Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet / Edition 3

Hardcover (Print)
Rent
Rent from BN.com
$13.40
(Save 81%)
Est. Return Date: 06/19/2014
Used and New from Other Sellers
Used and New from Other Sellers
from $32.34
Usually ships in 1-2 business days
(Save 53%)
Other sellers (Hardcover)
  • All (13) from $32.34   
  • New (6) from $59.81   
  • Used (7) from $32.34   

Overview

Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet, Third Edition

by Eoghan Casey cmdLabs, Baltimore, Maryland, USA

Technical Editor Brent E. Turvey, Forensic Solutions LLC, Sitka, Alaska, USA

Contributors: Susan W. Brenner (University of Dayton School of Law), Bert-Jaap Koops (Tilburg University, Netherlands), Tessa Robinson (Law Library, Dublin, Ireland), Bradley Schatz (Schatz Forensic Pty. Ltd., Queensland), Terrance Maguire (cmdLabs), Monique M. Ferraro (Technology Forensics, LLC, Connecticut), Michael McGrath, Christopher Daywalt (cmdLabs)

Digital evidence - evidence that is stored on or transmitted by computers - can play a major role in any investigation, including homicide, child exploitation, computer intrusions and corporate malfeasance. The scope of computer crime has expanded further with the proliferation of networks, embedded systems, mobile devices and industrial control systems. Digital evidence from these systems can help establish when events occurred, where victims and suspects were, with whom they communicated, and may even show their intent to commit a crime.

Despite the ubiquity of computer-facilitated crime, few people are well-versed in the technical, investigative and legal issues related to digital evidence. As a result, digital evidence is often overlooked, collected incorrectly or analyzed ineffectively.

Digital Evidence and Computer Crime, Third Edition is completely updated, providing the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation. The first and second editions introduced thousands of practitioners to this field, and this third edition expands on the material presented in previous editions to help digital forensic practitioners further develop their skills. The textbook teaches digital investigation and forensic methodologies, how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence. This book is suitable for incident responders, forensic analysts, police and lawyers. Case examples and practitioner's tips are provided throughout each chapter to emphasize important concepts.

New chapters include coverage of:

• Handling digital crime scenes • Investigating violent crimes • Applying the scientific method to digital investigations • Legal issues from both the U.S. and European perspectives

ISBN: 978-0-12-374268-1

Read More Show Less

Editorial Reviews

From the Publisher
Praise for the first and second editions:

"Author Eoghan Casey does a superb job of applying forensic science to computers." -- Ben Rothke, SecurityManagement.com

"...Casey does a great job making difficult concepts easy to understand."
ComputerWorld

Read More Show Less

Product Details

  • ISBN-13: 9780123742681
  • Publisher: Elsevier Science
  • Publication date: 5/4/2011
  • Edition number: 3
  • Pages: 840
  • Sales rank: 312,227
  • Product dimensions: 7.90 (w) x 9.30 (h) x 1.90 (d)

Meet the Author

Eoghan Casey is an internationally recognized expert in data breach investigations and information security forensics. He is founding partner of CASEITE.com, and co-manages the Risk Prevention and Response business unit at DFLabs. Over the past decade, he has consulted with many attorneys, agencies, and police departments in the United States, South America, and Europe on a wide range of digital investigations, including fraud, violent crimes, identity theft, and on-line criminal activity. Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.

In addition to his casework and writing the foundational book Digital Evidence and Computer Crime, Eoghan has worked as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3) helping enhance their operational capabilities and develop new techniques and tools. He also teaches graduate students at Johns Hopkins University Information Security Institute and created the Mobile Device Forensics course taught worldwide through the SANS Institute. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security.

Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He also has information security experience, as an Information Security Officer at Yale University and in subsequent consulting work. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. Eoghan has authored advanced technical books in his areas of expertise that are used by practitioners and universities around the world, and he is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.

Read More Show Less

Read an Excerpt

Chapter 3: Modus Operandi, Motive and Technology

This can take the form of misusing and abusing department resources and violating the public trust, including but not limited to things like inappropriate telephone charges, vehicle use, and desertion of one's assigned duties. And we are not talking about small misallocations, but rather large ones such as in the example, which are symptomatic of ongoing patterns of departmental resource misuse and abuse.

As in Example 2, criminal activity in these instances can also take on the form of the distribution of pornographic materials (an officer allegedly e-mailed a digital photograph of his genitals to the 17-year-old girl), which, depending on the circumstances, can have serious legal consequences.

In both examples, technology facilitated criminal behavior in terms of providing both the mechanisms for initial contact between the involved parties, and a means for communication and illicit materials sharing between the parties over great distances. But as we have shown, less complex and "immediate" technologies do exist which have facilitated the same type of behavior in the past.

