Digital Evidence and Computer Crime, Third Edition: Forensic Science, Computers, and the Internet [Hardcover]

Eoghan Casey BS MA (Author)

Book Description

Publication Date: May 4, 2011 | ISBN-10: 0123742684 | ISBN-13: 978-0123742681 | Edition: 3

Digital Evidence and Computer Crime, Third Edition provides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation. The widely-adopted first and second editions introduced thousands of students to this field and helped them deal with digital evidence. This completely updated edition provides the introductory materials that new students require, and also expands on the material presented in previous editions to help students develop these skills. The textbook teaches how computer networks function, how they can be involved in crimes, and how they can be used as a source of evidence. Additionally, this third edition includes updated chapters dedicated to networked Windows, Unix, and Macintosh computers, and Personal Digital Assistants. Ancillary materials include an Instructor's Manual and PowerPoint slides.

 

* Provides a thorough explanation of how computers & networks function, how they can be involved in crimes, and how they can be used as evidence
* Features coverage of the abuse of computer networks and privacy and security issues on computer networks

Editorial Reviews

Amazon.com Review

Practitioner's Tips from Digital Evidence and Computer Crime's Chapter on Digital Evidence in the Courtroom

• In practice, many searches are conducted with consent. One of the biggest problems with consensual searches is that digital investigators must cease the search when the owner withdraws consent. However, digital investigators may be able to use the evidence gathered from a consensual search to establish probable cause and obtain a search warrant.
• Once a search warrant is obtained, there is generally a limited amount of time to execute the search. Therefore, it is prudent to obtain a search warrant only after sufficient preparations have been made to perform the search in the allotted time period. Any evidence obtained under an expired search warrant may not be admissible.
• Many digital investigators use the terminology “is consistent with” inappropriately to mean that an item of digital evidence might have been due to a certain action or event. For many people, to say that something is consistent with something else means that the two things are identical, without any differences. To avoid confusion, digital investigators are encouraged only to state that something is consistent with something else if the two things are the same and to otherwise use the terminology “is compatible with.”
• Given the complexity of modern computer systems, it is not unusual for digital investigators to encounter unexpected and undocumented behaviors during a forensic analysis of digital evidence. Such behaviors can cause unwary digital investigators to reach incorrect conclusions that can have a significant impact on a case, sometimes leading to false accusations. Thorough testing with as similar an environment to the original as possible can help avoid such mistakes and resolve differences in interpretation of digital evidence. Provided digital investigators can replicate the actions that led to the digital evidence in question, they can generally agree on what the evidence means. When it is not possible to replicate the exact environment or digital evidence under examination, digital investigators may need to rely on their understanding of the systems involved, which is where differences of opinion can arise.
• Careful use of language is needed to present digital evidence and associated conclusions as precisely as possible. Imprecise use of language in an expert report can give decision makers the wrong impression or create confusion. Therefore, digital investigators should carefully consider the level of certainty in their conclusions and should qualify their findings and conclusions appropriately.

Read a sample chapter on genesis and migration from Digital Evidence and Computer Crime

Review

"This hefty book on forensic evidence obtained from computers dispels the myths propagated by popular television series. It states from the premise that very few people are well versed in the technical, evidential, and legal issues concerning digital evidence. Oftentimes, the useful evidence that may be found in various digital media is overlooked, collected incorrectly, or analyzed ineffectively. It is the goal of the team of contributors to equip readers with the necessary knowledge and skills to be able to make use of digital evidence correctly and effectively..  It is quite obvious that the various authors draw from several fields, such as forensic science, computer science, political science, criminal justice, the law, and behavioral analysis; as such, it is multi- and interdisciplinary. More specifically, the authors tackle the specific crimes of cyber bullying, cyber stalking, identity theft, online sex offenders, fraudsters, and cyber threats. There is extensive use of boxed stories, legal cases, practitioner's tips, tables, the discussion of legislation, flow charts, treaties and journals, as well as figures, diagrams, pictures, and computer screen shots. The book is comparative in nature: it covers not only cyber law in the US, but also case law in the UK, Ireland, and the Netherlands. Given the ubiquity of the computer and the crimes that it can generate, learning about how other nations handle these issues helps in the formation of our own methods for dealing with crimes domestically, as well as those that cross national boundaries."--ACM's Computing Reviews.com

