Pub. Date:
Elsevier Science
Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet / Edition 3

Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet / Edition 3

by Eoghan Casey BS, MA


View All Available Formats & Editions
Current price is , Original price is $69.95. You
Select a Purchase Option
  • purchase options
    $60.33 $69.95 Save 14% Current price is $60.33, Original price is $69.95. You Save 14%.
  • purchase options

Product Details

ISBN-13: 9780123742681
Publisher: Elsevier Science
Publication date: 05/04/2011
Pages: 840
Sales rank: 229,738
Product dimensions: 7.90(w) x 9.30(h) x 1.90(d)

About the Author

Eoghan Casey is an internationally recognized expert in data breach investigations and information security forensics. He is founding partner of, and co-manages the Risk Prevention and Response business unit at DFLabs. Over the past decade, he has consulted with many attorneys, agencies, and police departments in the United States, South America, and Europe on a wide range of digital investigations, including fraud, violent crimes, identity theft, and on-line criminal activity. Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.

In addition to his casework and writing the foundational book Digital Evidence and Computer Crime, Eoghan has worked as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3) helping enhance their operational capabilities and develop new techniques and tools. He also teaches graduate students at Johns Hopkins University Information Security Institute and created the Mobile Device Forensics course taught worldwide through the SANS Institute. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security.

Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He also has information security experience, as an Information Security Officer at Yale University and in subsequent consulting work. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. Eoghan has authored advanced technical books in his areas of expertise that are used by practitioners and universities around the world, and he is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.

Read an Excerpt

Chapter 3: Modus Operandi, Motive and Technology

This can take the form of misusing and abusing department resources and violating the public trust, including but not limited to things like inappropriate telephone charges, vehicle use, and desertion of one's assigned duties. And we are not talking about small misallocations, but rather large ones such as in the example, which are symptomatic of ongoing patterns of departmental resource misuse and abuse.

As in Example 2, criminal activity in these instances can also take on the form of the distribution of pornographic materials (an officer allegedly e-mailed a digital photograph of his genitals to the 17-year-old girl), which, depending on the circumstances, can have serious legal consequences.

In both examples, technology facilitated criminal behavior in terms of providing both the mechanisms for initial contact between the involved parties, and a means for communication and illicit materials sharing between the parties over great distances. But as we have shown, less complex and "immediate" technologies do exist which have facilitated the same type of behavior in the past.

A more reactive aspect of the relationship between MO and technology, from the criminal's point of view, involves the relationship between the advancement of crime detection technologies in the forensic sciences, and a criminal's knowledge of them.

Successful criminals are arguably those who avoid detection and identification, or at the very least capture. The problem for criminals is that as they incorporate new and existing technologies into their MO which make their criminal behavior or identity more difficult to detect, theforensic sciences have made advances to become more competent at crime detection. Subsequently, criminals that are looking to make a career, or even a hobby, for themselves with their illegal activity must rise to the meet that challenge. That is to say, as criminals learn about new forensic technologies and techniques being applied to their particular area of criminal behavior, they must be willing to modify their MO, if possible, in order to circumvent those efforts.

But even an extremely skillful, motivated, and flexible offender may only learn of a new forensic technology when it has been applied to one of their crimes and resulted in their identification and/or capture. While this encounter can teach them something that they may never forget in the commission of future crimes, in such cases the damage will already have been done.

This text is replete with examples of such instances, so we will not adduce specifics in this chapter.

Motive and Technology

The term motive refers to the emotional, psychological, or material need that impels, and is satisfied by, a behavior (Turvey 1999). Criminal motive is generally technology independent. That is to say, the psychological or material needs that are nurtured and satisfied by a criminal's pattern of behavior tend to be separate from the technology of the day. The same motives that exist today have arguably existed throughout recorded history, in one form or another. However, it may also be argued that existing motives (i.e. sexual fetishes) can evolve with the employment of, or association of, offense activities with specific technologies. Towards understanding these issues, this section will demonstrate how an existing behavioral motivational typology may be applied within the context of computer- and Internetrelated criminal behavior.

In 1979, A. Nicholas Groth, an American clinical psychologist working with both victims and offender populations, published a study of over 500 rapists. In his study, he found that rape, like other crimes involving behaviors that satisfy emotional needs, is complex and multi-determined. That is to say, the act of rape itself serves a number of psychological needs and purposes (motives) for the offender. The purpose of his work was clinical, to understand the motivations of rapists for the purpose of the development of effective treatment plans (Groth 1979).

Eventually the Groth rapist motivational typology was taken and modified by the FBI's National Center for the Analysis of Violent Crime (NCAVC) and its affiliates (Hazelwood et al. 1991; Burgess and Hazelwood 1995).

This author has found, through casework, that this behaviorally based motivational classification system, with some modifications, is useful for understanding the psychological basis for most criminal behavior. The basic psychological needs, or motives, that impel human criminal behaviors remain essentially the same across different types of criminals, despite their behavioral expression, which may involve computer crimes, stalking, harassment, kidnapping, child molestation, terrorism, sexual assault, homicide, and/or arson. This is not to say that the motivational typology presented here should be considered the final word in terms of all specific offender motivations. But in terms of general types of psychological needs that are being satisfied by offender behavior, they are fairly inclusive, and fairly useful.

Below, the author gives a proposed behavioral motivational typology (Turvey 1999), and examples, adapted from Burgess and Hazelwood (1995), with some input from Geberth (1996). This author takes credit largely for the shift in emphasis from classifying offenders - to classifying offense behaviors (turning it from an inductive labeling system to a deductive tool)...

Table of Contents

PART 1: Digital Forensics 1. Foundations of Digital Forensics 2. Language of Computer Crime Investigation 3. Digital Evidence in the Courtroom 4. Cybercrime Law: A United States Perspective 5. Cybercrime Law: European Perspective

PART 2: Digital Investigations 6. Conducting Digital Investigations 7. Handling a Digital Crime Scene 8. Investigative Reconstruction with Digital Evidence 9. Modus Operandi, Motive, and Technology

PART 3: Apprehending Offenders 10. Violent Crime and Digital Evidence 11. Digital Evidence as Alibi 12. Sex Offenders on the Internet 13. Investigating Computer Intrusions 14. Cyberstalking

PART 4: Computers 15. Computer Basics for Digital Investigators 16. Applying Forensic Science to Computers 17. Forensic Examination of Windows Systems 18. Forensic Examination of UNIX Systems 19. Forensic Examination of Macintosh Systems 20. Forensic Examination of Mobile Devices (online only)

PART 5: Network Forensics 21. Network Basics for Digital Investigators 22. Applying Forensic Science to Networks 23. Digital Evidence on the Internet 24. Digital Evidence on Physical and Data-Link Layers 25. Digital Evidence at the Network and Transport Layers

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews