Handbook of Digital Forensics and Investigation builds on the success of the Handbook of Computer Crime Investigation, bringing together renowned experts in all areas of digital forensics and investigation to provide the consummate resource for practitioners in the field. It is also designed as an accompanying text to Digital Evidence and Computer Crime.
This unique collection details how to conduct digital investigations in both criminal and civil contexts, and how to locate and utilize digital evidence on computers, networks, and embedded systems. Specifically, the Investigative Methodology section of the Handbook provides expert guidance in the three main areas of practice: Forensic Analysis, Electronic Discovery, and Intrusion Investigation. The Technology section is extended and updated to reflect the state of the art in each area of specialization. The main areas of focus in the Technology section are forensic analysis of Windows, Unix, Macintosh, and embedded systems (including cellular telephones and other mobile devices), and investigations involving networks (including enterprise environments and mobile telecommunications technology).
This handbook is an essential technical reference and on-the-job guide that IT professionals, forensic practitioners, law enforcement, and attorneys will rely on when confronted with computer related crime and digital evidence of any kind.
Provides methodologies proven in practice for conducting digital investigations of all kinds
Demonstrates how to locate and interpret a wide variety of digital evidence, and how it can be useful in investigations
Presents tools in the context of the investigative process, including EnCase, FTK, ProDiscover, foremost, XACT, Network Miner, Splunk, flow-tools, and many other specialized utilities and analysis platforms
Case examples in every chapter give readers a practical understanding of the technical, logistical, and legal challenges that arise in real investigations
Forensic scientists, attorneys, law enforcement, and computer professionals already familiar with the basics of digital evidence
Chapter 1. Introduction
Part 1: Investigative Methodology
Chapter 2. Forensic Analysis
Eoghan Casey and Curtis W. Rose
Chapter 3. Electronic Discovery
James Holley, Paul Luehr, Jessica Reust Smith and Joseph Schwerha
Chapter 4. Intrusion Investigation
Eoghan Casey, Christopher Daywalt and Andy Johnston
Part 2: Technology
Chapter 5. Windows Forensic Analysis
Ryan Pittman and Dave Shaver
Chapter 6. UNIX Forensic Analysis
Cory Altheide and Eoghan Casey
Chapter 7. Macintosh Forensic Analysis
Chapter 8. Embedded Systems Analysis
Ronald van der Knijff
Chapter 9: Handbook Network Investigations
Eoghan Casey, Christopher Daywalt, Andy Johnston, Terrance Maguire
Chapter 10. Mobile Network Investigations
Dario Forte and Andrea De Donno
- No. of pages:
- © Academic Press 2010
- 26th October 2009
- Academic Press
- eBook ISBN:
- Paperback ISBN:
Eoghan Casey is an internationally recognized expert in data breach investigations and information security forensics. He is founding partner of CASEITE.com, and co-manages the Risk Prevention and Response business unit at DFLabs. Over the past decade, he has consulted with many attorneys, agencies, and police departments in the United States, South America, and Europe on a wide range of digital investigations, including fraud, violent crimes, identity theft, and on-line criminal activity. Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.
In addition to his casework and writing the foundational book Digital Evidence and Computer Crime, Eoghan has worked as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3) helping enhance their operational capabilities and develop new techniques and tools. He also teaches graduate students at Johns Hopkins University Information Security Institute and created the Mobile Device Forensics course taught worldwide through the SANS Institute. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security.
Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He also has information security experience, as an Information Security Officer at Yale University and in subsequent consulting work. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. Eoghan has authored advanced technical books in his areas of expertise that are used by practitioners and universities around the world, and he is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.
Eoghan Casey, cmdLabs, Baltimore, MD, USA
"... any library serving them would find this an excellent introduction." -E-Streams
"Any law firm looking to get into the field would do well to start here." -E-Streams
"... a useful introduction to an increasingly important field." -E-Streams