Digital Evidence and Computer Crime, 2/e (Hardcover)

Eoghan Casey BS MA

  • 出版商: Academic Press
  • 出版日期: 2004-03-22
  • 定價: $2,100
  • 售價: 6.0$1,260
  • 語言: 英文
  • 頁數: 688
  • 裝訂: Hardcover
  • ISBN: 0121631044
  • ISBN-13: 9780121631048

立即出貨(限量) (庫存=1)

買這商品的人也買了...

商品描述

Description      

Digital evidence--evidence that is stored on or transmitted by computers--can play a major role in a wide range of crimes, including homicide, rape, abduction, child abuse, solicitation of minors, child pornography, stalking, harassment, fraud, theft, drug trafficking, computer intrusions, espionage, and terrorism.
Though an increasing number of criminals are using computers and computer networks, few investigators are well-versed in the evidentiary, technical, and legal issues related to digital evidence. As a result, digital evidence is often overlooked,
collected incorrectly, and analyzed ineffectively. The aim of this hands-on resource is to educate students and professionals in the law enforcement, forensic science, computer security, and legal communities about digital evidence and computer crime.
This work explains how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence. As well as gaining a practical understanding of how computers and networks function and how they can be used as evidence of a crime, readers will learn about relevant legal issues and will be introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations.
Readers will receive access to the author's accompanying Web site which contains simulated cases that integrate many of the topics covered in the text. Frequently updated, these cases teaching individuals about:

  • Components of computer networks
  • Use of computer networks in an investigation
  • Abuse of computer networks
  • Privacy and security issues on computer networks
  • The law as it applies to computer networks
  • Table of Contents 

  • Part 1

    Chapter 1: Digital Evidence and Computer Crime
    1.1) Digital Evidence
    1.2) Increasing Awareness of Digital Evidence
    1.3) Challenging Aspects of Digital Evidence
    1.4) Following the Cybertrail
    1.5) Challenging Aspects of the Cybertrail
    1.6) Forensic Science and Digital Evidence
    1.7) Summary

    Chapter 2: History and Terminology of Computer Crime Investigation
    2.1) Brief History of Computer Crime Investigation
    2.2) Evolution of Investigative Tools
    2.3) Language of Computer Crime Investigation
    2.3.1) The Role of Computers in Crime
    2.4) Summary

    Chapter 3: Technology and Law
    Part A: Technology and Law - A United States Perspective
    Robert Dunne
    A.1) Jurisdiction
    A.2) Pornography and Obscenity
    A.3) Privacy
    A.4) Copyrights and the "Theft" of Digital Intellectual Property

    Part B: Computer Misuse in America
    Eoghan Casey

    Part C: Technology and Criminal Law - A European perspective
    Tessa Robinson
    C.1) Overview of Criminal Offenses
    C.2) Search and Seizure
    C.3) Jurisdiction and Extradition
    C.4) Penalties
    C.5) Privacy
    C.6) Summary

    Chapter 4: The Investigative Process
    Eoghan Casey and Gary Palmer
    4.1) The Role of Digital Evidence
    4.2) Investigative Methodology
    4.2.1) Accusation or Incident Alert
    4.2.2) Assessment of Worth
    4.2.3) Incident/Crime Scene Protocols
    4.2.4) Identification or Seizure
    4.2.5) Preservation
    4.2.6) Recovery
    4.2.7) Harvesting
    4.2.8) Reduction
    4.2.9) Organization and Search
    4.2.10) Analysis
    4.2.11) Reporting
    4.2.12) Persuasion and Testimony
    4.3) Summary

    Chapter 5: Investigative Reconstruction
    Eoghan Casey and Brent Turvey
    5.1) Equivocal Forensic Analysis
    5.1.1) Reconstruction
    5.1.2) Temporal Analysis
    5.1.3) Relational Analysis
    5.1.4) Functional Analysis
    5.2) Victimology
    5.2.1) Victimology
    5.3) Crime Scene Characteristics
    5.3.1) Method of Approach and Control
    5.3.2) Offender Action, Inaction and Reaction
    5.4) Evidence Dynamic and Introduction of Error
    5.5) Reporting
    5.6) Summary

