.His
manycertificationsincludeCompTIAA+,CompTIANetwork+,CompTIA
Security+,andCompTIAMobility+certifications,aswellasCISSP-ISSEP,
CEH,andMCSE:Security.
CONTENTSATAGLANCE
Chapter1ComputerForensicsToday
Chapter2TheNatureofDigitalEvidence
Chapter3TheInvestigationProcess
Chapter4ComputerForensicsLabs
Chapter5GettingtheGoods
Chapter6SpinningRust
Chapter7WindowsForensics
Chapter8ForensicInvestigations
Chapter9NetworkForensics
Chapter10MobileForensics
Chapter11AttackingApplications
Chapter12TheWholeTruth,andNothingButtheTruth
AppendixAAcronyms
AppendixBAbouttheDownload
Glossary
Index
CONTENTS
Acknowledgments
Introduction
Chapter1ComputerForensicsToday
SoWhatIsThisComputerForensicsBusinessAnyway?
TheHistoryofComputerForensics
ObjectivesandBenefits
Corporatevs.CriminalInvestigations
TheForensicsInvestigator
ChapterReview
Questions
Answers
References
Chapter2TheNatureofDigitalEvidence
WhatIsDigitalEvidence?
Anti-DigitalForensics
Locard’sExchangePrinciple
FederalRulesofEvidence(FRE)
Computer-Generatedvs.Computer-StoredRecords
EssentialData
BestEvidence
InternationalPrinciplesofComputerEvidence
InternationalOrganizationonComputerEvidence
ScientificWorkingGrouponDigitalEvidence
EvidenceCollection
IOCEGuidelinesforRecoveringDigitalForensicEvidence
TheScientificMethod
ConsideraScenario
ExculpatoryEvidence
ChapterReview
Questions
Answers
References
Chapter3TheInvestigationProcess
TheProcessIsKey
Overview
BeforetheInvestigation
PreparingtheInvestigation
SeizingtheEvidence
AnalyzingtheEvidence
ReportingandTestifying
ChapterReview
Questions
Answers
References
Chapter4ComputerForensicsLabs
WhatServicesAreYouOffering?
StaffingRequirementsandPlanning
BecomingCertified
SettingUpYourLab
PhysicalLocationNeeds
SoftwareRequirements
HardwareRequirements
FieldTools
LabHardware
OtherConsiderations
ChapterReview
Questions
Answers
References
Chapter5GettingtheGoods
SearchingandSeizingComputers
IsYourSearchandSeizureUnwarranted?
YouHaveaWarrant
ElectronicSurveillance
Post-seizureIssues
FirstResponderProcedures
FirstontheScene
ManagingtheCrimeScene
CollectingandTransportingtheEvidence
CollectingandPreservingElectronicEvidence
TheCrimeSceneReport
AChecklistforFirstResponders
DataAcquisitionandDuplication
DataAcquisition:ADefinition
Staticvs.LiveAcquisition
ValidatingtheAcquisition
AcquisitionIssues:SSDs,RAID,andCloud
ConceptsinPractice:DataAcquisitionSoftwareandTools
ChapterReview
Questions
Answers
References
Chapter6SpinningRust
DiskDrivesandFileSystems
EverythingYouWantedtoKnowAboutDiskDrives
FileSystems
GettingtheBoot
BootingfromaLiveCD
RecoveringDeletedFilesandPartitions
RecoveringDiskPartitions
RecoveringFileSystemsandFiles
TheoryintoPractice:FileandPartitionRecoveryTools
SteganographyandGraphicsFileFormats
GraphicsFiles
Steganography
TheoryintoPractice:GraphicsFileToolsandSteganography
DetectionTools
ChapterReview
Questions
Answers
References
Chapter7WindowsForensics
WindowsForensicsAnalysis
LiveInvestigations:VolatileInformation
LiveInvestigations:NonvolatileInformation
ForensicInvestigationofaWindowsSystem
WindowsLogAnalysis
WindowsPasswordStorage
TheoryintoPractice:ForensicsToolsforWindows
CrackingPasswords
Passwords:TheGood,theBad,andtheUgly
Password-CrackingTypes
TheoryintoPractice:Password-CrackingTools
ChapterReview
Questions
Answers
References
Chapter8ForensicInvestigations
ForensicInvestigations
InstallationandConfiguration
CreatingtheCaseandAddingData
AnalyzingtheData
GeneratingtheReport
ChoosingtheProperForensicSoftware
ForensicInvestigationsUsingFTK
InstallationandConfiguration
CreatingtheCaseandAddingData
AnalyzingtheData
GeneratingtheReport
ForensicInvestigationsUsingEnCase
InstallationandConfiguration
CreatingtheCaseandAddingData
AnalyzingtheData
GeneratingtheReport
SoDidWeGettheEvidenceWeNeed?
