Forensic computing is becoming of primary importance as computers increasingly figure as sources of evidence in all sorts of criminal investigations. However, in order for such evidence to be legally useful, it is vital that it be collected and processed according to rigorous principles. In the second edition of this very successful book, Tony Sammes and Brian Jenkinson show how information held in computer systems can be recovered when it has been hidden or subverted by criminals, and give the reader the means to insure that it is accepted as admissible evidence in court. Updated to fall in line with ACPO 2003 guidelines, "Forensic Computing: A Practitioner's Guide" is illustrated with plenty of case studies and worked examples, and will help practitioners and students gain a clear understanding in: * The principles involved in password protection and data encryption * The evaluation procedures used in circumventing a system's internal security safeguards * Full search and seizure protocols for experts and police officers. The new volume not only discusses the new file system technologies brought in by Windows XP and 2000 but now also considers modern fast drives, new encryption technologies, the practicalities of "live" analysis, and the problems inherent in examining personal organisers. Tony Sammes is Professor of Forensic Computing at Cranfield University and the Director of the Centre for Forensic Computing based at the Defence Academy in Shrivenham. His department has been more or less solely responsible for training and educating senior law enforcement officers in the UK in the art of forensic computing. His testimony as an expert witness has been called in a variety of cases, some of national importance. Brian Jenkinson is a retired Detective Inspector, formally Head of the Cambridgeshire Constabulary Fraud Squad. He is now an independent Forensic Computer Consultant and is also closely involved in teaching to both law enforcement and commercial practitioners. He was appointed Visiting Professor for Forensic Computing in 2002 at Cranfield University and the Defence Academy.
Formatted Contents Note
Forensic Computing Understanding Information IT Systems Concepts PC Hardware and Inside the Box Disk Geometry The New Technology File System The Treatment of PCs The Treatment of Electronic Organisers Looking ahead (just a little bit more) Appendices: Common Character Codes; Some Common File Format Signatures; A Typical Set of POST Codes; Typical BIOS Beep Codes and Error Messages; Disk Partition Table Types; Extended Partitions; Registers and Order Code for the INtel 8086; NFTS Boot Sector and BIOS Parameter Block; MFT Header and Attribute Maps; The Relationship between CHS and LBA Addressing; Alternate Data Streams - a Brief Explanation.
Digital File Characteristics
text file PDF
Springer Nature eBook
Available in Other Form
Printed edition: Printed edition: Printed edition: