COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Digital Evidence and Computer Crime - 3rd Edition - ISBN: 9780123742681, 9780080921488

Digital Evidence and Computer Crime

3rd Edition

Forensic Science, Computers, and the Internet

0.0 star rating Write a review
Author: Eoghan Casey
Hardcover ISBN: 9780123742681
eBook ISBN: 9780080921488
Imprint: Academic Press
Published Date: 12th April 2011
Page Count: 840
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Digital Evidence and Computer Crime, Third Edition, provides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation.

It offers a thorough explanation of how computer networks function, how they can be involved in crimes, and how they can be used as a source of evidence. In particular, it addresses the abuse of computer networks as well as privacy and security issues on computer networks.

This updated edition is organized into five parts. Part 1 is about digital forensics and covers topics ranging from the use of digital evidence in the courtroom to cybercrime law. Part 2 explores topics such as how digital investigations are conducted, handling a digital crime scene, and investigative reconstruction with digital evidence. Part 3 deals with apprehending offenders, whereas Part 4 focuses on the use of computers in digital investigation. The book concludes with Part 5, which includes the application of forensic science to networks.

New to this edition are updated information on dedicated to networked Windows, Unix, and Macintosh computers, as well as Personal Digital Assistants; coverage of developments in related technology and tools; updated language for search warrant and coverage of legal developments in the US impacting computer forensics; and discussion of legislation from other countries to provide international scope. There are detailed case examples that demonstrate key concepts and give students a practical/applied understanding of the topics, along with ancillary materials that include an Instructor's Manual and PowerPoint slides.

This book will prove valuable to computer forensic students and professionals, lawyers, law enforcement, and government agencies (IRS, FBI, CIA, CCIPS, etc.).

Key Features

  • Named The 2011 Best Digital Forensics Book by InfoSec Reviews
  • Provides a thorough explanation of how computers & networks function, how they can be involved in crimes, and how they can be used as evidence
  • Features coverage of the abuse of computer networks and privacy and security issues on computer networks


Computer forensic students and professionals, lawyers, law enforcement, government agencies (IRS, FBI, CIA, CCIPS, etc.).

