Following on the success of his introductory text, "Digital Evidence and Computer Crime," Eoghan Casey brings together a few top experts to create the first detailed guide for professionals who are already familiar with digital evidence. The Handbook of Computer Crime Investigation helps readers master the forensic analysis of computer systems with a three-part approach covering tools, technology, and case studies.
The Tools section provides the details on leading software programs, with each chapter written by that product's creator. The section ends with an objective comparison of the strengths and limitations of each tool.
The main Technology section provides the technical "how to" information for collecting and analyzing digital evidence in common situations, starting with computers, moving on to networks, and culminating with embedded systems. The Case Examples section gives readers a sense of the technical, legal, and practical challenges that arise in real computer investigations.
The Tools section provides details of leading hardware and software
-
The main Technology section provides the technical "how to" information
-for collecting and analysing digital evidence in common situations
Case Examples give readers a sense of the technical, legal, and practical
-challenges that arise in real computer investigations

"Linux Malware Incident Response" is a "first look" at the "Malware Forensics Field Guide for Linux Systems," exhibiting the first steps in investigating Linux-based incidents. The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a "toolkit" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a lab.
Presented in a succinct outline format with cross-references to included supplemental components and appendicesCovers volatile data collection methodology as well as non-volatile data collection from a live Linux systemAddresses malware artifact discovery and extraction from a live Linux system

"Malware Forensics: Investigating and Analyzing Malicious Code" covers the emerging and evolving field of "live forensics," where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss "live forensics" on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system.
"Malware Forensics: Investigating and Analyzing Malicious Code" also devotes extensive coverage of the burgeoning forensic field of physical and process memory analysis on both Windows and Linux platforms. This book provides clear and concise guidance as to how to forensically capture and examine physical and process memory as a key investigative step in malicious code forensics.
Prior to this book, competing texts have described malicious code, accounted for its evolutionary history, and in some instances, dedicated a mere chapter or two to analyzing malicious code. Conversely, "Malware Forensics: Investigating and Analyzing Malicious Code" emphasizes the practical "how-to" aspect of malicious code investigation, giving deep coverage on the tools and techniques of conducting runtime behavioral malware analysis (such as file, registry, network and port monitoring) and static code analysis (such as file identification and profiling, strings discovery, armoring/packing detection, disassembling, debugging), and more.
* Winner of Best Book Bejtlich read in 2008
* http: //taosecurity.blogspot.com/2008/12/best-book-bejtlich-read-in-2008.html
* Authors have investigated and prosecuted federal malware cases, which allows them to provide unparalleled insight to the reader.
* First book to detail how to perform "live forensic" techniques on malicous code.
* In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter

Crime scenes associated with child sexual exploitation and trafficking in child pornography were once limited to physical locations such as school playgrounds, church vestibules, trusted neighbors' homes, camping trips and seedy darkly lit back rooms of adult bookstores. The explosion of Internet use has created a virtual hunting ground for sexual predators and has fueled a brisk, multi-billion dollar trade in the associated illicit material. Approximately half of the caseload in computer crimes units involves the computer assisted sexual exploitation of children. Despite the scale of this problem, or perhaps because of it, there are no published resources that bring together the complex mingling of disciplines and expertise required to put together a computer assisted child exploitation case.
This work fills this void, providing police, prosecutors and forensic examiners with the historical, legal, technical, and social background for the laws prohibiting child exploitation, in particular, child pornography. The book will become an indispensable resource for those involved in the investigation, prosecution and study of computer-assisted child sexual exploitation.
The book provides a history of child exploitation cases and studies, outlining the roles of technology in this type of crime and the evidence they can contain, and documenting new research performed by the authors. It details how successful undercover Internet operations are conducted, how the associated evidence is collected, and how to use the evidence to locate and apprehend the offender. The heart of this work is a legal section, detailing all of the legal issues that arise in Internet child exploitation cases. A forensic examination section presents evidentiary issues from a technical perspective and describes how to conduct a forensic examination of digital evidence gathered in the investigative and probative stages of a child exploitation case.
Citations to related documents are provided for readers who want to learn more about certain issues. Actual case examples from computer assisted child exploitation cases are explored, at all times protecting the privacy of the victims while providing enough detail to educate the reader.
In addition to providing guidance on the technical and legal aspects of child exploitation investigations, this work identifies and analyzes trends in this type of crime and helps readers understand the similarities and differences between child predators who take to the Internet and predators who do not. Data from the thirty Internet Crimes Against Children (ICAC) Task Forces are compiled and reported to provide a deeper understanding of the types of cases, types of offenders and the level of danger they pose to themselves, their victims, and investigating officers. Also, sex offender data from the Offices of Attorneys General in the United States and similar offices in foreign countries are gathered to increase the study sample size, establish controls, and expand the scope of the research to outside of the United States.
- The first comprehensive title in this subject area
- It will use real cases and examples of criminal behavior and the means to detect it.
- Provides guidelines for developing a Field Manual and a Checklist to supplement the investigation and legal process
- Establishes a reliable system and legal, procedural-backed protocol by which to conduct an online sexual investigation and collect evidence

