Digital Evidence and Computer Crime, 2/e (Hardcover) (數位證據與電腦犯罪(第二版))
Eoghan Casey BS MA
- 出版商: Academic Press
- 出版日期: 2004-03-22
- 定價: $2,100
- 售價: 5.0 折 $1,050
- 語言: 英文
- 頁數: 688
- 裝訂: Hardcover
- ISBN: 0121631044
- ISBN-13: 9780121631048
-
相關分類:
資訊安全、Computer-networks、駭客 Hack
立即出貨(限量) (庫存=1)
買這商品的人也買了...
-
$1,560$1,482 -
$380$323 -
$600$588 -
$590$466 -
$1,180$1,121 -
$2,360$2,242 -
$1,068Fundamentals of Database Systems, 4/e (IE)
-
$490$382 -
$1,225C++ Primer Plus, 5/e (Paperback)
-
$1,078Operating System Principles, 7/e(IE) (美國版ISBN:0471694665-Operating System Concepts, 7/e) (平裝)
-
$560$437 -
$399CISSP All-in-One Exam Guide, 3/e
-
$390$332 -
$890$757 -
$299Network Simulation Experiments Manual
-
$260$205 -
$650$507 -
$520$442 -
$880$695 -
$680$537 -
$680$578 -
$399Windows Forensics: The Field Guide for Corporate Computer Investigations (Paperback)
-
$720$569 -
$1,200$948 -
$990Alternate Data Storage Forensics
相關主題
商品描述
Description
Digital evidence--evidence that is stored on or transmitted by computers--can play a major role in a wide range of crimes, including homicide, rape, abduction, child abuse, solicitation of minors, child pornography, stalking, harassment, fraud, theft, drug trafficking, computer intrusions, espionage, and terrorism.
Though an increasing number of criminals are using computers and computer networks, few investigators are well-versed in the evidentiary, technical, and legal issues related to digital evidence. As a result, digital evidence is often overlooked,
collected incorrectly, and analyzed ineffectively. The aim of this hands-on resource is to educate students and professionals in the law enforcement, forensic science, computer security, and legal communities about digital evidence and computer crime.
This work explains how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence. As well as gaining a practical understanding of how computers and networks function and how they can be used as evidence of a crime, readers will learn about relevant legal issues and will be introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations.
Readers will receive access to the author's accompanying Web site which contains simulated cases that integrate many of the topics covered in the text. Frequently updated, these cases teaching individuals about:
Components of computer networks
Use of computer networks in an investigation
Abuse of computer networks
Privacy and security issues on computer networks
The law as it applies to computer networks
Table of Contents
Part 1
Chapter 1: Digital Evidence and Computer Crime
1.1) Digital Evidence
1.2) Increasing Awareness of Digital Evidence
1.3) Challenging Aspects of Digital Evidence
1.4) Following the Cybertrail
1.5) Challenging Aspects of the Cybertrail
1.6) Forensic Science and Digital Evidence
1.7) Summary
Chapter 2: History and Terminology of Computer Crime Investigation
2.1) Brief History of Computer Crime Investigation
2.2) Evolution of Investigative Tools
2.3) Language of Computer Crime Investigation
2.3.1) The Role of Computers in Crime
2.4) Summary
Chapter 3: Technology and Law
Part A: Technology and Law - A United States Perspective
Robert Dunne
A.1) Jurisdiction
A.2) Pornography and Obscenity
A.3) Privacy
A.4) Copyrights and the "Theft" of Digital Intellectual Property
Part B: Computer Misuse in America
Eoghan Casey
Part C: Technology and Criminal Law - A European perspective
Tessa Robinson
C.1) Overview of Criminal Offenses
C.2) Search and Seizure
C.3) Jurisdiction and Extradition
C.4) Penalties
C.5) Privacy
C.6) Summary
Chapter 4: The Investigative Process
Eoghan Casey and Gary Palmer
4.1) The Role of Digital Evidence
