Fills the need of the growing number of IT and law enforcement professionals looking for information on digital forensics
SECTION I: Computer Related Crime Investigations and Computer
Forensics Management Support.
This section provides a background to computer crime and addresses
the Computer Forensics management issues related to Computer
Forensic Incidents and Crime Investigations. It looks at how
investigations are carried out, what needs to be considered in the
planning of an investigation and the conduct of the investigation
including the collection and storage of evidence. The section
finishes with a number of case studies to highlight how things can
go well if they are done properly and how they can go wrong if they
are not.
Chapter 1. A Short History of Computer-Related Crimes and the
Developing Need for Computer Forensics. This chapter will provide
an overview of computer-related crimes from the less sophisticated
and localized dial-up computer crimes to today's sophisticated,
global, network attacks; as well as the history of the development
of the computer forensics profession and increasingly formal
computer forensics laboratories.
Chapter 2. An Introduction to Computer Forensics. This chapter
provides an overview of the important concepts associated with
"computer forensics." It describes the potential sources of
evidence available in the typical microcomputer, how to conduct a
search for evidence, and a method of conducting a search in a
systematic and effective manner.
Chapter 3. Types of Forensic Investigation. This chapter will
include the reasons for carrying out the investigation and the type
of investigation that is being undertaken, for example single
computer, network or mobile devices.
Chapter 4. Responding to Crimes requiring Computer Forensic
Investigation. This chapter will talk about what actions are
required, the management considerations and just as importantly,
what should not be done when responding to a high tech crime scene.
It will deal with the differing requirements that must be
considered for the range of types of investigation that the
laboratory may be called on to take part in including; stand alone
PCs, Servers, Networks, Live Acquisition and wireless and will
discuss the management issues that relate to the use of function
specific tools.
Chapter 5. Management of the Collections of Evidence. As the title
states, this chapter will talk about the management issues that
relate to the collection of high technology crime scene evidence, a
crucial part of any high technology investigation. It will also
deal with issues such as continuity of evidence in of custody.
Chapter 6. Management of evidence storage. This chapter will
address the issues that relate to the storage of evidence and the
management issues that need to be considered to ensure that it is
carried out effectively and to meet the relevant rules and
legislation. We will also address the difficult question of long
term storage periods, a particular problem for Law Enforcement.
Chapter 7. High Technology Crimes: Case Summaries. This chapter
gives a range of cases that illustrate the types of incidents that
may be encountered under the general grouping of high technology
crimes. There are examples of cases that have been successful and
other examples that highlight that a lack of good procedures can
lead to considerable expense, loss of credibility and
embarrassment. This chapter will also address the specific roles
that the computer forensics laboratory and staff play in each of
the cases cited.
SECTION II: Creating a Computer Forensics Laboratory.
This Section will provide a background explanation of Computer
Forensics and address management issues related to the creation of
a laboratory and a computer forensic investigations laboratory. The
section will include an introduction to computer forensics and the
types of investigation that may be encountered and will give advice
on things that need to be considered when establishing a
laboratory. The section will give advice on how to develop a
workable business plan and an insight into where to locate the lab
and how big it should be. The section also deals with the vitally
important issue of quality assurance so that the efforts and risks
taken are not wasted and the organisation gains and maintains a
good reputation. Finally the section looks at staff selection,
training and support and the regulations, standards and legislation
that will need to be complied with if the lab is to be credible and
successful.
Chapter 8. Establishing and Managing a Computer Forensics
Laboratory. The chapter will provide the reader with a discussion
of the "basic how-to" of establishing and managing a computer
forensics laboratory based on real-world experience.
NOTE: It's based on the authors' many years of hands-on, real-world
experiences in conducting computer-related crime investigations and
establishing and managing computer forensics laboratories. It is
not a theoretical discussion as has been the case by some
inexperienced authors who have never conducted computer-related
investigations nor established and managed computer forensics
laboratories.
Chapter 9. Scoping the requirement for the Laboratory. This chapter
will draw upon the experience of the authors to provide guidance on
how to scope out the requirement for the laboratory. This will
include guidance on the potential throughput and the number of
staff and the quantity and type of equipment that will be required
to satisfy the anticipated workload. This chapter will also discuss
how to identify computer forensics laboratory requirements and
establishing the required budget to support the development of the
laboratory.
Chapter 10. Developing the Business Plan. This chapter will cover
the development of the business plan for the creation and running
of the computer forensics laboratory.
Chapter 11. The location and size of the Laboratory. This chapter
will address a range of issues that must be considered when
deciding on the location of the laboratory. This will include the
location of the laboratory in terms of the geographic location, the
location with regard to the owning organisation and the location of
the laboratory within a building.
Chapter 12. Selecting the staff. This chapter will discuss a range
of the issues that are related to the selection of the right staff
for the laboratory. The chapter will include assessment of the
suitability of staff, their qualifications and experience, their
references and, if required their background checks and security
vetting. The chapter will also deal with the requirement for the
provision of support for staff including counseling and psychiatric
assessment.
Chapter 13. Training. This chapter will address the requirement for
staff training and the achieving the balance between enough
training to create and maintain an effective laboratory and
excessive training, which is likely to cause unnecessary costs and
to leave the organisation vulnerable to poaching of staff by rival
companies or organisations. It will also address a strategy for the
development of specialist areas within the teams. Specific entities
will be addressed where staff members can get the needed training
both online and through a number of identified lectures and
conferences; as well as a sample staff training needs
identification and project plan to address deficiencies and
maintain currency in all aspects of the profession of computer
forensics laboratory specialist.