Table of Contents

  • Acknowledgments
  • Author Biographies
  • Introduction
  • Digital Forensics
  • Chapter 1. Foundations of Digital Forensics
    • 1.1 Digital Evidence
    • 1.2 Increasing Awareness of Digital Evidence
    • 1.3 Digital Forensics: Past, Present, and Future
    • 1.4 Principles of Digital Forensics
    • 1.5 Challenging Aspects of Digital Evidence
    • 1.6 Following the Cybertrail
    • 1.7 Digital Forensics Research
    • 1.8 Summary
  • Chapter 2. Language of Computer Crime Investigation
    • 2.1 Language of Computer Crime Investigation
    • 2.2 The Role of Computers in Crime
    • 2.3 Summary
  • Chapter 3. Digital Evidence in the Courtroom
    • 3.1 Duty of Experts
    • 3.2 Admissibility
    • 3.3 Levels of Certainty in Digital Forensics
    • 3.4 Direct versus circumstantial evidence
    • 3.5 Scientific Evidence
    • 3.6 Presenting Digital Evidence
    • 3.7 Summary
  • Chapter 4. Cybercrime Law
    • 4.1 Federal Cybercrime Law
    • 4.2 State cybercrime law
    • 4.3 Constitutional law
    • 4.4 Fourth Amendment
    • 4.5 Fifth Amendment and encryption
  • Chapter 5. Cybercrime Law
    • 5.1 The European and National Legal Frameworks
    • 5.2 Progression of Cybercrime Legislation in Europe
    • 5.3 Specific Cybercrime Offenses
    • 5.4 Computer-Integrity Crimes
    • 5.5 Computer-Assisted Crimes
    • 5.6 Content-Related Cybercrimes
    • 5.7 Other Offenses
    • 5.8 Jurisdiction
    • 5.9 Summary
    • Digital Investigations
  • Chapter 6. Conducting Digital Investigations
    • 6.1 Digital Investigation Process Models
    • 6.2 Scaffolding for Digital Investigations
    • 6.3 Applying the Scientific Method in Digital Investigations
    • 6.4 Investigative Scenario: Security Breach
    • 6.5 Summary
  • Chapter 7. Handling a Digital Crime Scene
    • 7.1 Published Guidelines for Handling Digital Crime Scenes
    • 7.2 Fundamental Principles
    • 7.3 Authorization
    • 7.4 Preparing to Handle Digital Crime Scenes
    • 7.5 Surveying the Digital Crime Scene
    • 7.6 Preserving the Digital Crime Scene
    • 7.7 Summary
  • Chapter 8. Investigative Reconstruction with Digital Evidence
    • 8.1 Equivocal Forensic Analysis
    • 8.2 Victimology
    • 8.3 Crime Scene Characteristics
    • 8.4 Threshold Assessments
    • 8.5 Summary
  • Chapter 9., Motive, and Technology
    • 9.1 Axes to Pathological Criminals and Other Unintended Consequences
    • 9.2 Modus Operandi
    • 9.3 Technology and Modus Operandi
    • 9.4 Motive and Technology
    • 9.5 Current Technologies
    • 9.6 Summary
    • Apprehending Offenders
  • Chapter 10. Violent Crime and Digital Evidence
    • 10.1 The Role of Computers in Violent Crime
    • 10.2 Processing The Digital Crime Scene
    • 10.3 Investigative Reconstruction
    • 10.4 Conclusions
  • Chapter 11. Digital Evidence as Alibi
    • 11.1 Investigating an Alibi
    • 11.2 Time as Alibi
    • 11.3 Location as Alibi
    • 11.4 Summary
  • Chapter 12. Sex Offenders on the Internet
    • 12.1 Old Behaviors, New Medium
    • 12.2 Legal Considerations
    • 12.3 Identifying and Processing Digital Evidence
    • 12.4 Investigating Online Sexual Offenders
    • 12.5 Investigative Reconstruction
    • 12.6 Case Example: Scott Tyree3
    • 12.7 Case Example: Peter Chapman6
    • 12.8 Summary
  • Chapter 13. Computer Intrusions
    • 13.1 How Computer Intruders Operate
    • 13.2 Investigating Computer Intrusions
