Computer Forensics and CyberCrimes

Computer forensics involves obtaining and analyzing digital information for use as evidence in civil, criminal, or administrative cases. The resources on this page are dedicated to students in the Utica College, Utica, NY Economic Crimes and Justice Study’s Program and to help those interested in this fascinating field.

Fundamentals:

1. The Federal Rules of Evidence (FRED) and State Rules of Evidence control the use of digital evidence.
2. The Fourth Amendment to the US Constitution (and each States Constitution) protects everyone’s rights to be secure in their person, residence, and property from search and seizure.
3. The question of digital evidence requiring separate search warrants was addressed in (Commonwealth v. Copenhefer 553 Pa. 285, 719 A, 2d 242). It did not find an expectation of privacy was due under Katz v. United States, 389 U.S. 347,357,88S. Ct. 507, 19L.Ed.2d 576 (1967) and that digital evidence acquired through computer forensics (deleted files to secrete evidence of a crime) was valid to uphold a conviction and “not a legally cognizable expectation of privacy.”

Guide to Search and seizure procedures for computers and computer evidence:
www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm and updates often at
www.usdoj.gov/criminal/cybercrime/

Computer Forensics Definitions:

• DIBS USA: www.dibsusa.com
• FBI: www.fbi.gov/hq/lab/fsc/backissu/oct2000/computer.htm
• Federal Crime Statistics: www.fbi.gov/ucr/ucr.htm
• Summaries: http://fisher.lib.virginia.edu/crime
• What is: http://whatis.com

SETTING UP THE FORENSICS WORKSTATION AND LAB RELATED

Lab Certifications:

• American Society of Crime Laboratory Directors (ASCLD): www.ascld.org &
  CTIN:
• Encase Certification: www.encase.com or www.guidancesoftware.com
• EMR:
• Fire extinguishers:
• Fire suppression systems:
• FLETC:
• Forensic Recovery of Evidence Device (F.R.E.D.):
• High-Tech Crime Network (HTCN):
• High Technology Crime Investigation Association (HTCIA):

LEO Training:

• Management Guidelines:
• NW3C:
• SANS:
• Southeast Crime Institute:
• TEMPEST Protection:

Write-blockers:

• ACARD:
• Digital Intelligence:
• www.forensicpc.com
• Guidance Software:
• Intelligent Computer Systems:
• www.mykeytech.com
• NIST Computer Forensics Tool Testing (CFTT) & ISO 17025:
• www.paraben-forensics.com/lockdown.html
• Voom:
• www.wiebetech.com
• NIST Tools Testing Support Toolkit (ISO 5725 “Repeatable Results”): DISKWIPE; BADDISK; BADX13; CORRUPT; ADJCMP; DISKCMP; PARTCMP; DISKHASH; SECHASH; LOGCASE; LOGSETUP: PARTAB; DISKCHG; SECCMP; SECCOPY;
• Retrieving Evidence via Remote Network Connection:

ID / Forensic Tools

• AccessData's Forensics Toolkit 1.5
• AccessData Registry Viewer
• BIEF Code Project
• Computer forensic link farm
• Deluoelectronics - GPS & Vechicle Tracking
• Disk Space Analyzer
• DlHell
• e-evidence info
• ePreserver for AOL files
• Email DBX Files  in Outlook Express
• Encase
• Explorer View
• File Recover/Scavenger
• Foremost Recovery Tools
• Forensic Tools
• Ftimes evidence collection
• Kim Komando - free tools to download
• History Reader for IE 5.x and 6.x download
• ID Security Tools
• KaZAlyser downloadable
• Key logger Software
• Mail Navigator
• MD5 Algorithm for use in Hash calculations
• LEO intro to Linux
• National Software Reference Library
• Odessa Data Recovery
• Opensource Memory tools
• PassLoc
• Penguin Forensic ToolKit
• Project Fenris
• Sleuthkit
• SMART similar to ENCASE
• SysInternals
• SuperScan 4.0
• Securepoint Intrusion Detection nuzzler
• Talisker Forensics has alot of tools listed on its website
• The Coroner's Toolkit
• X-Ways Forensics

On Computer Forensics:

