• Title: Digital Evidence and Computer Crime, Third Edition: Forensic Science, Computers, and the Internet
  • Author: Eoghan Casey BS MA
  • Length: 840 pages
  • Edition: 3
  • Language: English
  • Publisher: Academic Press
  • Publication Date: 2011-05-04
  • ISBN-10: 0123742684
  • ISBN-13: 9780123742681
  • Sales Rank: #107926 (See Top 100 Books)


Digital Evidence and Computer Crime, Third Editionprovides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation. The widely-adopted first and second editions introduced thousands of students to this field and helped them deal with digital evidence. This completely updated edition provides the introductory materials that new students require, and also expands on the material presented in previous editions to help students develop these skills. The textbook teaches how computer networks function, how they can be involved in crimes, and how they can be used as a source of evidence. Additionally, this third edition includes updated chapters dedicated to networked Windows, Unix, and Macintosh computers, and Personal Digital Assistants. Ancillary materials include an Instructor's Manual and PowerPoint slides.

  • Provides a thorough explanation of how computers & networks function, how they can be involved in crimes, and how they can be used as evidence
  • Features coverage of the abuse of computer networks and privacy and security issues on computer networks

Practitioner's Tips from Digital Evidence and Computer Crime's Chapter on Digital Evidence in the Courtroom

  • In practice, many searches are conducted with consent. One of the biggest problems with consensual searches is that digital investigators must cease the search when the owner withdraws consent. However, digital investigators may be able to use the evidence gathered from a consensual search to establish probable cause and obtain a search warrant.
  • Once a search warrant is obtained, there is generally a limited amount of time to execute the search. Therefore, it is prudent to obtain a search warrant only after sufficient preparations have been made to perform the search in the allotted time period. Any evidence obtained under an expired search warrant may not be admissible.
  • Many digital investigators use the terminology “is consistent with” inappropriately to mean that an item of digital evidence might have been due to a certain action or event. For many people, to say that something is consistent with something else means that the two things are identical, without any differences. To avoid confusion, digital investigators are encouraged only to state that something is consistent with something else if the two things are the same and to otherwise use the terminology “is compatible with.”
  • Given the complexity of modern computer systems, it is not unusual for digital investigators to encounter unexpected and undocumented behaviors during a forensic analysis of digital evidence. Such behaviors can cause unwary digital investigators to reach incorrect conclusions that can have a significant impact on a case, sometimes leading to false accusations. Thorough testing with as similar an environment to the original as possible can help avoid such mistakes and resolve differences in interpretation of digital evidence. Provided digital investigators can replicate the actions that led to the digital evidence in question, they can generally agree on what the evidence means. When it is not possible to replicate the exact environment or digital evidence under examination, digital investigators may need to rely on their understanding of the systems involved, which is where differences of opinion can arise.
  • Careful use of language is needed to present digital evidence and associated conclusions as precisely as possible. Imprecise use of language in an expert report can give decision makers the wrong impression or create confusion. Therefore, digital investigators should carefully consider the level of certainty in their conclusions and should qualify their findings and conclusions appropriately.

Table of Contents

Part 1. Digital Forensics
Chapter 1. Foundations of Digital Forensics
Chapter 2. Language of Computer Crime Investigation
Chapter 3. Digital Evidence in the Courtroom
Chapter 4. Cybercrime Law: A United States Perspective
Chapter 5. Cybercrime Law: A European Perspective

Part 2. Digital Investigations
Chapter 6. Conducting Digital Investigations
Chapter 7. Handling a Digital Crime Scene
Chapter 8. Investigative Reconstruction with Digital Evidence
Chapter 9. Modus Operandi, Motive, and Technology

Part 3. Apprehending Offenders
Chapter 10. Violent Crime and Digital Evidence
Chapter 11. Digital Evidence as Alibi
Chapter 12. Sex Offenders on the Internet
Chapter 13. Computer Intrusions
Chapter 14. Cyberstalking

Part 4. Computers
Chapter 15. Computer Basics for Digital Investigators
Chapter 16. Applying Forensic Science to Computers
Chapter 17. Digital Evidence on Windows Systems
Chapter 18. Digital Evidence on UNIX Systems
Chapter 19. Digital Evidence on Macintosh Systems
Chapter 20. Digital Evidence on Mobile Devices

Part 5. Network Forensics
Chapter 21. Network Basics for Digital Investigators
Chapter 22. Applying Forensic Science to Networks
Chapter 23. Digital Evidence on the Internet
Chapter 24. Digital Evidence on Physical and Data-Link Layers
Chapter 25. Digital Evidence at the Network and Transport Layers