The vast majority of modern criminal investigations involve some element of digital evidence, from mobile phones, computers, CCTV and other devices. Digital Forensics: Digital Evidence in Criminal Investigations provides the reader with a better understanding of how digital evidence complements "traditional" scientific evidence and examines how it can be used more effectively and efficiently in a range of investigations. Taking a new approach to the topic, this book presents digital evidence as an adjunct to other types of evidence and discusses how it can be deployed effectively in support of investigations. The book provides investigators/SSMs/other managers with sufficient contextual and technical information to be able to make more effective use of digital evidence sources in support of a range of investigations. In particular, it considers the roles played by digital devices in society and hence in criminal activities. From this, it examines the role and nature of evidential data which may be recoverable from a range of devices, considering issues relating to reliability and usefulness of those data.
Includes worked case examples, test questions and review quizzes to enhance student understanding
Solutions provided in an accompanying website
Includes numerous case studies throughout to highlight how digital evidence is handled at the crime scene and what can happen when procedures are carried out incorrectly
Considers digital evidence in a broader context alongside other scientific evidence
Discusses the role of digital devices in criminal activities and provides methods for the evaluation and prioritizing of evidence sources
Includes discussion of the issues surrounding modern digital evidence examinations, for example; volume of material and its complexity
Clear overview of all types of digital evidence
Digital Forensics: Digital Evidence in Criminal Investigations is an invaluable text for undergraduate students taking either general forensic science courses where digital forensics may be a module or a dedicated computer/digital forensics degree course. The book is also a useful overview of the subject for postgraduate students and forensic practitioners.
Preface vii
Acknowledgments xi
List of Tables xii
List of Figures xiii
1 Introduction 1
1.1 Key developments 1
1.2 Digital devices in society 5
1.3 Technology and culture 6
1.4 Comment 7
2 Evidential Potential of Digital Devices 9
2.1 Closed vs. open systems 10
2.2 Evaluating digital evidence potential 17
3 Device Handling 19
3.1 Seizure issues 21
3.2 Device identification 31
3.3 Networked devices 36
3.4 Contamination 40
4 Examination Principles 43
4.1 Previewing 43
4.2 Imaging 47
4.3 Continuity and hashing 48
4.4 Evidence locations 49
5 Evidence Creation 55
5.1 A seven-element security model 56
5.2 A developmental model of digital systems 60
5.3 Knowing 61
5.4 Unknowing 63
5.5 Audit and logs 68
6 Evidence Interpretation 69
6.1 Data content 69
6.2 Data context 83
7 Internet Activity 85
7.1 A little bit of history 85
7.2 The ISO/OSI model 86
7.3 The internet protocol suite 90
7.4 DNS 94
7.5 Internet applications 96
8 Mobile Devices 109
8.1 Mobile phones and PDAs 109
8.2 GPS 116
8.3 Other personal technology 118
9 Intelligence 119
9.1 Device usage 119
9.2 Profiling and cyberprofiling 121
9.3 Evaluating online crime: automating the model 124
9.4 Application of the formula to case studies 126
9.5 From success estimates to profiling 129
9.6 Comments 129
10 Case Studies and Examples 131
10.1 Introduction 131
10.2 Copyright violation 131
10.3 Missing person and murder 133
10.4 The view of a defence witness 137
Appendix A The "Aircraft Carrier" PC 141
Appendix B Additional Resources 145
B.1 Hard disc and storage laboratory tools 145
B.2 Mobile phone/PDA tools 146
B.3 Live CDs 146
B.4 Recommended reading 146
Appendix C SIM Card Data Report 149
References 157
Index 161
