I'm a student
I'm an educator
Request full copy

Digital Archaeology: The Art and Science of Digital Forensics, 1st edition

Published by Addison-Wesley Professional (August 27, 2013) © 2014

  • Michael W Graves

eTextbook

$75.99

  • Available for purchase from all major ebook resellers, including InformIT.com.
  • To request a review copy, click on the "Request a Review Copy" button.
$67.99

  • A print text (hardcover or paperback) 
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com

In Digital Archaeology, expert practitioner Michael Graves has written the most thorough, realistic, and up-to-date guide to the principles and techniques of modern digital forensics. He begins by providing a solid understanding of the legal underpinnings and critical laws affecting computer forensics, including key principles of evidence and case law. Next, he explains how to systematically and thoroughly investigate computer systems to unearth crimes or other misbehavior, and back it up with evidence that will stand up in court. Drawing on the analogy of archaeological research, Graves explains each key tool and method investigators use to reliably uncover hidden information in digital systems. Graves concludes by presenting coverage of important professional and business issues associated with building a career in digital forensics, including current licensing and certification requirements.

  • Covers both the technical and personal aspects of digital forensics 
  • Fully covers key topics overlooked in competing books, such as the unique responsibilities of “first responders” to digital crime scenes
  • Includes a one-of-a-kind chapter on facilities management, and coverage of licensing and certification
  • By an expert practitioner who has investigated everything from employee malfeasance to national security threats

The full text downloaded to your computer

With eBooks you can:

  • search for key concepts, words and phrases
  • make highlights and notes as you study
  • share your notes with friends

eBooks are downloaded to your computer and accessible either offline through the Bookshelf (available as a free download), available online and also via the iPad and Android apps.

Upon purchase, you'll gain instant access to this eBook.

Preface          xiii

About the Author         xxi

 

Chapter 1: The Anatomy of a Digital Investigation         1

A Basic Model for Investigators  2

Understanding the Scope of the Investigation  8

Identifying the Stakeholders  12

The Art of Documentation  13

Chapter Review  21

Chapter Exercises  21

References  22

 

Chapter 2: Laws Affecting Forensic Investigations          23

Constitutional Implications of Forensic Investigation  24

The Right to Privacy  29

The Expert Witness  31

Chapter Review  32

Chapter Exercises  32

References  33

 

Chapter 3: Search Warrants and Subpoenas          35

Distinguishing between Warrants and Subpoenas  36

What Is a Search and When Is It Legal?  37

Basic Elements of Obtaining a Warrant  40

The Plain View Doctrine  43

The Warrantless Search  44

Subpoenas  50

Chapter Review 51

Chapter Exercises  52

References  52

 

Chapter 4: Legislated Privacy Concerns          55

General Privacy  56

Financial Legislation  59

Privacy in Health Care and Education  62

Privileged Information  64

Chapter Review  67

Chapter Exercises  68

References  68

 

Chapter 5: The Admissibility of Evidence          71

What Makes Evidence Admissible?  71

Keeping Evidence Authentic  76

Defining the Scope of the Search  84

When the Constitution Doesn’t Apply  84

Chapter Review  89

Chapter Exercises  89

References  89

 

Chapter 6: First Response and the Digital Investigator         91

Forensics and Computer Science  91

Controlling the Scene of the Crime  96

Handling Evidence  100

Chapter Review  109

Chapter Exercises  109

References  110

 

Chapter 7: Data Acquisition         111

Order of Volatility  112

Memory and Running Processes  112

Acquiring Media  121

Chapter Review  128

Chapter Exercises  128

References  129

 

Chapter 8: Finding Lost Files         131

File Recovery  131

The Deleted File  141

Data Carving  145

Chapter Review  149

Chapter Exercises  150

References  150

 

Chapter 9: Document Analysis          151

File Identification  151

Understanding Metadata  157

Mining the Temporary Files  172

Identifying Alternate Hiding Places of Data  176

Chapter Review  183

Chapter Exercises  183

References  183

 

