Book description
Digital Forensics for Legal Professionals is a complete non-technical guide for legal professionals and students to understand digital forensics. In the authors’ years of experience in working with attorneys as digital forensics experts, common questions arise again and again: "What do I ask for?" "Is the evidence relevant?" "What does this item in the forensic report mean?" "What should I ask the other expert?" "What should I ask you?" "Can you explain that to a jury?" This book answers many of those questions in clear language that is understandable by non-technical people. With many illustrations and diagrams that will be usable in court, it explains technical concepts such as unallocated space, forensic copies, timeline artifacts and metadata in simple terms that make these concepts accessible to both attorneys and juries.
The book also explains how to determine what evidence to ask for, evidence that might be discoverable, and furthermore, it provides an overview of the current state of digital forensics, the right way to select a qualified expert, what to expect from that expert, and how to properly use experts before and during trial. With this book, readers will clearly understand different types of digital evidence and examples of direct and cross examination questions. It includes a reference of definitions of digital forensic terms, relevant case law, and resources.
This book will be a valuable resource for attorneys, judges, paralegals, and digital forensic professionals.
- Provides examples of direct and cross examination questions for digital evidence
- Contains a reference of definitions of digital forensic terms, relevant case law, and resources for the attorney
Table of contents
- Cover image
- Table of Contents
- Front-matter
- Copyright
- Preface
- Dedication
- About the Authors
- About the Tech Editors
- Chapter 1. Digital Evidence Is Everywhere
- 1.1. What is digital forensics?
- 1.2. What is digital evidence?
- 1.3. How digital evidence is created and stored
- Chapter 2. Overview of Digital Forensics
- 2.1. Digital forensics
- 2.2. A little computer history
- 2.3. A brief history of computer forensics
- 2.4. Computer forensics becomes digital forensics
- Chapter 3. Digital Forensics
- 3.1. The subdisciplines
- 3.2. Computer forensics
- Chapter 4. The Foundations of Digital Forensics
- 4.1. Who establishes best practices?
- 4.2. Who should be following best practices?
- 4.3. Summary of best practices
- 4.4. What really happens in many cases
- Chapter 5. Overview of Digital Forensics Tools
- 5.1. What makes a tool forensically sound?
- 5.2. Who performs tool testing?
- 5.3. Computer forensics tools: An overview
- 5.4. Classes of forensics tools
- 5.5. Mobile device forensics tools
- Chapter 6. Digital Forensics at Work in the Legal System
- 6.1. Mitigation
- 6.2. Pre-trial motions
- 6.3. Trial preparation
- 6.4. Example trial questions
- 6.5. Trial phase
- Chapter 7. Why Do I Need an Expert?
- 7.1. Why hire a digital forensics expert?
- 7.2. When to hire a digital forensics expert
- Chapter 8. The Difference between Computer Experts and Digital Forensics Experts
- 8.1. The computer expert
- 8.2. The digital forensics expert
- 8.3. A side-by-side comparison
- 8.4. Investigation of digital evidence
- Chapter 9. Selecting a Digital Forensics Expert
- 9.1. What is an expert?
- 9.2. Locating and selecting an expert
- 9.3. Certifications
- 9.4. Training, education, and experience
- 9.5. The right forensic tools
- Chapter 10. What to Expect from an Expert
- 10.1. General expectations
- 10.2. Where to begin?
- 10.3. The examination
- 10.4. Court preparation
- 10.5. Expert advice
- Chapter 11. Approaches by Different Types of Examiners
- 11.1. Standards
- 11.2. Training and experience
- 11.3. Impact on examinations
- 11.4. Ethics
- 11.5. The approach to an examination
- Chapter 12. Spotting a Problem Expert
- 12.1. Beyond the window dressings
- Chapter 13. Qualifying an Expert in Court
- 13.1. Qualifying an expert
- 13.2. Qualifying experts in court
- Chapter 14. Overview of Digital Evidence Discovery
- 14.1. Discovery motions in civil and criminal cases
- Chapter 15. Discovery of Digital Evidence in Criminal Cases
- 15.1. Sources of digital evidence
- 15.2. Building the motion
- Chapter 16. Discovery of Digital Evidence in Civil Cases
- 16.1. Rules governing civil discovery
- 16.2. Electronic discovery in particular
- 16.3. Time is of the essence
- 16.4. Getting to the particulars
- 16.5. Getting the electronic evidence
- Chapter 17. Discovery of Computers and Storage Media
- 17.1. An example of a simple consent to search agreement
- 17.2. Example of a simple order for expedited discovery
- 17.3. Example of an order for expedited discovery and temporary restraining order
- Chapter 18. Discovery of Video Evidence
- 18.1. Common issues with video evidence
- 18.2. Collecting video evidence
- 18.3. Example discovery language for video evidence
- Chapter 19. Discovery of Audio Evidence
- 19.1. Common issues with audio evidence
- 19.2. Example discovery language for audio evidence
- Chapter 20. Discovery of Social Media Evidence
- 20.1. Legal issues in social media discovery
- 20.2. Finding custodian of records contact information
- 20.3. Facebook example
- 20.4. Google information