• Anastasi, Joe (2003).  The New Forensics:  Investigating Corporate Fraud and the Theft
  Of Intellectual Property.  Wiley, John & Sons, Incorporated
• Anderson, A., Collie, B., McKemmish, R. D., Mohay, G. M., de Vel, O. (2003).  Computer and Intrusion Forensics.  Artech House, Incorparated.
• Andrade, L. M., Firestone, W. P. (2006).  Foundations to Computer Forensics and Online
  Crime Investigations.  Outskirts Press, Inc.
• Association for Computer Security, Forensics and Law (ACSFL)
• ACSFL Interactive Journal
• Anzaldua, R., Godwin, J., Volonino, L. (2006). Computer Forensics: Principles and
  Practices.  Prentice Hall.
• Barrett, D., Broom N., Solomon, M. (2004).  Computer Forensics Jumpstart. Wiley, John & sons, Incorporated
• Bauchner, Elizabeth (2005).  Computer Investigation.  Mason Crest Publishers.
• Brungs, A. (2005). Identification of Legal Issues for Computer Forensics.  Information Systems Management.  Retrieved May 3, 2007, from ProQuestDatabase.
• Caloyannides, Michael A. (2004).  Privacy Protection and Computer Forensics (Artech House Computer Security Series).  Artech House, Inc.
• Carrier, Brian. (2005).  File System Forensics.  Pearson Education.
• Carvey, Harlan. (2004).  Windows Forensics and Incident Recovery. Addison-Wesley.
• Celil, Anthony L.  Computer Forensics:  What Corporations Need To Know About Digital Information. 
• Clark, F., Diliberto, K. (1996).  Investigating Computer Crime.  CRC Press.
• Cowen, D., Davis, C., Philipp, A. (2004).  Hacking Exposed Computer Forensics:
  Secrets & Solutions.  The McGraw-Hill Companies
• Cohen, T., Schroader, A. (2007).  Alternate Data Storage Forensics.  Syngress Publishing. 
• Crowley, P., Leibrock, L. (2007).  CD and DVD Forensics Syngress Publishing.
• Enfinger, F., Nelson, B., Phillips, A. (2005).  Guide to Computer Forensics and
  Investigations.  Course Technologies Inc.
• Evans, Gregory D.  (2003).  Laptop Security Made Short and Simple:  Now Includes PDA Security.  LIGATT Corp.
• Kipper G., Kipper, K. (2006).  Wireless Crime and Forensic Investigation.  CRC Press.
• Kruse, Warren G. (2001).  Computer Forensics:  Incident Response Essentials
  Addison-Wesley.
• Larson, S., Mandia, K., Pepe, M., Prosise, C., (2002).  Incident Response & Computer Forensics. The McGraw-Hill Companies.
• Mena, Jesus (2004).  Homeland Security:  Techniques and Technologies. Thomson Delmar Learning.
• Mendell, Ronald L. (2004).  Investigating computer crime in the 21st century. Charles C. Thomas.
• Michael A. Caloyannides, Computer Forensics and Privacy, Artech House, 2001.
• Miranda, Lourdes C. (2002). The profiling and Investigation of Cyberstalkers: Training
  Resource tool for local and state law enforcement agencies.
• Mueller III, Robert S. (2007).  Child Pornography and the Internet.  Vital Speeches of the Day.  Retrieved May 3, 2007, from ProQuest Database.
• Proctor, P. E. The Practical Intrusion Detection Handbook. Prentice Hall, 2001.
• Reis, George (2007).  Photoshop CS3 for Forensics Professionals:  A Complete Digital Imaging Course for Investigators.  Wiley, John & Sons, Incorporated
• Sandstorm Forensics Hardware
• Schweitzer, Douglas (2003).  Responding to System Breachers:  Incident Response and
  Computer Forensics Toolkit.  Wiley, John & Sons, Incorporated
• Sheetz, Michael. (2007).  Computer Forensics:  An Essential Guide for Accountants, Lawyers, And Managers.  Wiley, John & Sons, Incorporated. 
• Shinder, D., Tittel, E. (2002).  Scene of the Cybercrime:  Computer Forensics Handbook.
  Syngress Publishing.
• Steel, Chad. (2006).  Windows Forensics:  The Ultimate Field Guide for Corporate
  Computer Investigations.  Wiley, John & Sons, Incorporated
• Tony Sammes and Brian Jenkinson, Forensic Computing: A Practitioner’s Guide, Springer, 2000.
• USDOJ Guidelines for Searching and Seizing Computers
  • Table of Contents
  • Updated USDOJ Guidelines
  • Complete Federal Guidelines
  • Forensic Examination of Digital Evidence: A Guide for Law Enforcement
  • Search and Seizing Computers
  • Electronic Crime Scene Investigation
• Vacca, John. (2005).  Computer Forensics: Computer Crime Scene Investigation.  Thomson Delmar Learning
• Warren G Kruse II and Jay G. Heiser, Computer Forensics: Incident Response Essentials,
  Addison Wesley, 2002.

