DALnet, 486
Danish bulletin board system, 26
Data:
in hexadecimal and ASCII format, 199
hiding, 199–201
mining technologies, 14
on networked systems, 383
recovery, 237–41, 264–71, 301–11
representation of, 198
Database header, 340
Databases, 279–80
Berkeley (BD), 233, 316, 331
Catalog, 317
Macintosh Desktop, 329
Netscape history, 232–6
in Palm OS (PDB), 339–40
DataGrab, 513
DataLifter, 267–80
Data-link layer, 422–7, 668
Data-time:
addresses (MAC addresses), 438
encapsulation, 422–7
information, analyzing using a grid, 246
stamp behavior on FAT and NTFS file systems, 272
Daubert v. Merrell Dow Pharmaceuticals, Inc., 1993, 181
DAVE application, 334
db dump 185 utility, 316
DCS1000 see Carnivore
dd command, 295, 539
Debit cards, 19
Debugfs, 302
Deception, 68
DeCSS, 60–1
DeepThroat Trojan horse program, 405
Defamation, 378, 485
Deleted data, 28–9, 189, 347
in computer crime, 542
Palm OS, 346
in PDA seizure, 348
recovery, 264, 339
Unix, 301, 306
Dellapenta, Gary S., 611
Denial of service attach tools, 540
DES, 207–11
Desktop:
DB, 335
driver, 329
folder, 330
Destruction:
of assets, 151
of digital evidence, 383, 542
DHCP (Dynamic Host Configuration Protocol) database entries, 431, 438, 457
Dial-up:
modem banks, 389
server logs, 100
DIBS, 28
Dig (Domain Information Groper), 445
DigiExt, 403
Digital camera, 22, 98, 139, 220, 330, 570
Digital crime scene
in original state, 133
technicians, 1
Digital Equipment Corporation, 664
Digital evidence, 664
admissibility of, 170–2
as alibi, 617
areas of specialization in handling, 1
authentication of, 169, 172–5, 391, 459
authorization and preparation of, 212–13
awareness of, 13–15
bitstream copy of digital evidence, 395
certainty in, 176
challenging aspects of, 15–17
classification, 212, 230, 434–7, 539
Lazarus, 307
collection of, 1–3, 14, 20, 116–17
in the courtroom, 167
definition, 12–13
displaying, 185
documentation of, 217–20, 427–32
empirical law, 226
examination, 27, 31
certification and training programs, 27
international standards (ISO 17025), 27
tools, bugs in, 134
examination guidelines, 631
identification and processing of special files, 642–3
preparation, 632
processing, 633–42
examiners, 1, 21, 186
network basics for, 359
forensic science, 20–1
handling guidelines, 627
preservation, 630
sample preservation form, 632
in handheld devices, 338
hearsay and, 179–83
identification of, 106–8, 216
on the Internet, 477
investigative reconstruction with, 115, 117, 408–16, 540–54
law of collection and preservation, empirical, 226
map, 393
media, 134
on networks, 390–93, 395–406
methodical approach, 393
preparation and authorization, 384–8
physical and data-link layers on, 419, 433
principles for handling, 107
processing tools and techniques, 183–5
overview of, 261–64, 294–301
reliability of, 2
reporting, 249–51
role of, 96
sources of, 33
system of degrees of likelihood, 250
transfer, types of, 99
transport layer, 441
Digital fingerprints, 219, 662
see also Message digest
Digital Forensic Research Workshop (DFRWS), 31
Digital forensic science, 31
Digital investigators, 1
Digital Millennium Copyright Act (DMCA), 59–62
Digital signatures, 218–20
Digital stratigraphy, 247–9
Direct chatting (DCC), 487
Direct versus circumstantial evidence, 178–9
Directors/Laboratory Accreditation Board (ASCLD/LAB), 3
Disk Boot, 197–201
Disk storage conditions, 110, 203–10
Disk Warrior, 327
DiskSearch Pro, 261
DmArchiveRecord, 340
DmRemoveRecord function, 340
DNA analysis, 96
DNA (Distributed Network Attack) application, 270
DNS (Domain Name System), 441
records, dynamic, 456
Documentation of digital evidence
stages of handling and processing, 217–20
collection, and preservation, 427–32
Drivers, 256, 290
Drug trafficking, 337
DOS/Windows Command Line, 633
see also Maresware
DSA, 208
DSMA/CO (Digital Sense Multiple access with Collision Detection), 369
Dumpel, 272
Durall, R., 11
DVDCCA v. Bunner, 61
Dynamic Host Configuration Protocol (DHCP), 431, 457, 618
DynDNS, 456