E-Book, Englisch, 840 Seiten
Casey BS / Casey Digital Evidence and Computer Crime
3. Auflage 2011
ISBN: 978-0-08-092148-8
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Forensic Science, Computers, and the Internet
E-Book, Englisch, 840 Seiten
ISBN: 978-0-08-092148-8
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Digital Evidence and Computer Crime, Third Edition, provides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation. It offers a thorough explanation of how computer networks function, how they can be involved in crimes, and how they can be used as a source of evidence. In particular, it addresses the abuse of computer networks as well as privacy and security issues on computer networks. This updated edition is organized into five parts. Part 1 is about digital forensics and covers topics ranging from the use of digital evidence in the courtroom to cybercrime law. Part 2 explores topics such as how digital investigations are conducted, handling a digital crime scene, and investigative reconstruction with digital evidence. Part 3 deals with apprehending offenders, whereas Part 4 focuses on the use of computers in digital investigation. The book concludes with Part 5, which includes the application of forensic science to networks. New to this edition are updated information on dedicated to networked Windows, Unix, and Macintosh computers, as well as Personal Digital Assistants; coverage of developments in related technology and tools; updated language for search warrant and coverage of legal developments in the US impacting computer forensics; and discussion of legislation from other countries to provide international scope. There are detailed case examples that demonstrate key concepts and give students a practical/applied understanding of the topics, along with ancillary materials that include an Instructor's Manual and PowerPoint slides. This book will prove valuable to computer forensic students and professionals, lawyers, law enforcement, and government agencies (IRS, FBI, CIA, CCIPS, etc.). - Named The 2011 Best Digital Forensics Book by InfoSec Reviews - Provides a thorough explanation of how computers & networks function, how they can be involved in crimes, and how they can be used as evidence - Features coverage of the abuse of computer networks and privacy and security issues on computer networks
Eoghan Casey is an internationally recognized expert in data breach investigations and information security forensics. He is founding partner of CASEITE.com, and co-manages the Risk Prevention and Response business unit at DFLabs. Over the past decade, he has consulted with many attorneys, agencies, and police departments in the United States, South America, and Europe on a wide range of digital investigations, including fraud, violent crimes, identity theft, and on-line criminal activity. Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases. In addition to his casework and writing the foundational book Digital Evidence and Computer Crime, Eoghan has worked as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3) helping enhance their operational capabilities and develop new techniques and tools. He also teaches graduate students at Johns Hopkins University Information Security Institute and created the Mobile Device Forensics course taught worldwide through the SANS Institute. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security. Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He also has information security experience, as an Information Security Officer at Yale University and in subsequent consulting work. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. Eoghan has authored advanced technical books in his areas of expertise that are used by practitioners and universities around the world, and he is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet;4
3;Copyright;5
4;Table of Contents;6
5;Acknowledgments;14
6;Author Biographies;16
7;Introduction;22
8;Part 1. Digital Forensics;30
8.1;Chapter 1. Foundations of Digital Forensics;32
