Home Page Icon
Home Page
Table of Contents for
Table of Contents
Close
Table of Contents
by Lars Daniel, Larry Daniel
Digital Forensics for Legal Professionals
Cover image
Table of Contents
Front-matter
Copyright
Preface
Dedication
About the Authors
About the Tech Editors
Chapter 1. Digital Evidence Is Everywhere
1.1. What is digital forensics?
1.2. What is digital evidence?
1.3. How digital evidence is created and stored
Chapter 2. Overview of Digital Forensics
2.1. Digital forensics
2.2. A little computer history
2.3. A brief history of computer forensics
2.4. Computer forensics becomes digital forensics
Chapter 3. Digital Forensics
3.1. The subdisciplines
3.2. Computer forensics
Chapter 4. The Foundations of Digital Forensics
4.1. Who establishes best practices?
4.2. Who should be following best practices?
4.3. Summary of best practices
4.4. What really happens in many cases
Chapter 5. Overview of Digital Forensics Tools
5.1. What makes a tool forensically sound?
5.2. Who performs tool testing?
5.3. Computer forensics tools: An overview
5.4. Classes of forensics tools
5.5. Mobile device forensics tools
Chapter 6. Digital Forensics at Work in the Legal System
6.1. Mitigation
6.2. Pre-trial motions
6.3. Trial preparation
6.4. Example trial questions
6.5. Trial phase
Chapter 7. Why Do I Need an Expert?
7.1. Why hire a digital forensics expert?
7.2. When to hire a digital forensics expert
Chapter 8. The Difference between Computer Experts and Digital Forensics Experts
8.1. The computer expert
8.2. The digital forensics expert
8.3. A side-by-side comparison
8.4. Investigation of digital evidence
Chapter 9. Selecting a Digital Forensics Expert
9.1. What is an expert?
9.2. Locating and selecting an expert
9.3. Certifications
9.4. Training, education, and experience
9.5. The right forensic tools
Chapter 10. What to Expect from an Expert
10.1. General expectations
10.2. Where to begin?
10.3. The examination
10.4. Court preparation
10.5. Expert advice
Chapter 11. Approaches by Different Types of Examiners
11.1. Standards
11.2. Training and experience
11.3. Impact on examinations
11.4. Ethics
11.5. The approach to an examination
Chapter 12. Spotting a Problem Expert
12.1. Beyond the window dressings
Chapter 13. Qualifying an Expert in Court
13.1. Qualifying an expert
13.2. Qualifying experts in court
Chapter 14. Overview of Digital Evidence Discovery
14.1. Discovery motions in civil and criminal cases
Chapter 15. Discovery of Digital Evidence in Criminal Cases
15.1. Sources of digital evidence
15.2. Building the motion
Chapter 16. Discovery of Digital Evidence in Civil Cases
16.1. Rules governing civil discovery
16.2. Electronic discovery in particular
16.3. Time is of the essence
16.4. Getting to the particulars
16.5. Getting the electronic evidence
Chapter 17. Discovery of Computers and Storage Media
17.1. An example of a simple consent to search agreement
17.2. Example of a simple order for expedited discovery
17.3. Example of an order for expedited discovery and temporary restraining order
Chapter 18. Discovery of Video Evidence
18.1. Common issues with video evidence
18.2. Collecting video evidence
18.3. Example discovery language for video evidence
Chapter 19. Discovery of Audio Evidence
19.1. Common issues with audio evidence
19.2. Example discovery language for audio evidence
Chapter 20. Discovery of Social Media Evidence
20.1. Legal issues in social media discovery
20.2. Finding custodian of records contact information
20.3. Facebook example
20.4. Google information
20.5. Online e-mail accounts
Chapter 21. Discovery in Child Pornography Cases
21.1. The Adam Walsh Child Protection and Safety Act of 2006
21.2. The discovery process
Chapter 22. Discovery of Internet Service Provider Records
22.1. Internet service provider records or IP addresses
22.2. Example language for web-based e-mail addresses
22.3. What to expect from an internet service provider (ISP) subpoena
Chapter 23. Discovery of Global Positioning System Evidence
23.1. GPS tracking evidence overview
23.2. Discovery of GPS evidence
Chapter 24. Discovery of Call Detail Records
24.1. Discovery issues in cellular evidence
24.2. Example language for call detail records
Chapter 25. Obtaining Expert Funding in Indigent Cases
25.1. Justifying extraordinary expenses
25.2. Example language for an ex parte motion for expert funds
Chapter 26. Hash Values
26.1. Hash values
26.2. How hash values are used in digital forensics
Chapter 27. Metadata
27.1. The purpose of metadata
27.2. Common types of metadata
Chapter 28. Thumbnails and the Thumbnail Cache
28.1. Thumbnails and the thumbnail cache
28.2. How thumbnails and the thumbnail cache work
28.3. Thumbnails and the thumbnail cache as evidence
Chapter 29. Deleted Data
29.1. How data is stored on a hard drive
29.2. Deleted file recovery
29.3. Evidence of data destruction
Chapter 30. Computer Time Artifacts (MAC Times)
30.1. Computer file system time stamps
30.2. Fundamental Issues in forensic analysis of timeline
30.3. Created, modified, accessed
30.4. The bottom line
Chapter 31. Internet History (Web and Browser Caching)
31.1. What is web caching?
31.2. How Internet browser (web) caching works
31.3. Internet (web) caching as evidence
31.4. What if the Internet cache is cleared by the user?
Chapter 32. Windows Shortcut Files (Link Files)
