Computer forensics

Abstract: In Mechanisms, Matthew Kirschenbaum examines new media and electronic writing against the textual and technological primitives that govern writing, inscription, and textual transmission in all media: erasure, variability, repeatability, and survivability. Mechanisms is the first book in its field to devote significant attention to storage--the hard drive in particular--arguing that understanding the affordances of storage devices is essential to understanding new media. Drawing a distinction between "forensic materiality" and "formal materiality," Kirschenbaum uses applied computer forensics techniques in his study of new media works. Just as the humanities discipline of textual studies examines books as physical objects and traces different variants of texts, computer forensics encourage us to perceive new media in terms of specific versions, platforms, systems, and devices. Kirschenbaum demonstrates these techniques in media-specific readings of three landmark works of new media and electronic literature, all from the formative era of personal computing: the interactive fiction game Mystery House, Michael Joyce's Afternoon: A Story, and William Gibson's electronic poem "Agrippa." Drawing on newly available archival resources for these works, Kirschenbaum uses a hex editor and disk image of Mystery House to conduct a "forensic walkthrough" to explore critical reading strategies linked to technical praxis; examines the multiple versions and revisions of Afternoon in order to address the diachronic dimension of electronic textuality; and documents the volatile publication and transmission history of "Agrippa" as an illustration of the social aspect of transmission and preservation.

Abstract: From the Publisher: Digital evidence—evidence that is stored on or transmitted by computers—can play a major role in a wide range of crimes, including homicide, rape, abduction, child abuse, solicitation of minors, child pornography, stalking, harassment, fraud, theft, drug trafficking, computer intrusions, espionage, and terrorism. Though an increasing number of criminals are using computers and computer networks, few investigators are well-versed in the evidentiary, technical, and legal issues related to digital evidence. As a result, digital evidence is often overlooked, collected incorrectly, and analyzed ineffectively. The aim of this hands-on resource is to educate students and professionals in the law enforcement, forensic science, computer security, and legal communities about digital evidence and computer crime. This work explains how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence. As well as gaining a practical understanding of how computers and networks function and how they can be used as evidence of a crime, readers will learn about relevant legal issues and will be introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations. The accompanying CD-ROM contains simulated cases that integrate many of the topics covered in the text, teaching individuals about: * Components of computer networks * Use of computer networks in an investigation * Abuse of computer networks * Privacy and security issues on computer networks * The law as it applies to computer networks "This is the right book for the times." —Lori Fenna, Chair, Electronic Frontier Foundation "I had the enjoyable task of reviewing the galley proofs for Eoghan Casey's fine introductory book: Digital Evidence and Computer Crime recently, and I highly recommend it for anybody who is just entering the field of digital forensics. This book has many fine features, including coverage of the basics of criminal investigation, legal issues in digital forensics, and of course, the technical information you need to get started in the field and understand what the experts are talking about. It covers the who, what, why, when, where, and how of digital evidence, addresses means, motive, and opportunity, and addresses the big picture issues very well. While I wouldn't take it on-scene, I think it is a valuable resource and well suited as a text for a first courses in digital forensics, or as a general reference for the field as it exists today. Regardless of whether your background is in the law, criminal investigation, or computers, this book is a useful resource. I was particularly enamored with the number of examples included in the book. These case studies and situational demonstrations bring the book to life and add meaning that you can't get from a dry academic book, regardless of its coverage of details. The notions of remembering the victim and their link to the crime, the descriptions of complexities associated with Internet crime and globalization, and the concepts of investigation and sleuthing help the reader understand the difference between investigation and academics. But Casey doesn't stop there. He goes on to include an extensive glossary, excellent citations, a useful index, sample printouts, URLs of well known sites, and a multimedia supplement (which was not available at the time of my review). All told, this book does a fine job of introducing the area and provides a useful resource for the active practitioner." —Fred Cohen, Sandia National Laboratories, Livermore, California, U.S.A. "This book addresses a diverse audience: law enforcement people who collect evidence, forensics scientists who perform analyses, lawyers who provide legal counsel, and technical people such as computer security professionals, programmers, and system administrators who can be called upon to produce digital evidence. Digital Evidence gives an introduction to concepts from computer science (computer architecture, protocols, applications), forensics science (recovering, reconstructing and analyzing evidence), and behavioral analysis (modus operandi, motivation, what makes an offender choose a specific victim or target). For those who wish to know more, the book gives references to specialized literature and on-line resources. The sections on legal issues are a bit U.S.-specific, but can still be of interest to non-U.S. readers. To the investigator, the book gives a flavor of what it takes to examine a PC, MAC, NT or UNIX system, or to gather evidence at various layers of network protocols, including wireless networks. With computers, emphasis is on capturing disk information. With computer networks, emphasis is on the application layer: web, mail, news, and irc/icq. The book gives examples of common forgeries with email and usenet postings, and mentions IP spoofing without going into the technicalities. To the legal person, the book gives a flavor of the challenges that one has to face when gathering digital evidence. Especially with information retrieved across networks it can be difficult to prove that data is authentic. And as the email and usenet examples show, it is relatively easy to forge time stamp and/or address information, but the book also shows that it is relatively easy to be found out. Perhaps the most useful sections of the book are the ones with guidelines for how to perform specific investigations." —Wietse Venema, IBM T.J. Watson Research Center, U.S.A.