Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet / Edition 3 available in Hardcover, eBook
Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet / Edition 3
Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet / Edition 3
Buy New
$69.95Buy Used
$61.20-
SHIP THIS ITEMIn stock. Ships in 3-7 days. Typically arrives in 3 weeks.PICK UP IN STORE
Your local store may have stock of this item.
Available within 2 business hours
$61.20$69.95Save 13% Current price is $61.2, Original price is $69.95. You Save 13%.-
SHIP THIS ITEM
Temporarily Out of Stock Online
Please check back later for updated availability.
Overview
Though an increasing number of criminals are using computers and computer networks, few investigators are well-versed in the evidentiary, technical, and legal issues related to digital evidence. As a result, digital evidence is often overlooked, collected incorrectly, and analyzed ineffectively. The aim of this hands-on resource is to educate students and professionals in the law enforcement, forensic science, computer security, and legal communities about digital evidence and computer crime.
This work explains how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence. As well as gaining a practical understanding of how computers and networks function and how they can be used as evidence of a crime, readers will learn about relevant legal issues and will be introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations.
The accompanying CD-ROM contains simulated cases that integrate many of the topics covered in the text, teaching individuals about:
* Components of computer networks
* Use of computer networks in an investigation
* Abuse of computer networks
* Privacy and security issues on computer networks
* The law as it applies to computer networks
"This is the right book for the times."
—Lori Fenna, Chair, Electronic Frontier Foundation
"I had the enjoyable task of reviewing the galley proofs for Eoghan Casey's fine introductory book: Digital Evidence and Computer Crime recently, and I highly recommend it for anybody who is just entering the field of digital forensics.
This book has many fine features, including coverage of the basics of criminal investigation, legal issues in digital forensics, and of course, the technical information you need to get started in the field and understand what the experts are talking about. It covers the who, what, why, when, where, and how of digital evidence, addresses means, motive, and opportunity, and addresses the big picture issues very well. While I wouldn't take it on-scene, I think it is a valuable resource and well suited as a text for a first courses in digital forensics, or as a general reference for the field as it exists today. Regardless of whether your background is in the law, criminal investigation, or computers, this book is a useful resource.
I was particularly enamored with the number of examples included in the book. These case studies and situational demonstrations bring the book to life and add meaning that you can't get from a dry academic book, regardless of its coverage of details. The notions of remembering the victim and their link to the crime, the descriptions of complexities associated with Internet crime and globalization, and the concepts of investigation and sleuthing help the reader understand the difference between investigation and academics.
But Casey doesn't stop there. He goes on to include an extensive glossary, excellent citations, a useful index, sample printouts, URLs of well known sites, and a multimedia supplement (which was not available at the time of my review). All told, this book does a fine job of introducing the area and provides a useful resource for the active practitioner."
—Fred Cohen, Sandia National Laboratories, Livermore, California, U.S.A.
"This book addresses a diverse audience: law enforcement people who collect evidence, forensics scientists who perform analyses, lawyers who provide legal counsel, and technical people such as computer security professionals, programmers, and system administrators who can be called upon to produce digital evidence.
Digital Evidence gives an introduction to concepts from computer science (computer architecture, protocols, applications), forensics science (recovering, reconstructing and analyzing evidence), and behavioral analysis (modus operandi, motivation, what makes an offender choose a specific victim or target). For those who wish to know more, the book gives references to specialized literature and on-line resources. The sections on legal issues are a bit U.S.-specific, but can still be of interest to non-U.S. readers. To the investigator, the book gives a flavor of what it takes to examine a PC, MAC, NT or UNIX system, or to gather evidence at various layers of network protocols, including wireless networks. With computers, emphasis is on capturing disk information. With computer networks, emphasis is on the application layer: web, mail, news, and irc/icq. The book gives examples of common forgeries with email and usenet postings, and mentions IP spoofing without going into the technicalities.
To the legal person, the book gives a flavor of the challenges that one has to face when gathering digital evidence. Especially with information retrieved across networks it can be difficult to prove that data is authentic. And as the email and usenet examples show, it is relatively easy to forge time stamp and/or address information, but the book also shows that it is relatively easy to be found out.
Perhaps the most useful sections of the book are the ones with guidelines for how to perform specific investigations."
—Wietse Venema, IBM T.J. Watson Research Center, U.S.A.
Product Details
| ISBN-13: | 2900123742680 |
|---|---|
| Publication date: | 04/20/2011 |
| Edition description: | NE |
| Pages: | 840 |
| Product dimensions: | 7.90(w) x 9.30(h) x 1.90(d) |
About the Author
In addition to his casework and writing the foundational book Digital Evidence and Computer Crime, Eoghan has worked as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3) helping enhance their operational capabilities and develop new techniques and tools. He also teaches graduate students at Johns Hopkins University Information Security Institute and created the Mobile Device Forensics course taught worldwide through the SANS Institute. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security.
Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He also has information security experience, as an Information Security Officer at Yale University and in subsequent consulting work. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. Eoghan has authored advanced technical books in his areas of expertise that are used by practitioners and universities around the world, and he is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.