32.1. The purpose of link files, how they are created, and how they work
32.2. How link files can be of evidentiary value
32.3. Link files as evidence
Chapter 33. Cellular System Evidence and Call Detail Records
33.1. An overview of the cellular phone system
33.2. How cell phones work
33.3. Call detail records
33.4. Call detail records as evidence of cell phone location
33.5. Enhanced 911 wireless location services
33.6. The E911 system overview
33.7. Emergency situations: Real-time cell phone tracking
Chapter 34. E-mail Evidence
34.1. E-mail as evidence
34.2. E-mail storage and access: Where is it?
34.3. Web mail
Chapter 35. Social Media
35.1. Common forms of social networking (social media)
35.2. Evidence out in the open
35.3. Convenience versus security
35.4. The allure of anonymity
35.5. Social media as evidence
35.6. Getting information from online services
Chapter 36. Peer-to-Peer Networks and File Sharing
36.1. What is peer-to-peer file sharing?
36.2. How it works
36.3. Privacy and security issues with peer-to-peer file sharing
36.4. Peer-to-peer network evidence
Chapter 37. Cell Phones
37.1. The fragile nature of cellular evidence
37.2. Forensic acquisition methods for cellular phones
37.3. Subscriber identity module (SIM) cards
37.4. Cell phone backup files
37.5. Advanced cell phone data analytics
37.6. The future of cell phone forensics
Chapter 38. Video and Photo Evidence
38.1. The most critical steps in the forensic examination of video and photo evidence
38.2. Using video and photo evidence in cases
Chapter 39. Databases
39.1. Databases in everyday life
39.2. What is a database?
39.3. Database files as evidence
39.4. Database recovery
39.5. Data as evidence
Chapter 40. Accounting Systems and Financial Software
40.1. Accounting and money management programs
40.2. Personal money management software
40.3. Business accounting software
40.4. Getting the evidence
40.5. Types of evidence from financial software
40.6. Batch files as evidence
40.7. Other sources of financial evidence
Chapter 41. Multiplayer Online Games
41.1. The culture of Massively Multiplayer Online Role Playing Games (MMORPGs)
41.2. MMORPG data as evidence
Chapter 42. Global Positioning Systems
42.1. An overview of global positioning systems
42.2. An overview of the NAVSTAR Global Positioning System
42.3. How GPS works
42.4. Types of GPS evidence
42.5. Collection of evidence from GPS devices
42.6. Interpretation of GPS evidence
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover image
Next
Next Chapter
Front-matter
Table of Contents
Cover image
Front-matter
Copyright
Preface
Dedication
About the Authors
About the Tech Editors
Chapter 1. Digital Evidence Is Everywhere
1.1. What is digital forensics?
1.2. What is digital evidence?
1.3. How digital evidence is created and stored
Chapter 2. Overview of Digital Forensics
2.1. Digital forensics
2.2. A little computer history
2.3. A brief history of computer forensics
2.4. Computer forensics becomes digital forensics
Chapter 3. Digital Forensics
3.1. The subdisciplines
3.2. Computer forensics
Chapter 4. The Foundations of Digital Forensics
4.1. Who establishes best practices?
4.2. Who should be following best practices?
4.3. Summary of best practices
4.4. What really happens in many cases
Chapter 5. Overview of Digital Forensics Tools
5.1. What makes a tool forensically sound?
5.2. Who performs tool testing?