WhichOnetoChoose?
ChapterReview
Questions
Answers
References
Chapter9NetworkForensics
NetworkForensics:ADefinition
NetworkForensicsandWiredNetworks
InvestigatingNetworkTraffic
NetworkForensics:AttackandDefend
NetworkSecurityMonitoring
TheoryintoPractice:NetworkForensicTools
NetworkForensicsandWirelessNetworks
What’sDifferentAboutWireless?
TheSagaofWirelessEncryption
InvestigatingWirelessAttacks
TheoryintoPractice:WirelessForensicTools
LogCapturingandEventCorrelation
Logs,Logs,Logs
LegalIssuesandLogging
SynchronizingTime
SIM,SEM,SIEM—EverybodyWantsOne
TheoryintoPractice:LogCapturingandAnalysisTools
ChapterReview
Questions
Answers
References
Chapter10MobileForensics
CellularNetworks
CellularData
MobileDevices
PDAs
PlainOl’CellPhones
MusicPlayers(PersonalEntertainmentDevices)
SmartPhones
TabletsandPhablets
WhatCanCriminalsDowithMobilePhones?
RetrievingtheEvidence
ChallengesinMobileForensics
PrecautionstoTakeBeforeInvestigating
TheProcessinMobileForensics
TheoryintoPractice:MobileForensicTools
ChapterReview
Questions
Answers
References
Chapter11AttackingApplications
Web-basedAttacks
WebApplications:ADefinition
MountingtheAttack
WebApplications:AttackandDefend
WebTools
FollowtheLogs
InvestigatingtheBreach
E-mailAttacks
E-mailArchitecture
E-mailCrimes
LawsRegardingE-mail
E-mailHeadersandMessageStructure
E-mailInvestigation
ConceptsinPractice:E-mailForensicTools
ChapterReview
Questions
Answers
References
Chapter12TheWholeTruth,andNothingButtheTruth
CanIGetaWitness?
Technicalvs.ExpertWitnesses
Pre-trialReportPreparation
IJustWanttoTestify
WritingaGoodReport
WhatMakesanEffectiveReport?
DocumentingtheCase
TheoryintoPractice:GeneratingaReport
Do’sandDon’tsforaDFI
RestingtheCase
ChapterReview
Questions
Answers
References
AppendixAAcronyms
AppendixBAbouttheDownload
SystemRequirements
InstallingandRunningTotalTester
AboutTotalTester
TechnicalSupport
Glossary
Index
ACKNOWLEDGMENTS
Firstofall,thankstoCaroleJelen,myliteraryagentatWatersideProductions,
forputtingmeincontactwithMeghanManfre,myacquisitionseditorat
McGraw-HillEducation,andtoMeghanforgettingthisprocessstartedand
bringingmeuptospeed.MaryDemery,myacquisitionscoordinator,keptmeon
thestraightandnarrowandofferedguidanceandencouragementthroughoutthe
project.ThanksaswelltoRaghaviKhullar,associateprojectmanageratCenveo
PublisherServices,whoshepherdedthisbookthroughcopyeditingand
production,andtoLisaMcCoyforcopyeditingthemanuscriptandmakingmy
torturedproselessso.I’msurethatthereareothersatMcGraw-HillEducation
whohaveworkedonthisbook,andIthankthemfortheircontributionsaswell.
Ahugemeasureofthanksisduetomytechnicaleditor,BobbyRogers.
Bobbyprovidedawealthofconstructivecriticismandsuggestionsonhowto
improvethematerial,aswellaspointingoutareasthatIneededtoclarifyand
expand.Thebookisbetterbecauseofhiscontributions,andI’mabetterwriter
forhavingworkedwithhim.Iwon’tforgetthethree-sentencesrule!
