Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet [NOOK Book]

Overview

Digital evidence—evidence that is stored on or transmitted by computers—can play a major role in a wide range of crimes, including homicide, rape, abduction, child abuse, solicitation of minors, child pornography, stalking, harassment, fraud, theft, drug trafficking, computer intrusions, espionage, and terrorism.
Though an increasing number of criminals are using computers and computer networks, few investigators are well-versed in the evidentiary, technical, and legal issues ...
See more details below
Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$69.95
BN.com price

Overview

Digital evidence—evidence that is stored on or transmitted by computers—can play a major role in a wide range of crimes, including homicide, rape, abduction, child abuse, solicitation of minors, child pornography, stalking, harassment, fraud, theft, drug trafficking, computer intrusions, espionage, and terrorism.
Though an increasing number of criminals are using computers and computer networks, few investigators are well-versed in the evidentiary, technical, and legal issues related to digital evidence. As a result, digital evidence is often overlooked, collected incorrectly, and analyzed ineffectively. The aim of this hands-on resource is to educate students and professionals in the law enforcement, forensic science, computer security, and legal communities about digital evidence and computer crime.
This work explains how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence. As well as gaining a practical understanding of how computers and networks function and how they can be used as evidence of a crime, readers will learn about relevant legal issues and will be introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations.
The accompanying CD-ROM contains simulated cases that integrate many of the topics covered in the text, teaching individuals about:
* Components of computer networks
* Use of computer networks in an investigation
* Abuse of computer networks
* Privacy and security issues on computer networks
* The law as it applies to computer networks


"This is the right book for the times."

—Lori Fenna, Chair, Electronic Frontier Foundation

"I had the enjoyable task of reviewing the galley proofs for Eoghan Casey's fine introductory book: Digital Evidence and Computer Crime recently, and I highly recommend it for anybody who is just entering the field of digital forensics.
This book has many fine features, including coverage of the basics of criminal investigation, legal issues in digital forensics, and of course, the technical information you need to get started in the field and understand what the experts are talking about. It covers the who, what, why, when, where, and how of digital evidence, addresses means, motive, and opportunity, and addresses the big picture issues very well. While I wouldn't take it on-scene, I think it is a valuable resource and well suited as a text for a first courses in digital forensics, or as a general reference for the field as it exists today. Regardless of whether your background is in the law, criminal investigation, or computers, this book is a useful resource.
I was particularly enamored with the number of examples included in the book. These case studies and situational demonstrations bring the book to life and add meaning that you can't get from a dry academic book, regardless of its coverage of details. The notions of remembering the victim and their link to the crime, the descriptions of complexities associated with Internet crime and globalization, and the concepts of investigation and sleuthing help the reader understand the difference between investigation and academics.
But Casey doesn't stop there. He goes on to include an extensive glossary, excellent citations, a useful index, sample printouts, URLs of well known sites, and a multimedia supplement (which was not available at the time of my review). All told, this book does a fine job of introducing the area and provides a useful resource for the active practitioner."
—Fred Cohen, Sandia National Laboratories, Livermore, California, U.S.A.

"This book addresses a diverse audience: law enforcement people who collect evidence, forensics scientists who perform analyses, lawyers who provide legal counsel, and technical people such as computer security professionals, programmers, and system administrators who can be called upon to produce digital evidence.
Digital Evidence gives an introduction to concepts from computer science (computer architecture, protocols, applications), forensics science (recovering, reconstructing and analyzing evidence), and behavioral analysis (modus operandi, motivation, what makes an offender choose a specific victim or target). For those who wish to know more, the book gives references to specialized literature and on-line resources. The sections on legal issues are a bit U.S.-specific, but can still be of interest to non-U.S. readers. To the investigator, the book gives a flavor of what it takes to examine a PC, MAC, NT or UNIX system, or to gather evidence at various layers of network protocols, including wireless networks. With computers, emphasis is on capturing disk information. With computer networks, emphasis is on the application layer: web, mail, news, and irc/icq. The book gives examples of common forgeries with email and usenet postings, and mentions IP spoofing without going into the technicalities.
To the legal person, the book gives a flavor of the challenges that one has to face when gathering digital evidence. Especially with information retrieved across networks it can be difficult to prove that data is authentic. And as the email and usenet examples show, it is relatively easy to forge time stamp and/or address information, but the book also shows that it is relatively easy to be found out.
Perhaps the most useful sections of the book are the ones with guidelines for how to perform specific investigations."
—Wietse Venema, IBM T.J. Watson Research Center, U.S.A.



Read More Show Less

Editorial Reviews

From the Publisher
Praise for the first and second editions:

"Author Eoghan Casey does a superb job of applying forensic science to computers." -- Ben Rothke, SecurityManagement.com

"...Casey does a great job making difficult concepts easy to understand."
ComputerWorld

Read More Show Less

Product Details

  • ISBN-13: 9780080921488
  • Publisher: Elsevier Science
  • Publication date: 4/12/2011
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 3
  • Pages: 840
  • Sales rank: 770,320
  • File size: 8 MB

Meet the Author

Eoghan Casey is an internationally recognized expert in data breach investigations and information security forensics. He is founding partner of CASEITE.com, and co-manages the Risk Prevention and Response business unit at DFLabs. Over the past decade, he has consulted with many attorneys, agencies, and police departments in the United States, South America, and Europe on a wide range of digital investigations, including fraud, violent crimes, identity theft, and on-line criminal activity. Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.

