Digital Forensics for Legal Professionals: Understanding Digital Evidence From The Warrant To The Courtroom [NOOK Book]

Overview

Digital Forensics for Legal Professionals provides you with a guide to digital technology forensics in plain English. In the authors’ years of experience in working with attorneys as digital forensics experts, common questions arise again and again: “What do I ask for?” “Is the evidence relevant?” “What does this item in the forensic report mean?” “What should I ask the other expert?” “What should I ask you?” “Can you explain that to a jury?” This book answers many of those questions in clear language that is ...

See more details below
Digital Forensics for Legal Professionals: Understanding Digital Evidence From The Warrant To The Courtroom

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$59.95
BN.com price

Overview

Digital Forensics for Legal Professionals provides you with a guide to digital technology forensics in plain English. In the authors’ years of experience in working with attorneys as digital forensics experts, common questions arise again and again: “What do I ask for?” “Is the evidence relevant?” “What does this item in the forensic report mean?” “What should I ask the other expert?” “What should I ask you?” “Can you explain that to a jury?” This book answers many of those questions in clear language that is understandable by non-technical people. With many illustrations and diagrams that will be usable in court, they explain technical concepts such as unallocated space, forensic copies, timeline artifacts and metadata in simple terms that make these concepts accessible to both attorneys and juries.

The authors also explain how to determine what evidence to ask for, evidence might be that could be discoverable, and the methods for getting to it including relevant subpoena and motion language. Additionally, this book provides an overview of the current state of digital forensics, the right way to select a qualified expert, what to expect from a qualified expert and how to properly use experts before and during trial.



  • Includes a companion Web site with: courtroom illustrations, and examples of discovery motions
  • Provides examples of direct and cross examination questions for digital evidence
  • Contains a reference of definitions of digital forensic terms, relevant case law, and resources for the attorney
Read More Show Less

Editorial Reviews

From the Publisher

"There is so much valuable information contained within this book that I found it was difficult to put down once I started it…Digital evidence is here to stay and the management of that evidence has been made easier to understand with Digital Forensics for Legal Professionals."—Law Technology News, May 4, 2012

"No competent lawyer is foolish enough not to appreciate the pervasiveness of digital evidence, or that digital forensics requires mastery far beyond his ken. Larry Daniels’ book provides the most comprehensive, nuts and bolts resource for trial lawyers on digital forensics. This isn’t the sort of book to skim and stick on the shelf, but to keep on our desk because we’ll need it that often. This is part of the trial lawyer’s bible."—Scott H. Greenfield, Criminal Defense Attorney, New York City

"This isn't your stock standard book focusing on how to do digital forensics, it's an innovative text focusing on preparing technical and legal professionals for dealing with litigation. This is a must-have addition to anyone's digital forensic/legal library."—Jonathan T. Rajewski, Professor of Digital Forensics, Champlain College

"There is so much valuable information contained within this book that I found it was difficult to put down once I started it. Its readability is excellent and I could directly and immediately apply the book's lessons to my day-to-day work within technology, project management, and electronic discovery. As I was finishing the final two chapters, an attorney came to me with a case project that included a digital evidence acquisition with multiple cell phones and, lo-and-behold, I was equipped to speak to the process of the data acquisition and intelligently begin the project due to this book. Digital evidence is here to stay and the management of that evidence has been made easier to understand with Digital Forensics for Legal Professionals."—Law Technology News

Read More Show Less

Product Details

  • ISBN-13: 9781597496445
  • Publisher: Elsevier Science
  • Publication date: 10/14/2011
  • Sold by: Barnes & Noble
  • Format: eBook
  • Pages: 368
  • Sales rank: 1,283,905
  • File size: 5 MB

Meet the Author

Larry E. Daniel is one of the country’s top digital forensic experts with experience in hundreds of civil and criminal cases involving all types of digital evidence from computers to black boxes. A sought after speaker for conferences, both technical and legal.

Lars Daniel is a digital forensics examiner and forensic artist with Guardian Digital
Forensics. He has worked over a hundred civil and criminal cases, and has worked with world renowned forensic sculptor Frank Bender on numerous missing persons and cold cases.

Read More Show Less

Read an Excerpt

Digital Forensics for Legal Professionals

Understanding Digital Evidence From the Warrant to the Courtroom
By Larry E. Daniel Lars E. Daniel

Syngress

Copyright © 2012 Elsevier Inc.
All right reserved.

ISBN: 978-1-59749-644-5


Chapter One

Digital Evidence Is Everywhere

INFORMATION IN THIS CHAPTER:

• What is digital forensics?

• What is digital evidence?

