Digital Evidence and Computer Crime (3^rd Ed.)
Forensic Science, Computers, and the Internet

Digital Evidence and Computer Crime, Third Edition, provides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation.

It offers a thorough explanation of how computer networks function, how they can be involved in crimes, and how they can be used as a source of evidence. In particular, it addresses the abuse of computer networks as well as privacy and security issues on computer networks.

This updated edition is organized into five parts. Part 1 is about digital forensics and covers topics ranging from the use of digital evidence in the courtroom to cybercrime law. Part 2 explores topics such as how digital investigations are conducted, handling a digital crime scene, and investigative reconstruction with digital evidence. Part 3 deals with apprehending offenders, whereas Part 4 focuses on the use of computers in digital investigation. The book concludes with Part 5, which includes the application of forensic science to networks.

New to this edition are updated information on dedicated to networked Windows, Unix, and Macintosh computers, as well as Personal Digital Assistants; coverage of developments in related technology and tools; updated language for search warrant and coverage of legal developments in the US impacting computer forensics; and discussion of legislation from other countries to provide international scope. There are detailed case examples that demonstrate key concepts and give students a practical/applied understanding of the topics, along with ancillary materials that include an Instructor's Manual and PowerPoint slides.

This book will prove valuable to computer forensic students and professionals, lawyers, law enforcement, and government agencies (IRS, FBI, CIA, CCIPS, etc.).

PART 1: Digital Forensics 1. Foundations of Digital Forensics 2. Language of Computer Crime Investigation 3. Digital Evidence in the Courtroom 4. Cybercrime Law: A United States Perspective 5. Cybercrime Law: European Perspective

PART 2: Digital Investigations 6. Conducting Digital Investigations 7. Handling a Digital Crime Scene 8. Investigative Reconstruction with Digital Evidence 9. Modus Operandi, Motive, and Technology

PART 3: Apprehending Offenders 10. Violent Crime and Digital Evidence 11. Digital Evidence as Alibi 12. Sex Offenders on the Internet 13. Investigating Computer Intrusions 14. Cyberstalking

PART 4: Computers 15. Computer Basics for Digital Investigators 16. Applying Forensic Science to Computers 17. Forensic Examination of Windows Systems 18. Forensic Examination of UNIX Systems 19. Forensic Examination of Macintosh Systems 20. Forensic Examination of Mobile Devices (online only)

PART 5: Network Forensics 21. Network Basics for Digital Investigators 22. Applying Forensic Science to Networks 23. Digital Evidence on the Internet 24. Digital Evidence on Physical and Data-Link Layers 25. Digital Evidence at the Network and Transport Layers

Eoghan Casey is an internationally recognized expert in data breach investigations and information security forensics. He is founding partner of CASEITE.com, and co-manages the Risk Prevention and Response business unit at DFLabs. Over the past decade, he has consulted with many attorneys, agencies, and police departments in the United States, South America, and Europe on a wide range of digital investigations, including fraud, violent crimes, identity theft, and on-line criminal activity. Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.

In addition to his casework and writing the foundational book Digital Evidence and Computer Crime, Eoghan has worked as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3) helping enhance their operational capabilities and develop new techniques and tools. He also teaches graduate students at Johns Hopkins University Information Security Institute and created the Mobile Device Forensics course taught worldwide through the SANS Institute. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security.

Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He also has information security experience, as an Information Security Officer at Yale University and in subsequent consulting work. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational

• Named The 2011 Best Digital Forensics Book by InfoSec Reviews
• Provides a thorough explanation of how computers & networks function, how they can be involved in crimes, and how they can be used as evidence
• Features coverage of the abuse of computer networks and privacy and security issues on computer networks