4.2) Investigative Methodology
4.2.1) Accusation or Incident Alert
4.2.2) Assessment of Worth
4.2.3) Incident/Crime Scene Protocols
4.2.4) Identification or Seizure
4.2.5) Preservation
4.2.6) Recovery
4.2.7) Harvesting
4.2.8) Reduction
4.2.9) Organization and Search
4.2.10) Analysis
4.2.11) Reporting
4.2.12) Persuasion and Testimony
4.3) Summary
Chapter 5: Investigative Reconstruction
Eoghan Casey and Brent Turvey
5.1) Equivocal Forensic Analysis
5.1.1) Reconstruction
5.1.2) Temporal Analysis
5.1.3) Relational Analysis
5.1.4) Functional Analysis
5.2) Victimology
5.2.1) Victimology
5.3) Crime Scene Characteristics
5.3.1) Method of Approach and Control
5.3.2) Offender Action, Inaction and Reaction
5.4) Evidence Dynamic and Introduction of Error
5.5) Reporting
5.6) Summary
Chapter 6: Modus Operandi, Motive & Technology
Brent Turvey
6.1) Axes to Pathological Criminals, and Other Unintended Consequences
6.2) Modus Operandi
6.3) Technology and Modus Operandi
6.4) Motive and Technology
6.4.1) Power Reassurance (Compensatory)
6.4.2) Power Assertive (Entitlement)
6.4.3) Anger Retaliatory (Anger or Displaced)
6.4.4) Anger Excitation (Sadistic)
6.4.5) Profit Oriented
6.5) Current Technologies
6.5.1) A Computer Virus
6.5.2) A Public Email Discussion List
6.6) Summary
Chapter 7: Digital Evidence in the Courtroom
7.1) Admissibility - Warrants
7.2) Authenticity and Reliability
7.3) Casey's Certainty Scale
7.4) Best Evidence
7.5) Direct versus Circumstantial Evidence
7.6) Hearsay
7.6.1) Hearsay Exceptions
7.7) Scientific Evidence
7.8) Presenting Digital Evidence
7.9) Summary
Part 2: Computers
Chapter 8: Computer Basics for Digital Evidence Examiners
8.1) A Brief History of Computers
8.2) Basic Operation of Computers
8.2.1) Central Processing Unit (CPU)
8.2.2) Basic Input and Output System (BIOS)
8.2.3) Power-on Self Test and CMOS Configuration Tool
8.2.4) Disk Boot
8.3) Representation of Data
8.4) Storage Media and Data Hiding
8.5) File Systems and Location of Data
8.6) Overview of Encryption
8.6.1) Private Key Encryption
8.6.2) Public Key Encryption
8.6.3) Pretty Good Privacy
8.9) Summary
Chapter 9: Applying Forensic Science to Computers
9.1) Authorization and Preparation
9.2) Identification
9.2.1) Recognizing Hardware
9.2.2) Identifying Digital Evidence
9.3) Documentation
9.3.1) Message Digests and Digital Signatures
9.4) Collection and Preservation
9.4.1) Collecting and Preserving Hardware
9.4.2) Collecting and Preserving Digital Evidence
9.5) Examination and Analysis
9.5.1) Filtering/Reduction
9.5.2) Class/Individual Characteristics and Evaluation of Source
9.5.3) Data Recovery/Salvage
9.6) Reconstruction
9.6.1) Functional Analysis
9.6.2) Relational Analysis
9.6.3) Temporal Analysis
9.6.4) Digital Stratigraphy
9.7) Reporting
9.8) Summary
Chapter 10: Forensic Analysis of Windows Systems
10.1) Windows Evidence Acquisition Boot Disk
10.2) File Systems
10.3) Overview of Digital Evidence Processing Tools
10.4) Data Recovery
10.4.1) Windows-based Recovery Tools
10.4.2) Unix-based Recovery Tools
10.4.3) File Carving with Windows
10.4.4) Dealing with Password Protection and Encryption
10.5) Log Files
10.6) File System Traces
10.7) Registry
10.8) Internet Traces
10.8.1) Web Browsing
10.8.2) Usenet Access
10.8.3) E-mail
10.8.4) Other Applications
10.8.5) Network Storage
10.9) Program Analysis
10.10) Summary
Chapter 11: Forensic Analysis of Unix Systems
11.1) Unix Evidence Acquisition Boot Disk
11.2) File Systems
11.3) Overview of Digital Evidence Processing Tools
11.4) Data Recovery
11.4.1) Unix-based Tools
11.4.2) Windows-based Tools
11.4.3) File Carving with Unix
11.4.4) Dealing with Password Protection and Encryption
