Reference 01 Reference 02 Reference 03 Reference 04 Reference 05 Reference 06 Reference 07 Reference 08 Reference 09 Reference 10 Reference 11 Reference 12 Reference 13 Reference 14 Reference 15 Reference 16 Reference 17 Reference 18 Reference 19 Reference 20 Reference 21 Reference 22 Reference 23 Reference 24 Reference 25 Reference 26 Reference 27 Reference 28 Reference 29 Reference 30 Reference 31 Reference 32 Reference 33 Reference 34 Reference 35 Reference 36 Reference 37 Reference 38 Reference 39 Reference 40 Reference 41 Reference 42 Reference 43 Reference 44 Reference 45 Reference 46 Reference 47 Reference 48 Reference 49 Reference 51
Title: Digital Evidence and Computer Crime: Forensic Science Computers and the Internet
Author(s): Eoghan Casey
Publisher: Academic Press
ISBN: Book:
ISBN-13: 978-0-12-162885-7
ISBN-10: 0-12-162885-X
CD:
ISBN-13: 978-0-12-162886-4
ISBN-10: 0-12-162886-8
Library of Congress:

Outside Back Cover

Digital evidence—evidence that is stored on or transmitted by computers—can play a major role in a wide range of crimes, including homicide, rape, abduction, child abuse, solicitation of minors, child pornography, stalking, harassment, fraud, theft, drug trafficking, computer intrusions, espionage and terrorism.

Though an increasing number of criminals are using computers and computer networks, few investigators are well-versed in the evidentiary, technical, and legal issues related to digital evidence. As a result, digital evidence is often overlooked, collected incorrectly and analyzed ineffectively. The aim of this hands-on resource is to educate students and professionals in the law enforcement, forensic science, computer security and legal communities about digital evidence and computer crime.

This work explains how computers and networks function, how they can be involved in crimes and how they can be used as a source of evidence. As well as gaining a practical understanding of how computers and networks function and how they can be used as evidence of a crime, readers will learn about relevant legal issues and will be introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations.

The accompanying CD-ROM contains simulated cases that integrate many of the topics covered in the text, teaching individuals:

  • the components of computer networks;
  • the use of computer networks in an investigation;
  • the abuse of computer networks;
  • privacy and security issues on computer networks
  • the law as it applies to computer networks.

“This book [makes] police, forensic scientists, lawyers, and programmers aware of what they do not know. It is an important contribution and should be required. reading for anyone involved either in criminal investigation or computer administration.” From the Foreword by Robert L Dunne JD, Co-Director, The Center for Internet Studies, Yale University.

Preface

In the past thirty years, there has been a dramatic shift in the way computers are used. Previously, computer technology was seen simply as a tool, used selectively for a specific purpose. Now, however, the very infrastructure of society relies on computers and there is only a vague awareness of their prevalence and multifarious functions. Financial networks, communication systems, power stations, medical facilities, modern automobiles and appliances all depend on computers, and these computers can record withdrawals, deposits, purchases, telephone calls, usage of electricity, medical treatments, driving patterns, the time an individual awakes, and much more. In addition to the computers that form our infrastructure, individuals use personal computers regularly for convenience, education and entertainment—typing letters, managing personal finances, exploring educational CD-ROMs and playing computer games. Furthermore, personal computers are connected to networks to take advantage of a wide range of network services including e-mail and the World Wide Web. Computer networks extend the reach and control of the individuals, giving them great freedom and power to be creative—and destructive.

It should come as no surprise that computer technology is involved in a growing number of crimes. In addition to being used as a tool to perpetrate crimes (e.g. computer intrusion, stalking, harassment, and fraud), computers can contain evidence related to any crime, including homicide and rape. It is no longer sufficient to have a few experts familiar with evidence stored on and transmitted using computers. Any investigation can involve computers or networks and everyone involved in a criminal investigation or prosecution can benefit from knowledge of the associated technical, legal and evidentiary issues related to this technology.

This text is written for the computer security professionals, law enforcement officers, attorneys and forensic scientists who are making efforts to become more familiar with the technical, legal, evidentiary and behavioral aspects of investigating computer-related crime. Although these professional groups have similar goals, there is a large amount of distrust and conflict between them. Computer security professionals who are employed to minimize the impact that an investigation has on an organization often come into conflict with law enforcement officers who are responsible for exploring every lead and examining every detail. Computer security professionals view law enforcement officers as heavy-handed and law enforcement officers see computer security professionals as unhelpful and even resistant. Also, computer security professionals who are already familiar with the particular system often perceive law enforcement officers, attorneys and forensic scientists who do not have a clear understanding of computer technology as technically inept. There are many other sources of conflict between these groups that can interfere with an investigation.

