Handbook of Computer Crime Investigation: Forensic Tools and Technology
Academic Press, Oct 22, 2001 - Computers - 448 pages
Following on the success of his introductory text, Digital Evidence and Computer Crime, Eoghan Casey brings together a few top experts to create the first detailed guide for professionals who are already familiar with digital evidence. The Handbook of Computer Crime Investigation helps readers master the forensic analysis of computer systems with a three-part approach covering tools, technology, and case studies.
The Tools section provides the details on leading software programs, with each chapter written by that product's creator. The section ends with an objective comparison of the strengths and limitations of each tool.
The main Technology section provides the technical "how to" information for collecting and analyzing digital evidence in common situations, starting with computers, moving on to networks, and culminating with embedded systems. The Case Examples section gives readers a sense of the technical, legal, and practical challenges that arise in real computer investigations.
The Tools section provides details of leading hardware and software
The main Technology section provides the technical "how to" information
· for collecting and analysing digital evidence in common situations
Case Examples give readers a sense of the technical, legal, and practical
· challenges that arise in real computer investigations
What people are saying - Write a review
We haven't found any reviews in the usual places.
activity analysis attack attorneys available online backend backup bytes child pornography client command computer forensics configuration connection consultant contain created datagram deleted digital evidence disk e-mail electronic electronic organizers embedded systems EnCase encrypted event logs evidentiary example Figure file name file system file’s filtering folder entry forensic examiners GSM telephone hard drive hash values hexadecimal host identify IMSI INFO file interface Internet intruder investigation IP address Linux log files login logon MAC address memory messages Microsoft mobile device NetFlow network traffic online gambling operating system package packet password port producing party protocol query restored root root router server session shortcut files smart card stored subscriber switched syslog tape target tcpdump Telnet Unix Windows NT wireless network wtmp
Page 19 - Unless otherwise ordered by the court as provided by Rule 30 (b) or (d), the deponent may be examined regarding any matter, not privileged, which is relevant to the subject matter involved in the pending action, whether it relates to the claim or defense of the examining party or to the claim or defense of any other party...
Page 19 - Parties may obtain discovery regarding any matter, not privileged, which is relevant to the subject matter involved in the pending action, whether it relates to the claim or defense of the party seeking discovery or to the claim or defense of any other party, including the existence, description, nature, custody, condition and location of any books, documents, or other tangible things and the identity and location of persons having knowledge of any discoverable matter.