- 20.5. Online e-mail accounts
- Chapter 21. Discovery in Child Pornography Cases
- 21.1. The Adam Walsh Child Protection and Safety Act of 2006
- 21.2. The discovery process
- Chapter 22. Discovery of Internet Service Provider Records
- 22.1. Internet service provider records or IP addresses
- 22.2. Example language for web-based e-mail addresses
- 22.3. What to expect from an internet service provider (ISP) subpoena
- Chapter 23. Discovery of Global Positioning System Evidence
- 23.1. GPS tracking evidence overview
- 23.2. Discovery of GPS evidence
- Chapter 24. Discovery of Call Detail Records
- 24.1. Discovery issues in cellular evidence
- 24.2. Example language for call detail records
- Chapter 25. Obtaining Expert Funding in Indigent Cases
- 25.1. Justifying extraordinary expenses
- 25.2. Example language for an ex parte motion for expert funds
- Chapter 26. Hash Values
- 26.1. Hash values
- 26.2. How hash values are used in digital forensics
- Chapter 27. Metadata
- 27.1. The purpose of metadata
- 27.2. Common types of metadata
- Chapter 28. Thumbnails and the Thumbnail Cache
- 28.1. Thumbnails and the thumbnail cache
- 28.2. How thumbnails and the thumbnail cache work
- 28.3. Thumbnails and the thumbnail cache as evidence
- Chapter 29. Deleted Data
- 29.1. How data is stored on a hard drive
- 29.2. Deleted file recovery
- 29.3. Evidence of data destruction
- Chapter 30. Computer Time Artifacts (MAC Times)
- 30.1. Computer file system time stamps
- 30.2. Fundamental Issues in forensic analysis of timeline
- 30.3. Created, modified, accessed
- 30.4. The bottom line
- Chapter 31. Internet History (Web and Browser Caching)
- 31.1. What is web caching?
- 31.2. How Internet browser (web) caching works
- 31.3. Internet (web) caching as evidence
- 31.4. What if the Internet cache is cleared by the user?
- Chapter 32. Windows Shortcut Files (Link Files)
- 32.1. The purpose of link files, how they are created, and how they work
- 32.2. How link files can be of evidentiary value
- 32.3. Link files as evidence
- Chapter 33. Cellular System Evidence and Call Detail Records
- 33.1. An overview of the cellular phone system
- 33.2. How cell phones work
- 33.3. Call detail records
- 33.4. Call detail records as evidence of cell phone location
- 33.5. Enhanced 911 wireless location services
- 33.6. The E911 system overview
- 33.7. Emergency situations: Real-time cell phone tracking
- Chapter 34. E-mail Evidence
- 34.1. E-mail as evidence
- 34.2. E-mail storage and access: Where is it?
- 34.3. Web mail
- Chapter 35. Social Media
- 35.1. Common forms of social networking (social media)
- 35.2. Evidence out in the open
- 35.3. Convenience versus security
- 35.4. The allure of anonymity
- 35.5. Social media as evidence
- 35.6. Getting information from online services
- Chapter 36. Peer-to-Peer Networks and File Sharing
- 36.1. What is peer-to-peer file sharing?
- 36.2. How it works
- 36.3. Privacy and security issues with peer-to-peer file sharing
- 36.4. Peer-to-peer network evidence
- Chapter 37. Cell Phones
- 37.1. The fragile nature of cellular evidence
- 37.2. Forensic acquisition methods for cellular phones
- 37.3. Subscriber identity module (SIM) cards
- 37.4. Cell phone backup files
- 37.5. Advanced cell phone data analytics
- 37.6. The future of cell phone forensics
- Chapter 38. Video and Photo Evidence
- 38.1. The most critical steps in the forensic examination of video and photo evidence
- 38.2. Using video and photo evidence in cases
- Chapter 39. Databases
- 39.1. Databases in everyday life
- 39.2. What is a database?
- 39.3. Database files as evidence
- 39.4. Database recovery
- 39.5. Data as evidence
- Chapter 40. Accounting Systems and Financial Software
- 40.1. Accounting and money management programs
- 40.2. Personal money management software
- 40.3. Business accounting software
- 40.4. Getting the evidence
- 40.5. Types of evidence from financial software
- 40.6. Batch files as evidence
- 40.7. Other sources of financial evidence
- Chapter 41. Multiplayer Online Games
- 41.1. The culture of Massively Multiplayer Online Role Playing Games (MMORPGs)
- 41.2. MMORPG data as evidence
- Chapter 42. Global Positioning Systems
- 42.1. An overview of global positioning systems
- 42.2. An overview of the NAVSTAR Global Positioning System
- 42.3. How GPS works
- 42.4. Types of GPS evidence
- 42.5. Collection of evidence from GPS devices
- 42.6. Interpretation of GPS evidence
- Index
Product information
- Title: Digital Forensics for Legal Professionals
- Author(s):
- Release date: October 2011
- Publisher(s): Syngress
- ISBN: 9781597496445
You might also like
book
The Best Damn Cybercrime and Digital Forensics Book Period
Electronic discovery refers to a process in which electronic data is sought, located, secured, and searched …
book
Digital Forensics
Digital Forensics: Threatscape and Best Practices surveys the problems and challenges confronting digital forensic professionals today, …
book
Digital Forensics
The definitive text for students of digital forensics, as well as professionals looking to deepen their …
book
Implementing Digital Forensic Readiness
Implementing Digital Forensic Readiness: From Reactive to Proactive Process shows information security and digital forensic professionals …