Cyber Forensics: From Data to Digital Evidence


Praise For Cyber Forensics

"For novice and experienced examiners alike, this book is unlike many of its genre and actually keeps your interest from the first to the last page. The incorporation of an event necessitating an investigative effort, combined with an overview of the computer forensic methodology, is a must-read."
—Detective Andy Hrenak, CFCE/A+/ACE/DFCB, Hazelwood Police Department, RCCEEG Forensic Examiner

"This book is a must-read for all practicing forensic ...

See more details below
Other sellers (Hardcover)
  • All (11) from $28.71   
  • New (8) from $44.69   
  • Used (3) from $28.71   
Cyber Forensics: From Data to Digital Evidence

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study

Want a NOOK? Explore Now

NOOK Book (eBook)
$45.99 price
(Save 42%)$80.00 List Price


Praise For Cyber Forensics

"For novice and experienced examiners alike, this book is unlike many of its genre and actually keeps your interest from the first to the last page. The incorporation of an event necessitating an investigative effort, combined with an overview of the computer forensic methodology, is a must-read."
—Detective Andy Hrenak, CFCE/A+/ACE/DFCB, Hazelwood Police Department, RCCEEG Forensic Examiner

"This book is a must-read for all practicing forensic professionals and students interested in gaining a deeper understanding of cyber forensics. The authors manage to explain cyber forensics in an unthreatening and understandable way! Good job, guys!"
—Bruce Monahan, Chief Audit Executive, Selective Insurance Group, Inc.

"Marcella and Guillossou have created one of the most important resources for cyber forensic professionals available today. The need for understanding electronic data at its most basic level is critical to help ensure that a cyber forensic investigator or expert witness can confidently handle any legal cross-examination. If you want to gain the detailed knowledge of how 'bits' and 'bytes' of data become digital evidence, this book is for you!"
—Doug Menendez, CISA, CIA, Audit Manager, Graybar Electric Company; coauthor, Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition

"This book is a solid foundation for anyone wishing to improve their forensic skills and provide stronger investigative and legal case support. The use of a fictitious case throughout the text to illustrate points and demonstrate process is very effective."
—Jeff Lukins, Dynetics Technical Services, Inc.

"Cyber Forensics is the only book on computer forensics in which the authors take the bottom-up approach—explaining fundamentals of digital data storage and retrieval before discussing any forensic techniques. The book focuses more on the scientific concepts of computer forensics and less on the law-enforcement-related activities. This makes the book a perfect text for college-level computer science students."
—Dr. Lydia Ray, Assistant Professor of Computer Science, Columbus State University

"The need for clear but detailed understanding is absolutely critical to effectively obtain and utilize digital data to any end, but especially for investigatory results. Messrs. Marcella and Guillossou have delivered on that need in their newest text, Cyber Forensics: From Data to Digital Evidence. This text will be added to my personal reference library immediately. Thank you, gentlemen, for your efforts and results for those of us that need this type of information."
—Don Caniglia, CGEIT, CISA, CISM, FLMI, founder/CEO, ITRisk Management Services, LLC

Read More Show Less

Product Details

  • ISBN-13: 9781118273661
  • Publisher: Wiley, John & Sons, Incorporated
  • Publication date: 5/1/2012
  • Series: Wiley Corporate F&A Series , #587
  • Edition number: 1
  • Pages: 342
  • Sales rank: 1,118,816
  • Product dimensions: 6.30 (w) x 9.10 (h) x 1.30 (d)

Meet the Author

Albert J. Marcella, Jr., PhD, CISA, CISM, is President of Business Automation Consultants, LLC, a global information technology and management consulting firm providing IT management consulting, audit and security reviews, and training. He is an internationally recognized public speaker, researcher, workshop and seminar leader, and an author of numerous articles and books on various IT, audit, and security related subjects.

Frederic Guillossou, CISSP, CCE, is an Information Security Analyst with TALX, a division of Equifax. He regularly trains on intrusion prevention systems and has successfully led a number of forensic investigations in the field.