8.1.1;1.1 Digital Evidence;36
8.1.2;1.2 Increasing Awareness of Digital Evidence;38
8.1.3;1.3 Digital Forensics: Past, Present, and Future;39
8.1.4;1.4 Principles of Digital Forensics;43
8.1.5;1.5 Challenging Aspects of Digital Evidence;54
8.1.6;1.6 Following the Cybertrail;57
8.1.7;1.7 Digital Forensics Research;61
8.1.8;1.8 Summary;61
8.1.9;References;62
8.2;Chapter 2. Language of Computer Crime Investigation;64
8.2.1;2.1 Language of Computer Crime Investigation;65
8.2.2;2.2 The Role of Computers in Crime;68
8.2.3;2.3 Summary;76
8.2.4;References;77
8.3;Chapter 3. Digital Evidence in the Courtroom;78
8.3.1;3.1 Duty of Experts;80
8.3.2;3.2 Admissibility;85
8.3.3;3.3 Levels of Certainty in Digital Forensics;97
8.3.4;3.4 Direct versus Circumstantial Evidence ;101
8.3.5;3.5 Scientific Evidence;102
8.3.6;3.6 Presenting Digital Evidence;104
8.3.7;3.7 Summary ;110
8.3.8;References;111
8.4;Chapter 4. Cybercrime Law: A United States Perspective;114
8.4.1;4.1 Federal Cybercrime Law;114
8.4.2;4.2 State Cybercrime Law;132
8.4.3;4.3 Constitutional Law;136
8.4.4;4.4 Fourth Amendment;136
8.4.5;4.5 Fifth Amendment and Encryption;144
8.4.6;References;147
8.5;Chapter 5. Cybercrime Law: A European Perspective;152
8.5.1;5.1 The European and National Legal Frameworks;152
8.5.2;5.2 Progression of Cybercrime Legislation in Europe;155
8.5.3;5.3 Specific Cybercrime Offenses;158
8.5.4;5.4 Computer-Integrity Crimes;162
8.5.5;5.5 Computer-Assisted Crimes;178
8.5.6;5.6 Content-Related Cybercrimes;184
8.5.7;5.7 Other Offenses;202
8.5.8;5.8 Jurisdiction;207
8.5.9;5.9 Summary;211
8.5.10;References;212
9;Part 2. Digital Investigations;214
9.1;Chapter 6. Conducting Digital Investigations;216
9.1.1;6.1 Digital Investigation Process Models;216
9.1.2;6.2 Scaffolding for Digital Investigations;226
9.1.3;6.3 Applying the Scientific Method in Digital Investigations;230
9.1.4;6.4 Investigative Scenario: Security Breach;249
9.1.5;6.5 Summary;253
9.1.6;References;254
9.2;Chapter 7. Handling a Digital Crime Scene;256
9.2.1;7.1 Published Guidelines for Handling Digital Crime Scenes;259
9.2.2;7.2 Fundamental Principles;261
9.2.3;7.3 Authorization;263
9.2.4;7.4 Preparing to Handle Digital Crime Scenes;267
9.2.5;7.5 Surveying the Digital Crime Scene;269
9.2.6;7.6 Preserving the Digital Crime Scene;274
9.2.7;7.7 Summary;282
9.2.8;References;283
9.3;Chapter 8. Investigative Reconstruction with Digital Evidence;284
9.3.1;8.1 Equivocal Forensic Analysis;288
9.3.2;8.2 Victimology;295
9.3.3;8.3 Crime Scene Characteristics ;297
9.3.4;8.4 Threshold Assessments;302
9.3.5;8.5 Summary;311
9.3.6;References;312
9.4;Chapter 9. Modus Operandi, Motive, and Technology;314
9.4.1;9.1 Axes to Pathological Criminals and Other Unintended Consequences;314
9.4.2;9.2 Modus Operandi;316
9.4.3;9.3 Technology and Modus Operandi;317
9.4.4;9.4 Motive and Technology;326
9.4.5;9.5 Current Technologies;332
9.4.6;9.6 Summary;333
9.4.7;References;333
10;Part 3. Apprehending Offenders;334
10.1;Chapter 10. Violent Crime and Digital Evidence;336
10.1.1;10.1 The Role of Computers in Violent Crime;337
10.1.2;10.2 Processing The Digital Crime Scene;341
10.1.3;10.3 Investigative Reconstruction;345
10.1.4;10.4 Conclusions;350
10.1.5;References;350
10.2;Chapter 11. Digital Evidence as Alibi;352
10.2.1;11.1 Investigating an Alibi;353
10.2.2;11.2 Time as Alibi;355
10.2.3;11.3 Location as Alibi;356
10.2.4;11.4 Summary;357
10.2.5;References;357
10.3;Chapter 12. Sex Offenders on the Internet;358
10.3.1;12.1 Old Behaviors, New Medium;361
10.3.2;12.2 Legal Considerations;364
10.3.3;12.3 Identifying and Processing Digital Evidence;367
10.3.4;12.4 Investigating Online Sexual Offenders;370
10.3.5;12.5 Investigative Reconstruction;378
10.3.6;12.6 Case Example: Scott Tyree;386
10.3.7;12.7 Case Example: Peter Chapman;389
10.3.8;12.8 Summary;391
10.3.9;References;392
10.4;Chapter 13. Computer Intrusions;398
10.4.1;13.1 How Computer Intruders Operate;400
10.4.2;13.2 Investigating Computer Intrusions;406
10.4.3;13.3 Forensic Preservation of Volatile Data;417
