ebook img

Computer Evidence - Collection and Preservation PDF

417 Pages·2005·5.1 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Computer Evidence - Collection and Preservation

C E : OMPUTER VIDENCE C & P OLLECTION RESERVATION LIMITED WARRANTY AND DISCLAIMER OF LIABILITY THE CD-ROM THAT ACCOMPANIES THE BOOK MAY BE USED ON A SINGLE PC ONLY. THE LICENSE DOES NOT PERMIT THE USE ON A NETWORK (OF ANY KIND). YOU FURTHER AGREE THAT THIS LICENSE GRANTS PERMISSION TO USE THE PRODUCTS CONTAINED HEREIN, BUT DOES NOT GIVE YOU RIGHT OF OWNERSHIP TO ANY OF THE CONTENT OR PRODUCT CONTAINED ON THIS CD-ROM. USE OF THIRD-PARTY SOFTWARE CONTAINED ON THIS CD-ROM IS LIMITED TO AND SUBJECT TO LICENSING TERMS FOR THE RESPECTIVE PRODUCTS. CHARLES RIVER MEDIA, INC. ("CRM") AND/OR ANYONE WHO HAS BEEN INVOLVED IN THE WRITING, CREATION, OR PRODUCTION OF THE ACCOMPA- NYING CODE ("THE SOFTWARE") OR THE THIRD-PARTY PRODUCTS CON- TAINED ON THE CD-ROM OR TEXTUAL MATERIAL IN THE BOOK, CANNOT AND DO NOT WARRANT THE PERFORMANCE OR RESULTS THAT MAY BE OBTAINED BY USING THE SOFTWARE OR CONTENTS OF THE BOOK. THE AUTHOR AND PUBLISHER HAVE USED THEIR BEST EFFORTS TO ENSURE THE ACCURACY AND FUNCTIONALITY OF THE TEXTUAL MATERIAL AND PROGRAMS CONTAINED HEREIN. WE HOWEVER, MAKE NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE PERFORMANCE OF THESE PROGRAMS OR CON- TENTS. THE SOFTWARE IS SOLD "AS IS" WITHOUT WARRANTY (EXCEPT FOR DEFECTIVE MATERIALS USED IN MANUFACTURING THE DISK OR DUE TO FAULTY WORKMANSHIP). THE AUTHOR, THE PUBLISHER, DEVELOPERS OF THIRD-PARTY SOFTWARE, AND ANYONE INVOLVED IN THE PRODUCTION AND MANUFACTURING OF THIS WORK SHALL NOT BE LIABLE FOR DAMAGES OF ANY KIND ARISING OUT OF THE USE OF (OR THE INABILITY TO USE) THE PROGRAMS, SOURCE CODE, OR TEXTUAL MATERIAL CONTAINED IN THIS PUBLICATION. THIS INCLUDES, BUT IS NOT LIMITED TO, LOSS OF REVENUE OR PROFIT, OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THE PRODUCT. THE SOLE REMEDY IN THE EVENT OF A CLAIM OF ANY KIND IS EXPRESSLY LIM- ITED TO REPLACEMENT OF THE BOOK AND/OR CD-ROM, AND ONLY AT THE DISCRETION OF CRM. THE USE OF “IMPLIED WARRANTY” AND CERTAIN “EXCLUSIONS” VARIES FROM STATE TO STATE, AND MAY NOT APPLY TO THE PURCHASER OF THIS PRODUCT. C E : OMPUTER VIDENCE C & P OLLECTION RESERVATION C L. T. B HRISTOPHER ROWN CHARLES RIVER MEDIA, INC. Hingham,Massachusetts Copyright 2006 by THOMSON/DELMARLEARNING. Published by CHARLESRIVERMEDIA, INC. All rights reserved. No part of this publication may be reproduced in any way, stored in a retrieval system of any type, or transmitted by any means or media, electronic or mechanical, including, but not limited to, photocopy, recording, or scanning, without prior permission in writing from the publisher. Acquisitions Editor: James Walsh Cover Design: Tyler Creative CHARLESRIVERMEDIA, INC. 10 Downer Avenue Hingham, Massachusetts 02043 781-740-0400 781-740-8816 (FAX) [email protected] www.charlesriver.com This book is printed on acid-free paper. Christopher L.T. Brown. Computer Evidence: Collection & Preservation. ISBN: 1-58450-405-6 eISBN: 1-58450-636-9 All brand names and product names mentioned in this book are trademarks or service marks of their respective companies. Any omission or misuse (of any kind) of service marks or trademarks should not be regarded as intent to infringe on the property of others. The publisher recognizes and respects all marks used by companies, manufacturers, and developers as a means to distin- guish their products. Library of Congress Cataloging-in-Publication Data Brown, Christopher L. T. Computer evidence : collection & preservation / Christopher L.T. Brown.