ROBOTICS & AUTOMATION
Empowering Progress
Up to 25% off Essentials Robotics and Automation titles
Digital Evidence and Computer Crime
Forensic Science, Computers, and the Internet
- 3rd Edition - April 12, 2011
- Author: Eoghan Casey
- Language: English
- Paperback ISBN:9 7 8 - 0 - 1 2 - 8 1 0 3 2 8 - 9
- Hardback ISBN:9 7 8 - 0 - 1 2 - 3 7 4 2 6 8 - 1
- eBook ISBN:9 7 8 - 0 - 0 8 - 0 9 2 1 4 8 - 8
Digital Evidence and Computer Crime, Third Edition, provides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation. It offers a t… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteDigital Evidence and Computer Crime, Third Edition, provides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation.
It offers a thorough explanation of how computer networks function, how they can be involved in crimes, and how they can be used as a source of evidence. In particular, it addresses the abuse of computer networks as well as privacy and security issues on computer networks.
This updated edition is organized into five parts. Part 1 is about digital forensics and covers topics ranging from the use of digital evidence in the courtroom to cybercrime law. Part 2 explores topics such as how digital investigations are conducted, handling a digital crime scene, and investigative reconstruction with digital evidence. Part 3 deals with apprehending offenders, whereas Part 4 focuses on the use of computers in digital investigation. The book concludes with Part 5, which includes the application of forensic science to networks.
New to this edition are updated information on dedicated to networked Windows, Unix, and Macintosh computers, as well as Personal Digital Assistants; coverage of developments in related technology and tools; updated language for search warrant and coverage of legal developments in the US impacting computer forensics; and discussion of legislation from other countries to provide international scope. There are detailed case examples that demonstrate key concepts and give students a practical/applied understanding of the topics, along with ancillary materials that include an Instructor's Manual and PowerPoint slides.
This book will prove valuable to computer forensic students and professionals, lawyers, law enforcement, and government agencies (IRS, FBI, CIA, CCIPS, etc.).
- Named The 2011 Best Digital Forensics Book by InfoSec Reviews
- Provides a thorough explanation of how computers & networks function, how they can be involved in crimes, and how they can be used as evidence
- Features coverage of the abuse of computer networks and privacy and security issues on computer networks
Computer forensic students and professionals, lawyers, law enforcement, government agencies (IRS, FBI, CIA, CCIPS, etc.).
- Acknowledgments
- Author Biographies
- Introduction
- Digital Forensics
- Chapter 1. Foundations of Digital Forensics
- 1.1 Digital Evidence
- 1.2 Increasing Awareness of Digital Evidence
- 1.3 Digital Forensics: Past, Present, and Future
- 1.4 Principles of Digital Forensics
- 1.5 Challenging Aspects of Digital Evidence
- 1.6 Following the Cybertrail
- 1.7 Digital Forensics Research
- 1.8 Summary
- Chapter 2. Language of Computer Crime Investigation
- 2.1 Language of Computer Crime Investigation
- 2.2 The Role of Computers in Crime
- 2.3 Summary
- Chapter 3. Digital Evidence in the Courtroom
- 3.1 Duty of Experts
- 3.2 Admissibility
- 3.3 Levels of Certainty in Digital Forensics
- 3.4 Direct versus circumstantial evidence
- 3.5 Scientific Evidence
- 3.6 Presenting Digital Evidence
- 3.7 Summary
- Chapter 4. Cybercrime Law
- 4.1 Federal Cybercrime Law
- 4.2 State cybercrime law
- 4.3 Constitutional law
- 4.4 Fourth Amendment
- 4.5 Fifth Amendment and encryption
- Chapter 5. Cybercrime Law
- 5.1 The European and National Legal Frameworks
- 5.2 Progression of Cybercrime Legislation in Europe
- 5.3 Specific Cybercrime Offenses
- 5.4 Computer-Integrity Crimes
- 5.5 Computer-Assisted Crimes
- 5.6 Content-Related Cybercrimes
- 5.7 Other Offenses
- 5.8 Jurisdiction
- 5.9 Summary
- Digital Investigations
- Chapter 6. Conducting Digital Investigations
- 6.1 Digital Investigation Process Models
- 6.2 Scaffolding for Digital Investigations
- 6.3 Applying the Scientific Method in Digital Investigations
- 6.4 Investigative Scenario: Security Breach
- 6.5 Summary
- Chapter 7. Handling a Digital Crime Scene
- 7.1 Published Guidelines for Handling Digital Crime Scenes
- 7.2 Fundamental Principles
- 7.3 Authorization
- 7.4 Preparing to Handle Digital Crime Scenes
- 7.5 Surveying the Digital Crime Scene
- 7.6 Preserving the Digital Crime Scene
- 7.7 Summary
- Chapter 8. Investigative Reconstruction with Digital Evidence
- 8.1 Equivocal Forensic Analysis
- 8.2 Victimology
- 8.3 Crime Scene Characteristics
- 8.4 Threshold Assessments
- 8.5 Summary
- Chapter 9., Motive, and Technology
- 9.1 Axes to Pathological Criminals and Other Unintended Consequences
- 9.2 Modus Operandi
- 9.3 Technology and Modus Operandi
- 9.4 Motive and Technology
- 9.5 Current Technologies
- 9.6 Summary
- Apprehending Offenders
- Chapter 10. Violent Crime and Digital Evidence
- 10.1 The Role of Computers in Violent Crime
- 10.2 Processing The Digital Crime Scene
- 10.3 Investigative Reconstruction
- 10.4 Conclusions
- Chapter 11. Digital Evidence as Alibi
- 11.1 Investigating an Alibi
