You are previewing Digital Evidence and Computer Crime, 3rd Edition.
O'Reilly logo
Digital Evidence and Computer Crime, 3rd Edition

Book Description

Digital Evidence and Computer Crime, Third Edition provides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation. The widely-adopted first and second editions introduced thousands of students to this field and helped them deal with digital evidence. This completely updated edition provides the introductory materials that new students require, and also expands on the material presented in previous editions to help students develop these skills. The textbook teaches how computer networks function, how they can be involved in crimes, and how they can be used as a source of evidence. Additionally, this third edition includes updated chapters dedicated to networked Windows, Unix, and Macintosh computers, and Personal Digital Assistants. Ancillary materials include an Instructor's Manual and PowerPoint slides.

 



* Provides a thorough explanation of how computers & networks function, how they can be involved in crimes, and how they can be used as evidence
* Features coverage of the abuse of computer networks and privacy and security issues on computer networks

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Series Page
  5. Copyright
  6. Acknowledgments
  7. Author Biographies
  8. Introduction
  9. Digital Forensics
    1. Chapter 1. Foundations of Digital Forensics
      1. 1.1 Digital Evidence
      2. 1.2 Increasing Awareness of Digital Evidence
      3. 1.3 Digital Forensics: Past, Present, and Future
      4. 1.4 Principles of Digital Forensics
      5. 1.5 Challenging Aspects of Digital Evidence
      6. 1.6 Following the Cybertrail
      7. 1.7 Digital Forensics Research
      8. 1.8 Summary
    2. Chapter 2. Language of Computer Crime Investigation
      1. 2.1 Language of Computer Crime Investigation
      2. 2.2 The Role of Computers in Crime
      3. 2.3 Summary
    3. Chapter 3. Digital Evidence in the Courtroom
      1. 3.1 Duty of Experts
      2. 3.2 Admissibility
      3. 3.3 Levels of Certainty in Digital Forensics
      4. 3.4 Direct versus circumstantial evidence
      5. 3.5 Scientific Evidence
      6. 3.6 Presenting Digital Evidence
      7. 3.7 Summary
    4. Chapter 4. Cybercrime Law
      1. 4.1 Federal Cybercrime Law
      2. 4.2 State cybercrime law
      3. 4.3 Constitutional law
      4. 4.4 Fourth Amendment
      5. 4.5 Fifth Amendment and encryption
    5. Chapter 5. Cybercrime Law
      1. 5.1 The European and National Legal Frameworks
      2. 5.2 Progression of Cybercrime Legislation in Europe
      3. 5.3 Specific Cybercrime Offenses
      4. 5.4 Computer-Integrity Crimes
      5. 5.5 Computer-Assisted Crimes
      6. 5.6 Content-Related Cybercrimes
      7. 5.7 Other Offenses
      8. 5.8 Jurisdiction
      9. 5.9 Summary
  10. Digital Investigations
    1. Chapter 6. Conducting Digital Investigations
      1. 6.1 Digital Investigation Process Models
      2. 6.2 Scaffolding for Digital Investigations
      3. 6.3 Applying the Scientific Method in Digital Investigations
      4. 6.4 Investigative Scenario: Security Breach
      5. 6.5 Summary
    2. Chapter 7. Handling a Digital Crime Scene
      1. 7.1 Published Guidelines for Handling Digital Crime Scenes
      2. 7.2 Fundamental Principles
      3. 7.3 Authorization
      4. 7.4 Preparing to Handle Digital Crime Scenes
      5. 7.5 Surveying the Digital Crime Scene
      6. 7.6 Preserving the Digital Crime Scene
      7. 7.7 Summary
    3. Chapter 8. Investigative Reconstruction with Digital Evidence
      1. 8.1 Equivocal Forensic Analysis
      2. 8.2 Victimology
      3. 8.3 Crime Scene Characteristics
      4. 8.4 Threshold Assessments
      5. 8.5 Summary
    4. Chapter 9. Motive, and Technology
      1. 9.1 Axes to Pathological Criminals and Other Unintended Consequences
      2. 9.2 Modus Operandi
      3. 9.3 Technology and Modus Operandi
      4. 9.4 Motive and Technology
      5. 9.5 Current Technologies
      6. 9.6 Summary
  11. Apprehending Offenders
    1. Chapter 10. Violent Crime and Digital Evidence
      1. 10.1 The Role of Computers in Violent Crime
      2. 10.2 Processing The Digital Crime Scene
      3. 10.3 Investigative Reconstruction
      4. 10.4 Conclusions
    2. Chapter 11. Digital Evidence as Alibi
