InfoSec Reviews – Digital Evidence and Computer Crime, 3rd Edition

Book Title: Digital Evidence and Computer Crime, 3rd Edition

Subtitle: Forensic Science, Computers and the Internet

Author: Eoghan Casey

Publisher: Elsevier

Date of Publishing: 2011

ISBN(13): 9780123742681

Price (UK&US price – full price, not discounted price): £42.99,   $69.95

URL of Publisher Site: Elsevier

URL of Amazon UK web page: Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet

URL of Amazon US web page:

Digital Evidence and Computer Crime is nearly 800 pages long and structured into five parts: 1. Digital Forensics2. Digital Investigations3. Apprehending Offenders4. Computers 5. Network Forensics.Part 1, Digital forensics, covers some basic principles of language, courtroom evidence and cybercrime law. This is very much based on the American perspective, with many examples of cases from the USA, with an entire chapter dedicated to American cybercrime law. That being said, however, European law is covered in a more general way in its own chapter. For a worldwide audience, as local law is specific to the local area, it may have been better to put the American and European law study into a single shorter chapter, summarizing these areas of cybercrime law for consideration by investigators. This aim is achieved in the third chapter, which covers presentation of evidence for court covering different judicial systems and contains a good section on the reliability of digital evidence.The second part, covering Digital Investigations, starts with descriptions of processes and scientific methods, which I found a bit dull. However, the crime scene chapter provides a sound basis for dealing with this crucial area, with particularly good use of practitioner tips. This section ends with chapters on theoretical analysis of evidence and the psychology of offending, neither which I feel are of much relevance to the core subject and better covered by other specialist publications.The next part of the book concerns Apprehending Offenders. Whilst this is relevant to law enforcement, the details are a bit superficial to be of great value to an experienced investigator. Because of this, it may be of more use to people new to the investigation of crime and of some use for non-law-enforcement forensic investigators. An exception is the chapter on computer intrusions, which jumps into reasonable technical detail on volatile data, a subject that will be of interest to all digital forensic investigators.Part 4, Computers, is the most valuable section in the entire book, starting with a decent attempt at explaining how computers work and store data, leading to more complex and relevant descriptions in the subsequent section on file data. There is good baseline knowledge provided on forensic science and sections covering various operating systems. There is also a chapter on mobile devices, which is only available as PDF download. It is a good section, but there is no explanation as to why it is not included within the book! I suspect that the author feels this is a rapidly changing area and that the section could be updated later, though this is not stated and no update is promised.The final part of the book is on Network Forensics, providing a reasonable explanation of the subject. As this is a very technical subject, I feel the author has provided the correct level of detail in relation to the target audience for the book.I think this book is aimed at a very wide range of practitioners in the digital evidence field, possibly too wide a net to encompass in such a book. However, it does make a good effort and there is good value for all interested parties throughout the various sections.The flow of the book suffers from an inconsistent level of detail in some of the chapters, possibly due to different contributing authors for each part. This is illustrated in the basic level of some sections, contrasted with more complex technical detail in other chapters.Throughout the book there are a number of good case studies used to illustrate points, which enlivens the text. There are also details of legal cases from various legislative areas and examples of relevant situations that demonstrate the points being made. There are also a number of references to other literature and links to website URLs and tools available to assist the practitioner.

Whilst there are good descriptions of the various aspects of digital evidence regarding what can be obtained and the processes required to obtain the evidence, there is not very practical advice in terms of ‘how to do’ forensics. I wonder whom the author was seeking as his real target audience? I suspect he intended to appeal to a wide range of people interested in computer crime, and the book does have a ‘something for everybody’ approach. This could be a criticism in attempting to cover such a wide range of topics where a more intensive approach to some areas may have been more beneficial for the experienced forensic examiner.

This book gives a good presentation of taking a scientific approach to the subject of digital forensic investigation and the importance of applying reliable processes to the production of digital evidence. I recommend this book as a general reference to those interested in the area of digital forensics and computer crime and as a good starter for anyone seeking to become involved as a digital forensic examiner.

Marks: 4 out of 5