Who cares about digital footprints? Who cares about invisible trails of unshreddable electronic evidence (e-evidence) left by PCs and cellphones, PDAs and iPods, e-mail and social networks, visited Web sites and instant messaging, and every wireless and online activity? The sweeping answer is that you — and the many other people reading this book — care, and for good reasons. Investigators, attorneys, suspicious spouses, and the news media are legitimately interested in finding out what was sent over the Internet or private networks, what's stored on backup tapes or logs, and who wrote what in corporate e-mail or the blogosphere.
People concerned with what's happening to personal privacy certainly care. Anyone involved in litigation, criminal investigation, network intrusion, fraud or financial audit, marital or contract dispute, employment claim, or background check will care — sooner or later. Hardly a case goes to court — or avoids going to court — these days without the help of electronic gumshoes.
Digging up data to expose who did what and when, with whom, where, why, and how is a primary purpose of computer forensics. Computer forensics falls within the broader legal concept of electronic discovery, or e-discovery, the process of gathering data, documents, or e-mail in preparation for legal action that may lead to trial. Both these topics are serious stuff, as you soon find out in this book.
Searches for evildoers or illegal doings are now done megabyte by megabyte. But computers, network logs, and cell devices aren't only breeding grounds for proof of guilt. E-evidence can be your best alibi if you're wrongly accused. We've lightheartedly dubbed that type of evidence the e-alibi.
Computer Forensics For Dummies was written for hands-on and armchair investigators. It's designed to give you more than just a basic understanding of digital detective work, e-discovery, computer forensics, and e-evidence. Assume that we're looking over your shoulder to guide you to do what's right and to avoid doing irreversible wrongs.
This book is for individuals concerned about how their personal information becomes digitally recorded — investigators looking for a smoking gun or smoldering e-mail held in all types of electronic media; professionals required by lawsuit or audit to turn over their e-mail or business records; information technologists facing a subpoena or discovery request for electronic documents; lawyers wanting to know how to identify and use electronically stored information (ESI) to either win or not lose a case; and members of the court who want to know how to evaluate arguments about e-discovery (costs and burdens), the admissibility of paperless evidence, and the truth that it reveals.
Anyone who needs a quick read to understand e-evidence and computer forensics will benefit from this book too. From our experience, those folks are the accused, crime victims, anyone facing discovery requests, and their lawyers.
Computer Forensics For Dummies is an introduction to the exploding field of computer forensics and e-discovery. Computer forensics and e-evidence are important because the crime scene is where the evidence is — which makes computers and handheld devices qualify as crime scenes. So, more and more cases hinge on e-evidence.
We explain how your data gets recorded, how to find and recover data; and how lawyers try to use or refute that evidence to win their cases.
We explain — from the forensic point of view — what's important and why it's important. This nuts-and-bolts how-to guide shows you how to
Prepare for and conduct computer forensic investigations in actual practice.
Find out the current state of computer forensic methods, software, tools, and equipment that are generally accepted by law enforcement, the FBI, the courts, and regulatory agencies, such as the Securities and Exchange Commission (SEC).
Conduct investigations according to generally accepted methods and avoid the risks of ignoring best practices.
View e-evidence and computer forensics from the trenches — from the up-close perspective of investigators who work with people, companies, agencies, and their lawyers on cases involving e-evidence.
Although all topics in Computer Forensics For Dummies are related, they're distinct enough to fit into a modular format. You can use this book as a reference by going directly to the section related to your investigation or defense.
If you're new to crime scenes and evidentiary issues, you should understand them before tackling the technical issues. Keep in mind that you get no do-overs with evidence. Mess with evidence and you no longer have any!
If you're new to technical intricacies, you can explore how cybertrails are created and how to find them. Then move on to more advanced topics, such as identifying key search terms to locate relevant messages in response to an e-discovery request. You can find out how to dig up e-mail and documents that seemingly have been deleted, determine which Web sites a user visited, and find which key words were used to get there.
Depending on your background in law, criminal justice, investigative methods, or technology, you can skip the stuff you already know. If you're the victim, the accused, the plaintiff, or the defendant, feel free to skip sections that don't relate directly to your case or predicament.