Anodandatipofthehattomyfriendandcolleague,RicMessier,for
commentary,perspective,and“talkingthetalkandwalkingthewalk”whenit
comestodigitalforensics.
Finally,allcreditgoestomybeautifulandtalentedwife,HelynPultz,for
encouragement,speakingthetruthtomewithlove,andunderstandingwhenI
vanishedupstairstomyofficeintheeveningfortoomanynightsinarow.This
bookwouldnothavebeenpossiblewithoutherloveandsupport.
INTRODUCTION
Congratulations!Bypickingupthisbook,thumbingthroughit,andstartingto
readtheintroduction,you’vetakenyourfirststeptowardadeeperunderstanding
ofcomputer(digital)forensics,andperhapsacareerinthisfield.Beforewedive
intothedetails,Iwanttomakeonethingclear.Thisbookwillhelpyoupassyour
test.Itwillhelpyoudosobyteachingyouwhatyouneedtoknowtopassthis
certificationexam.Itwillnottellyouhowtopassthecertificationexam.Tobe
blunt,thisbookalonewillnotallowyoutopassthisexam;nosinglesource
could.You’llneedtosupplementthisbookwithothertextsthatdealwithdigital
forensics,Internetresearch,andgettingsomehands-onpracticebydownloading
someofthesoftwarementionedinthisbookandexperimentingwithit.
HowtoUseThisBook
ThisbookcoverstheexamobjectivesforEC-Council’sComputerHacking
ForensicInvestigator(CHFI)v8certificationexamination.Eachchaptercovers
specificobjectivesanddetailsfortheexam.EC-Councilhasdefined22areasof
studyforthisexam,andthebookisdividedinto12chapters.I’veconsolidated
certainareaswheretheymadesensetome.Forexample,thelastchapterinthe
bookcoverstheobjectivesforwritingareportandforactingasanexpert
witness.Ifyou’reengagedasanexpertwitness,youaregoingtoneedtowritea
report.
Eachchapterhasseveralfeaturesdesignedtocommunicateeffectivelythe
informationyou’llneedtoknowfortheexam:
•TheCertificationObjectivescoveredineachchapterarelistedfirst.These
identifythemajortopicswithinthechapter,andhelpyoutomapoutyour
study.Sinceseveralchapterscoverinformationinmultipleareas,someof
theobjectiveshavebeencombinedintoasinglesentence.Fearnot:The
informationisthere.
•Sidebarsareincludedineachchapterandaredesignedtopointout
information,tips,andstoriesthatwillbehelpfulinyourday-to-day
responsibilities:
•ExamTipsareexactlywhattheysoundlike.Theseareincludedtopoint
outafocusareayouneedtoconcentrateonfortheexam.No,theyare
notexplicittestanswers.Yes,theywillhelpyoufocusyourstudy.
•SpeciallycalledoutNotesarepartofeachchaptertoo.Theseinteresting
tidbitsofinformationarerelevanttothediscussionandpointoutextra
information.Don’tdiscountthem.
•YoushouldpayattentiontothenoteslabeledCaution,astheypointout
areaswhenyoucangoverywrong.
Thisbookisdividedintotwogeneralsections.Thefirstthreechapters
addressmeta-issuesincomputerforensics,andproposeaprocessforperforming
aninvestigation.Chapter4talksaboutwhatyouneedtodotosetupaforensics
lab,andoffersgoodadviceaboutwhatyouneedtoconsiderifyou’rethinkingof
goingintobusinessforyourself.Therestofthechaptersgothroughthisprocess
inmoredetail,fromtheinitialinvolvementwithacasethroughwritingareport
andperhapsactingasawitness.Alongtheway,thebookcoverswhatIthinkof
as“traditional”forensics,includingevidenceacquisitionfromdiskdrivesand
computermemory.Thebookalsocoversforensicsasappliedtootherdigital
communications,includingmobiledevices,network-basedattackanddefense,
andattacksagainste-mailandweb-basedapplications.
