Eoghan Casey is an internationally recognized expert in data breach investigations and information security forensics. He is founding partner of CASEITE.com, and co-manages the Risk Prevention and Response business unit at DFLabs. Over the past decade, he has consulted with many attorneys, agencies, and police departments in the United States, South America, and Europe on a wide range of digital investigations, including fraud, violent crimes, identity theft, and on-line criminal activity. Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases. In addition to his casework and writing the foundational book Digital Evidence and Computer Crime, Eoghan has worked as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3) helping enhance their operational capabilities and develop new techniques and tools. He also teaches graduate students at Johns Hopkins University Information Security Institute and created the Mobile Device Forensics course taught worldwide through the SANS Institute. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security. Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He also has information security experience, as an Information Security Officer at Yale University and in subsequent consulting work. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. Eoghan has authored advanced technical books in his areas of expertise that are used by practitioners and universities around the world, and he is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.
Digital Evidence and Computer Crime, Third Edition, provides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation. It offers a thorough explanation of how computer networks function, how they can be involved in crimes, and how they can be used as a source of evidence. In particular, it addresses the abuse of computer networks as well as privacy and security issues on computer networks. This updated edition is organized into five parts. Part 1 is about digital forensics and covers topics ranging from the use of digital evidence in the courtroom to cybercrime law. Part 2 explores topics such as how digital investigations are conducted, handling a digital crime scene, and investigative reconstruction with digital evidence. Part 3 deals with apprehending offenders, whereas Part 4 focuses on the use of computers in digital investigation. The book concludes with Part 5, which includes the application of forensic science to networks. New to this edition are updated information on dedicated to networked Windows, Unix, and Macintosh computers, as well as Personal Digital Assistants; coverage of developments in related technology and tools; updated language for search warrant and coverage of legal developments in the US impacting computer forensics; and discussion of legislation from other countries to provide international scope. There are detailed case examples that demonstrate key concepts and give students a practical/applied understanding of the topics, along with ancillary materials that include an Instructor's Manual and PowerPoint slides. This book will prove valuable to computer forensic students and professionals, lawyers, law enforcement, and government agencies (IRS, FBI, CIA, CCIPS, etc.). - Named The 2011 Best Digital Forensics Book by InfoSec Reviews- Provides a thorough explanation of how computers & networks function, how they can be involved in crimes, and how they can be used as evidence- Features coverage of the abuse of computer networks and privacy and security issues on computer networks
Front Cover 1
Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet 4
Copyright 5
Table of Contents 6
Acknowledgments 14
Author Biographies 16
Introduction 22
Part 1. Digital Forensics 30
Chapter 1. Foundations of Digital Forensics 32
1.1 Digital Evidence 36
1.2 Increasing Awareness of Digital Evidence 38
1.3 Digital Forensics: Past, Present, and Future 39
1.4 Principles of Digital Forensics 43
1.5 Challenging Aspects of Digital Evidence 54
1.6 Following the Cybertrail 57
1.7 Digital Forensics Research 61
1.8 Summary 61
References 62
Chapter 2. Language of Computer Crime Investigation 64
2.1 Language of Computer Crime Investigation 65
2.2 The Role of Computers in Crime 68
2.3 Summary 76
References 77
Chapter 3. Digital Evidence in the Courtroom 78
3.1 Duty of Experts 80
3.2 Admissibility 85
3.3 Levels of Certainty in Digital Forensics 97
3.4 Direct versus Circumstantial Evidence 101
3.5 Scientific Evidence 102
3.6 Presenting Digital Evidence 104
3.7 Summary 110
References 111
Chapter 4. Cybercrime Law: A United States Perspective 114
4.1 Federal Cybercrime Law 114
4.2 State Cybercrime Law 132
4.3 Constitutional Law 136
4.4 Fourth Amendment 136
4.5 Fifth Amendment and Encryption 144
References 147
Chapter 5. Cybercrime Law: A European Perspective 152
5.1 The European and National Legal Frameworks 152
5.2 Progression of Cybercrime Legislation in Europe 155
5.3 Specific Cybercrime Offenses 158
5.4 Computer-Integrity Crimes 162
5.5 Computer-Assisted Crimes 178
5.6 Content-Related Cybercrimes 184
5.7 Other Offenses 202
5.8 Jurisdiction 207
5.9 Summary 211
References 212
Part 2. Digital Investigations 214
Chapter 6. Conducting Digital Investigations 216
6.1 Digital Investigation Process Models 216
6.2 Scaffolding for Digital Investigations 226
6.3 Applying the Scientific Method in Digital Investigations 230
6.4 Investigative Scenario: Security Breach 249
6.5 Summary 253
References 254
Chapter 7. Handling a Digital Crime Scene 256
7.1 Published Guidelines for Handling Digital Crime Scenes 259
7.2 Fundamental Principles 261
7.3 Authorization 263
