Digital Archaeology: The Art and Science of Digital Forensics
Format: PDF / Kindle (mobi) / ePub
The Definitive, Up-to-Date Guide to Digital Forensics
The rapid proliferation of cyber crime is increasing the demand for digital forensics experts in both law enforcement and in the private sector. In Digital Archaeology, expert practitioner Michael Graves has written the most thorough, realistic, and up-to-date guide to the principles and techniques of modern digital forensics.
Graves begins by providing a solid understanding of the legal underpinnings of and critical laws affecting computer forensics, including key principles of evidence and case law. Next, he explains how to systematically and thoroughly investigate computer systems to unearth crimes or other misbehavior, and back it up with evidence that will stand up in court.
Drawing on the analogy of archaeological research, Graves explains each key tool and method investigators use to reliably uncover hidden information in digital systems. His detailed demonstrations often include the actual syntax of command-line utilities. Along the way, he presents exclusive coverage of facilities management, a full chapter on the crucial topic of first response to a digital crime scene, and up-to-the-minute coverage of investigating evidence in the cloud.
Graves concludes by presenting coverage of important professional and business issues associated with building a career in digital forensics, including current licensing and certification requirements.
Topics Covered Include
- Acquiring and analyzing data in ways consistent with forensic procedure
- Recovering and examining e-mail, Web, and networking activity
- Investigating users’ behavior on mobile devices
- Overcoming anti-forensics measures that seek to prevent data capture and analysis
- Performing comprehensive electronic discovery in connection with lawsuits
- Effectively managing cases and documenting the evidence you find
- Planning and building your career in digital forensics
Digital Archaeology is a key resource for anyone preparing for a career as a professional investigator; for IT professionals who are sometimes called upon to assist in investigations; and for those seeking an explanation of the processes involved in preparing an effective defense, including how to avoid the legally indefensible destruction of digital evidence.
evidence to authorities, who subsequently obtain a search warrant, there is no 39 C hapter 3 S earch Warr ants and S ubpoenas recourse against the repairman. Data that is copied to a CD and shipped across the country remains private as long as it is in transit. Once the recipient takes control, the rights of the original sender can vary, depending on circumstances. If circumstances dictate that the “sender” retains control of the “package,” then expectation of privacy is retained.
likely to find, you can be ready with an explanation. Foreknowledge also stops you from making the legally indefensible mistake of deliberately destroying evidence in advance of e-discovery. Such bad behavior doesn’t just result in a slap on the wrist. It can result in fines ranging into the millions (or even billions) of dollars. W h o W i l l NOT B e n e f i t from Th i s B o o k ? Before attempting to fully understand this book, a wise reader will already have fulfilled a few
G H T S ACT OF 20 08 AND P R I VA C Y The Family Educational Rights and Privacy Act of 2008 (FERPA) controls the distribution of private information about students. It dictates that parents and eligible students must have a right to examine any of the student’s records maintained by an educational institution. Only the parent or eligible student may review the records except under specific circumstances. These include (as written in the act) • • School officials with legitimate educational
Unknownuser. Steiger attempted to have the evidence uncovered as a result of that warrant suppressed because Unknownuser was working as an agent for the government and as such had searched his computer illegally in violation of the Wiretap Act. Additionally, law enforcement failed to include the fact that the evidence provided by Unknownuser was obtained illegally when they applied for their search warrant. In denying these motions to suppress, Justice Goodwin of the Eleventh Circuit made two
behavior. Therefore, a complete discussion would require a small book on its own. To get the condensed version of the GREP manual, type MAN GREP at the Linux command prompt, and it will display a detailed description of each trigger. The tricks that GREP can perform that are of interest to the investigator are somewhat simpler. It can extract strings of text from binary files. This is useful if data has been embedded in another file. For example, a music file might have strings of text embedded