    Chapter 6: Modus Operandi, Motive & Technology
    Brent Turvey
    6.1) Axes to Pathological Criminals, and Other Unintended Consequences
    6.2) Modus Operandi
    6.3) Technology and Modus Operandi
    6.4) Motive and Technology
    6.4.1) Power Reassurance (Compensatory)
    6.4.2) Power Assertive (Entitlement)
    6.4.3) Anger Retaliatory (Anger or Displaced)
    6.4.4) Anger Excitation (Sadistic)
    6.4.5) Profit Oriented
    6.5) Current Technologies
    6.5.1) A Computer Virus
    6.5.2) A Public Email Discussion List
    6.6) Summary

    Chapter 7: Digital Evidence in the Courtroom
    7.1) Admissibility - Warrants
    7.2) Authenticity and Reliability
    7.3) Casey's Certainty Scale
    7.4) Best Evidence
    7.5) Direct versus Circumstantial Evidence
    7.6) Hearsay
    7.6.1) Hearsay Exceptions
    7.7) Scientific Evidence
    7.8) Presenting Digital Evidence
    7.9) Summary

    Part 2: Computers

    Chapter 8: Computer Basics for Digital Evidence Examiners
    8.1) A Brief History of Computers
    8.2) Basic Operation of Computers
    8.2.1) Central Processing Unit (CPU)
    8.2.2) Basic Input and Output System (BIOS)
    8.2.3) Power-on Self Test and CMOS Configuration Tool
    8.2.4) Disk Boot
    8.3) Representation of Data
    8.4) Storage Media and Data Hiding
    8.5) File Systems and Location of Data
    8.6) Overview of Encryption
    8.6.1) Private Key Encryption
    8.6.2) Public Key Encryption
    8.6.3) Pretty Good Privacy
    8.9) Summary

    Chapter 9: Applying Forensic Science to Computers
    9.1) Authorization and Preparation
    9.2) Identification
    9.2.1) Recognizing Hardware
    9.2.2) Identifying Digital Evidence
    9.3) Documentation
    9.3.1) Message Digests and Digital Signatures
    9.4) Collection and Preservation
    9.4.1) Collecting and Preserving Hardware
    9.4.2) Collecting and Preserving Digital Evidence
    9.5) Examination and Analysis
    9.5.1) Filtering/Reduction
    9.5.2) Class/Individual Characteristics and Evaluation of Source
    9.5.3) Data Recovery/Salvage
    9.6) Reconstruction
    9.6.1) Functional Analysis
    9.6.2) Relational Analysis
    9.6.3) Temporal Analysis
    9.6.4) Digital Stratigraphy
    9.7) Reporting
    9.8) Summary

    Chapter 10: Forensic Analysis of Windows Systems
    10.1) Windows Evidence Acquisition Boot Disk
    10.2) File Systems
    10.3) Overview of Digital Evidence Processing Tools
    10.4) Data Recovery
    10.4.1) Windows-based Recovery Tools
    10.4.2) Unix-based Recovery Tools
    10.4.3) File Carving with Windows
    10.4.4) Dealing with Password Protection and Encryption
    10.5) Log Files
    10.6) File System Traces
    10.7) Registry
    10.8) Internet Traces
    10.8.1) Web Browsing
    10.8.2) Usenet Access
    10.8.3) E-mail
    10.8.4) Other Applications
    10.8.5) Network Storage
    10.9) Program Analysis
    10.10) Summary

    Chapter 11: Forensic Analysis of Unix Systems
    11.1) Unix Evidence Acquisition Boot Disk
    11.2) File Systems
    11.3) Overview of Digital Evidence Processing Tools
    11.4) Data Recovery
    11.4.1) Unix-based Tools
    11.4.2) Windows-based Tools
    11.4.3) File Carving with Unix
    11.4.4) Dealing with Password Protection and Encryption
    11.5) Log Files
    11.6) File System Traces
    11.7) Internet Traces
    11.7.1) Web Browsing
    11.7.2) E-mail
    11.7.3) Network Traces
    11.8) Summary

