Digital evidence--evidence that is stored on or transmitted by computers--can play a major role in a wide range of crimes, including homicide, rape, abduction, child abuse, solicitation of minors, child pornography, stalking, harassment, fraud, theft, drug trafficking, computer intrusions, espionage, and terrorism.
Though an increasing number of criminals are using computers and computer networks, few investigators are well-versed in the evidentiary, technical, and legal issues related to digital evidence. As a result, digital evidence is often overlooked, collected incorrectly, and analyzed ineffectively. The aim of this hands-on resource is to educate students and professionals in the law enforcement, forensic science, computer security, and legal communities about digital evidence and computer crime.
This work explains how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence. As well as gaining a practical understanding of how computers and networks function and how they can be used as evidence of a crime, readers will learn about relevant legal issues and will be introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations.
Frequently updated, these cases teaching individuals about:
About the Author
Eoghan Casey is a founding member of Knowledge Solutions LLC, a partnership of practicing forensic professionals who have made a commitment to providing quality training, information resources, and case consultations. He investigates network intrusions, intellectual property theft, and other computer-related crimes, and has extensive experience analyzing digital evidence. He has assisted law enforcement in a wide range of criminal investigations including homicide, child exploitation, cyberstalking, and larceny. Eoghan also has extensive information security experience. As an Information Security Officer at Yale University and in subsequent consulting work, he has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs. Eoghan holds a B.S. in Mechanical Engineering from the University of California at Berkeley, an M.A. in Educational Communication and Technology from New York University, and is currently working towards a Ph.D. in Computer Science at University College Dublin. Eoghan also brought together forensic experts to create the Handbook of Computer Crime Investigation: Forensic Tools and Technology.
by Eoghan Casey
with contributions from Robert Dunne
Monique Mattei Ferraro
Amsterdam • Boston • Heidelberg • London • New York • Oxford Paris • San Diego • San Francisco • Singapore • Sydney • Tokyo
Copyright © 2004 by ACADEMIC PRESS
First published 2000
Reprinted 2001, 2003
Second edition 2004
All Rights Reserved
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher.
An imprint of Elsevier
84 Theobald's Road, London WC1X 8RR, UK
An imprint of Elsevier
525 B Suite, Suite 1900, San Diego, California 92101-4495, USA
A catalogue record for this book is available from the British
Library Library of Congress Cataloging-in-Publication Data
Casey, Eoghan Digital evidence and computer crime: forensic science, computers, and the Internet/Eoghan Casey.—2nd ed. p. cm. Includes bibliographical references. ISBN 0-12-163104-4 (alk.paper)
1. Computer crimes. 2. Evidence, Criminal. I. Title
Typeset by Newgen Imaging Systems (P) Ltd, Chennai, India
Printed and bound in Great Britain
The substance and structure of this book are the result of several years of intensive case work, research, and teaching. Many colleagues, students, and my family and friends assisted me during this period. I am deeply grateful to each of you for your support and I would like to give special thanks to the following.
The contributors Robert Dunne, Monique Mattei Ferraro, Troy Larson, Mike McGrath, Gary Palmer, Tessa Robinson, and Brent Turvey for your inspiration, dedication, and for accepting the ambitious schedule. Barbara Troyer for your assistance with the figures in the text and your friendship over the years.
Colin Harris and Stephen Douglas for your direction and calming influence during the rough patches. Clare O'Connor for your lifelong encouragement and guidance. Jim Casey for your sage advice. Ita O'Connor for your clarity of thought and for making this all possible. Genevieve Gessert for your boundless love, friendship, and support.
H. Morrow Long, Andrew Newman, Shawn Bayern, and everyone else at Yale University for the supportive and challenging work-learning environment.
Bruce Patterson, Andy Russell, Jim Smith, Joe Sudol, Ken Gray, John Blawie, Mike O'Connor, Mark Califano and everyone in the Connecticut State Crime Laboratory, FBI, and State's and US Attorney's Offices for your dedication and camaraderie.
Fred Cotton, Todd Colvin, Jim Jolley, Keith Daniels, Glenn Lewis, and everyone at SEARCH for your continued support.
Tony Noble, Javier Torner, Larry Amos, Don Allison, Harlan Carvey, Paul Gillen, Harold Jones, Gary Gordon, Sarah Mocas, Warren Harrison, Mark Morrisey, Mark Bowser, Warren Kruse, and Carrie Whitcomb for your personal encouragement and contributions.
Brian Carrier for your technical review of Chapters 10–12 and E. Larry Lidz for your technical review of Chapters 16–18.
Brian Carrier, Joe Grand, Dan Mares, John Patzakis, Amber Schroader, Eric Thompson, Bob Weitershausen, and Walker Whitehouse for assistance with your digital evidence examination tools.
Mark Listewnik, Linda Beattie, Jennifer Rhuda, and the others at Academic Press who fostered this project over the years.