-- 1st ed. p. cm. Includes bibliographical references and index. ISBN 1-58450-405-6 (pbk. with cd-rom : alk. paper) 1. Computer crimes--Investigation. I. Title. HV8079.C65B76 2005 363.25'968--dc22 2005016674 Printed in the United States of America 05 7 6 5 4 3 2 First Edition CHARLESRIVERMEDIAtitles are available for site license or bulk purchase by institutions, user groups, corporations, etc. For additional information, please contact the Special Sales Depart- ment at 781-740-0400. Requests for replacement of a defective CD-ROM must be accompanied by the original disc, your mailing address, telephone number, date of purchase, and purchase price. Please state the nature of the problem, and send the information to CHARLES RIVER MEDIA, INC., 10 Downer Avenue, Hingham, Massachusetts 02043. CRM’s sole obligation to the purchaser is to replace the disc, based on defective materials or faulty workmanship, but not on the operation or function- ality of the product. To my life inspiration, Bobbie and Rudy & Annie This page intentionally left blank Contents Acknowledgments xvii Introduction xix Part I Computer Forensics and Evidence Dynamics 1 Chapter 1 Computer Forensics Essentials 3 What is Computer Forensics? 3 Crime Scene Investigation 4 Phases of Computer Forensics 6 Collection 6 Preservation 7 Filtering 7 Presentation 8 Formalized Computer Forensics from the Start 9 Who Performs Computer Forensics? 11 Seizing Computer Evidence 15 Challenges to Computer Evidence 17 Summary 18 References 19 Resources 20 Chapter 2 Rules of Evidence, Case Law, and Regulation 21 Understanding Rules of Evidence 21 Expert Witness (Scientific) Acceptance 24 Testifying Tips—You Are the Expert 26 Computer-Related Case Law 27 Regulation 31 Securities and Exchange Commission (SEC) Rule 17a-4 (1947) 32 National Association of Securities Dealers (NASD) Rules 3010 and 3110 (1997) 32 Sarbanes-Oxley Act (2002) 32 Gramm-Leach-Bliley Act (1999) 32 vii viii Contents California Privacy Law—SB 1386 (2003) 33 Health Insurance Portability and Accountability Act (HIPAA) (First Rule in Effect in 2002) 33 International Organization for Standardization (ISO) 17799 (2000) 34 U.S.A. Patriot Act (2001) 35 Personal Information Protection and Electronic Documents Act (PIPED)C-6 (2001) 36 Summary 38 References 39 Resources 40 Chapter 3 Evidence Dynamics 41 Forces of Evidence Dynamics 41 Human Forces 42 Emergency Personnel 43 Forensics Investigators 44 Law Enforcement Personnel 47 Victim 50 Suspect 51 Bystanders 51 Natural Forces 52 Equipment Forces 55 Proper Tools and Procedures 57 Summary 58 References 59 Resources 59 Part II Information Systems 61 Chapter 4 Interview, Policy, and Audit 63 Supporting and Corroboratng Evidence 63 Subject Interviews 64 Policy Review 68 Audit 71 Executive Summary 75 Recommendations 76 Scope 77 Host-Specific Findings 77 Contents ix War Dialing Results 79 Conclusion 79 Summary 81 References 81 Resources 82 Chapter 5 Network Topology and Architecture 83 Networking Concepts 83 Types of Networks 84 Physical Network Topology 87 Network Cabling 90 Wireless Networks 92 Open Systems Interconnect (OSI) Model 93 TCP/IPAddressing 97 Diagramming Networks 99 Summary 102 References 103 Resources 103 Chapter 6 Volatile Data 105 Types and Nature of Volatile Data 105 Operating Systems 108 Volatile Data in Routers and Appliances 111 Volatile Data in Personal Devices 112 Traditional Incident Response of Live Systems 113 Understanding Windows Rootkits in Memory 115 Accessing Volatile Data 121 Summary 123 References 124 Part III Data Storage Systems and Media 127 Chapter 7 Physical Disk Technologies 129 Physical Disk Characteristics 129 Physical Disk Interfaces and Access Methods 133 Logical Disk Addressing and Access 142 Disk Features 144 Summary 146

Description:
Learn to Collect Digital Artifacts and Ensure Evidence Acceptance! Computer Evidence: Collection and Preservation teaches law enforcement and computer forensics investigators how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. The book fo
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.