Read More Show Less

Table of Contents



Chapter 1: The Fundamentals of Data

Base 2 Numbering System: Binary and Character Encoding

Communication in a Two State Universe

Electricity and Magnetism

Building Blocks: The Origins of Data

Growing the Building Blocks of Data

Moving Beyond Base 2

American Standard Code for Information Interchange

Character Codes: The Basis for Processing Textual Data

Extended ASCII and Unicode



Chapter 2: Binary to Decimal

American Standard Code for Information Interchange

Computer as a Calculator

Why Is This Important In Forensics?

Data Representation

Converting Binary to Decimal

Conversion Analysis

A Forensic Case Example: An Application of the Math

Decimal to Binary: Recap for Review


Chapter 3: The Power of HEX: Finding Slivers of Data

What the HEX?

Bits and Bytes and Nibbles

Nibbles and Bits

Binary to HEX Conversion

Binary (HEX) Editor

The Needle within the Haystack



Chapter 4: Files


Files, File Structures, and File Formats

File Extensions

Changing a File's Extension to Evade Detection

Files and the HEX Editor

File Signature

ASCII is Not Text nor HEX

Value of File Signatures

Complex Files: Compound, Compressed, and Encrypted Files

Why Do Compound Files Exist?

Compressed Files and Magic Numbers

Forensics and Encrypted Files

The Structure of Ciphers



Appendix 4A: Common File Extensions

Appendix 4B: File Signature/Magic Number Database

Appendix C: Magic Number Definition

Appendix 4D: Compound Document Header

Chapter 5: The Boot Process and the Master Boot Record (MBR)

Booting Up

Primary Functions of the Boot Process

Forensic Imaging and Evidence Collection

Summarizing the BIOS

The Master Boot Record (MBR)

Partition Table

Hard Disk Partition



Chapter 6: Endianness and the Partition Table

The Flavor of Endianness


The Origins of Endian

Partition Table within the Master Boot Record



Chapter 7: Volume versus Partition

Tech Review

Cylinder, Head, Sector and Logical Block Addressing

Volumes and Partitions



Chapter 8: File Systems – FAT 12/16

Tech Review

File Systems


File Allocation Table (FAT) File System


HEX Review Note

Directory Entries

File Allocation Table (FAT)

How is Cluster Size Determined?

Expanded Cluster Size

Directory Entries and the FAT Table

FAT Filing System Limitations

Directory Entry Limitations


Appendix 8A: Partition Table Fields

Appendix 8B: FAT Table Values

Appendix 8C: Directory Entry Byte Offset Description

Appendix 8D: FAT12/16 Byte Offset Values

Appendix 8E: FAT 32 Byte Offset Values

Appendix 8F: The Power of 2

Chapter 9: File Systems – NTFS and Beyond

New Technology File System

Partition Boot Record

Master File Table

NTFS Summary


Alternative Filing System Concepts



Appendix 9A: Common NTFS System Defined Attributes

Box Analogy

Chapter 10: Cyber Forensics: Investigative Smart Practices

The Forensic Process

Forensic Investigative Smart Practices (ISPs)




Chapter 11: Time and Forensics

Network Time Protocol

Timestamp Data

Keeping Track of Time

Clock Models and Time Bounding: The Foundations of Forensic Time

MS-DOS 32 Bit Time Stamp: Date and Time

Date Determination

Time Determination

Time Inaccuracy



Chapter 12: Investigation: Incident Closure

Step 5: Investigation

Step 6: Communicate Findings

Characteristics of a Good Cyber Forensic Report

Report Contents

Step 7: Retention and Curation of Evidence

Step 8: Investigation Wrap Up and Conclusion

Investigator’s Role as an Expert Witness



Chapter 13: A Cyber Forensic Process Summary


Binary – Decimal - ASCII

Data versus Code


From Raw Data to Files

Accessing Files



File Systems


The Investigation Process


Appendix: Forensic Report: Forensic Investigations, ABC Inc.


About the Authors


Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)