Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet [Hardcover]

Cybercrime--the use of computers for criminal activity--is a becoming a hot subject right now, and Digital Evidence and Computer Crime is one of the first books to explain exactly what it means. This title considers cybercrimes such as e-mail defrauding, harassment in chat rooms, "spoofing", and "cracking" of computer networks. The author explains where the digital evidence is left, how it can be gathered with minimal distortion and how it can be used legally.

The book is stylishly formatted and easy to read. The main text is interspersed with fascinating case examples--such as the murderer caught at a library because the computer he always used there was traced, or the Colonel who remembered to shred all his documents and delete all e-mail, but didn't realise that backups were regularly made . . .

The author, Eoghan Casey, has designed this book for computer security professionals, law enforcement officers, attorneys and forensic scientists, but it is likely that all those with an interest in the role of computers in crime will find this an interesting read. The book only disappoints on two fronts. First, although much detail is provided on what should be done to gather and use digital evidence, very little technical information is given on how to do it. Secondly, and more seriously, this book makes no mention of the most recent and potentially costly form of cybercrime--fraudulent activity in electronic commerce systems. It would have been nice to hear about some of the automatic data-mining techniques being developed to find these crimes in large databases. However, Casey does a thorough job of explaining the more "traditional" types of cybercrime, and Digital Evidence and Computer Crime is recommended for those new to the field as an excellent introductory text. --Dr. Peter J Bentley

From the foreword "Many, perhaps most, of the police, lawyers or systems administrators and forensic scientists involved in investigation or prosecution of computer-related crimes do not know the answer to these questions [of digital evidence handling]. This book will tell them. It should, of course, be equally interesting to lawyers with the task of defending alleged computer criminals." - Robert L Dunne, JD, The Center for Internet Studies, Yale University, USA

Digital evidence - evidence that is stored on or transmitted by computers - can play a major role in a wide range of crimes. Though an increasing number of criminals are using computers and computer networks, few investigators are well versed in the evidently, technical and legal issues related to digital evidence. This book explains how computer networks function, how they can be involved in crime and how they can be used as a source of evidence. Readers will learn about relevant legal issues and ber introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations.

By Eoghan Casey

FOREWORD

From our present vantage point, perched at the end of a century filled with innovation and invention, it is clear to most of us that one of that century's most significant and influential inventions was the computer. Surprisingly, that idea might have seemed absurd even as recently as twenty years ago.

The story of computers and computing has been one of evolution of purpose. The stories of other major inventions of this century, such as the automobile, the telephone, the electric light, or the elevator have been tales of success at achieving intended purposes. The automobile transports us more quickly and efficiently than the horse and buggy; the telephone permits us easier, faster communication; the electric light does just that; the elevator facilitated the vertical development of cities. Except for various improvements in efficiency these inventions have remained largely unchanged in purpose and use since their creation. The primary role of today's computers, however, is certainly not what its early inventors envisioned. It has metamorphosed from a giant calculating machine like the thirty-ton ENIAC, to a stand-alone personal tool for performing assorted routine tasks like word-processing and bookkeeping, to today's networked device permitting virtually instantaneous and! global personal, corporate, and governmental interaction. The calculating machine has become the portal to a new world of human activity, a world different in so many essential ways from our everyday world that we have dubbed this new place "cyberspace".

Yet, cyberspace is, in the end, a place populated by humans, or perhaps more correctly, by human minds, since it is our intellects that reside and meet one another there. It should come as no surprise, then, that many of the problems of the "real" world carry over into this new realm. Crime is one of them.

The Internet (a term which once referred to a specific set of networked computers but which has now increasingly come to mean the global network of computers) is growing so quickly that it is impossible to know at any given moment the actual number of computers connected to it. It is even less possible to determine the number of people with access to it. But use of the Internet is clearly growing very, very quickly, and so is computer crime and the need to control it.

Some cyberspace crimes, such as unauthorized access to a computer, are new and specific to the online world. Others, such as fraud or theft of valuables, are familiar from the real world. In either case, the disembodied, often anonymous nature of activity in cyberspace creates problems in enforcing laws. Evidence, of course, is the foundation for identifying, catching, and prosecuting criminals. Forensic science has developed well-understood techniques for dealing with real-world evidence, but how can these methods be applied in cyberspace? What must investigators do to collect, preserve, and authenticate digital evidence? How can legal admissibility of digital evidence be assured? How can digital evidence be used to reconstruct crimes and generate leads?

Many, perhaps most, of the police, lawyers, programmers or systems administrators, and forensic scientists involved in the investigation or prosecution of computer-related crimes do not know the answer to these questions. This book will tell them. It should, of course, be equally interesting to lawyers with the task of defending alleged computer criminals, since it provides a detailed guide to possible procedural weaknesses in the prosecution's evidence.

In this book, Eoghan Casey has provided a much-needed "nuts and bolts" guide to dealing with digital evidence, with step-by-step instructions on dealing with an assortment of evidentiary problems. However, and to my mind at least as importantly, Casey illustrates how these details fit within the broader contexts of forensic science, crime, and society in general, never omitting mention of the potential downsides of detection and detectability. So, for example, the difficult balancing act between a secure computing environment and individual privacy is made clear.

Nor does Casey ever lose sight of the counter-intuitive importance of the human element in a world of intangible activity, and of the ways in which the nature of digital evidence and activity in cyberspace may alter or augment the rules of real-world behavioral analysis. For example, in any crime the victim, and the choice of that victim, can provide important clues regarding the identity or a profile of the criminal. Investigators therefore devote considerable energy to analyzing a victim's habits and activities. In cases of cyberstalking or computer harassment, the need to examine digital evidence related to the victim's activities is clear. But Casey reminds us here that digital evidence can play an important role in assessing a victim's behavioral pattern when investigating real-world crime as well, particularly if the victim is a frequent visitor to cyberspace. The unaware investigator may overlook the fact that people's cyberspace personalities are sometimes extraordinar! ily different than those presented to the real world. The anonymity possible in cyberspace provides a tempting opportunity to assume other identities, to play out other lives and fantasies. When these alter egos are of a particular "high-risk" nature and spill over into the real world, the consequences can be tragic, as is illustrated by one case study presented here.

The investigation of computer crime requires a team effort of police, forensic scientists, lawyers, and programmers or systems administrators. No single individual is likely to have the requisite skill sets. Police can generally be expected to know how to oversee an investigation, but may not know much about computers and computing and thus not know what evidence to look for. Programmers and systems administrators may know a great deal about computers, networks, and how they work, but nothing about legal procedural requirements regarding the collection and preservation of evidence. Forensic scientists may know how to deal with evidence but, like the police, may not know what to look for when dealing with digital evidence or how to apply real-world forensic science methods to it. Lawyers may know about the law of evidence but not much else. Together, however, this team can know how to conduct an investigation of a computer crime, what evidence to look for, how to find it, and h! ow to treat it so as to preserve its admissibility once it is found.

The danger in dealing with digital evidence is that the absence or ignorance of one or more members of this hypothetical investigatory team will lead to evidence being overlooked or rendered legally useless. This book addresses that danger by making police, forensic scientists, lawyers, and programmers aware of what they do not know. It is an important contribution and should be required reading for anyone involved either in criminal investigation or computer administration.