• How digital evidence is created and stored

INTRODUCTION

Digital evidence permeates every aspect of the average person's life in today's society. No matter what you are doing these days, a digital footprint is probably being created that contains some type of digital evidence that can be recovered. Sending an e-mail, writing a document, taking a picture with your digital camera, surfing the web, driving in your car with the GPS on—all of these activities create digital evidence.

1.1 WHAT IS DIGITAL FORENSICS?

The term forensics can be defined as the application of science to a matter of law. The most accepted definition of digital forensics comes from the definition of computer forensics: computer forensics is the collection, preservation, analysis, and presentation of electronic evidence for use in a legal matter using forensically sound and generally accepted processes, tools, and practices.

Specifically, digital forensics is the application of computer technology to a matter of law where the evidence includes both items that are created by people and items that are created by technology as the result of interaction with a person. For instance, data created by a machine process requires that the machine be programmed to create data, and the machine must also be turned on by a person or even by an automatic process that is ultimately started by a person.

Data created as the result of an action performed by a person or user would result in data being recorded both manually and automatically.

The difference in those two types of data from an evidentiary standpoint is that when a computer or other device records data automatically through some process that is designed to be completed independent of user interaction, it is creating machine data; when data is stored or recorded in response to a user's actions, it is creating personal data.

Personal data should ultimately be attributable to an individual; however, making that attribution can be difficult due to the presence or absence of individualized user accounts, security to protect those user accounts, and the actual placement of a person at the same location and time when the data is created.

1.2 WHAT IS DIGITAL EVIDENCE?

Digital evidence begins as electronic data, either in the form of a transaction, a document, or some type of media such as an audio or video recording. Transactions include financial transactions created during the process of making a purchase, paying a bill, withdrawing cash, and even writing a check. While writing a check might seem to be an old-fashioned method that is not digital or electronic in nature, the processing of that written check is electronic and is stored at your bank or credit card company. Nearly every kind of transaction today is eventually digitized at some point and becomes digital evidence: doctor visits, construction projects, getting prescriptions filled, registering a child at daycare, and even taking the pet in for a rabies shot.

In today's connected world, it is nearly impossible to be completely "off the net" such that your activities do not create some form of electronic record.

The explosion of social media sites has created a whole new area of electronic evidence that is both pervasive and persistent. People today are sharing their everyday activities, their thoughts, their personal photos, and even their locations via social media such as Twitter, Facebook, and MySpace. Add to this the explosion of the blogosphere, where individuals act as citizen journalists and self-publish blog posts on the Internet ranging from their political views to their personal family blogs with pictures of their kids and pets.

In order for electronic data to become digital evidence, it must be stored somewhere that is ultimately accessible in some fashion; and it must also be recoverable by a forensic examiner. One of the great challenges today is not whether digital evidence may exist, but where the evidence is stored, getting access to that storage, and finally, recovering and processing that digital evidence for relevance in light of a civil or criminal action.

The potential storage options for electronic evidence are expanding every day, from data stored on cell phones and pad computers to storage in the "cloud" where a third-party service provides hard drive space on the Internet for people and businesses to store data.

More and more everyday computing processes are moving to the Internet where companies offer software as a service. Software as a service means that the customer no longer has to purchase and install software on their computer. Some examples of software as a service range from accounting programs like QuickBooks Online, Salesforce.com, or a sales management application to online games that are entirely played via the Internet with no required software installation on the local computer.

1.3 HOW DIGITAL EVIDENCE IS CREATED AND STORED

Whenever someone creates an e-mail, writes a document using Notepad or a word processing program, takes a ride in their car with the global positioning unit (GPS) turned on, or pays a bill online, they create digital evidence. Operating your computer, surfing the Internet, or making a phone call on your cell phone—all of these create digital evidence. Digital cameras, digital video cameras, web cams, and digital audio recorders all create digital evidence.

Those are the more well-known forms of digital evidence. However, it is easy to overlook the many ways in which we create digital evidence, many times without realizing we are doing so. If you play games online with other players, view videos from the Internet, shop at one of the thousands of online stores, create a shipping label through UPS, or even send a greeting card through Hallmark's online site, you are creating digital evidence. And don't forget about the copy machine at work. Chances are if it is a fairly new copier, scanner, and fax unit, it has a hard drive in it as well that stores data. That security camera you see yourself on at the local convenience store is making a digital record of your visit, as is the financial institution that processes the credit or debit card you just used to buy that pack of gum.

These days it is just about impossible to get through a day without creating some form of digital footprint. Even if you are completely "off the grid" and don't use a computer or cell phone, running a red light where there is a traffic enforcement camera can capture your license plate, noting your location, and of course, sending you a ticket in the mail and creating a digital record with all of that information. Figure 1.1 shows some of the many ways digital footprints are created.