TheIntendedAudience
Thereacoupleofgroupsofpeoplewhowillbenefitfromthisbook.Thefirstare
peoplewhoareinterestedinhavingacareerinthefieldofdigitalforensics,or
arejustinterestedinthetopic.Unfortunately,thisbookdoesn’tprovideallthe
informationthatyouneedtostartyourcareer.EC-Councilrecommendsthat
peoplewhowishtoobtainthiscertificationshouldhavealreadyobtainedthe
CertifiedEthicalHacker(CEH)certification.Thisbookassumesthatyouhavea
backgroundinhowcomputersareactuallybuilt(CPU,memory,persistent
storage,andsoon)andthatyouhavesomefamiliaritywithcurrentoperating
systemssuchasLinux,MicrosoftWindows,MacOSX,andOracleSolaris.
Withoutthisbackground,Ithinkyou’llfindthisbookrathertoughsledding.
Remember,though,thatIwrotethisbookforbeginnersinthefieldofdigital
forensics,soyouwillgainvaluableinformationfromreadingthisbook.
Thesecondgroupofpeoplewhowillbenefitfromthisbookarethosewho
havethisbasicknowledgealready,aswellassomeknowledgeandexperiencein
thematerialcoveredintheCEHcertification(theCEHCertifiedEthicalHacker
All-in-OneExamGuideisagoodplacetostart).Thesefolksmaybelookingfor
acareerchangeorsimplyexpandingtheirknowledgeandexpertise.Ifyou’re
oneofthosepeople,Ithinkthatthisbookwillofferyouagoodresourcetocome
uptospeedquicklyinthebasicsofdigitalforensics.
NextSteps
Wheredoyougofromhere?Onethingtoconsiderisgainingexpertiseinthe
“bigtwo”offorensicsoftwaresuites:AccessData’sForensicToolkit(FTK)and
GuidanceSoftware’sEnCase.Bothofthesevendorsoffertrainingand
certificationfortheseproducts.Otherprofessionalcertificationsincludethe
CertifiedForensicsExaminer(CFE)fromtheInternationalSocietyofForensic
ComputerExaminers(ISFCE)andtheCertifiedForensicComputerExaminer
(CFCE)fromtheInternationalAssociationofComputerInvestigativeSpecialists
(IACIS).
Youmayalsoencounterasetofcertificationsandtoolsthatarereservedfor
peopleinlawenforcement.Frankly,thereareelementsofdigitalforensicsthat
youwillprobablynevergettodounlessyouareinlawenforcement.However,
theprinciplesandprocessesthatwecoverinthisbookareappropriateforthose
ofyouwhowillbeinvolvedinincidentresponseorinternalinvestigations,since
forensicstechniquesandtechnologyareincreasinglyapartofincidentresponse.
TheExamination
Beforeyoutakethatnextstepinyourcareer,youneedtopasstheCHFI
certificationexamination.Passingthisexamiscomplicatedbecauseofthe
breadthofthematerialcovered(EC-Councillists22differentsubjectareas).
Nevertheless,takeheart!Thisbookwillhelpyougaintheknowledgeneededfor
youtopasstheexam.Readon!
ExamDetails
Theexamitselfiscomputer-basedandcontains150multiple-choicequestions
withafewtrue/falsequestionsthrownin.Youhavefourhourstocompletethe
exam.That’salittleunder40questionsanhour,or1questioneveryminuteand
30seconds.Goahead,takeadeepbreath,andcountfrom1to90slowly(one
thousandone,onethousandtwo…).That’showlongyoucouldspendonevery
questionandstillcompletetheexamintheallottedtime.Sincetherearesome
questionsyoucananswerimmediately,withinfivesecondsorso,youdon’tneed
toworryaboutrunningoutoftime.Apassingscorefortheexamis70percent.
Forthemathematicallyinclined,thatmeansthatyouneedtoanswer105
questionscorrectlytopass.Notquiteasdauntingas150questions,isit?
HowtoRegisterfortheExam
YouwillneedtoregisterfortheexamattheEC-Councilwebsite
(www.eccouncil.org).Thefirststepintheprocessistoapplytoactuallytakethe
exam.Onceyou’vebeenapproved,youcanpurchaseanexamvoucheratthe
EC-Councilonlinestore,afterwhichyoucanscheduleyourexamataPrometric
orVUEtestingcenter.
PreparingfortheExam
Iwanttobeveryclearaboutthis.Thisbookwillhelpyoupasstheexam.Itwill
provideyouwithinformationyouneedtoknowtopassyourexam,butitwill
notgiveyoualltheinformationandexperienceyouneedtopasstheexam.
