UNIT - I Introduction of Cybercrime : Types, The Internet spawns crime, Worms versus viruses, Computers' roles in crimes, Introduction to digital forensics, Introduction to Incident - Incident Response Methodology - Steps - Activities in Initial Response, Phase after detection of an incident. (Chapter - 1) UNIT - II Initial Response and forensic duplication, Initial Response & Volatile Data Collection from Windows system -Initial Response & Volatile Data Collection from Unix system - Forensic Duplication : Forensic duplication : Forensic Duplicates as Admissible Evidence, Forensic Duplication Tool Requirements, Creating a Forensic. Duplicate/Qualified Forensic Duplicate of a Hard Drive. (Chapter - 2) UNIT - III Forensics analysis and validation : Determining what data to collect and analyze, validating forensic data, addressing data-hiding techniques, performing remote acquisitions. Network Forensics : Network forensics overview, performing live acquisitions, developing standard procedures for network forensics, using network tools, examining the honeynet project. (Chapter - 3) UNIT - IV Current Forensic tools : Evaluating computer forensic tool needs, computer forensics software tools, computer forensics hardware tools, validating and testing forensics software E-Mail Investigations : Exploring the role of e-mail in investigation, exploring the roles of the client and server in e-mail, investigating e-mail crimes and violations, understanding e-mail servers, using specialized e-mail forensic tools. Cell phone and mobile device forensics : Understanding mobile device forensics, understanding acquisition procedures for cell phones and mobile devices. (Chapter - 4) UNIT - V Working with Windows and DOS Systems : Understanding file systems, exploring Microsoft File Structures, Examining NTFS disks, Understanding whole disk encryption, windows registry, Microsoft startup tasks, MS-DOS startup tasks, virtual machines. (Chapter - 5)