We make a few assumptions about your interests, motives, and job requirements. As investigators, we're hardwired to avoid preconceived notions about the crime and evidence. But, in this book, we assume that you fit one or several of these characteristics:
You understand basic computer concepts and terms, such as cookie and hard drive.
You use e-mail, the Internet, and other digital devices.
You have an interest in justice. (Or should we call it e-justice?)
You like detective work and solving mysteries.
You're considering a career in computer forensics.
You're concerned about your privacy and other civil rights.
This book is organized into five parts. They're modular so that you can zero in on any issues of immediate concern. The more you discover, the more you want to discover, so we're sure that you'll return to read other sections. (Don't worry: The order in which you read this book doesn't leave a trace — unless you send an e-mail or blog about it.)
Part I: Digging Out and Documenting Electronic Evidence
The book starts by introducing you to life in a digitally recorded world. You find out how digital devices create indelible records of what happened — and how logs of Internet activities accumulate into a sort of digital underworld. The focus in Part I is on how to dig out those records for use as evidence in a lawsuit or criminal investigation — to either prove guilt or defend against it. We help you understand relevant rules — rules of evidence, discovery, and civil and criminal procedure. You read about computer forensics tactics, documenting crime scenes, and getting authorization to search and seize.
Part II: Preparing to Crack the Case
This part details the legal loopholes to avoid to keep a tight forensic defense or that you should look for in your opponent's methods to your advantage. We tell you how to pick cases to get involved in and those to walk away from. You see the technical side of forensics, including how to create a forensically sound image of a hard drive. Then you jump into the art of searching to find the e-evidence you need in order to prove the case or defend against it. To break through attempts to hide evidence from you, Part II also details password cracking.
Part III: Doing Computer Forensic Investigations
To find out how to start investigating e-mail and instant messages, data storage systems, documents, mobiles, networks, and unusual hiding places, ranging in size from pockets to homes, read Part II. You see how to re-create the past from the perspective of almost anything with digital pockets.
Part IV: Succeeding in Court
Your job as a computer forensic investigator doesn't end when the e-evidence has been dug out, documented, and dissected. You memorized the laws of evidence and the rules of computer forensics to score a touchdown at trial. Now you need to survive Daubert (not to be confused with the cartoon character Dilbert) and defend your methods in court. Find out how to keep your cool in the court's hot seat.
Part V: The Part of Tens
Every For Dummies book has The Part of Tens, and we give you three top-ten lists of items that everyone interested in computer forensics should know, do, and build. Find out how to qualify for a career in computer forensics, what to do to be an excellent investigator and expert witness, and how to build a forensic lab or toolkit.
We're providing a place to blog with us for readers who are personally or professionally interested in technical and legal information about e-evidence and computer forensics. You can check out our blog at
http://cf4dummies.wordpress.com
You can find links to forensic software demos, documents, videos, and other digital goodies online. You can check out the Web site for this book at
www.dummies.com/go/computerforensics
Useful clues represented by icons highlight especially significant issues in this book. The following paragraphs (with their representative icons) give you an idea of what to expect when you see these icons.
Tip
Save yourself time and effort, and save somebody else money or grief. Computer forensics often involves high-stakes issues pitting determined adversaries against each other — ranging from megadollar civil cases to criminal cases of the worst kind. These icons flag paragraphs that can be goldmines of information.
Note
Take an in-depth look at real-world cases and issues — both good and bad.
Warning
Computer forensic investigations can involve one booby trap after another — you're never out of the woods. And, the land mines can explode your efforts. We flag the land mines with this icon to draw your attention to killer mistakes.
Note
We use this heads-up icon to flag certain concepts that you should keep in mind.
Note
Technology addicts may savor the technical details of digging into the depths of the unseen digital universe, but if you don't like excruciating detail, move on.
How many digital devices do you own that you didn't own five years ago? Two years ago? How many features do your cell devices have now that they didn't have five or two years ago? Do you wonder which devices you can't live without that haven't been developed yet? Your answers point to the inevitable growing scope of computer forensics. Certainly, computer forensics and all its specialty offshoots form an exciting field that this book helps you discover. Use it as a reference you turn to for advice, methods, and tactics about computers or the courts.