What this book covers

Chapter 1, The Role of Digital Forensics and Its Environment, describes the digital forensics environment—an emerging discipline within the broader field of forensic science. It outlines the main digital forensics environments of criminal and civil law cases and describes the role of digital forensics practitioners.

Chapter 2, Hardware and Software Environments, presents the basic working of computer hardware, operating systems, and application software and describes the nature of recovered digital evidence. A basic introduction to filesystems and files commonly recovered during forensics examination is given as well as an insight into file encryption and password protection.

Chapter 3, The Nature and Special Properties of Digital Evidence, describes the special characteristics of digital evidence, including the nature of files, file metadata, and timestamps, which form an essential part in the reconstruction of suspected offences. The complex nature of digital evidence is introduced, and the expectations of the courts as to its admissibility in legal hearings is explained.

Chapter 4, Recovering and Preserving Digital Evidence, explains the importance of preserving digital evidence in accordance with legal conventions. It describes forensic recovery processes and tools used to acquire digital evidence without undue contamination under different forensic conditions.

Chapter 5, The Need for Enhanced Forensic Tools, emphasizes the redundancy of conventional forensic imaging and the indexing of increasingly larger datasets and introduces new forensic processes and tools to assist in sounder evidence recovery and better use of resources. The chapter introduces the disruptive technology now challenging established digital forensic responses and the overreliance on forensic specialists, who are themselves becoming swamped with heavier caseloads and larger, more disparate datasets.

Chapter 6, Selecting and Analyzing Digital Evidence, introduces the structure of digital forensic examinations of digital information through the iterative and interactive stages of selecting and analyzing digital evidence that may be used in legal proceedings. The chapter introduces the stages of digital evidence selection and analysis in line with acceptable forensic standards.

Chapter 7, Windows and Other Operating Systems as Sources of Evidence, provides you with an understanding of the complexity and nature of information processed on computers that assist forensic examinations. The chapter looks at the structure of typical Windows, Apple, and other operating systems to facilitate the recreation of key events relating to the presence of recovered digital evidence. It touches on malware attacks and the problems encountered with anti-forensics tactics used by transgressors.

Chapter 8, Examining Browsers, E-mails, Messaging Systems, and Mobile Phones, looks at Internet browsers, e-mail and messaging systems, mobile phone and other handheld devices, and the processes of locating and recovering digital evidence relating to records of personal communications such as e-mails, browsing records, and mobile phones. The value of extracting and examining communications between persons of interest stored on computer and mobile phones is described.

Chapter 9, Validating the Evidence, emphasizes the importance of validating digital evidence to ensure that as thorough as possible an examination of the evidence is undertaken to test its authenticity, relevance, and reliability. Some common pitfalls that diminish the admissibility of digital evidence, as well as the evidentiary weight or value of evidence, are discussed, as is the need for open-minded and unbiased testing and checking of evidence to be a routine matter. The presentation of digital evidence and the role of the forensic expert is outlined in the chapter.

Chapter 10, Empowering Practitioners and Other Stakeholders, provides a summary of the book and reflects on the changes presently occurring within the discipline. It offers some new processes and tools that enhance the work of practitioners and reduce the time spent on each case as well as untangling the complexity of analyzing large datasets.