The definitive text for students of digital forensics, as well as professionals looking to deepen their understanding of an increasingly critical field Written by faculty members and associates of the world-renowned Norwegian Information Security Laboratory (NisLab) at the Norwegian University of Science and Technology (NTNU), this textbook takes a scientific approach to digital forensics ideally suited for university courses in digital forensics and information security. Each chapter was written by an accomplished expert in his or her field, many of them with extensive experience in law enforcement and industry. The author team comprises experts in digital forensics, cybercrime law, information security and related areas.
Digital forensics is a key competency in meeting the growing risks of cybercrime, as well as for criminal investigation generally. Considering the astonishing pace at which new information technology - and new ways of exploiting information technology - is brought on line, researchers and practitioners regularly face new technical challenges, forcing them to continuously upgrade their investigatory skills. Designed to prepare the next generation to rise to those challenges, the material contained in Digital Forensics has been tested and refined by use in both graduate and undergraduate programs and subjected to formal evaluations for more than ten years.
Encompasses all aspects of the field, including methodological, scientific, technical and legal matters Based on the latest research, it provides novel insights for students, including an informed look at the future of digital forensics Includes test questions from actual exam sets, multiple choice questions suitable for online use and numerous visuals, illustrations and case example images Features real-word examples and scenarios, including court cases and technical problems, as well as a rich library of academic references and references to online media Digital Forensics is an excellent introductory text for programs in computer science and computer engineering and for master degree programs in military and police education. It is also a valuable reference for legal practitioners, police officers, investigators, and forensic practitioners seeking to gain a deeper understanding of digital forensics and cybercrime.
Country of Publication:
21 July 2017
Professional and scholarly
Preface xv List of Contributors xvii List of Figures xxi List of Tables xxv List of Examples xxvii List of De?nitions xxix List of Abbreviations xxxi 1 Introduction 1 Andre Arnes 1.1 Forensic Science 1 1.2 Digital Forensics 4 1.3 Digital Evidence 7 1.4 Further Reading 9 1.5 Chapter Overview 10 1.6 Comments on Citation and Notation 10 2 The Digital Forensics Process 13 Anders O. Flaglien 2.1 Introduction 13 2.2 The Identi?cation Phase 17 2.3 The Collection Phase 24 2.4 The Examination Phase 33 2.5 The Analysis Phase 39 2.6 The Presentation Phase 45 2.7 Summary 47 2.8 Exercises 48 3 Cybercrime Law 51 Inger Marie Sunde 3.1 Introduction 51 3.2 The International Legal Framework of Cybercrime Law 54 3.3 Digital Crime - Substantive Criminal Law 76 3.4 Investigation Methods for Collecting Digital Evidence 95 3.5 International Cooperation in Order to Collect Digital Evidence 109 3.6 Summary 115 3.7 Exercises 115 4 Digital Forensic Readiness 117 Ausra Dilijonaite 4.1 Introduction 117 4.2 De?nition 117 4.3 Law Enforcement versus Enterprise Digital Forensic Readiness 118 4.4 Why? A Rationale for Digital Forensic Readiness 119 4.5 Frameworks, Standards, and Methodologies 123 4.6 Becoming Digital Forensic Ready 126 4.7 Enterprise Digital Forensic Readiness 127 4.8 Considerations for Law Enforcement 144 4.9 Summary 145 4.10 Exercises 145 5 Computer Forensics 147 Jeff Hamm 5.1 Introduction 147 5.2 Evidence Collection 148 5.3 Examination 152 5.4 Analysis 185 5.5 Summary 189 5.6 Exercises 190 6 Mobile and Embedded Forensics 191 Jens-Petter Sandvik 6.1 Introduction 192 6.2 Collection Phase 208 6.3 Examination Phase 247 6.4 Reverse Engineering and Analysis of Applications 267 6.5 Summary 270 6.6 Exercises 271 7 Internet Forensics 275 Petter Christian Bjelland 7.1 Introduction 275 7.2 Computer Networking 276 7.3 Layers of Network Abstraction 277 7.4 The Internet 279 7.5 Tracing Information on the Internet 289 7.6 Collection Phase - Local Acquisition 294 7.7 Collection Phase - Network Acquisition 298 7.8 Collection Phase - Remote Acquisition 300 7.9 Other Considerations 304 7.10 The Examination and Analysis Phases 306 7.11 Summary 311 7.12 Exercises 312 8 Challenges in Digital Forensics 313 Katrin Franke and Andre Arnes 8.1 Computational Forensics 313 8.2 Automation and Standardization 316 8.3 Research Agenda 317 8.4 Summary 317 9 Educational Guide 319 Stefan Axelsson 9.1 Teacher's Guide 319 9.2 Student's Guide 320 9.3 Summary 324 References 325 Index 333
ANDRE ARNES, PhD is Senior Vice President and Chief Security Office of Telenor Group and an Associate Professor on the faculty of the Norwegian Information Security Laboratory (NisLab) at the Norwegian University of Technology and Science (NTNU). An experienced cyber security expert, Dr. Arnes has extensive experience both as a security leader in a global corporation and as a computer crime special investigator in law enforcement.