Forensic computing is becoming of primary importance as computers increasingly figure prominently as sources of evidence in all sorts of criminal investigations. However, in order for such evidence to be legally useful, it is vital that it be collected and processed according to rigorous principles.
In the second edition of this very successful book, Tony Sammes and Brian Jenkinson show how information held in computer systems can be recovered when it has been hidden or subverted by criminals, and how to insure that it is accepted as admissible evidence in court. Updated to fall in line with ACPO 2003 guidelines, "Forensic Computing: A Practitioner's Guide" is illustrated with plenty of case studies and worked examples, and will help practitioners and students gain a clear understanding in:
* Recovering information from computer systems that will acceptable as evidence
* The principles involved in password protection and data encryption
* The evaluation procedures used in circumventing a systems internal security safeguards
* Full search and seizure protocols for experts and police officers.
The new volume not only discusses the new file system technologies brought in by Windows XP and 2000 but now also considers modern fast drives, new encryption technologies, the practicalities of "live" analysis, and the problems inherent in examining personal organisers.
Date: 10 July, 2007
Author: Tony Sammes, Brian Jenkinson