A comprehensive and broad introduction to computer and intrusion forensics, this practical book helps you master the tools, techniques and underlying concepts you need to know, covering the areas of law enforcement, national security and the private sector. The book presents case studies from around the world, and treats key emerging areas such as stegoforensics, image identification, authorship categorization, link discovery and data mining. You also learn the principles and processes for effectively handling evidence from digital sources and law enforcement considerations in dealing with computer-related crimes, as well as how the effectiveness of computer forensics procedures may be influenced by organizational security policy. The book opens with a comprehensive introduction to computer and intrusion forensics and relates them to computer security in general and computer network security. It details the current practice of computer forensics and its role in combating computer crime, and examines the relationship between intrusion detection and intrusion forensics. What's more, the book explores the most important new areas for future research in computer forensics. This leading-edge resource is an indispensable reference for working professionals and post-graduate students alike.
Table Of Contents
Computer Crime, Computer Forensics and Computer Security -Introduction. Human behaviour in the electronic age. The nature of computer crime. Establishing a case in computer forensics. Legal considerations. Computer security and its relationship to computer forensics. Overview of the following chapters.; Current Practice -Introduction. Electronic Evidence. Forensic Tools. Emerging Procedures and Standards. Computer Crime Legislation and Computer Forensics. Networks and Intrusion Forensics.; Computer Forensics in Law Enforcement and National Security - The Origins and History of Computer Forensics. The Role of Computer Forensics in Law Enforcement. Principles of Evidence. Computer Forensics Model for Law Enforcement. Forensic Examination. Forensic Resources and Tools. Competencies and Certification. Computer Forensics and National Security.; Computer Forensics in Forensic Accounting - Auditing and fraud detection. Defining fraudulent activity. Technology and fraud detection. Fraud Detection Techniques. Visual analysis techniques. Building a fraud analysis model.; Case Studies - The Case of Little Nicky Scarfo. The Case of El Griton. Melissa. The World Trade Centre Bombing and Operation Oplan Bojinka. Other cases.; Intrusion Detection and Intrusion Forensics - Intrusion detection, computer forensics and information warfare. Intrusion Detection Systems. Analysing Computer Intrusions. Network Security. Intrusion Forensics . Future Directions for IDS and Intrusion Forensics.; Research Directions and Future Developments -Introduction. Forensic Data Mining - Finding Useful Patterns in Evidence. Text Categorization. Authorship Attribution: Identifying E-mail Authors. Association Rule Mining - Application to Investigative Profiling. Evidence Extraction, Link Analysis and Link Discovery. Stego-Forensic Analysis. Image Mining. Cryptography and Cryptanalysis. The Future - Society and Technology.;
Alison Anderson is senior lecturer on the Faculty of Information Technology and researcher in the Information Security Research Center at the Queensland University of Technology. She holds a Ph.D. in computer security from the Queensland University of Technology and an MIS in information technology from the University of Queensland, Brisbane.
Byron Collie is senior information security engineer for the Wells Fargo Services Company and was a Federal Agent with the Australian Federal Police for 16 years during which time he also worked with the Royal Australian Air Force Directorate of Information Warfare.
Olivier De Vel
Olivier de Vel is head of computer forensics at the Defence Science and Technology Organisation, Department of Defence, Australia. He holds a Ph.D. in electronic engineering from the Institut National Polytechnique de Grenoble (INPG), France, and an M.Sc. in physics from the University of Waikato, New Zealand.
Rod McKemmish is senior manager, forensics, at KPMG, and has worked as a computer forensic specialist in Australian Law Enforcement and the private sector for the past 11 and half years. He holds a B.Bus. degree in business administration from the Royal Melbourne Institute of Technology.
George Mohay is adjunct professor in the Information Security Research Center, Queensland University of Technology. He has done extensive research in the areas of computer security, computer forensics, concurrency, component technology and distributed systems. He holds a Ph.D. in theoretical chemistry from Monash University in Melbourne. He has published extensively.