In addition to his casework and writing the foundational book Digital Evidence and Computer Crime, Eoghan has worked as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3) helping enhance their operational capabilities and develop new techniques and tools. He also teaches graduate students at Johns Hopkins University Information Security Institute and created the Mobile Device Forensics course taught worldwide through the SANS Institute. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security.

Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He also has information security experience, as an Information Security Officer at Yale University and in subsequent consulting work. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. Eoghan has authored advanced technical books in his areas of expertise that are used by practitioners and universities around the world, and he is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.

Read More Show Less

Read an Excerpt

Chapter 3: Modus Operandi, Motive and Technology

This can take the form of misusing and abusing department resources and violating the public trust, including but not limited to things like inappropriate telephone charges, vehicle use, and desertion of one's assigned duties. And we are not talking about small misallocations, but rather large ones such as in the example, which are symptomatic of ongoing patterns of departmental resource misuse and abuse.

As in Example 2, criminal activity in these instances can also take on the form of the distribution of pornographic materials (an officer allegedly e-mailed a digital photograph of his genitals to the 17-year-old girl), which, depending on the circumstances, can have serious legal consequences.

In both examples, technology facilitated criminal behavior in terms of providing both the mechanisms for initial contact between the involved parties, and a means for communication and illicit materials sharing between the parties over great distances. But as we have shown, less complex and "immediate" technologies do exist which have facilitated the same type of behavior in the past.

A more reactive aspect of the relationship between MO and technology, from the criminal's point of view, involves the relationship between the advancement of crime detection technologies in the forensic sciences, and a criminal's knowledge of them.

Successful criminals are arguably those who avoid detection and identification, or at the very least capture. The problem for criminals is that as they incorporate new and existing technologies into their MO which make their criminal behavior or identity more difficult to detect, theforensic sciences have made advances to become more competent at crime detection. Subsequently, criminals that are looking to make a career, or even a hobby, for themselves with their illegal activity must rise to the meet that challenge. That is to say, as criminals learn about new forensic technologies and techniques being applied to their particular area of criminal behavior, they must be willing to modify their MO, if possible, in order to circumvent those efforts.

But even an extremely skillful, motivated, and flexible offender may only learn of a new forensic technology when it has been applied to one of their crimes and resulted in their identification and/or capture. While this encounter can teach them something that they may never forget in the commission of future crimes, in such cases the damage will already have been done.

This text is replete with examples of such instances, so we will not adduce specifics in this chapter.

Motive and Technology

The term motive refers to the emotional, psychological, or material need that impels, and is satisfied by, a behavior (Turvey 1999). Criminal motive is generally technology independent. That is to say, the psychological or material needs that are nurtured and satisfied by a criminal's pattern of behavior tend to be separate from the technology of the day. The same motives that exist today have arguably existed throughout recorded history, in one form or another. However, it may also be argued that existing motives (i.e. sexual fetishes) can evolve with the employment of, or association of, offense activities with specific technologies. Towards understanding these issues, this section will demonstrate how an existing behavioral motivational typology may be applied within the context of computer- and Internetrelated criminal behavior.

In 1979, A. Nicholas Groth, an American clinical psychologist working with both victims and offender populations, published a study of over 500 rapists. In his study, he found that rape, like other crimes involving behaviors that satisfy emotional needs, is complex and multi-determined. That is to say, the act of rape itself serves a number of psychological needs and purposes (motives) for the offender. The purpose of his work was clinical, to understand the motivations of rapists for the purpose of the development of effective treatment plans (Groth 1979).

Eventually the Groth rapist motivational typology was taken and modified by the FBI's National Center for the Analysis of Violent Crime (NCAVC) and its affiliates (Hazelwood et al. 1991; Burgess and Hazelwood 1995).

This author has found, through casework, that this behaviorally based motivational classification system, with some modifications, is useful for understanding the psychological basis for most criminal behavior. The basic psychological needs, or motives, that impel human criminal behaviors remain essentially the same across different types of criminals, despite their behavioral expression, which may involve computer crimes, stalking, harassment, kidnapping, child molestation, terrorism, sexual assault, homicide, and/or arson. This is not to say that the motivational typology presented here should be considered the final word in terms of all specific offender motivations. But in terms of general types of psychological needs that are being satisfied by offender behavior, they are fairly inclusive, and fairly useful.

Below, the author gives a proposed behavioral motivational typology (Turvey 1999), and examples, adapted from Burgess and Hazelwood (1995), with some input from Geberth (1996). This author takes credit largely for the shift in emphasis from classifying offenders - to classifying offense behaviors (turning it from an inductive labeling system to a deductive tool)...

Read More Show Less

Table of Contents

1. Introduction to Digital Evidence 1
2. The Language of Cybercrime 15
3. Modus Operandi, Motive and Technology 25
4. Applying Forensic Science to Computers 41
5. Digital Evidence on Computer Networks 75
6. Digital Evidence on the Internet 99
7. Digital Evidence at the Transport and Network Layers 121
8. Digital Evidence on the Data-Link and Physical Layers 145
9. Using Digital Evidence and Behavioral Evidence Analysis in an Investigation 161
10. Computer Crackers 171
11. Cyberstalking 187
12. Digital Evidence as Alibi 199
13. Laws, Jurisdiction, Search and Seizure 207
14. Thoughts for the Future 223
Appendix 1 Summary of Resources 231
Appendix 2 Multimedia Supplement 243
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)