The book includes a chapter featuring case studies with practical information on how the forensic treatment of digital evidence can be used to assist with criminal investigations. The book also discusses the issues surrounding modern digital evidence examinations and provides a comprehensive overview of all types of digital evidence and how devices may be more multi-purpose than is readily apparent.Clear methods for evaluating and prioritising evidence sources are also provided.

Digital Forensics is an accessible introduction to the subject, providing a clear understanding of how digital evidence complements 'traditional' scientific evidence and how it can be used more effectively in a range of criminal investigations.

Taking a new approach to the subject, this book presents digital evidence as an adjunct to other types of evidence and discusses how it can be deployed effectively in support of investigations. Clearly structured throughout, the book considers the roles played by digital devices in society and provides the reader with useful contextual and technical information to enable them to make more effective use of digital evidence.

The book includes a chapter featuring case studies with practical information on how the forensic treatment of digital evidence can be used to assist with criminal investigations. The book also discusses the issues surrounding modern digital evidence examinations and provides a comprehensive overview of all types of digital evidence and how devices may be more multi-purpose than is readily apparent.Clear methods for evaluating and prioritising evidence sources are also provided.

Preface

Acknowledgments

List of Tables

List of Figures

1 Introduction

1.1 Key developments

1.2 Digital devices in society

1.3 Technology and culture

1.4 Comment

2 Evidential Potential of Digital Devices

2.1 Closed vs. open systems

2.2 Evaluating digital evidence potential

3 Device Handling

3.1 Seizure issues

3.2 Device identification

3.3 Networked devices

3.4 Contamination

4 Examination Principles

4.1 Previewing

4.2 Imaging

4.3 Continuity and hashing

4.4 Evidence locations

5 Evidence Creation

5.1 A seven-element security model

5.2 A developmental model of digita[ systems

5.3 Knowing

5.4 Unknowing

5.5 Audit and Logs

6 Evidence Interpretation

6.1 Data content

6.2 Data context

7 Internet Activity

7.1 A LittLe bit of history

7.2 The ISO/OSI model

7.3 The internet protocol suite

7.4 DNS

7.5 Internet applications

8 Mobi|e Devices

8.1 MobiLe phones and PDAs

8.2 GPS

8.3 Other personal technology

9 Intet|igence

9.1 Device usage

9.2 Profiling and cyberprofiling

9.3 EvaLuating online crime: automating the model

9.4 Application of the formula to case studies

9.5 From success estimates to profiling

9.6 Comments

10 Case Studies and Examples

10.1 Introduction

10.2 Copyright violation

10.3 Missing person and murder

10.4 The view of a defence witness

Appendix A The "Aircraft Carrier" PC

Appendix B Additional Resources

B.1 Hard disc and storage Laboratory tools

B.2 MobiLe phone/PDA tools

B.3 Live CDs

B.4 Recommended reading

Appendix C SIM Card Data Report

References

Index