"The Handbook of Digital Forensics and Investigation" builds on the success of the Handbook of Computer Crime Investigation, bringing together renowned experts in all areas of digital forensics and investigation to provide the consummate resource for practitioners in the field.Itis also designed as an accompanying text to "Digital Evidence and Computer Crime, "now in its third edition, providing advanced material from specialists in each area of Digital Forensics.

This unique collection details how to conduct digital investigations in both criminal and civil contexts, and how to locate and utilize digital evidence on computers, networks, and embedded systems. Specifically, the Investigative Methodology section of the Handbook provides expert guidance in the three main areas of practice: Forensic Analysis, Electronic Discovery and Intrusion Investigation. The Technology section is extended and updated to reflect the state of the art in each area of specialization. The main areas of focus in the Technology section are forensic analysis of Windows, Unix, Macintosh, and embedded systems (including cellular telephones and other mobile devices), and investigations involving networks (including enterprise environments and mobile telecommunications technology). "The Handbook of Digital Forensics and Investigation" is an essential technical reference and on-the-job guide that IT professionals, forensic practitioners, law enforcement, and attorneys will rely on when confronted with computer related crime and digital evidence of any kind.
*Provides methodologies proven in practice for conducting digital investigations of all kinds
*Demonstrates how to locate and interpret a wide variety of digital evidence, and how it can be useful in investigations
*Presents tools in the context of the investigative process, including EnCase, FTK, ProDiscover, foremost, XACT, Network Miner, Splunk, flow-tools, and many other specialized utilities and analysis platforms
*Case examples in every chapter give readers a practical understanding of the technical, logistical, and legal challenges that arise in real investigations"

Malware Forensics Field Guide for Windows Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides, a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution. This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Windows-based systems, the largest running OS in the world. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Windows system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Windows systems; legal considerations; file identification and profiling initial analysis of a suspect file on a Windows system; and analysis of a suspect program. This field guide is intended for computer forensic investigators, analysts, and specialists.

Digital Evidence and Computer Crime, Third Edition, provides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation. It offers a thorough explanation of how computer networks function, how they can be involved in crimes, and how they can be used as a source of evidence. In particular, it addresses the abuse of computer networks as well as privacy and security issues on computer networks. This updated edition is organized into five parts. Part 1 is about digital forensics and covers topics ranging from the use of digital evidence in the courtroom to cybercrime law. Part 2 explores topics such as how digital investigations are conducted, handling a digital crime scene, and investigative reconstruction with digital evidence. Part 3 deals with apprehending offenders, whereas Part 4 focuses on the use of computers in digital investigation. The book concludes with Part 5, which includes the application of forensic science to networks. New to this edition are updated information on dedicated to networked Windows, Unix, and Macintosh computers, as well as Personal Digital Assistants; coverage of developments in related technology and tools; updated language for search warrant and coverage of legal developments in the US impacting computer forensics; and discussion of legislation from other countries to provide international scope. There are detailed case examples that demonstrate key concepts and give students a practical/applied understanding of the topics, along with ancillary materials that include an Instructor's Manual and PowerPoint slides. This book will prove valuable to computer forensic students and professionals, lawyers, law enforcement, and government agencies (IRS, FBI, CIA, CCIPS, etc.).