The expertise of each group is required for the successful investigation and prosecution of computer-related crime. Law enforcement officers, attorneys and forensic scientists depend on computer security professionals to help them collect and interpret evidence in technically challenging situations. Computer security professionals, attorneys and forensic scientists depend on law enforcement officers to coordinate investigations. Attorneys provide legal guidance and forensic scientists provide tools and techniques for getting the most out of available evidence. Therefore, it is important for these professional groups to gain a better understanding of each other and to work in collaboration. If these groups do not collaborate, criminals will continue to escape capture and prosecution and will feel justifiably safe using computers and networks to facilitate their criminal activities.

Although computer security professionals are primarily responsible for protecting information that is stored on their computer systems, they are often responsible for investigating and resolving criminal activity on their networks with minimum disruption to the users of the system. In the past, collecting evidence was not a priority for computer security professionals.

However, victims of computer-related crime are becoming more interested in pressing charges and there is an increasing pressure on computer security professionals to collect evidence to be accepted in court. When computer security professionals are compelled to collect evidence from their networks, it is important that they abide by applicable privacy laws and rules of evidence. If computer security professionals collect evidence illegally, they can be sued. If they do not collect evidence in a way that meets the legal requirements, the evidence might not be accepted in court and their efforts will be wasted.

Law enforcement officers are responsible for responding to complaints, looking for evidence, determining if a crime has been committed and obtaining authorization to gather and examine evidence. In some cases, law enforcement officers rely on computer security professionals to collect evidence from computers and networks but in certain situations the officers are required to search for and collect evidence themselves. Law enforcement officers encounter personal computers at crime scenes that contain a large amount of evidence. Additionally, the Internet often contains information about suspects, victims and even the crime itself.

Whether at a crime scene or in a corporate environment, law enforcement officers must adjust quickly to an unfamiliar computing environment. A solid understanding of the technical, legal and evidentiary aspects of computers and networks is required to adjust to these unfamiliar settings, locate sources of evidence quickly, obtain necessary assistance or authorization to search for and seize evidence, and collect evidence in a way that will be accepted in court.

Both defense and prosecuting attorneys are responsible for protecting their clients’ interests. Since computers are almost as common as file cabinets and can be involved in any case, it is not sufficient to have a few attorneys familiar with computer technology. All attorneys should be comfortable dealing with evidence stored on and transmitted using computers. Defense attorneys need to recognize and make use of exculpatory evidence and prosecuting attorneys need to recognize and make use of incriminating evidence. Also, defense and prosecuting attorneys will be at a loss if they are not acquainted with the common arguments regarding evidence obtained from computers.

As computer security professionals, law enforcement officers and attorneys become more familiar with computers and networks as a source of evidence, the expectations regarding its collection and processing are increasing. Attorneys are becoming more adept at challenging evidence so the individuals who collect and process evidence are becoming more circumspect. Already, the demand for improved tools and techniques for processing computer-related evidence is increasing. Forensic scientists are in a position to meet this demand.

This text is written with the hope that this diverse audience can learn to tolerate each other and cooperate sufficiently to address the mounting problems of computer-related crime effectively. To emphasize this common goal, the term investigator is used throughout this text to refer to members of the computer security, law enforcement, legal and forensic science communities who investigate computer-related crime.

TABLE OF CONTENT FOREWORD - vii PREFACE - xi ACKNOWLEDGMENTS - xv CHAPTER 1 INTRODUCTION TO DIGITAL EVIDENCE 1 2 THE LANGUAGE OF CYBERCRIME 15 3 MODUS OPERANDI, MOTIVE AND TECHNOLOGY 25 4 APPLYING FORENSIC SCIENCE TO COMPUTERS 41 5 DIGITAL EVIDENCE ON COMPUTER NETWORKS 75 6 DIGITAL EVIDENCE ON THE INTERNET 99 7 DIGITAL EVIDENCE AT THE TRANSPORT AND NETWORK LAYERS 121 8 DIGITAL EVIDENCE ON THE DATA-LINK AND PHYSICAL LAYERS 145 9 USING DIGITAL EVIDENCE AND BEHAVIORAL EVIDENCE ANALYSIS IN AN INVESTIGATION 161 10 COMPUTER CRACKERS 171 11 CYBERSTALKING 187 12 DIGITAL EVIDENCE AS ALIBI 199 13 LAWS, JURISDICTION, SEARCH AND SEIZURE 207 14 THOUGHTS FOR THE FUTURE 223 APPENDIX I SUMMARY OF RESOURCES 231 APPENDIX II MULTIMEDIA SUPPLEMENT 243 GLOSSARY 257 AUTHOR INDEX 267 SUBJECT INDEX 269