7.4 Preparing to Handle Digital Crime Scenes 267
7.5 Surveying the Digital Crime Scene 269
7.6 Preserving the Digital Crime Scene 274
7.7 Summary 282
References 283
Chapter 8. Investigative Reconstruction with Digital Evidence 284
8.1 Equivocal Forensic Analysis 288
8.2 Victimology 295
8.3 Crime Scene Characteristics 297
8.4 Threshold Assessments 302
8.5 Summary 311
References 312
Chapter 9. Modus Operandi, Motive, and Technology 314
9.1 Axes to Pathological Criminals and Other Unintended Consequences 314
9.2 Modus Operandi 316
9.3 Technology and Modus Operandi 317
9.4 Motive and Technology 326
9.5 Current Technologies 332
9.6 Summary 333
References 333
Part 3. Apprehending Offenders 334
Chapter 10. Violent Crime and Digital Evidence 336
10.1 The Role of Computers in Violent Crime 337
10.2 Processing The Digital Crime Scene 341
10.3 Investigative Reconstruction 345
10.4 Conclusions 350
References 350
Chapter 11. Digital Evidence as Alibi 352
11.1 Investigating an Alibi 353
11.2 Time as Alibi 355
11.3 Location as Alibi 356
11.4 Summary 357
References 357
Chapter 12. Sex Offenders on the Internet 358
12.1 Old Behaviors, New Medium 361
12.2 Legal Considerations 364
12.3 Identifying and Processing Digital Evidence 367
12.4 Investigating Online Sexual Offenders 370
12.5 Investigative Reconstruction 378
12.6 Case Example: Scott Tyree 386
12.7 Case Example: Peter Chapman 389
12.8 Summary 391
References 392
Chapter 13. Computer Intrusions 398
13.1 How Computer Intruders Operate 400
13.2 Investigating Computer Intrusions 406
13.3 Forensic Preservation of Volatile Data 417
13.4 Post-Mortem Investigation of a Compromised System 430
13.5 Investigation of Malicious Computer Programs 432
13.6 Investigative Reconstruction 435
13.7 Summary 448
References 448
Chapter 14. Cyberstalking 450
14.1 How Cyberstalkers Operate 452
14.2 Investigating Cyberstalking 454
14.3 Cyberstalking Case Example 461
14.4 Summary 462
References 463
Part 4. Computers 464
Chapter 15. Computer Basics for Digital Investigators 466
15.1 A Brief History of Computers 466
15.2 Basic Operation of Computers 468
15.3 Representation of Data 471
15.4 Storage Media and Data Hiding 476
15.5 File Systems and Location of Data 479
15.6 Dealing with Password Protection and Encryption 487
15.7 Summary 491
References 492
Chapter 16. Applying Forensic Science to Computers 494
16.1 Preparation 495
16.2 Survey 496
16.3 Documentation 499
16.4 Preservation 503
16.5 Examination and Analysis 514
16.6 Reconstruction 528
16.7 Reporting 537
16.8 Summary 539
References 541
Chapter 17. Digital Evidence on Windows Systems 542
17.1 File Systems 543
17.2 Data Recovery 558
17.3 Log Files 564
17.4 Registry 565
17.5 Internet Traces 567
17.6 Program Analysis 576
17.7 Summary 577
References 578
Chapter 18. Digital Evidence on UNIX Systems 580
18.1 UNIX Evidence Acquisition Boot Disk 581
18.2 File Systems 581
18.3 Overview of Digital Evidence Processing Tools 586
18.4 Data Recovery 594
18.5 Log Files 603
18.6 File System Traces 604
18.7 Internet Traces 608
18.8 Summary 614
References 614
Chapter 19. Digital Evidence on Macintosh Systems 616
19.1 File Systems 616
19.2 Overview of Digital Evidence Processing Tools 619
19.3 Data Recovery 620
19.4 File System Traces 621
19.5 Internet Traces 626
19.6 Summary 631
Chapter 20. Digital Evidence on Mobile Devices 632
Part 5. Network Forensics 634
Chapter 21. Network Basics for Digital Investigators 636
21.1 A brief history of computer networks 637
21.2 Technical Overview of Networks 638
21.3 Network Technologies 642
21.4 Connecting Networks Using Internet Protocols 648
21.5 Summary 660
References 660
Chapter 22. Applying Forensic Science to Networks 662
22.1 Preparation and Authorization 663
22.2 Identification 669
22.3 Documentation, Collection, and Preservation 675
22.4 Filtering and Data Reduction 680
22.5 Class/Individual Characteristics and Evaluation of Source 682
22.6 Evidence Recovery 686
22.7 Investigative Reconstruction 688
22.8 Reporting Results 696
22.9 Summary 697
References 698
Chapter 23. Digital Evidence on the Internet 700
23.1 Role of the Internet in Criminal Investigations 700
23.2 Internet Services: Legitimate versus Criminal Uses 701
23.3 Using the Internet as an Investigative Tool 714
23.4 Online Anonymity and Self-Protection 720
23.5 E-mail Forgery and Tracking 728
23.6 Usenet Forgery and Tracking 732
23.7 Searching and Tracking on IRC 735
23.8 Summary 740
References 741
Chapter 24. Digital Evidence on Physical and Data-Link Layers 742
24.1 Ethernet 743
24.2 Linking the Data-Link and Network Layers: Encapsulation 745
24.3 Ethernet versus ATM Networks 750
24.4 Documentation, Collection, and Preservation 751
24.5 Analysis Tools and Techniques 756
24.6 Summary 765
References 765
Chapter 25. Digital Evidence at the Network and Transport Layers 766
25.1 TCP/IP 767
25.2 Setting up a Network 779
25.3 TCP/IP-Related Digital Evidence 783
25.4 Summary 798
References 799
Case Index 800
Name Index 802
Subject Index 804
| Erscheint lt. Verlag | 12.4.2011 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| Recht / Steuern ► EU / Internationales Recht | |
| Recht / Steuern ► Privatrecht / Bürgerliches Recht ► IT-Recht | |
| Recht / Steuern ► Strafrecht ► Kriminologie | |
| Recht / Steuern ► Strafrecht ► Strafverfahrensrecht | |
| Sozialwissenschaften | |
| ISBN-10 | 0-08-092148-5 / 0080921485 |
| ISBN-13 | 978-0-08-092148-8 / 9780080921488 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 21,3 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
EPUB (Adobe DRM)Größe: 12,7 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