11.5) Log Files
11.6) File System Traces
11.7) Internet Traces
11.7.1) Web Browsing
11.7.2) E-mail
11.7.3) Network Traces
11.8) Summary
Chapter 12: Forensic Analysis of Macintosh Systems
12.1) File Systems
12.2) Overview of Digital Evidence Processing Tools
12.3) Data Recovery
12.4) File System Traces
12.5) Internet Traces
12.5.1) Web Activity
12.5.2) E-mail
12.5.3) Network Storage
12.6) Summary
Chapter 13: Forensic Analysis of Handheld Devices
13.1) Overview of Handheld Devices
13.1.1) Memory
13.1.2) Data Storage and Manipulation
13.1.3) Exploring Palm Memory
13.2) Collection and Examination of Handheld Devices
13.2.1) Palm OS
13.2.2) Windows CE Devices
13.2.3) RIM Blackberry
13.2.4) Mobile Phones
13.3) Dealing with Password Protection and Encryption
13.4) Related Sources of Digital Evidence
13.4.1) Removable Media
13.4.2) Neighborhood Data
13.5) Summary
Part 3: Networks
Chapter 14: Network Basics for Digital Evidence Examiners
14.1) A Brief History of Computer Networks
14.2) Technical overview of networks
14.3) Network Technologies
14.3.1) Attached Resource Computer Network (ARCNET)
14.3.2) Ethernet
14.3.3) Fiber Distributed Data Interface (FDDI)
14.3.4) Asynchronous Transfer Mode (ATM)
14.3.5) IEEE 802.11 (Wireless)
14.3.6) Cellular Networks
14.3.7) Satellite Networks
14.4) Connecting Networks Using Internet Protocols
14.4.1) Physical and Data-Link Layers (Layers 1 & 2)
14.4.2) Network and Transport Layers (Layers 3 & 4)
14.4.3) Session Layer (Layer 5)
14.4.4) Presentation Layer (Layer 6)
14.4.5) Application Layer (Layer 7)
14.4.6) Synopsis of the OSI Reference Model
14.5) Summary
Chapter 15: Applying Forensic Science to Networks
15.1) Preparation and Authorization
15.2) Identification
15.3) Documentation, Collection, and Preservation
15.4) Filtering and Data Reduction
15.5) Class/Individual Characteristics and Evaluation of Source
15.6) Evidence Recovery
15.7) Investigative Reconstruction
15.7.1) Behavioral Evidence Analysis
15.8) Summary
Chapter 16: Digital Evidence on Physical and Data-Link Layers
16.1) Ethernet
16.1.1) 10Base5
16.1.2) 10/100BaseT
16.1.3) CSMA/CD
16.2) Linking the Data-Link and Network Layers—Encapsulation
16.2.1) Address Resolution Protocol (ARP)
16.2.2) Point to Point Protocol and Serial Line Internet Protocol
16.3) Ethernet versus ATM Networks
16.4) Documentation, Collection, and Preservation
16.4.1) Sniffer Placement
16.4.2) Sniffer Configuration
16.4.3) Other Source of MAC Addresses
16.5) Analysis Tools and Techniques
16.5.1) Keyword Searches
16.5.2) Filtering and Classification
16.5.3) Reconstruction
16.6) Summary
Chapter 17: Digital Evidence on Network and Transport Layers
17.1) TCP/IP
17.1.1) Internet Protocol and Cellular Data Networks
17.1.2) IP Addresses
17.1.3) Domain Name System
17.1.4) IP Routing
17.1.5) Servers and Ports
17.1.6) Connection Management
17.1.7) Abuses of TCP/IP
17.2) Setting up A Network
17.2.1) Static versus Dynamic IP Address Assignment
17.2.2) Protocols for Assigning IP Addresses
17.3) TCP/IP Related Digital Evidence
17.3.1) Authentication Logs
17.3.2) Server Logs
17.3.3) Operating System Logs
17.3.4) Network Device Logs
17.3.5) State Tables
17.3.6) Random Access Memory Contents
17.4) Summary
Chapter 18: Digital Evidence on the Internet
18.1) Role of the Internet in Criminal Investigations
18.2) Internet Services: Legitimate versus Criminal Uses
18.2.1) The World Wide Web
18.2.2) E-mail
18.2.3) Newsgroups
18.2.4) Synchronous Chat Networks
18.2.5) Peer-To-Peer Networks and Instant Messaging
18.3) Using the Internet as an Investigative Tool
18.3.1) Search Engines
18.3.2) Online Databases (the Invisible Web)