"A better title for Digital Evidence and Computer Crime might be the Comprehensive Guide to Everything You Need to Know About Digital Forensics. One is hard pressed to find another book overflowing with so many valuable details and real-world examples."--Ben Rothke on Slashdot.org (Sept 2011)

"The third edition of this comprehensive textbook on forensic science and the Internet is thoroughly updated to reflect the great leaps forward in technology in the six years since the previous printing. The work is divided into five sections covering digital forensics, digital investigations, apprehending offenders, computers and network forensics, and chapters provide practical instruction, case studies and discussions of the theoretical basis for all aspects of digital investigation and the use of computer evidence in forensics and law enforcement. The volume is intended for police, lawyers and forensic analysts and provides a comprehensive look at contemporary methodologies computer crime and crime prevention. Contributors include legal academics as well as computer, networking and forensics professional from around the world."--Book News, Reference & Research

"A better title for Digital Evidence and Computer Crime might be the Comprehensive Guide to Everything You Need to Know About Digital Forensics. One is hard pressed to find another book overflowing with so many valuable details and real-world examples. The book is also relevant for those who are new to the field, as it provides a significant amount of introductory material that delivers a broad overview to the core areas of digital forensics. The book progresses to more advanced and cutting-edge topics, including sections on various operating systems, from Windows and Unix to Macintosh. This is the third edition of the book and completely updated and reedited. When it comes to digital forensics, this is the reference guide that all books on the topic will be measured against. With a list price of $70.00, this book is an incredible bargain given the depth and breadth of topics discussed, with each chapter written by an expert in the field. For those truly serious about digital forensics, Digital Evidence and Computer Crime is an equally serious book."--Slashdot.com

See all Editorial Reviews

Product Details

• Hardcover: 840 pages
• Publisher: Academic Press; 3 edition (May 4, 2011)
• Language: English
• ISBN-10: 0123742684
• ISBN-13: 978-0123742681
• Product Dimensions: 9.5 x 7.7 x 1.9 inches
• Shipping Weight: 4.2 pounds (View shipping rates and policies)
• Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
• Amazon Best Sellers Rank: #129,020 in Books (See Top 100 in Books)
  • #17 in Books > Computers & Technology > Business & Culture > Digital Law
  • #22 in Books > Law > Criminal Law > Evidence
  • #83 in Books > Politics & Social Sciences > Crime & Criminals  > Forensic Science

More About the Author

Eoghan Casey is founding partner of cmdLabs.com, specializing in digital forensics and incident response. Over the past decade, he has consulted with many attorneys, agencies, and police departments in the United States, South America, and Europe on a wide range of digital investigations, including fraud, violent crimes, identity theft, and on-line criminal activity. In addition, Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.

Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations.Eoghan has authored numerous books in his areas of expertise that are used by practitioners and universities around the world, and he is Editor-in-Chief of Elsevier's International Journal of Digital Investigation. In addition, he conducts research and teaches graduate students at Johns Hopkins University Information Security Institute.

Customer Reviews

Most Helpful Customer Reviews

3 of 3 people found the following review helpful:

5.0 out of 5 stars The definitive reference on digital forensics, September 21, 2011

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: Digital Evidence and Computer Crime, Third Edition: Forensic Science, Computers, and the Internet (Hardcover)

When it comes to a physical crime scene and the resulting forensics, investigators can ascertain that a crime took place and gather the necessary evidence. When it comes to digital crime, the evidence is often at the byte level, deep in the magnetics of digital media, initially invisible from the human eye. That is just one of the challenges of digital forensics, where it is easy to destroy crucial evidence, and often difficult to preserve correctly.

For those looking for an authoritative guide, Digital Evidence and Computer Crime is an invaluable book that can be used to ensure that any digital investigation is done in a formal manner, that can ultimately be used to determine what happened, and if needed, used as evidence in court.

Written by Eoghan Casey, a leader in the field of digital forensics, in collaboration with 10 other experts, the book's 24 chapters and nearly 800 pages provide an all-encompassing reference. Every relevant topic in digital forensics is dealt with in this extraordinary book. Its breadth makes it relevant to an extremely large reading audience: system and security administrators, incident responders, forensic analysts, law enforcement, lawyers and more.

In the introduction, Casey writes that one of the challenges of digital forensics is that the fundamental aspects of the field are still in development. Be it the terminology, tools, definitions, standards, ethics and more, there is a lot of debate amongst professionals about these areas. One of the book's goals is to assist the reader in tackling these areas and to advance the field. To that end, it achieves its goals and more.

