Synopses & Reviews
Forensic computing is becoming of primary importance as computers increasingly figure as sources of evidence in all sorts of criminal investigations. However, in order for such evidence to be legally useful, it is vital that it be collected and processed according to rigorous principles. In the second edition of this very successful book, Tony Sammes and Brian Jenkinson show how information held in computer systems can be recovered when it has been hidden or subverted by criminals, and give the reader the means to insure that it is accepted as admissible evidence in court. Updated to fall in line with ACPO 2003 guidelines, "Forensic Computing: A Practitioner's Guide" is illustrated with plenty of case studies and worked examples, and will help practitioners and students gain a clear understanding in: * The principles involved in password protection and data encryption * The evaluation procedures used in circumventing a system's internal security safeguards * Full search and seizure protocols for experts and police officers. The new volume not only discusses the new file system technologies brought in by Windows XP and 2000 but now also considers modern fast drives, new encryption technologies, the practicalities of "live" analysis, and the problems inherent in examining personal organisers. Tony Sammes is Professor of Forensic Computing at Cranfield University and the Director of the Centre for Forensic Computing based at the Defence Academy in Shrivenham. His department has been more or less solely responsible for training and educating senior law enforcement officers in the UK in the art of forensic computing. His testimony as an expert witness has been called in a variety of cases, some of national importance. Brian Jenkinson is a retired Detective Inspector, formally Head of the Cambridgeshire Constabulary Fraud Squad. He is now an independent Forensic Computer Consultant and is also closely involved in teaching to both law enforcement and commercial practitioners. He was appointed Visiting Professor for Forensic Computing in 2002 at Cranfield University and the Defence Academy.
Review
From the reviews of the second edition: "This book was the product of an 'arms race'. ... It is now listed as the standard text around which all the Forensic Computing courses at Cranfield and some other universities are based. ... It is filled with good practical advice and is especially good on interpreting partition tables. ... All in all this is a useful ... guide to the discipline. ... Truly the forensic computing expert is living in interesting times." (Alikelman, June, 2009)
Synopsis
The second edition of this successful book shows how the contents of computer systems can be recovered for criminal evidence, even when hidden or subverted. Coverage includes Windows XP/2000 file systems, fast drives, new encryption technologies, and personal organisers.
Synopsis
In the second edition of this very successful book, Tony Sammes and Brian Jenkinson show how the contents of computer systems can be recovered, even when hidden or subverted by criminals. Equally important, they demonstrate how to insure that computer evidence is admissible in court. Updated to meet ACPO 2003 guidelines, Forensic Computing: A Practitioner's Guide offers: methods for recovering evidence information from computer systems; principles of password protection and data encryption; evaluation procedures used in circumventing a system's internal security safeguards, and full search and seizure protocols for experts and police officers.
About the Author
Until 1984, Professor A. J. Sammes was a serving British Army Officer with the rank of Colonel, late of the Royal Corps of Signals. His present appointment is Professor of Computing Science, in the Faculty of Military Science, Technology and Management at the Defense Academy, Cranfield University, Shrivenham. His formal qualifications include a Bachelor of Science in Electrical Engineering, a Master of Philosophy in Computer Science and a Doctor of Philosophy in Computer Science, all degrees having been awarded by the University of London. He is also a Fellow of the British Computer Society and a Chartered Engineer. His department has been more or less solely responsible for training senior police officers in the UK in the art of forensic computing. His testimony as an expert witness has been called in countless cases, of some of great national importance.
Table of Contents
Forensic Computing Understanding Information IT Systems Concepts PC Hardware and Inside The Box Disk Geometry The New Technology File System The Treatment of PCs The Treatment of Electronic Organisers Looking Ahead (Just a little bit more) Appendices: Common Character Codes; Some Common File Format Signatures; A Typical Set of POST codes; Typical BIOS Beep Codes and Error Messages; Disk Partition Table Types; Ezxtended Partitions; Registers and Order Code for the INtel 8086; NFTS Boot Sector and BIOS Parameter Block; MFT Header and Attribute Maps; The Relationship Between CHS and LBA Addressing; Alternate Data Streams - a Brief Explanation