In the beginning the only storage device available for personal computers was the floppy disk or audio cassette tape. When you wanted to share a file or document with someone, you had to save it to a floppy disk or cassette tape. Then you would mail the diskette or use the old "sneaker net" and jog yourself and the diskette over to the person who needed the file.

Today the storage technology available for the average computer user has evolved into multiple storage options including the floppy disk and hard drives. The floppy disk is beginning to disappear as a primary form of storage in favor of USB (Universal Serial Bus) thumb drives, portable hard disks, and online storage.

As a result of this incredible growth in storage options, today digital evidence can be found on everything from floppy disks to media cards, solid-state memory sticks, solid-state hard drives, cell phones, network attached storage devices, game consoles, media players, hard drives, and the "Internet cloud." The Internet cloud is a collection of companies that provide data storage and applications entirely based on having huge banks of servers and data stores, allowing businesses to access a large network and computer infrastructure without having to make large investments in hardware and software. This allows businesses and individuals to have these resources available on a monthly or usage fee basis. The attraction of cloud-based storage and services is that the hardware and software needed are maintained and updated by the service provider and not by the individual or business. This is very attractive when a business does not want to make huge capital investments in buying hardware and software that must be maintained, secured, and updated on a regular basis.

The high-density 3.5-inch floppy disk could store 1.44 megabytes of data. Today, a user can attach a multiterabyte hard drive to a computer simply by plugging the device into an available USB port. Figure 1.2 illustrates the growth in storage capacity sizes over time.

As more and more people take advantage of remote storage for backups using online backup services such as Carbonite, Mozy Pro, and other solutions offered to store data on the Internet via cloud storage, it is becoming more of a challenge to track down where all the data might reside in a forensic case.

And speaking of the "cloud," there are now many applications and storage options available through such services as Google Apps, Google Docs, Microsoft's Windows Live Skydrive, Apple's Mobile Me, Dropbox, and many other Internet-based hard drive storage and data-sharing sites.

(Continues...)



Excerpted from Digital Forensics for Legal Professionals by Larry E. Daniel Lars E. Daniel Copyright © 2012 by Elsevier Inc. . Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Section 1: What is Digital Forensics? Chapter 1. Digital Evidence is Everywhere Chapter 2. Overview of Digital Forensics Chapter 3. Digital Forensics – The Sub-Disciplines Chapter 4. The Foundations of Digital Forensics - Best Practices Chapter 5. Overview of Digital Forensics Tools Chapter 6. Digital Forensics at Work in the Legal System

Section 2: Experts Chapter 7. Why Do I Need an Expert? Chapter 8. The Difference between Computer Experts and Digital Forensic Experts Chapter 9. Selecting a Digital Forensics Expert Chapter 10. What to Expect from an Expert Chapter 11. Approaches by Different Types of Examiners Chapter 12. Spotting a Problem Expert Chapter 13. Qualifying an Expert in Court

Sections 3: Motions and Discovery Chapter 14. Overview of Digital Evidence Discovery Chapter 15. Discovery of Digital Evidence in Criminal Cases Chapter 16. Discovery of Digital Evidence in Civil Cases Chapter 17. Discovery of Computers and Storage Media Chapter 18. Discovery of Video Evidence Chapter 19. Discovery of Audio Evidence Chapter 20. Discovery of Social Media Evidence Chapter 21. Discovery in Child Pornography Cases Chapter 22. Discovery of Internet Service Provider Records Chapter 23. Discovery of Global Positioning System Evidence Chapter 24. Discovery of Call Detail Records Chapter 25. Obtaining Expert Funding in Indigent Cases

Section 4: Common Types of Digital Evidence Chapter 26. Hash Values: The Verification Standard Chapter 27. Metadata Chapter 28. Thumbnails and the Thumbnail Cache Chapter 29. Deleted Data Chapter 30. Computer Time Artifacts (MAC Times) Chapter 31. Internet History (Web and Browser Caching) Chapter 32. Windows Shortcut Files (Link Files) Chapter 33. Cellular System Evidence and Call Detail Records Chapter 34. Email Evidence Chapter 35. Social Media Chapter 36. Peer to Peer Networks and File Sharing Chapter 37. Cell Phones Chapter 38. Video and Photo Evidence Chapter 39. Databases Chapter 40. Accounting Systems and Financial Software Chapter 41. Multiplayer Online games Chapter 42. Global Positioning Systems

Read More Show Less

Customer Reviews

Average Rating 5
( 1 )
Rating Distribution

5 Star

(1)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted June 20, 2014

    I am completing a graduate program in Computer Forensics. I wis

    I am completing a graduate program in Computer Forensics. I wish I had read this book at the start. It gives a broad overview along with a reasonable amount of detail. It also gives you a feel for how you are going to interact with lawyers and what they expect from you. Good book.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)