Chapter 1 is appropriately titled Foundation of Digital Forensics, and provides a fantastic overview and introduction to the topic. Two of the superlative features in the book are the hundreds of case examples and practitioners' tips. The book magnificently integrates the theoretical aspects of forensics with real-world examples to make it an extremely decipherable guide.

Casey notes that one of the most important advances in the history of digital forensics took place in 2008 when the American Academy of Forensic Sciences created a new section devoted to digital and multimedia sciences. That development advanced digital forensics as a scientific discipline and provided a common ground for the varied members of the forensic science community to share knowledge and address current challenges.

In chapter 3 - Digital Evidence in the Courtroom - Casey notes that the most common mistake that prevents digital evidence from being admitted in court is that it is obtained without authorization. Generally, a warrant is required to search and seize evidence. This and other chapters go into detail on how to ensure that evidence gathered is ultimately usable in court.

Chapter 6 - Conducting Digital Investigations - is one of the best chapters in the book. Much of this chapter details how to apply the scientific method to digital investigations. The chapter is especially rich with tips and examples, which are crucial, for if an investigation is not conducted in a formal and consistent manner, a defense attorney will attempt to get the evidence dismissed.

Chapter 6 and other chapters reference the Association of Chief Police Officer's Good Practice Guide for Computer-Based Electronic Evidence as one of the most mature and practical documents to use when handling digital crime scenes. The focus of the guide is to help digital investigators handle the most common forms of digital evidence, including desktops, laptops and mobile devices.

The Good Practice Guide is important in that digital evidence comes in many forms, including audit trails, application, badge reader and ISP and IDS logs, biometric data, application metadata, and much more. The investigator needs to understand how all of these work and interoperate to ensure that they are collecting and interpreting the evidence correctly.

Chapter 9 - Modus Operandi - by Brent Turvey is a fascinating overview of how and why criminals commit crimes. He writes that while technologies and tools change, the underlying psychological needs and motives of the offenders and their associated criminal behavior has not changed through the ages.

Chapter 10 - Violent Crime and Digital Evidence - is another extremely fascinating and insightful chapter. Casey writes that whatever the circumstances of a violent crime, information is key to determining and thereby understanding the victim-offender relationship, and to developing an ongoing investigative strategy. Any details gleaned from digital evidence can be important, and digital investigators must develop the ability to prioritize what can be overwhelming amounts of evidence.

Chapter 13 - Forensic Preservation of Volatile Data - deals with the age-old forensic issue: to shut down or not to shut down? It provides a highly detailed sample volatile data preservation process for an investigator to follow to preserve volatile data from a system. There is also a fascinating section on the parallels between arson and digital intrusion investigations.

Part 4 of the book is Computers, in which the authors note that although digital investigators can use sophisticated software to recover deleted files and perform advanced analysis of computer hard drives, it is important for them to understand what is happening behind the scenes. A lack of understanding of how computers function and the processes that sophisticated tools have automated make it more difficult for digital investigators to explain their findings in court and can lead to incorrect interpretations of digital evidence.

Chapter 17 - File Systems - has an interesting section on dates and times. Given the importance of dates and times when investigating computer-related crimes, investigators need an understanding of how these values are stored and converted. The chapter has a table of the date-time stamp behavior on both FAT and NTFS file systems. Time stamps are not a trivial issue, as there are many different actions involved (file moved, deletion, copy, etc.) that can affect the date-time stamp in very different ways.

A better title for Digital Evidence and Computer Crime might be the Comprehensive Guide to Everything You Need to Know About Digital Forensics. One is hard pressed to find another book overflowing with so many valuable details and real-world examples.

The book is also relevant for those who are new to the field, as it provides a significant amount of introductory material that delivers a broad overview to the core areas of digital forensics.

The book progresses to more advanced and cutting-edge topics, including sections on various operating systems, from Windows and Unix to Macintosh.

This is the third edition of the book and completely upda#ted and reedited. When it comes to digital forensics, this is the reference guide that all books on the topic will be measured against.

With a list price of $70.00, this book is an incredible bargain given the depth and breadth of topics discussed, with each chapter written by an expert in the field. For those truly serious about digital forensics, Digital Evidence and Computer Crime is an equally serious book.