Chapter 14. Quality Assurance. This chapter will address the
vitally important issue of Quality Assurance and will describe when
it should be carried out, who should do it and to what
standards.
Chapter 15. Legislation, Regulation and Standards. This chapter
will look at a range of the International, national and local
legislation and regulations that must be addressed if the
Laboratory is to fulfill its role and be credible and efficient.
The chapter will also look at issues such as Data protection and
Human rights laws and the impact that this may have on the
resources and methods used to carry out investigations.
SECTION III: Managing a Computer Forensics Laboratory and
Computer-Related Crime Investigative Support
This Section gives an overview of the management issues related to
a computer forensics laboratory and the investigations profession.
The section looks at the roles within the laboratory and why and
how to develop credible plans for the Laboratory at all levels. It
also examines a number of methods for the measurement of the
effectiveness of the laboratory -- figures that will be vital in
workload management and supporting the plans that are put forward.
The section also looks at the wider issues of information sharing
and sources of valuable information that can enhance the capability
of the laboratory.
Chapter 16. Understanding the Role of the Computer Forensic
Laboratory Manager. The objective of this chapter is to describe
and discuss the major functions of the Computer Forensics
laboratory Manager that need to be carried out and a description of
the flow processes that can be used to establish the baseline in
performing the computer forensics laboratory functions.
Chapter 17. The Computer Forensics Laboratory Strategic, Tactical,
and Annual Plans. The objective of this chapter is to establish the
plans for the Computer Forensics Laboratory that provide the
subsets of the parent organization's Strategic, Tactical, and
Annual Plans. These plans will set the direction for the
organization's high technology anti-crime program while integrating
the plans into organization's plans, thus indicating that the high
technology anti-crime program is an integral part of the
organisation.
Chapter 18 Sources of information, Networking and Liaison. The
objective of this chapter is to identify, describe and discuss a
range of information sources of various types, joining and
establishing networks with your peers, and liaison with outside
agencies.
Chapter 19. Computer Forensics Investigation Laboratory Metrics
Management System. The objective of this chapter is to outline and
discuss the identification, development and use of suitable metrics
to assist in managing a high technology crime investigations
laboratory and high technology crime prevention program. The
chapter will look at a number of initiatives such as those at the
National E Crime Prevention Centre and the UK Met Police/ ACPO
initiative and the Internet Watch Foundation that have been
undertaken around the world, but specifically in the USA, Europe
and Australia.
Chapter 20. Workload Management and the Outsourcing option. Having
the right level of resources to meet the demands that will be put
on the Laboratory not always be achievable, but should be planned
for. Outsourcing is a management tool that can help in balancing
the workload and can also help to save money. This chapter will
look at the possibilities of outsourcing this function and a
process that can be used to make that determination.
SECTION IV: Future Computer Forensic Investigation Challenges.
This Section looks at the challenges in computer forensic
investigations and their management that are expected to affect the
people involved in the future. The section looks at the needs of
the staff for a career path in the relevant disciplines and also
looks at the changing importance of computer forensics in the
criminal justice system and the technological developments that are
likely to affect our ability to support investigations. The section
finishes with some final thoughts by the authors.
Chapter 21. Developing a Career in Computer Forensics Management.
The objective of this chapter is to provide the computer forensic
investigator with a career development plan outline that can be
used in developing a career as a computer forensic laboratory
manager.
Chapter 22. The Future of Computer Forensics, its supporting
laboratory needs and its role in crime investigations. This chapter
looks at the effect that changes in the technologies and the ways
in which they are used will affect computer forensics and the role
that this plays in an increasing range of criminal investigations.
As computing devices become more ubiquitous, so the range of crimes
that will potentially involve computers will increase. This chapter
will look at the implications of these changes and give advice on
the issues that will need to be considered,
Chapter 23. The Future of Computer Forensics in the Criminal
Justice Systems. This chapter takes a look at the role of computer
forensics and its laboratory in the criminal justice system and the
issues that will arise as technologies and crime change and
legislation is modified to keep pace.
Chapter 24. A Summary of Thoughts, Issues and Problems. This
chapter discusses what might happen in a dynamic organisation that
drastically changes the computer forensics laboratory, the crime
prevention program and the laboratory manager's role.
Chapter 25. Conclusions. This chapter will summarize the book and
provide a few final thoughts and pieces of advice from the
authors.
Appendices: This will include Computer Forensics related references
and bibliography; and biographies of the authors.
Dr. Andrew Jones is a digital forensic and information security
researcher and academic and has developed several tools and
processes for the efficient and effective recovery of data from a
range of devices. He has also participated and led a number of
forensic investigations for criminal and civil cases.
Andrew has been involved in several information security projects
for the Government Communications Electronic Security Group (CESG),
the Office of the E-Envoy, the police and a defense contractor. He
acted as the technical advisor for the then National Crime Squad
Data Acquisition and Recovery Team and he is currently on the
committees for five information security and computer forensic
conferences. He also sat on two working groups of the governments
Central Sponsor for Information Assurance National Information
Assurance Forum. He holds posts as an adjunct professor at Edith
Cowan University in Perth, Australia and the University of South
Australia in Adelaide.
He has authored six books in the areas of Information Warfare,
Information Security and Digital Forensics, including co-authoring
Digital Forensics Processing and Procedures, First Edition.
"This book is designed to get at the heart of the matter." --Dave Kleiman, computer forensics expert and security software developer
Ask a Question About this Product More... |