    Chapter 12: Forensic Analysis of Macintosh Systems
    12.1) File Systems
    12.2) Overview of Digital Evidence Processing Tools
    12.3) Data Recovery
    12.4) File System Traces
    12.5) Internet Traces
    12.5.1) Web Activity
    12.5.2) E-mail
    12.5.3) Network Storage
    12.6) Summary

    Chapter 13: Forensic Analysis of Handheld Devices
    13.1) Overview of Handheld Devices
    13.1.1) Memory
    13.1.2) Data Storage and Manipulation
    13.1.3) Exploring Palm Memory
    13.2) Collection and Examination of Handheld Devices
    13.2.1) Palm OS
    13.2.2) Windows CE Devices
    13.2.3) RIM Blackberry
    13.2.4) Mobile Phones
    13.3) Dealing with Password Protection and Encryption
    13.4) Related Sources of Digital Evidence
    13.4.1) Removable Media
    13.4.2) Neighborhood Data
    13.5) Summary
    Part 3: Networks

    Chapter 14: Network Basics for Digital Evidence Examiners
    14.1) A Brief History of Computer Networks
    14.2) Technical overview of networks
    14.3) Network Technologies
    14.3.1) Attached Resource Computer Network (ARCNET)
    14.3.2) Ethernet
    14.3.3) Fiber Distributed Data Interface (FDDI)
    14.3.4) Asynchronous Transfer Mode (ATM)
    14.3.5) IEEE 802.11 (Wireless)
    14.3.6) Cellular Networks
    14.3.7) Satellite Networks
    14.4) Connecting Networks Using Internet Protocols
    14.4.1) Physical and Data-Link Layers (Layers 1 & 2)
    14.4.2) Network and Transport Layers (Layers 3 & 4)
    14.4.3) Session Layer (Layer 5)
    14.4.4) Presentation Layer (Layer 6)
    14.4.5) Application Layer (Layer 7)
    14.4.6) Synopsis of the OSI Reference Model
    14.5) Summary

    Chapter 15: Applying Forensic Science to Networks
    15.1) Preparation and Authorization
    15.2) Identification
    15.3) Documentation, Collection, and Preservation
    15.4) Filtering and Data Reduction
    15.5) Class/Individual Characteristics and Evaluation of Source
    15.6) Evidence Recovery
    15.7) Investigative Reconstruction
    15.7.1) Behavioral Evidence Analysis
    15.8) Summary

    Chapter 16: Digital Evidence on Physical and Data-Link Layers
    16.1) Ethernet
    16.1.1) 10Base5
    16.1.2) 10/100BaseT
    16.1.3) CSMA/CD
    16.2) Linking the Data-Link and Network Layers—Encapsulation
    16.2.1) Address Resolution Protocol (ARP)
    16.2.2) Point to Point Protocol and Serial Line Internet Protocol
    16.3) Ethernet versus ATM Networks
    16.4) Documentation, Collection, and Preservation
    16.4.1) Sniffer Placement
    16.4.2) Sniffer Configuration
    16.4.3) Other Source of MAC Addresses
    16.5) Analysis Tools and Techniques
    16.5.1) Keyword Searches
    16.5.2) Filtering and Classification
    16.5.3) Reconstruction
    16.6) Summary

    Chapter 17: Digital Evidence on Network and Transport Layers
    17.1) TCP/IP
    17.1.1) Internet Protocol and Cellular Data Networks
    17.1.2) IP Addresses
    17.1.3) Domain Name System
    17.1.4) IP Routing
    17.1.5) Servers and Ports
    17.1.6) Connection Management
    17.1.7) Abuses of TCP/IP
    17.2) Setting up A Network
    17.2.1) Static versus Dynamic IP Address Assignment
    17.2.2) Protocols for Assigning IP Addresses
    17.3) TCP/IP Related Digital Evidence
    17.3.1) Authentication Logs
    17.3.2) Server Logs
    17.3.3) Operating System Logs
    17.3.4) Network Device Logs
    17.3.5) State Tables
    17.3.6) Random Access Memory Contents
    17.4) Summary