Eoghan Casey is a founding member of Knowledge Solutions LLC, a partnership of practicing forensic professionals who have made a commitment to providing quality training, information resources, and case consultations. He investigates network intrusions, intellectual property theft, and other computer-related crimes, and has extensive experience analyzing digital evidence. He has assisted law enforcement in a wide range of criminal investigations including homicide, child exploitation, cyber'stalking, and larceny. Eoghan also has extensive information security experience. As an Information Security Officer at Yale University and in subsequent consulting work, he has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs. Eoghan holds a B.S. in Mechanical Engineering from the University of California at Berkeley, an M.A. in Educational Communication and Technology from New York University, and is currently working towards a Ph.D. in Computer Science at University College Dublin. Eoghan also brought together forensic experts to create the Handbook of Computer Crime Investigation: Forensic Tools and Technology. He can be contacted at <email@example.com>.
Robert Dunne is an attorney and member of the faculty in the Department of Computer Science at Yale University, where he teaches "Computers and the Law," "Legal Implications of Computing Technology," and "Intellectual Property in the Digital Age." He has written on alternative paradigms for behavioral control in cyberspace, the impact of cyberspace on the legal profession, and Internet crime. Robert is Co-Director of Yale's Center for Internet Studies, an interdisciplinary enterprise whose goal is to explore the Internet's effect on society, and vice versa, from technological, legal, political, economic, cultural, and educational perspectives.
Monique Mattei Ferraro is an attorney with the Connecticut Department of Public Safety Computer Crimes and Electronic Evidence Unit and a Certified Information Systems Security Professional. She has been with the Department of Public Safety since 1987. She advises the Computer Crimes Unit and the Internet Crimes Against Children Task Force, develops training curricula for law enforcement, prosecutors and the public regarding Computer Crime Investigation and Internet Safety. Monique is co-author of Connecticut's Law Enforcement Guidelines for Computer and Electronic Evidence Search and Seizure, and is currently coauthoring a book on Investigating Child Exploitation with Eoghan. She holds a Master's degree from Northeastern University and a Law Degree from the University of Connecticut Law School.
Troy Larson is president of Digital Evidence Solutions, Inc., based in Seattle, Washington. Mr. Larson specializes in assisting attorneys with electronic evidence throughout all facets of litigation, particularly discovery and expert testimony. He is a member of the Washington State Bar and received both his undergraduate and law degrees from the University of California at Berkeley. He can be contacted at <firstname.lastname@example.org>.
Dr. Michael McGrath divides his time between clinical, administrative, teaching and research activities. His areas of special expertise include forensic psychiatry and criminal profiling. He has lectured on three continents and is a founding member of the Academy of Behavioral Profiling. He has published articles and/or chapters related to criminal profiling, sexual predators and the Internet, false allegations of sexual assault, and sexual asphyxia.
Gary Palmer is an INFOSEC Research Scientist for the MITRE Corporation, Bedford, MA in the Security and Information Operations Group (G021). He currently supports the Digital Forensic Research programs at the Air Force Research Laboratory's (AFRL) Rome Research Site in Rome, New York where he is focusing efforts on forensic identification, recovery and analysis of database systems as well as the forensic implications of wireless technology. Gary is also co-founder and a lead organizer of the Digital Forensic Research Workshop (DFRWS), sponsored by AFRL, which provides a forum for dialog between academic research and practice in the field. He attained a BS in 1979 from The Virginia Polytechnic Institute and State University (VATech). He has been active in the field of computer, network and information security since 1981 and wrote his first macro assembler program on a paper tape attached to a DEC PDP/11-44 running RSX11/M with 64K overlays. He lives in Sanford, FL, where he rides his motorcycle, plays the guitar and is currently enrolled in a Computer Forensic Graduate Certificate Program at the University of Central Florida.
Tessa Robinson B.L. studied at Trinity College Dublin and the Kings Inns. She is a practising barrister, called to the Irish bar in 1998. Her areas of practice include criminal, commercial, administrative and family law. Prior to commencing at the bar in Ireland she worked in New York with the Lawyers Committee for Human Rights, in Brussels with White & Case, in San Francisco with Morrison Foerster and in Washington D.C. with Hogan Hartson.
Brent Turvey received his Masters of Science in Forensic Science after studying at the University of New Haven, in West Haven, Connecticut. He also holds a Bachelor of Science degree from Portland State University in Psychology, with an emphasis on Forensic Psychology, and an additional Bachelor of Science degree in History. He has been studying violent sex offenders since 1990. He has consulted with law enforcement, attorneys, and private agencies in the United States, New Zealand, Canada, Australia, Korea and China on a range of serial rapes, homicides, staged crime scenes, and multiple death cases, as a forensic scientist and criminal profiler. He is author of the textbook Criminal Profiling: An Introduction to Behavioral Evidence Analysis, 2nd Ed., which is used in colleges and universities all over the world. He is currently a full partner, Criminal Profiler, and Instructor with Knowledge Solutions LLC.