5.3. Computer forensics tools: An overview
5.4. Classes of forensics tools
5.5. Mobile device forensics tools
Chapter 6. Digital Forensics at Work in the Legal System
6.1. Mitigation
6.2. Pre-trial motions
6.3. Trial preparation
6.4. Example trial questions
6.5. Trial phase
Chapter 7. Why Do I Need an Expert?
7.1. Why hire a digital forensics expert?
7.2. When to hire a digital forensics expert
Chapter 8. The Difference between Computer Experts and Digital Forensics Experts
8.1. The computer expert
8.2. The digital forensics expert
8.3. A side-by-side comparison
8.4. Investigation of digital evidence
Chapter 9. Selecting a Digital Forensics Expert
9.1. What is an expert?
9.2. Locating and selecting an expert
9.3. Certifications
9.4. Training, education, and experience
9.5. The right forensic tools
Chapter 10. What to Expect from an Expert
10.1. General expectations
10.2. Where to begin?
10.3. The examination
10.4. Court preparation
10.5. Expert advice
Chapter 11. Approaches by Different Types of Examiners
11.1. Standards
11.2. Training and experience
11.3. Impact on examinations
11.4. Ethics
11.5. The approach to an examination
Chapter 12. Spotting a Problem Expert
12.1. Beyond the window dressings
Chapter 13. Qualifying an Expert in Court
13.1. Qualifying an expert
13.2. Qualifying experts in court
Chapter 14. Overview of Digital Evidence Discovery
14.1. Discovery motions in civil and criminal cases
Chapter 15. Discovery of Digital Evidence in Criminal Cases
15.1. Sources of digital evidence
15.2. Building the motion
Chapter 16. Discovery of Digital Evidence in Civil Cases
16.1. Rules governing civil discovery
16.2. Electronic discovery in particular
16.3. Time is of the essence
16.4. Getting to the particulars
16.5. Getting the electronic evidence
Chapter 17. Discovery of Computers and Storage Media
17.1. An example of a simple consent to search agreement
17.2. Example of a simple order for expedited discovery
17.3. Example of an order for expedited discovery and temporary restraining order
Chapter 18. Discovery of Video Evidence
18.1. Common issues with video evidence
18.2. Collecting video evidence
18.3. Example discovery language for video evidence
Chapter 19. Discovery of Audio Evidence
19.1. Common issues with audio evidence
19.2. Example discovery language for audio evidence
Chapter 20. Discovery of Social Media Evidence
20.1. Legal issues in social media discovery
20.2. Finding custodian of records contact information
20.3. Facebook example
20.4. Google information
20.5. Online e-mail accounts
Chapter 21. Discovery in Child Pornography Cases
21.1. The Adam Walsh Child Protection and Safety Act of 2006
21.2. The discovery process
Chapter 22. Discovery of Internet Service Provider Records
22.1. Internet service provider records or IP addresses
22.2. Example language for web-based e-mail addresses
22.3. What to expect from an internet service provider (ISP) subpoena
Chapter 23. Discovery of Global Positioning System Evidence
23.1. GPS tracking evidence overview
23.2. Discovery of GPS evidence
Chapter 24. Discovery of Call Detail Records
24.1. Discovery issues in cellular evidence
24.2. Example language for call detail records
Chapter 25. Obtaining Expert Funding in Indigent Cases
25.1. Justifying extraordinary expenses
25.2. Example language for an ex parte motion for expert funds
Chapter 26. Hash Values
26.1. Hash values
26.2. How hash values are used in digital forensics