Chapter 10: E-mail Forensics          185

E-mail Technology  185

Information Stores  191

The Anatomy of an E-mail  196

An Approach to E-mail Analysis  203

Chapter Review  210

Chapter Exercises  211

References  211

 

Chapter 11: Web Forensics           213

Internet Addresses  213

Web Browsers  215

Web Servers  233

Proxy Servers  238

Chapter Review  244

Chapter Exercises  244

References  245

 

Chapter 12: Searching the Network          247

An Eagle’s Eye View  247

Initial Response  248

Proactive Collection of Evidence  250

Post-Incident Collection of Evidence  262

Router and Switch Forensics  268

Chapter Review  275

Chapter Exercises  275

References  276

 

Chapter 13: Excavating a Cloud          277

What Is Cloud Computing?  277

Shaping the Cloud  279

The Implications of Cloud Forensics  284

On Virtualization  291

Constitutional Issues  300

Chapter Review  303

Chapter Exercises  304

References  304

 

Chapter 14: Mobile Device Forensics         307

Challenges of Mobile Device Forensics  307

How Cell Phones Work  308

Data Storage on Cell Phones  313

Acquisition and Storage  317

Legal Aspects of Mobile Device Forensics  322

Chapter Review  324

Chapter Exercises  325

References  325

 

Chapter 15: Fighting Antiforensics         327

Artifact Destruction  328

Hiding Data on the System  336

Covert Data  347

Chapter Review  354

Chapter Exercises 355

References  355

 

Chapter 16: Litigation and Electronic Discovery          357

What Is E-Discovery?  358

A Roadmap of E-Discovery  358

Conclusion  377

Chapter Review  377

Chapter Exercises  377

References  378

 

Chapter 17: Case Management and Report Writing          379

Managing a Case  379

Writing Reports  389

Chapter Review  393

Chapter Exercises  394

References  394

 

Chapter 18: Tools of the Digital Investigator         395

Software Tools  395

Working with “Court-Approved” Tools  410

Hardware Tools  413

Nontechnical Tools  418

Chapter Review  421

Chapter Exercises  422

References  422

 

Chapter 19: Building a Forensic Workstation          423

What Is a Forensic Workstation?  424

Commercially Available Forensic Workstations  425

Building a Forensic Workstation From Scratch  429

Chapter Review  440

Chapter Exercises  440

References  440

 

Chapter 20: Licensing and Certification          441

Digital Forensic Certification  441

Vendor-Neutral Certification Programs  442

Vendor-Specific Certification Programs  449

Digital Forensic Licensing Requirements  452

Chapter Review  454

Chapter Exercises  454

References  454

 

Chapter 21: The Business of Digital Forensics         457

Starting a New Forensics Organization  458

Maintaining the Organization  466

Generating Revenue  478

Organizational Certification  481

Chapter Review  483

Chapter Exercises  483

References  483

 

Appendix A: Chapter Review Answers          485

 

Appendix B: Sample Forms         505

 

Glossary         511

 

Index       521

 

Michael W. Graves has worked for more than fifteen years as a network specialist, security analyst, and forensic analyst. He worked as a contractor for the federal government on jobs involving digital investigations ranging from simple employee violations to potential national security threats, and participated in e-discovery for a major bank. Graves holds an M.S. in digital investigation from Champlain College, where he studied under pioneers Gary Kessler and Robert Simpson, among others. He also served several semesters as adjunct professor of computer science for the college.

Need help? Get in touch

Video
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable by deleting your cookies.

Video transcript (PDF | 16KB) 

Pearson eTextbook: What’s on the inside just might surprise you

They say you can’t judge a book by its cover. It’s the same with your students. Meet each one right where they are with an engaging, interactive, personalized learning experience that goes beyond the textbook to fit any schedule, any budget, and any lifestyle. 

Digital Learning NOW

Extend your professional development and meet your students where they are with free weekly Digital Learning NOW webinars. Attend live, watch on-demand, or listen at your leisure to expand your teaching strategies. Earn digital professional development badges for attending a live session.

Explore webinars