      1. 11.1 Investigating an Alibi
      2. 11.2 Time as Alibi
      3. 11.3 Location as Alibi
      4. 11.4 Summary
    3. Chapter 12. Sex Offenders on the Internet
      1. 12.1 Old Behaviors, New Medium
      2. 12.2 Legal Considerations
      3. 12.3 Identifying and Processing Digital Evidence
      4. 12.4 Investigating Online Sexual Offenders
      5. 12.5 Investigative Reconstruction
      6. 12.6 Case Example: Scott Tyree3
      7. 12.7 Case Example: Peter Chapman6
      8. 12.8 Summary
    4. Chapter 13. Computer Intrusions
      1. 13.1 How Computer Intruders Operate
      2. 13.2 Investigating Computer Intrusions
      3. 13.3 Forensic Preservation of Volatile Data
      4. 13.4 Post-Mortem Investigation of a Compromised System
      5. 13.5 Investigation of Malicious Computer Programs
      6. 13.6 Investigative Reconstruction
      7. 13.7 Summary
    5. Chapter 14. Cyberstalking
      1. 14.1 How Cyberstalkers Operate
      2. 14.2 Investigating Cyberstalking
      3. 14.3 Cyberstalking case example3
      4. 14.4 Summary
  12. Computers
    1. Chapter 15. Computer Basics for Digital Investigators
      1. 15.1 A Brief History of Computers
      2. 15.2 Basic Operation of Computers
      3. 15.3 Representation of Data
      4. 15.4 Storage Media and Data Hiding
      5. 15.5 File Systems and Location of Data
      6. 15.6 Dealing with Password Protection and Encryption
      7. 15.7 Summary
    2. Chapter 16. Applying Forensic Science to Computers
      1. 16.1 Preparation
      2. 16.2 Survey
      3. 16.3 Documentation
      4. 16.4 Preservation
      5. 16.5 Examination and Analysis
      6. 16.6 Reconstruction
      7. 16.7 Reporting
      8. 16.8 Summary
    3. Chapter 17. Digital Evidence on Windows Systems
      1. 17.1 File Systems
      2. 17.2 Data Recovery
      3. 17.3 Log Files
      4. 17.4 Registry
      5. 17.5 Internet Traces
      6. 17.6 Program Analysis
      7. 17.7 Summary
    4. Chapter 18. Digital Evidence on UNIX Systems
      1. 18.1 UNIX Evidence Acquisition Boot Disk
      2. 18.2 File Systems
      3. 18.3 Overview of Digital Evidence Processing Tools
      4. 18.4 Data Recovery
      5. 18.5 Log Files
      6. 18.6 File System Traces
      7. 18.7 Internet Traces
      8. 18.8 Summary
    5. Chapter 19. Digital Evidence on Macintosh Systems
      1. 19.1 File Systems
      2. 19.2 Overview of Digital Evidence Processing Tools
      3. 19.3 Data Recovery
      4. 19.4 File System Traces
      5. 19.5 Internet Traces
      6. 19.6 Summary
    6. Chapter 20. Digital Evidence on Mobile Devices
  13. Network Forensics
    1. Chapter 21. Network Basics for Digital Investigators
      1. 21.1 A brief history of computer networks
      2. 21.2 Technical Overview of Networks
      3. 21.3 Network Technologies
      4. 21.4 Connecting Networks Using Internet Protocols
      5. 21.5 Summary
    2. Chapter 22. Applying Forensic Science to Networks
      1. 22.1 Preparation and Authorization
      2. 22.2 Identification
      3. 22.3 Documentation, Collection, and Preservation
      4. 22.4 Filtering and Data Reduction
      5. 22.5 Class/Individual Characteristics and Evaluation of Source
      6. 22.6 Evidence Recovery
      7. 22.7 Investigative Reconstruction
      8. 22.8 Reporting Results
      9. 22.9 Summary
    3. Chapter 23. Digital Evidence on the Internet
      1. 23.1 Role of the internet in criminal investigations
      2. 23.2 Internet Services: Legitimate Versus Criminal Uses
      3. 23.3 Using the Internet as an Investigative Tool
      4. 23.4 Online Anonymity and Self-Protection
      5. 23.5 E-mail Forgery and Tracking
      6. 23.6 Usenet Forgery and Tracking
      7. 23.7 Searching and Tracking on IRC
      8. 23.8 Summary
    4. Chapter 24. Digital Evidence on Physical and Data-Link Layers
      1. 24.1 Ethernet
      2. 24.2 Linking the Data-Link and Network Layers: Encapsulation
      3. 24.3 Ethernet versus ATM Networks
      4. 24.4 Documentation, Collection, and Preservation
      5. 24.5 Analysis Tools and Techniques
      6. 24.6 Summary
    5. Chapter 25. Digital Evidence at the Network and Transport Layers
      1. 25.1 TCP/IP
      2. 25.2 Setting Up a Network
      3. 25.3 TCP/IP-Related Digital Evidence
      4. 25.4 Summary
  14. Case Index
  15. Name Index
  16. Subject Index