Chapter 27. Metadata
27.1. The purpose of metadata
27.2. Common types of metadata
Chapter 28. Thumbnails and the Thumbnail Cache
28.1. Thumbnails and the thumbnail cache
28.2. How thumbnails and the thumbnail cache work
28.3. Thumbnails and the thumbnail cache as evidence
Chapter 29. Deleted Data
29.1. How data is stored on a hard drive
29.2. Deleted file recovery
29.3. Evidence of data destruction
Chapter 30. Computer Time Artifacts (MAC Times)
30.1. Computer file system time stamps
30.2. Fundamental Issues in forensic analysis of timeline
30.3. Created, modified, accessed
30.4. The bottom line
Chapter 31. Internet History (Web and Browser Caching)
31.1. What is web caching?
31.2. How Internet browser (web) caching works
31.3. Internet (web) caching as evidence
31.4. What if the Internet cache is cleared by the user?
Chapter 32. Windows Shortcut Files (Link Files)
32.1. The purpose of link files, how they are created, and how they work
32.2. How link files can be of evidentiary value
32.3. Link files as evidence
Chapter 33. Cellular System Evidence and Call Detail Records
33.1. An overview of the cellular phone system
33.2. How cell phones work
33.3. Call detail records
33.4. Call detail records as evidence of cell phone location
33.5. Enhanced 911 wireless location services
33.6. The E911 system overview
33.7. Emergency situations: Real-time cell phone tracking
Chapter 34. E-mail Evidence
34.1. E-mail as evidence
34.2. E-mail storage and access: Where is it?
34.3. Web mail
Chapter 35. Social Media
35.1. Common forms of social networking (social media)
35.2. Evidence out in the open
35.3. Convenience versus security
35.4. The allure of anonymity
35.5. Social media as evidence
35.6. Getting information from online services
Chapter 36. Peer-to-Peer Networks and File Sharing
36.1. What is peer-to-peer file sharing?
36.2. How it works
36.3. Privacy and security issues with peer-to-peer file sharing
36.4. Peer-to-peer network evidence
Chapter 37. Cell Phones
37.1. The fragile nature of cellular evidence
37.2. Forensic acquisition methods for cellular phones
37.3. Subscriber identity module (SIM) cards
37.4. Cell phone backup files
37.5. Advanced cell phone data analytics
37.6. The future of cell phone forensics
Chapter 38. Video and Photo Evidence
38.1. The most critical steps in the forensic examination of video and photo evidence
38.2. Using video and photo evidence in cases
Chapter 39. Databases
39.1. Databases in everyday life
39.2. What is a database?
39.3. Database files as evidence
39.4. Database recovery
39.5. Data as evidence
Chapter 40. Accounting Systems and Financial Software
40.1. Accounting and money management programs
40.2. Personal money management software
40.3. Business accounting software
40.4. Getting the evidence
40.5. Types of evidence from financial software
40.6. Batch files as evidence
40.7. Other sources of financial evidence
Chapter 41. Multiplayer Online Games
41.1. The culture of Massively Multiplayer Online Role Playing Games (MMORPGs)
41.2. MMORPG data as evidence
Chapter 42. Global Positioning Systems
42.1. An overview of global positioning systems
42.2. An overview of the NAVSTAR Global Positioning System
42.3. How GPS works
42.4. Types of GPS evidence
42.5. Collection of evidence from GPS devices
42.6. Interpretation of GPS evidence
Index
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset