Introduction, The Scope of Computer Forensics, Windows Operating and File Systems, Handling Computer Hardware, Acquiring Evidence in a Computer Forensics Lab, Online Investigations, Documenting the Investigation, Admissibility of Digital Evidence, Network Forensics, Mobile Forensics, Photograph Forensics, Mac Forensics. Database forensics: forensic study of databases and their metadata. Investigative use of database contents, log files and in-RAM data in order to build a time-line or recover relevant information. Mobile device forensics: recovery of digital evidence or data from a mobile device. Media Analysis: disk structure, file systems (NTFS, EXT 2/3, HFS), and physical layer issues; Tools for digital forensics. Analysis Techniques: keyword searches, timelines, hidden data; Application Analysis; Network Analysis; Analysis of Cell phones, PDAs, etc.; Binary Code Analysis; Evidence: collection, preservation, testimony.