eBook - ePub
Digital Forensics
André Årnes, André Årnes
This is a test
Share book
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Digital Forensics
André Årnes, André Årnes
Book details
Book preview
Table of contents
Citations
About This Book
The definitive text for students of digital forensics, as well as professionals looking to deepen their understanding of an increasingly critical field
Written by faculty members and associates of the world-renowned Norwegian Information Security Laboratory (NisLab) at the Norwegian University of Science and Technology (NTNU), this textbook takes a scientific approach to digital forensics ideally suited for university courses in digital forensics and information security. Each chapter was written by an accomplished expert in his or her field, many of them with extensive experience in law enforcement and industry. The author team comprises experts in digital forensics, cybercrime law, information security and related areas.
Digital forensics is a key competency in meeting the growing risks of cybercrime, as well as for criminal investigation generally. Considering the astonishing pace at which new information technology – and new ways of exploiting information technology – is brought on line, researchers and practitioners regularly face new technical challenges, forcing them to continuously upgrade their investigatory skills. Designed to prepare the next generation to rise to those challenges, the material contained in Digital Forensics has been tested and refined by use in both graduate and undergraduate programs and subjected to formal evaluations for more than ten years.
- Encompasses all aspects of the field, including methodological, scientific, technical and legal matters
- Based on the latest research, it provides novel insights for students, including an informed look at the future of digital forensics
- Includes test questions from actual exam sets, multiple choice questions suitable for online use and numerous visuals, illustrations and case example images
- Features real-word examples and scenarios, including court cases and technical problems, as well as a rich library of academic references and references to online media
Digital Forensics is an excellent introductory text for programs in computer science and computer engineering and for master degree programs in military and police education. It is also a valuable reference for legal practitioners, police officers, investigators, and forensic practitioners seeking to gain a deeper understanding of digital forensics and cybercrime.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Digital Forensics an online PDF/ePUB?
Yes, you can access Digital Forensics by André Årnes, André Årnes in PDF and/or ePUB format, as well as other popular books in Medicina & Medicina forense. We have over one million books available in our catalogue for you to explore.
Information
1
Introduction
André Årnes
Testimon Forensic Laboratory, Norwegian University of Science and Technology (NTNU), Gjøvik, Norway; and Telenor Group, Oslo, Norway
The world is becoming increasingly interconnected. We find connected devices in virtually every home, and computer networks are the nervous systems of corporate and government organizations everywhere. According to Internet Live Stats (2016), there are almost 3.5 billion Internet users in the world as of August 2016, covering close to 50% of the world's population. The Internet is, however, a network of networks consisting of competing and concurrent technologies with users from different organizations and countries. Unfortunately for the investigator, the Internet was designed for robustness and redundancy, rather than security and traceability. This increases the complexity and uncertainty of digital investigations and represents a formidable challenge for digital forensics practitioners.
Digital forensics is becoming increasingly important with the escalation of cybercrime and other network-related serious crimes. Understanding the laws and regulations governing electronic communications, cybercrimes, and data retention requires the continuous acquisition of new knowledge, methods, and tools. Digital evidence is everywhere and plays an important role in virtually any criminal investigation, from petty crimes to cybercrime, organized crime, and terrorism. It is therefore critically important that students of computer science and security acquire a fundamental understanding of digital forensics, in order to take part in the public debate and to act as experts in a legal context.
1.1 Forensic Science
Forensic science is a branch of science that is widely popularized in fiction and in contemporary media, ranging from Sir Arthur Conan Doyle's first Sherlock Holmes novel A Study in Scarlet published in 1887 to today's CSI and similar crime shows. It is commonly understood that forensic science is both highly inquisitive, requiring a creative mindset, and formalistic, requiring a strict adherence to established processes. An authoritative textbook in the field, Criminalistics (Saferstein, 2007), states that “forensic science in its broadest definition is the application of science to law.” The terms criminalistics and forensic science are used interchangeably, although criminalistics has a stronger flavor of the services of a crime laboratory. For the purpose of this book, we will only use the first term, as defined in Definition 1.1.
Definition 1.1: Forensic Science
The application of scientific methods to establish factual answers to legal problems.
A forensic scientist is responsible for the important task of establishing facts related to questions such as: what has happened, how did it happen, who has been involved, and when did it occur? To solve such problems, a forensic scientist draws on methods and tools from a wide range of theoretical and applied sciences, including biology, medicine, physics, geology, computer science, and electrical engineering. As it is often not possible to answer a problem with full certainty, a forensic scientist is also trained to apply statistics to express the results in terms of probabilities (for a comprehensive discussion, see Aitken & Taroni, 2004).
1.1.1 History of Forensic Science
Forensic science was established as a separate scientific domain during the 1800s and early 1900s. The contributions of this new area of science dramatically changed the effectiveness of law enforcement. A comprehensive overview of the contributions is available in Saferstein (2007), but some notable innovators and milestones are:
- Mathieu Orfila (1787–1853), considered the father of forensic toxicology, published the first scientific text on forensic toxicology in 1814.
- Alphonse Bertillon (1853–1914) developed a method for identification through body measurements and published a system on personal identification in 1879.
- Francis Galton (1822–1911) studied fingerprints as a means of identification and published the book Finger Prints in 1892.
- Hans Gross (1847–1915) established the principles for the application of science in investigations in several publications, the first one in 1893.
- Alberts S. Osborn (1858–1946) established scientific principles for document examination and published the book Questioned Documents in 1910.
- Leone Lattes (1887–1954) studied characteristics of blood types for identification and created a method for the analysis of blood groups in blood stains in 1915.
- Edmond Locard (1877–1966), recognized worldwide for promoting the scientific method in criminal investigation, established a police laboratory in Lyon in 1910.
1.1.2 Locard's Exchange Principle
Edmond Locard formulated the famous Locard's exchange principle, which has served as an important principle for subsequent research within forensic science. The principle states that “when a person or object comes in contact with another person or object, a cross-transfer of materials occurs” (Saferstein, 2007). In this way, every criminal can be connected to a crime through trace evidence. It should, however, be noted that the principle cannot necessarily be directly applied to digital forensics, as the dynamics of digital evidence is different from that of physical evidence. In this textbook, we will, nonetheless, adopt Definition 1.2.
Definition 1.2: Locard's Exchange Principle
Whenever two objects come into contact with one another, there is an exchange of materials between them.
1.1.3 Crime Reconstruction
Crime reconstruction (or crime scene reconstruction) is the process of determining the most likely hypothesis, or sequence of events, through the application of the scientific method. For the purpose of this textbook, we apply Definition 1.3, based on the book Crime Reconstruction by Chisum and Turvey (2008).
Definition 1.3: Crime Reconstruction
Crime reconstruction is the determination of the actions and events surrounding the commission of a crime.
A crime reconstruction can leverage a wide range of forensic methods, for example firearm ballistics tests, statistical simulations, and biological experiments. The objective is to establish a hypothesis about the event or sequence of events and then to test whether the hypothesis is possible or not. If the hypothesis is confirmed, then one possible explanation has been identified. If it is refuted, then the explanation is not possible and other hypotheses will have to be considered.
1.1.4 Investigations
An i...