18.3.3) Usenet Archive versus Actual Newgroups
18.4) Online Anonymity and Self-Protection
18.4.1) Overview of Exposure
18.4.2) Proxies
18.4.3) IRC "bots"
18.4.5) Encryption
18.4.5) Anonymous and Pseudonymous E-mail and Usenet
18.4.6) Freenet
18.4.7) Anonymous Cash
18.5) E-mail Forgery and Tracking
18.5.1) Interpreting E-mail Headers
18.6) Usenet Forgery and Tracking
18.6.1) Interpreting Usenet Headers
18.7) Searching and Tracking on IRC
18.8) Summary
Part 4: Investigating Computer Crime
Chapter 19: Investigating Computer Intrusions
19.1) How Computer Intruders Operate
19.2) Investigating Intrusions
19.2.1) Processes as a Source of Evidence (Windows)
19.2.2) Processes as a Source of Evidence (Unix)
19.2.3) Windows Registry
19.2.4) Acquisition over Network
19.2.5) Classification, Comparison, and Evaluation of Source
19.3) Investigative Reconstruction
19.3.1) Parallels between Arson and Intrusion Investigations
19.3.2) Crime Scene Characteristics
19.3.3) Automated and Dynamic Modus Operandi
19.3.4) Examining the Intruder's Computer
19.4) Detailed Case Example
19.5) Summary
Chapter 20: Sex Offenders on the Internet
Eoghan Casey, Monique Mattei Ferraro, Michael McGrath
20.1) Window to the World
20.2) Legal Considerations
20.3) Identifying and Processing Digital Evidence
20.4) Investigating Online Sexual Offenders
20.4.1) Undercover Investigation
20.5) Investigative Reconstruction
20.5.1) Analyzing Sex Offenders
20.5.2) Analyzing Victim Behavior
20.5.3) Crime Scene Characteristics
20.5.4) Motivation
20.6) Summary
Chapter 21: Investigating Cyberstalking
21.1) How Cyberstalkers Operate
21.1.1) Acquiring Victims
21.1.2) Anonymity and Surreptitious Monitoring
21.1.3) Escalation and Violence
21.2) Investigating Cyberstalking
21.2.1) Interviews
21.2.2) Victimology
21.2.3) Risk Assessment
21.2.4) Search
21.2.5) Crime Scene Characteristics
21.2.6) Motivation
21.3) Cyberstalking Case Example
21.4) Summary
Chapter 22: Digital Evidence as Alibi
22.1) Investigating an Alibi
22.2) Time as Alibi
22.3) Location as Alibi
22.4) Summary
Part 4: Guidelines
Chapter 23: Handling the Digital Crime Scene
23.1) Identification or Seizure
23.1.1) When the Entire Computer is Required
23.2) Preservation
23.2.1) If Only a Portion of the Digital Evidence on a Computer is Required
23.2.2) Sample Preservation Form
Chapter 24: Digital Evidence Examination Guidelines
Eoghan Casey and Troy Larson
24.1) Preparation
24.2) Processing
24.2.1) DOS/Windows Command Line - Maresware
24.2.2) Windows GUI - EnCase
24.2.3) Windows GUI - FTK
24.3) Identify and Process Special Files
24.4) Summary
商品描述(中文翻譯)
描述
數位證據 - 存儲在電腦上或通過電腦傳輸的證據 - 可在各種犯罪中發揮重要作用,包括謀殺、強姦、綁架、兒童虐待、對未成年人的引誘、兒童色情、跟蹤、騷擾、詐騙、盜竊、販毒、電腦入侵、間諜活動和恐怖主義。儘管越來越多的罪犯使用電腦和電腦網絡,但很少有調查人員精通與數位證據相關的證據、技術和法律問題。因此,數位證據往往被忽視、錯誤收集和無效分析。這本實用資源的目的是教育執法、法醫科學、電腦安全和法律界的學生和專業人士有關數位證據和電腦犯罪的知識。本書解釋了電腦和網絡的運作方式,它們如何參與犯罪,以及它們如何被用作證據來源。讀者不僅可以實際了解電腦和網絡的運作方式以及它們如何作為犯罪證據,還將了解相關的法律問題,並介紹演繹式犯罪分析,這是一種系統性的方法,用於聚焦調查和理解犯罪動機。讀者將獲得作者附帶的網站訪問權限,該網站包含了在文本中涵蓋的許多主題的模擬案例。這些案例會定期更新,教導個人有關以下內容:
- 電腦網絡的組件
- 在調查中使用電腦網絡
- 濫用電腦網絡
- 電腦網絡上的隱私和安全問題
- 適用於電腦網絡的法律
目錄
- 第一部分
- 第1章:數位證據和電腦犯罪
- 1.1) 數位證據
- 1.2) 對數位證據的日益重視
- 1.3) 數位證據的挑戰性方面
- 1.4) 追蹤網絡犯罪
- 1.5) 網絡犯罪的挑戰性方面
- 1.6) 法醫科學和數位證據
- 1.7) 摘要
- 第2章:電腦犯罪調查的歷史和術語
- 2.1) 電腦犯罪調查的簡史
- 2.2) 調查工具的演變
- 2.3) 電腦犯罪調查的術語
- 2.3.1) 電腦在犯罪中的角色
- 2.4) 摘要
- 第3章:技術與法律
- A部分:技術與法律 - 美國的觀點
- Robert Dunne
- A.1) 管轄權
- A.2) 色情和淫穢物品
- A.3) 隱私
- A.4) 版權和對數位知識產權的“盜竊”
- B部分:美國的電腦濫用
- Eoghan Casey
- C部分:技術與刑法 - 歐洲的觀點
- Tessa Robinson
- C.1) 犯罪罪行概述
- C.2) 搜查和扣押
- C.3) 管轄權和引渡
- C.4) 刑罰
- C.5) 隱私
- C.6) 摘要
- 第4章:調查過程
- Eoghan Casey和Gary Palmer
- 4.1) 數位證據的角色
- 4.2) 調查方法論
- 4.2.1) 控訴或事件警報
- 4.2.2) 價值評估
- 4.2.3) 事件/犯罪現場協議
- 4.2.4)