    Chapter 18: Digital Evidence on the Internet
    18.1) Role of the Internet in Criminal Investigations
    18.2) Internet Services: Legitimate versus Criminal Uses
    18.2.1) The World Wide Web
    18.2.2) E-mail
    18.2.3) Newsgroups
    18.2.4) Synchronous Chat Networks
    18.2.5) Peer-To-Peer Networks and Instant Messaging
    18.3) Using the Internet as an Investigative Tool
    18.3.1) Search Engines
    18.3.2) Online Databases (the Invisible Web)
    18.3.3) Usenet Archive versus Actual Newgroups
    18.4) Online Anonymity and Self-Protection
    18.4.1) Overview of Exposure
    18.4.2) Proxies
    18.4.3) IRC "bots"
    18.4.5) Encryption
    18.4.5) Anonymous and Pseudonymous E-mail and Usenet
    18.4.6) Freenet
    18.4.7) Anonymous Cash
    18.5) E-mail Forgery and Tracking
    18.5.1) Interpreting E-mail Headers
    18.6) Usenet Forgery and Tracking
    18.6.1) Interpreting Usenet Headers
    18.7) Searching and Tracking on IRC
    18.8) Summary

    Part 4: Investigating Computer Crime

    Chapter 19: Investigating Computer Intrusions
    19.1) How Computer Intruders Operate
    19.2) Investigating Intrusions
    19.2.1) Processes as a Source of Evidence (Windows)
    19.2.2) Processes as a Source of Evidence (Unix)
    19.2.3) Windows Registry
    19.2.4) Acquisition over Network
    19.2.5) Classification, Comparison, and Evaluation of Source
    19.3) Investigative Reconstruction
    19.3.1) Parallels between Arson and Intrusion Investigations
    19.3.2) Crime Scene Characteristics
    19.3.3) Automated and Dynamic Modus Operandi
    19.3.4) Examining the Intruder's Computer
    19.4) Detailed Case Example
    19.5) Summary

    Chapter 20: Sex Offenders on the Internet
    Eoghan Casey, Monique Mattei Ferraro, Michael McGrath
    20.1) Window to the World
    20.2) Legal Considerations
    20.3) Identifying and Processing Digital Evidence
    20.4) Investigating Online Sexual Offenders
    20.4.1) Undercover Investigation
    20.5) Investigative Reconstruction
    20.5.1) Analyzing Sex Offenders
    20.5.2) Analyzing Victim Behavior
    20.5.3) Crime Scene Characteristics
    20.5.4) Motivation
    20.6) Summary

    Chapter 21: Investigating Cyberstalking
    21.1) How Cyberstalkers Operate
    21.1.1) Acquiring Victims
    21.1.2) Anonymity and Surreptitious Monitoring
    21.1.3) Escalation and Violence
    21.2) Investigating Cyberstalking
    21.2.1) Interviews
    21.2.2) Victimology
    21.2.3) Risk Assessment
    21.2.4) Search
    21.2.5) Crime Scene Characteristics
    21.2.6) Motivation
    21.3) Cyberstalking Case Example
    21.4) Summary

    Chapter 22: Digital Evidence as Alibi
    22.1) Investigating an Alibi
    22.2) Time as Alibi
    22.3) Location as Alibi
    22.4) Summary

    Part 4: Guidelines

    Chapter 23: Handling the Digital Crime Scene
    23.1) Identification or Seizure
    23.1.1) When the Entire Computer is Required
    23.2) Preservation
    23.2.1) If Only a Portion of the Digital Evidence on a Computer is Required
    23.2.2) Sample Preservation Form

    Chapter 24: Digital Evidence Examination Guidelines
    Eoghan Casey and Troy Larson
    24.1) Preparation
    24.2) Processing
    24.2.1) DOS/Windows Command Line - Maresware
    24.2.2) Windows GUI - EnCase
    24.2.3) Windows GUI - FTK
    24.3) Identify and Process Special Files
    24.4) Summary

  •