    • 13.3 Forensic Preservation of Volatile Data
    • 13.4 Post-Mortem Investigation of a Compromised System
    • 13.5 Investigation of Malicious Computer Programs
    • 13.6 Investigative Reconstruction
    • 13.7 Summary
  • Chapter 14. Cyberstalking
    • 14.1 How Cyberstalkers Operate
    • 14.2 Investigating Cyberstalking
    • 14.3 Cyberstalking case example3
    • 14.4 Summary
    • Computers
  • Chapter 15. Computer Basics for Digital Investigators
    • 15.1 A Brief History of Computers
    • 15.2 Basic Operation of Computers
    • 15.3 Representation of Data
    • 15.4 Storage Media and Data Hiding
    • 15.5 File Systems and Location of Data
    • 15.6 Dealing with Password Protection and Encryption
    • 15.7 Summary
  • Chapter 16. Applying Forensic Science to Computers
    • 16.1 Preparation
    • 16.2 Survey
    • 16.3 Documentation
    • 16.4 Preservation
    • 16.5 Examination and Analysis
    • 16.6 Reconstruction
    • 16.7 Reporting
    • 16.8 Summary
  • Chapter 17. Digital Evidence on Windows Systems
    • 17.1 File Systems
    • 17.2 Data Recovery
    • 17.3 Log Files
    • 17.4 Registry
    • 17.5 Internet Traces
    • 17.6 Program Analysis
    • 17.7 Summary
  • Chapter 18. Digital Evidence on UNIX Systems
    • 18.1 UNIX Evidence Acquisition Boot Disk
    • 18.2 File Systems
    • 18.3 Overview of Digital Evidence Processing Tools
    • 18.4 Data Recovery
    • 18.5 Log Files
    • 18.6 File System Traces
    • 18.7 Internet Traces
    • 18.8 Summary
  • Chapter 19. Digital Evidence on Macintosh Systems
    • 19.1 File Systems
    • 19.2 Overview of Digital Evidence Processing Tools
    • 19.3 Data Recovery
    • 19.4 File System Traces
    • 19.5 Internet Traces
    • 19.6 Summary
  • Chapter 20. Digital Evidence on Mobile Devices
    • Network Forensics
  • Chapter 21. Network Basics for Digital Investigators
    • 21.1 A brief history of computer networks
    • 21.2 Technical Overview of Networks
    • 21.3 Network Technologies
    • 21.4 Connecting Networks Using Internet Protocols
    • 21.5 Summary
  • Chapter 22. Applying Forensic Science to Networks
    • 22.1 Preparation and Authorization
    • 22.2 Identification
    • 22.3 Documentation, Collection, and Preservation
    • 22.4 Filtering and Data Reduction
    • 22.5 Class/Individual Characteristics and Evaluation of Source
    • 22.6 Evidence Recovery
    • 22.7 Investigative Reconstruction
    • 22.8 Reporting Results
    • 22.9 Summary
  • Chapter 23. Digital Evidence on the Internet
    • 23.1 Role of the internet in criminal investigations
    • 23.2 Internet Services: Legitimate Versus Criminal Uses
    • 23.3 Using the Internet as an Investigative Tool
    • 23.4 Online Anonymity and Self-Protection
    • 23.5 E-mail Forgery and Tracking
    • 23.6 Usenet Forgery and Tracking
    • 23.7 Searching and Tracking on IRC
    • 23.8 Summary
  • Chapter 24. Digital Evidence on Physical and Data-Link Layers
    • 24.1 Ethernet
    • 24.2 Linking the Data-Link and Network Layers: Encapsulation
    • 24.3 Ethernet versus ATM Networks
    • 24.4 Documentation, Collection, and Preservation
    • 24.5 Analysis Tools and Techniques
    • 24.6 Summary
  • Chapter 25. Digital Evidence at the Network and Transport Layers
    • 25.1 TCP/IP
    • 25.2 Setting Up a Network
    • 25.3 TCP/IP-Related Digital Evidence
    • 25.4 Summary
  • Case Index
  • Name Index
  • Subject Index