Read an Excerpt
Chapter 3: Modus Operandi, Motive and Technology
This can take the form of misusing and abusing department resources and violating the public trust, including but not limited to things like inappropriate telephone charges, vehicle use, and desertion of one's assigned duties. And we are not talking about small misallocations, but rather large ones such as in the example, which are symptomatic of ongoing patterns of departmental resource misuse and abuse.As in Example 2, criminal activity in these instances can also take on the form of the distribution of pornographic materials (an officer allegedly e-mailed a digital photograph of his genitals to the 17-year-old girl), which, depending on the circumstances, can have serious legal consequences.
In both examples, technology facilitated criminal behavior in terms of providing both the mechanisms for initial contact between the involved parties, and a means for communication and illicit materials sharing between the parties over great distances. But as we have shown, less complex and "immediate" technologies do exist which have facilitated the same type of behavior in the past.
A more reactive aspect of the relationship between MO and technology, from the criminal's point of view, involves the relationship between the advancement of crime detection technologies in the forensic sciences, and a criminal's knowledge of them.
Successful criminals are arguably those who avoid detection and identification, or at the very least capture. The problem for criminals is that as they incorporate new and existing technologies into their MO which make their criminal behavior or identity more difficult to detect, theforensic sciences have made advances to become more competent at crime detection. Subsequently, criminals that are looking to make a career, or even a hobby, for themselves with their illegal activity must rise to the meet that challenge. That is to say, as criminals learn about new forensic technologies and techniques being applied to their particular area of criminal behavior, they must be willing to modify their MO, if possible, in order to circumvent those efforts.
But even an extremely skillful, motivated, and flexible offender may only learn of a new forensic technology when it has been applied to one of their crimes and resulted in their identification and/or capture. While this encounter can teach them something that they may never forget in the commission of future crimes, in such cases the damage will already have been done.
This text is replete with examples of such instances, so we will not adduce specifics in this chapter.
Motive and Technology
The term motive refers to the emotional, psychological, or material need that impels, and is satisfied by, a behavior (Turvey 1999). Criminal motive is generally technology independent. That is to say, the psychological or material needs that are nurtured and satisfied by a criminal's pattern of behavior tend to be separate from the technology of the day. The same motives that exist today have arguably existed throughout recorded history, in one form or another. However, it may also be argued that existing motives (i.e. sexual fetishes) can evolve with the employment of, or association of, offense activities with specific technologies. Towards understanding these issues, this section will demonstrate how an existing behavioral motivational typology may be applied within the context of computer- and Internetrelated criminal behavior.
In 1979, A. Nicholas Groth, an American clinical psychologist working with both victims and offender populations, published a study of over 500 rapists. In his study, he found that rape, like other crimes involving behaviors that satisfy emotional needs, is complex and multi-determined. That is to say, the act of rape itself serves a number of psychological needs and purposes (motives) for the offender. The purpose of his work was clinical, to understand the motivations of rapists for the purpose of the development of effective treatment plans (Groth 1979).
Eventually the Groth rapist motivational typology was taken and modified by the FBI's National Center for the Analysis of Violent Crime (NCAVC) and its affiliates (Hazelwood et al. 1991; Burgess and Hazelwood 1995).
This author has found, through casework, that this behaviorally based motivational classification system, with some modifications, is useful for understanding the psychological basis for most criminal behavior. The basic psychological needs, or motives, that impel human criminal behaviors remain essentially the same across different types of criminals, despite their behavioral expression, which may involve computer crimes, stalking, harassment, kidnapping, child molestation, terrorism, sexual assault, homicide, and/or arson. This is not to say that the motivational typology presented here should be considered the final word in terms of all specific offender motivations. But in terms of general types of psychological needs that are being satisfied by offender behavior, they are fairly inclusive, and fairly useful.
Below, the author gives a proposed behavioral motivational typology (Turvey 1999), and examples, adapted from Burgess and Hazelwood (1995), with some input from Geberth (1996). This author takes credit largely for the shift in emphasis from classifying offenders - to classifying offense behaviors (turning it from an inductive labeling system to a deductive tool)...
Table of Contents
| 1. | Introduction to Digital Evidence | 1 |
| 2. | The Language of Cybercrime | 15 |
| 3. | Modus Operandi, Motive and Technology | 25 |
| 4. | Applying Forensic Science to Computers | 41 |
| 5. | Digital Evidence on Computer Networks | 75 |
| 6. | Digital Evidence on the Internet | 99 |
| 7. | Digital Evidence at the Transport and Network Layers | 121 |
| 8. | Digital Evidence on the Data-Link and Physical Layers | 145 |
| 9. | Using Digital Evidence and Behavioral Evidence Analysis in an Investigation | 161 |
| 10. | Computer Crackers | 171 |
| 11. | Cyberstalking | 187 |
| 12. | Digital Evidence as Alibi | 199 |
| 13. | Laws, Jurisdiction, Search and Seizure | 207 |
| 14. | Thoughts for the Future | 223 |
| Appendix 1 | Summary of Resources | 231 |
| Appendix 2 | Multimedia Supplement | 243 |