10.4.4;13.4 Post-Mortem Investigation of a Compromised System;430
10.4.5;13.5 Investigation of Malicious Computer Programs;432
10.4.6;13.6 Investigative Reconstruction;435
10.4.7;13.7 Summary;448
10.4.8;References;448
10.5;Chapter 14. Cyberstalking;450
10.5.1;14.1 How Cyberstalkers Operate;452
10.5.2;14.2 Investigating Cyberstalking;454
10.5.3;14.3 Cyberstalking Case Example;461
10.5.4;14.4 Summary;462
10.5.5;References;463
11;Part 4. Computers;464
11.1;Chapter 15. Computer Basics for Digital Investigators;466
11.1.1;15.1 A Brief History of Computers;466
11.1.2;15.2 Basic Operation of Computers;468
11.1.3;15.3 Representation of Data;471
11.1.4;15.4 Storage Media and Data Hiding;476
11.1.5;15.5 File Systems and Location of Data;479
11.1.6;15.6 Dealing with Password Protection and Encryption;487
11.1.7;15.7 Summary;491
11.1.8;References;492
11.2;Chapter 16. Applying Forensic Science to Computers;494
11.2.1;16.1 Preparation;495
11.2.2;16.2 Survey;496
11.2.3;16.3 Documentation;499
11.2.4;16.4 Preservation;503
11.2.5;16.5 Examination and Analysis;514
11.2.6;16.6 Reconstruction;528
11.2.7;16.7 Reporting;537
11.2.8;16.8 Summary;539
11.2.9;References;541
11.3;Chapter 17. Digital Evidence on Windows Systems;542
11.3.1;17.1 File Systems;543
11.3.2;17.2 Data Recovery;558
11.3.3;17.3 Log Files;564
11.3.4;17.4 Registry;565
11.3.5;17.5 Internet Traces;567
11.3.6;17.6 Program Analysis;576
11.3.7;17.7 Summary;577
11.3.8;References;578
11.4;Chapter 18. Digital Evidence on UNIX Systems;580
11.4.1;18.1 UNIX Evidence Acquisition Boot Disk;581
11.4.2;18.2 File Systems;581
11.4.3;18.3 Overview of Digital Evidence Processing Tools;586
11.4.4;18.4 Data Recovery;594
11.4.5;18.5 Log Files;603
11.4.6;18.6 File System Traces;604
11.4.7;18.7 Internet Traces;608
11.4.8;18.8 Summary;614
11.4.9;References;614
11.5;Chapter 19. Digital Evidence on Macintosh Systems;616
11.5.1;19.1 File Systems;616
11.5.2;19.2 Overview of Digital Evidence Processing Tools;619
11.5.3;19.3 Data Recovery;620
11.5.4;19.4 File System Traces;621
11.5.5;19.5 Internet Traces;626
11.5.6;19.6 Summary;631
11.6;Chapter 20. Digital Evidence on Mobile Devices;632
12;Part 5. Network Forensics;634
12.1;Chapter 21. Network Basics for Digital Investigators;636
12.1.1;21.1 A brief history of computer networks;637
12.1.2;21.2 Technical Overview of Networks;638
12.1.3;21.3 Network Technologies;642
12.1.4;21.4 Connecting Networks Using Internet Protocols;648
12.1.5;21.5 Summary;660
12.1.6;References;660
12.2;Chapter 22. Applying Forensic Science to Networks;662
12.2.1;22.1 Preparation and Authorization;663
12.2.2;22.2 Identification;669
12.2.3;22.3 Documentation, Collection, and Preservation;675
12.2.4;22.4 Filtering and Data Reduction;680
12.2.5;22.5 Class/Individual Characteristics and Evaluation of Source;682
12.2.6;22.6 Evidence Recovery;686
12.2.7;22.7 Investigative Reconstruction;688
12.2.8;22.8 Reporting Results;696
12.2.9;22.9 Summary;697
12.2.10;References;698
12.3;Chapter 23. Digital Evidence on the Internet;700
12.3.1;23.1 Role of the Internet in Criminal Investigations;700
12.3.2;23.2 Internet Services: Legitimate versus Criminal Uses;701
12.3.3;23.3 Using the Internet as an Investigative Tool;714
12.3.4;23.4 Online Anonymity and Self-Protection;720
12.3.5;23.5 E-mail Forgery and Tracking;728
12.3.6;23.6 Usenet Forgery and Tracking;732
12.3.7;23.7 Searching and Tracking on IRC;735
12.3.8;23.8 Summary;740
12.3.9;References;741
12.4;Chapter 24. Digital Evidence on Physical and Data-Link Layers;742
12.4.1;24.1 Ethernet;743
12.4.2;24.2 Linking the Data-Link and Network Layers: Encapsulation;745
12.4.3;24.3 Ethernet versus ATM Networks;750
12.4.4;24.4 Documentation, Collection, and Preservation;751
12.4.5;24.5 Analysis Tools and Techniques;756
12.4.6;24.6 Summary;765
12.4.7;References;765
12.5;Chapter 25. Digital Evidence at the Network and Transport Layers;766
12.5.1;25.1 TCP/IP;767
12.5.2;25.2 Setting up a Network;779
12.5.3;25.3 TCP/IP-Related Digital Evidence;783
12.5.4;25.4 Summary;798
12.5.5;References;799
13;Case Index;800
14;Name Index;802
15;Subject Index;804