No. of pages:
© Academic Press 2011
12th April 2011
Academic Press
Hardcover ISBN:
eBook ISBN:

About the Author

Eoghan Casey

Eoghan Casey is an internationally recognized expert in data breach investigations and information security forensics. He is founding partner of, and co-manages the Risk Prevention and Response business unit at DFLabs. Over the past decade, he has consulted with many attorneys, agencies, and police departments in the United States, South America, and Europe on a wide range of digital investigations, including fraud, violent crimes, identity theft, and on-line criminal activity. Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.

In addition to his casework and writing the foundational book Digital Evidence and Computer Crime, Eoghan has worked as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3) helping enhance their operational capabilities and develop new techniques and tools. He also teaches graduate students at Johns Hopkins University Information Security Institute and created the Mobile Device Forensics course taught worldwide through the SANS Institute. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security.

Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He also has information security experience, as an Information Security Officer at Yale University and in subsequent consulting work. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. Eoghan has authored advanced technical books in his areas of expertise that are used by practitioners and universities around the world, and he is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.

Affiliations and Expertise

Eoghan Casey, cmdLabs, Baltimore, MD, USA


First - Best Digital Forensics Books 2011, InfoSec Reviews


"Throughout the book there are a number of good case studies used to illustrate points which enlivens the text. There are also details of legal cases from various legislative areas and examples of relevant situations that demonstrate the points being made. There are also a number of references to other literature and links to website URLs and tools available to assist the practitioner."--Best Digital Forensics Book in InfoSecReviews Book Awards

"Just finished ‘Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet’ by Eoghan Casey and featuring other contributing authors, and it’s quite good. I bought this book because I wanted an all-encompassing book that provided insight on the various aspects of an investigation, especially the legal portion. And in this aspect the book does an excellent job, and is in-depth in area’s I have yet to see in other books. The book is divided into five portions digital forensics, digital investigations, apprehending offenders, computers and network forensics. For me the book was worth it for the first three portions; however, the computers and network portions, while a good start, there are more in-depth books that provide better insight… Overall, the book was enjoyable from start to finish and I would recommend it to anyone looking for a great overview of digital forensic investigation process from start to finish. I am happy to add this book to my growing reference library."--Student of Security

"This hefty book on forensic evidence obtained from computers dispels the myths propagated by popular television series. It states from the premise that very few people are well versed in the technical, evidential, and legal issues concerning digital evidence. Oftentimes, the useful evidence that may be found in various digital media is overlooked, collected incorrectly, or analyzed ineffectively. It is the goal of the team of contributors to equip readers with the necessary knowledge and skills to be able to make use of digital evidence correctly and effectively….  It is quite obvious that the various authors draw from several fields, such as forensic science, computer science, political science, criminal justice, the law, and behavioral analysis; as such, it is multi- and interdisciplinary. More specifically, the authors tackle the specific crimes of cyber bullying, cyber stalking, identity theft, online sex offenders, fraudsters, and cyber threats. There is extensive use of boxed stories, legal cases, practitioner’s tips, tables, the discussion of legislation, flow charts, treaties and journals, as well as figures, diagrams, pictures, and computer screen shots. The book is comparative in nature: it covers not only cyber law in the US, but also case law in the UK, Ireland, and the Netherlands. Given the ubiquity of the computer and the crimes that it can generate, learning about how other nations handle these issues helps in the formation of our own methods for dealing with crimes domestically, as well as those that cross national boundaries."--ACM’s Computing

"A better title for Digital Evidence and Computer Crime might be the Comprehensive Guide to Everything You Need to Know About Digital Forensics. One is hard pressed to find another book overflowing with so many valuable details and real-world examples."--Ben Rothke on (Sept 2011)

"The third edition of this comprehensive textbook on forensic science and the Internet is thoroughly updated to reflect the great leaps forward in technology in the six years since the previous printing. The work is divided into five sections covering digital forensics, digital investigations, apprehending offenders, computers and network forensics, and chapters provide practical instruction, case studies and discussions of the theoretical basis for all aspects of digital investigation and the use of computer evidence in forensics and law enforcement. The volume is intended for police, lawyers and forensic analysts and provides a comprehensive look at contemporary methodologies computer crime and crime prevention. Contributors include legal academics as well as computer, networking and forensics professional from around the world."--Book News, Reference & Research

"A better title for Digital Evidence and Computer Crime might be the Comprehensive Guide to Everything You Need to Know About Digital Forensics. One is hard pressed to find another book overflowing with so many valuable details and real-world examples. The book is also relevant for those who are new to the field, as it provides a significant amount of introductory material that delivers a broad overview to the core areas of digital forensics. The book progresses to more advanced and cutting-edge topics, including sections on various operating systems, from Windows and Unix to Macintosh. This is the third edition of the book and completely updated and reedited. When it comes to digital forensics, this is the reference guide that all books on the topic will be measured against. With a list price of $70.00, this book is an incredible bargain given the depth and breadth of topics discussed, with each chapter written by an expert in the field. For those truly serious about digital forensics, Digital Evidence and Computer Crime is an equally serious book."

Ratings and Reviews