Instead,itshouldhelppointyoutowardareaswhereyouneedmorestudyor
background.Takethepracticeexams,availablefordownload.EC-Councilalso
offersanonlineassessmentthatwillgiveyouafeelfortheactualexam.Be
toughonyourselfwhilepracticingwiththeseexams.Ifyougetaquestionright
andyouguessedtheanswer,youneedtoknowwhatthecorrectanswerisand
whytheotheranswersaren’tcorrect.
ExamStrategies
I’vesatforanumberofexaminations,andI’vedevelopedapersonalstrategy
thatworksforme.First,arriveearlyfortheexamination.Takeabiobreakand
drinksomewater.Getloose.Walkaround,shakeyourfingers,dowhateveryou
liketodoandneedtodotoloosenup.Don’ttrytocramuntilthelastminute.If
youhavea“cheatsheet”(aquicksummaryofimportantpoints),reviewthat.A
schoolofthoughtsaysyou’llrememberthelastthingyouputintoyourhead.
YourmomentofexamZen:Remembereverythingandnothing.Formosttests,
you’llbeprovidedwithanerasablepadandamarkingpen.Ifyouneedtowrite
downsomeinformation,writeitonthepadbeforeyouevenstarttheexam.This
cansaveyoutimelaterandincreaseyouraccuracy,sinceyouwon’thavetorack
yourbrainstryingtorememberdetailsafteryou’vebeenstaringatacomputer
screenforanhourorso.
Whileyou’retakingtheexam,answerthequestionifyoucan.Ifyou’rein
doubt,markthequestionandskipit.Theanswermaycometoyouasyou
proceed,oranotherquestionlaterintheexammayjogyourmemoryorstartyou
thinkingintherightdirection.Makesurethatyoureadthequestionandallof
theanswerchoices!Ifyouchoosethefirstanswerchoicethat“looksright,”you
mayignoreabetteranswerchoicefollowingit.
Afteryou’vecompleted30questionsorso,forceyourselftostop,relax,take
adeepbreath,stretch,andlookawayfromthescreen.Moreover,blink!These
exerciseswillkeepyoufromtighteningup,andblinkingwillpreventdeveloping
dryeyefromstaringatthescreenfortoolong.Thepointistokeepyourself
mentallyandphysicallyrelaxedandloose.
Whenyou’vecompletedtheexam,takeaminuteorthreetorelaxbeforeyou
startreviewingthequestionsyou’vemarked.Thengobackandlookatthe
questionsyoumarked.Ifyou’restillunclear,leavethequestionmarkedand
proceedtothenextquestionyou’vemarked.Ifyoucaneliminateoneortwoof
theanswerchoices,you’llhaveabetterchanceofnarrowingthechoicebetween
theothertwo.AsfarasIknow,thereisnopenaltyforwronganswers,so,if
worsecomestoworst,choosetheanswerthat“feels”correct.Remember,
everythingyoureadorstudiedinthecourseofpreparingforthisexamisstored
inyourmemory,andalthoughyoumaynotbeabletorecallit,youmaydoso
subliminally—theanswerjust“feelsright”or“looksright.”Trustme:Itworks.
Whenyou’veansweredthequestion,unmarkit.Repeatuntilyouhaveno
markedquestions,yourunoutoftime,oryoucan’tstandtolookatthescreen
anylonger.
Thankyouforpickingupthisbookandreading.Itrulyhopethatthisbook
willhelpyoualongyourcareerpath,aswellashelpingyoufulfillyourdreams
andambitions.Digitalforensicsisafascinating,constantlychanging,constantly
challengingendeavor.Youmaybecomefrustrated,butyouwon’tbebored!The
workthatyoudocanhelpcatchthebadguysandexoneratethegoodguys.
Moreover,attheendoftheday,that’snotsuchabadwaytooccupyyourtime.
ObjectiveMap
Thefollowingtablehasbeenconstructedtoallowyoutocross-referencethe
officialexamobjectiveswiththeobjectivesastheyarepresentedandcoveredin
thisbook.Referenceshavebeenprovidedfortheobjectiveexactlyastheexam
vendorpresentsit,thesectionoftheexamguidethatcoversthatobjective,anda
chapterandpagereference.
CHFIv8312-49
