Forensic Computing

Front Cover
Springer Science & Business Media, Aug 18, 2007 - Computers - 470 pages

Forensic computing is becoming of primary importance as computers increasingly figure prominently as sources of evidence in all sorts of criminal investigations. However, in order for such evidence to be legally useful, it is vital that it be collected and processed according to rigorous principles.

In the second edition of this very successful book, Tony Sammes and Brian Jenkinson show how information held in computer systems can be recovered when it has been hidden or subverted by criminals, and how to insure that it is accepted as admissible evidence in court. Updated to fall in line with ACPO 2003 guidelines, "Forensic Computing: A Practitioner's Guide" is illustrated with plenty of case studies and worked examples, and will help practitioners and students gain a clear understanding in:

* Recovering information from computer systems that will acceptable as evidence
* The principles involved in password protection and data encryption
* The evaluation procedures used in circumventing a system’s internal security safeguards
* Full search and seizure protocols for experts and police officers.

The new volume not only discusses the new file system technologies brought in by Windows XP and 2000 but now also considers modern fast drives, new encryption technologies, the practicalities of "live" analysis, and the problems inherent in examining personal organisers.

Professor A. J. Sammes is Professor of Computing Science, in the Faculty of Military Science, Technology and Management at the Defense Academy, Shrivenham. His department has been more or less solely responsible for training senior police officers in the UK in the art of forensic computing. His testimony as an expert witness has been called in countless cases, some of great national importance.

Brian Jenkinson is a retired Detective Inspector, formally Head of the Cambridgeshire Constabulary Fraud Squad. He is now an independent Forensic Computer Consultant and is also closely involved in teaching to both law enforcement and commercial practitioners. He was appointed Visiting Professor for Forensic Computing in 2002 at Cranfield University and the Defence Academy.

 

What people are saying - Write a review

User Review - Flag as inappropriate

This book is the second addition written by and for practitioners in Computer Forensics and it is an essential read for anyone who wishes to enter into the profession of Computer Forensics. I had the honor of attending the Computer Forensics Course at Cranfield University where this book was provided as part of the foundation course. The authors Prof Tony Sammes and Brian Jenkinson wrote and conducted the course together with Geoff Fellows. These three professional Forensics specialist did not simply write this book as an academic exercise but instead provided essential guidelines direct from their own experiences. Brian Jenkinson is a former police detective who together with Prof Tony Sammes began developing what we now call Computer Forensics in the early 1960's. They pioneered the techniques and practices that we know and rely on in today's forensic world. The courses that they conduct in Cranfield University provide the center of excellence in Computer Forensics. The book is packed with technical details and instructions that all serious practitioners can follow and rely on. Not the easiest of reads that's true but in effect the bible of modern Computer Forensics and highly recommended. 

Selected pages

Contents

1
1
2
7
3
49
4
75
5
103
6
215
7
277
8
301
9
327
Appendices
351
Copyright

Other editions - View all

Common terms and phrases

Popular passages

Page 8 - In such a system, each data element is implemented using some physical device that can be in one of two stable states: in a memory chip, for example, a transistor switch may be on or off; in a communications line, a pulse may be present or absent at a particular place and at a particular time; on a magnetic disk, a magnetic domain may be magnetized to one polarity or to the other; and, on a compact disc, a pit may be present or not at a particular place.
Page 13 - The 6 bits of the word store the exponent without any sign. The reason for not having the place for storage of the sign of exponent is that the exponent...

About the author (2007)

Until 1984, Professor A. J. Sammes was a serving British Army Officer with the rank of Colonel, late of the Royal Corps of Signals. His present appointment is Professor of Computing Science, in the Faculty of Military Science, Technology and Management at the Defense Academy, Cranfield University, Shrivenham.

His formal qualifications include a Bachelor of Science in Electrical Engineering, a Master of Philosophy in Computer Science and a Doctor of Philosophy in Computer Science, all degrees having been awarded by the University of London. He is also a Fellow of the British Computer Society and a Chartered Engineer.

His department has been more or less solely responsible for training senior police officers in the UK in the art of forensic computing. His testimony as an expert witness has been called in countless cases, of some of great national importance.