A more reactive aspect of the relationship between MO and technology, from the criminal's point of view, involves the relationship between the advancement of crime detection technologies in the forensic sciences, and a criminal's knowledge of them.

Successful criminals are arguably those who avoid detection and identification, or at the very least capture. The problem for criminals is that as they incorporate new and existing technologies into their MO which make their criminal behavior or identity more difficult to detect, theforensic sciences have made advances to become more competent at crime detection. Subsequently, criminals that are looking to make a career, or even a hobby, for themselves with their illegal activity must rise to the meet that challenge. That is to say, as criminals learn about new forensic technologies and techniques being applied to their particular area of criminal behavior, they must be willing to modify their MO, if possible, in order to circumvent those efforts.

But even an extremely skillful, motivated, and flexible offender may only learn of a new forensic technology when it has been applied to one of their crimes and resulted in their identification and/or capture. While this encounter can teach them something that they may never forget in the commission of future crimes, in such cases the damage will already have been done.

This text is replete with examples of such instances, so we will not adduce specifics in this chapter.

Motive and Technology

The term motive refers to the emotional, psychological, or material need that impels, and is satisfied by, a behavior (Turvey 1999). Criminal motive is generally technology independent. That is to say, the psychological or material needs that are nurtured and satisfied by a criminal's pattern of behavior tend to be separate from the technology of the day. The same motives that exist today have arguably existed throughout recorded history, in one form or another. However, it may also be argued that existing motives (i.e. sexual fetishes) can evolve with the employment of, or association of, offense activities with specific technologies. Towards understanding these issues, this section will demonstrate how an existing behavioral motivational typology may be applied within the context of computer- and Internetrelated criminal behavior.

In 1979, A. Nicholas Groth, an American clinical psychologist working with both victims and offender populations, published a study of over 500 rapists. In his study, he found that rape, like other crimes involving behaviors that satisfy emotional needs, is complex and multi-determined. That is to say, the act of rape itself serves a number of psychological needs and purposes (motives) for the offender. The purpose of his work was clinical, to understand the motivations of rapists for the purpose of the development of effective treatment plans (Groth 1979).

Eventually the Groth rapist motivational typology was taken and modified by the FBI's National Center for the Analysis of Violent Crime (NCAVC) and its affiliates (Hazelwood et al. 1991; Burgess and Hazelwood 1995).

This author has found, through casework, that this behaviorally based motivational classification system, with some modifications, is useful for understanding the psychological basis for most criminal behavior. The basic psychological needs, or motives, that impel human criminal behaviors remain essentially the same across different types of criminals, despite their behavioral expression, which may involve computer crimes, stalking, harassment, kidnapping, child molestation, terrorism, sexual assault, homicide, and/or arson. This is not to say that the motivational typology presented here should be considered the final word in terms of all specific offender motivations. But in terms of general types of psychological needs that are being satisfied by offender behavior, they are fairly inclusive, and fairly useful.

Below, the author gives a proposed behavioral motivational typology (Turvey 1999), and examples, adapted from Burgess and Hazelwood (1995), with some input from Geberth (1996). This author takes credit largely for the shift in emphasis from classifying offenders - to classifying offense behaviors (turning it from an inductive labeling system to a deductive tool)...

Read More Show Less

Table of Contents

PART 1: Digital Forensics 1. Foundations of Digital Forensics 2. Language of Computer Crime Investigation 3. Digital Evidence in the Courtroom 4. Cybercrime Law: A United States Perspective 5. Cybercrime Law: European Perspective

PART 2: Digital Investigations 6. Conducting Digital Investigations 7. Handling a Digital Crime Scene 8. Investigative Reconstruction with Digital Evidence 9. Modus Operandi, Motive, and Technology

PART 3: Apprehending Offenders 10. Violent Crime and Digital Evidence 11. Digital Evidence as Alibi 12. Sex Offenders on the Internet 13. Investigating Computer Intrusions 14. Cyberstalking

PART 4: Computers 15. Computer Basics for Digital Investigators 16. Applying Forensic Science to Computers 17. Forensic Examination of Windows Systems 18. Forensic Examination of UNIX Systems 19. Forensic Examination of Macintosh Systems 20. Forensic Examination of Mobile Devices (online only)

PART 5: Network Forensics 21. Network Basics for Digital Investigators 22. Applying Forensic Science to Networks 23. Digital Evidence on the Internet 24. Digital Evidence on Physical and Data-Link Layers 25. Digital Evidence at the Network and Transport Layers

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)