- 11.2 Time as Alibi
- 11.3 Location as Alibi
- 11.4 Summary
- Chapter 12. Sex Offenders on the Internet
- 12.1 Old Behaviors, New Medium
- 12.2 Legal Considerations
- 12.3 Identifying and Processing Digital Evidence
- 12.4 Investigating Online Sexual Offenders
- 12.5 Investigative Reconstruction
- 12.6 Case Example: Scott Tyree3
- 12.7 Case Example: Peter Chapman6
- 12.8 Summary
- Chapter 13. Computer Intrusions
- 13.1 How Computer Intruders Operate
- 13.2 Investigating Computer Intrusions
- 13.3 Forensic Preservation of Volatile Data
- 13.4 Post-Mortem Investigation of a Compromised System
- 13.5 Investigation of Malicious Computer Programs
- 13.6 Investigative Reconstruction
- 13.7 Summary
- Chapter 14. Cyberstalking
- 14.1 How Cyberstalkers Operate
- 14.2 Investigating Cyberstalking
- 14.3 Cyberstalking case example3
- 14.4 Summary
- Computers
- Chapter 15. Computer Basics for Digital Investigators
- 15.1 A Brief History of Computers
- 15.2 Basic Operation of Computers
- 15.3 Representation of Data
- 15.4 Storage Media and Data Hiding
- 15.5 File Systems and Location of Data
- 15.6 Dealing with Password Protection and Encryption
- 15.7 Summary
- Chapter 16. Applying Forensic Science to Computers
- 16.1 Preparation
- 16.2 Survey
- 16.3 Documentation
- 16.4 Preservation
- 16.5 Examination and Analysis
- 16.6 Reconstruction
- 16.7 Reporting
- 16.8 Summary
- Chapter 17. Digital Evidence on Windows Systems
- 17.1 File Systems
- 17.2 Data Recovery
- 17.3 Log Files
- 17.4 Registry
- 17.5 Internet Traces
- 17.6 Program Analysis
- 17.7 Summary
- Chapter 18. Digital Evidence on UNIX Systems
- 18.1 UNIX Evidence Acquisition Boot Disk
- 18.2 File Systems
- 18.3 Overview of Digital Evidence Processing Tools
- 18.4 Data Recovery
- 18.5 Log Files
- 18.6 File System Traces
- 18.7 Internet Traces
- 18.8 Summary
- Chapter 19. Digital Evidence on Macintosh Systems
- 19.1 File Systems
- 19.2 Overview of Digital Evidence Processing Tools
- 19.3 Data Recovery
- 19.4 File System Traces
- 19.5 Internet Traces
- 19.6 Summary
- Chapter 20. Digital Evidence on Mobile Devices
- Network Forensics
- Chapter 21. Network Basics for Digital Investigators
- 21.1 A brief history of computer networks
- 21.2 Technical Overview of Networks
- 21.3 Network Technologies
- 21.4 Connecting Networks Using Internet Protocols
- 21.5 Summary
- Chapter 22. Applying Forensic Science to Networks
- 22.1 Preparation and Authorization
- 22.2 Identification
- 22.3 Documentation, Collection, and Preservation
- 22.4 Filtering and Data Reduction
- 22.5 Class/Individual Characteristics and Evaluation of Source
- 22.6 Evidence Recovery
- 22.7 Investigative Reconstruction
- 22.8 Reporting Results
- 22.9 Summary
- Chapter 23. Digital Evidence on the Internet
- 23.1 Role of the internet in criminal investigations
- 23.2 Internet Services: Legitimate Versus Criminal Uses
- 23.3 Using the Internet as an Investigative Tool
- 23.4 Online Anonymity and Self-Protection
- 23.5 E-mail Forgery and Tracking
- 23.6 Usenet Forgery and Tracking
- 23.7 Searching and Tracking on IRC
- 23.8 Summary
- Chapter 24. Digital Evidence on Physical and Data-Link Layers
- 24.1 Ethernet
- 24.2 Linking the Data-Link and Network Layers: Encapsulation
- 24.3 Ethernet versus ATM Networks
- 24.4 Documentation, Collection, and Preservation
- 24.5 Analysis Tools and Techniques
- 24.6 Summary
- Chapter 25. Digital Evidence at the Network and Transport Layers
- 25.1 TCP/IP
- 25.2 Setting Up a Network
- 25.3 TCP/IP-Related Digital Evidence
- 25.4 Summary
- Case Index
- Name Index
- Subject Index
- No. of pages: 840
- Language: English
- Edition: 3
- Published: April 12, 2011
- Imprint: Academic Press
- Paperback ISBN: 9780128103289
- Hardback ISBN: 9780123742681
- eBook ISBN: 9780080921488
EC
Eoghan Casey
Eoghan Casey is an internationally recognized expert in data breach investigations and information security forensics. He is founding partner of CASEITE.com, and co-manages the Risk Prevention and Response business unit at DFLabs. Over the past decade, he has consulted with many attorneys, agencies, and police departments in the United States, South America, and Europe on a wide range of digital investigations, including fraud, violent crimes, identity theft, and on-line criminal activity. Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.
In addition to his casework and writing the foundational book Digital Evidence and Computer Crime, Eoghan has worked as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3) helping enhance their operational capabilities and develop new techniques and tools. He also teaches graduate students at Johns Hopkins University Information Security Institute and created the Mobile Device Forensics course taught worldwide through the SANS Institute. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security.
Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He also has information security experience, as an Information Security Officer at Yale University and in subsequent consulting work. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. Eoghan has authored advanced technical books in his areas of expertise that are used by practitioners and universities around the world, and he is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.
Affiliations and expertise
Eoghan Casey, cmdLabs, Baltimore, MD, USA