Skip to main content


Computer Forensics For Dummies

Carol Pollard, Reynaldo Anzaldua

ISBN: 978-0-470-45783-2 November 2008 400 Pages


Uncover a digital trail of e-evidence by using the helpful, easy-to-understand information in Computer Forensics For Dummies! Professional and armchair investigators alike can learn the basics of computer forensics, from digging out electronic evidence to solving the case. You won’t need a computer science degree to master e-discovery. Find and filter data in mobile devices, e-mail, and other Web-based technologies.

You’ll learn all about e-mail and Web-based forensics, mobile forensics, passwords and encryption, and other e-evidence found through VoIP, voicemail, legacy mainframes, and databases. You’ll discover how to use the latest forensic software, tools, and equipment to find the answers that you’re looking for in record time. When you understand how data is stored, encrypted, and recovered, you’ll be able to protect your personal privacy as well. By the time you finish reading this book, you’ll know how to:

  • Prepare for and conduct computer forensics investigations
  • Find and filter data
  • Protect personal privacy
  • Transfer evidence without contaminating it
  • Anticipate legal loopholes and opponents’ methods
  • Handle passwords and encrypted data
  • Work with the courts and win the case

Plus, Computer Forensics for Dummies includes lists of things that everyone interested in computer forensics should know, do, and build. Discover how to get qualified for a career in computer forensics, what to do to be a great investigator and expert witness, and how to build a forensics lab or toolkit.

Note: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.


Part I: Digging Out and Documenting Electronic Evidence.

Chapter 1: Knowing What Your Digital Devices Create, Capture, and Pack Away — Until Revelation Day.

Chapter 2: Suiting Up for a Lawsuit or Criminal Investigation.

Chapter 3: Getting Authorized to Search and Seize.

Chapter 4: Documenting and Managing the Crime Scene.

Part II: Preparing to Crack the Case.

Chapter 5: Minding and Finding the Loopholes.

Chapter 6: Acquiring and Authenticating E-Evidence.

Chapter 7: Examining E-Evidence.

Chapter 8: Extracting Hidden Data.

Part III: Doing Computer Forensic Investigations.

Chapter 9: E-Mail and Web Forensics.

Chapter 10: Data Forensics.

Chapter 11: Document Forensics.

Chapter 12: Mobile Forensics.

Chapter 13: Network Forensics.

Chapter 14: Investigating X-Files: eXotic Forensics.

Part IV: Succeeding in Court.

Chapter 15: Holding Up Your End at Pretrial.

Chapter 16: Winning a Case Before You Go to Court.

Chapter 17: Standing Your Ground in Court.

Part V: The Part of Tens.

Chapter 18: Ten Ways to Get Qualifi ed and Prepped for Success.

Chapter 19: Ten Tactics of an Excellent Investigator and a Dangerous Expert Witness.

Chapter 20: Ten Cool Tools for Computer Forensics.




The field of computer forensics is changing constantly -- fueled by ultra-high usage of mobile devices, constant contact with wireless networks, and online lifestyles leaving e-evidence trials. Like hockey great Wayne Gretzky�s strategy of skating to where the puck is going to be�you�ll want to keep gearing up for where the e-evidence is going to be� So we�re providing this resource page to help keep your technical and e-evidence expertise in top shape.

Cell and PDA Forensics Software

What thing would you least want to lose? What would you least want someone to find -- or worse to snoop through? For many people, the answer to both questions would be the cell phone. Why? Because what�s most indispensable tends to reveal the most. And what�s not found is also important. With cell phones (with PDA and GPS capabilities) that have gigabytes of storage holding a contact phone book, calendar, sent and received text messages, downloaded files, call logs, photos, videos, and .mobi Web site visits; and that syncs with computers, it�s an e-evidence goldmine or landmine.

CelleBrite UFED (Universal Forensic Extraction Device)
This system is a standalone device for performing cell phone and PDA forensics. To help ensure data integrity for court, extracted data is verified using the MD5 hash algorithm, an industry standard.

Packet Sniffers

Packet sniffers are like vacuum cleaners. They suck up everything in their path that they are looking for. Software demo downloads are available at the following sites.

MSN Sniffer 2
This software is for capturing chats, which are saved into a database for future analysis.

HttpDetect (EffeTech HTTP Sniffer) 4.1
Captures IP packets containing HTTP protocol. It rebuilds and saves the HTTP communications and files sent through HTTP.

Supports live capturing for Intel wireless network adapter, Vista x86, and Vista x64. It captures full TCP/IP packets.

Forensic Software

You can�t start any investigation without using the right software. Give the software in this list a try.

Guidance Software
Arguably the most popular set of computer forensic software tools in use by law enforcement, corporate organizations, government organizations, and many others is its family of computer forensic tools used to work with mobile devices all the way up to entire networks. Guidance offers demo software at

Used by law enforcement, corporate, governmental, and private organizations for a variety of forensic applications, AccessData�s Forensic Took Kit is gaining in popularity and functionality with its FTK 2.0 version. The demonstration version of the software is at

Considered one of the best mobile device forensic tool makers, Paraben has also produced forensic products that target traditional computer forensics such as desktop computers and has branched out into network forensics with its P2 Enterprise product. The demonstration versions of the software are available at

X-Ways Software Technology
Based on the widely used Winhex tool, X-Ways Forensic has the same basic functionality of the more recognized forensic tools with some additional features, such as forensic RAM dumps. The software is also a fraction of the cost of the more popular forensic software packages. Use the following link to request a demonstration copy

A Knoppix Linux kernel at heart, Helix is a customized Linux live CD used for computer forensic applications and computer security response. A collection of tools included on the live CD give any experienced investigator a virtual toolbox to analyze a computer system. The software is free and is at
Not so much a maker of forensic software, but a Web site with a collection of links to forensic and security tools, is an invaluable resource for finding tools and information for those cases that require knowledge or tools not found in traditional forensic resources. Password cracking software can be found at