Law Enforcement

• Computer Crimes Criminal Justice Links
• Computer and Internet Security Resources
• Data Recovery - Offers worldwide RAID, disk, and hard drive data recovery services.
• Internet Resources on Technology Law
• Ira Wilsker's Law Enforcement Sites on the Web
• Law Enforcement Guide to the World Wide Web
• Legal and Court Related Sites
• The Police Officer's Internet Directory
• What's on the Internet for Legal and Law Enforcement Personnel
• NIJ: http://nij.ncjrs.org/publications/pubs_db.asp

Evidence Matters

• Seizing Computers and other Electronic Evidence

National Crime Justice Reference Center

• http://www.ncjrs.org/ 

Cyber-Stalking Laws

• http://www.haltabuse.org/resources/laws/index.shtml 
• Computer records 

Sexual Harassment and Internet

•  http://www.consumerlaw.com/harass2.html
• Cyber Stalking: the Regulation of Harassment on the Internet

On Steganography:

• Current issue of Forensic Science Communications.
• Duric, Z., Jajodia, S., Johnson N. F. (2001).  Information Hiding: Steganography and Watermarking – Attacks and Countermeasures.  Kluwer Academic Publishers
• Kipper, Gregory. (2003).  Investigator’s Guide To Steganography.  CRC Press.

Commercial:

• Invisible Secrets - hides information in various files around you computers.
  Also allows you to use steganography for images, sound files, html docs etc.
• InfoProtect - hides data in images
• Evidence Eliminator - erases all traces of your online activities from your hard drive.

Shareware/Freeware:

• GifShuffle - hide info in .gif's
• JPEG-JSTEG - hide info in JPEG's
• MP3Stego - hide info in MP3's
• Snow - hides an ASCII text message inside another ASCII text message
• Rade Petrovic, Joseph M. Winograd, Kanaan Jemili and Eric Metois - October 1999 Data Hiding within Audio Signals

On Computer Crime Investigation:

• Eogham Casey (ed), Handbook of Computer Crime Investigation: Forensic Tools and
  Technology, Academic Press, 2002.
• Bruce Middleton, Cyber Crime Investigator’s Field Guide, Auerbauch, 2001.
• John R. Vacca, Computer Forensics: Computer Crime Scene Investigation, Charles River Media, 2003.
• Eogham Casey (ed), Digital Evidence and Computer Crime, Academic Press, 2000.
• Kenneth S. Rosenblatt, High-Technology Crime: Investigating Cases Involving Computers, KSK, 1996.
• Gerald L Kovacich and William C Boni, High-Technology Crime Investigators Handbook: Working In the Global Information Environment, B&H, 2000.

On Cyber Terrorism:

• Alan D. Campen, et.al, Cyberwar: Security, Strategy and Conflict in the Information Age, AFCEA, 1996.
• Colarik, A. M., Janczewski, L. J. (2005).  Managerial Guide for Handling Cyber-Terrorism And Information Warfare.  Idea Group Publishing.
• Colarik, A. M., Janczewski, L. J. (2007).  Cyber Warfare and Cyber Terrorism. Idea Group Reference.
• Dan Verton, Black Ice: The Invisible Threat of Cyber-Terrorism, Osborne, 2003.
• James Adams, The Next World War: Computers are the Weapons & The Front Line is
  Everywhere, Simon & Schuster, 2001.
• Peter Pitorri, Counter-Espionage for Business, BH, 1998.
• Schneidewind, Norman.  (2006).  Solutions to the Threat of Cyber Terrorism to Homeland Security.  Authorhouse.
• Ted Fair, Michael Nordfelt, Sandra Ring & Eric Cole, Cyber Spying, Rockland, MD:Syngress, 2005.

On Identity Theft:

• Anonymous, New ID in America: How To Create a Foolproof New Identity, Paladin, 1983.
• Collins, Judith M. (2006).  Investigating Identity Theft: A Guide for Businesses, Law Enforcement, and Victims.  Wiley, John & Sons, Incorporated.
• Hastings, G., Marcus, R. (2006).  Identity Theft, Inc.: A Wild Ride with the World’s #1 Identity Thief.  The Disinformation Company.
• Joseph J Culligan, You Too Can Find Anybody, self-published, 1999.
• National Crime Prevention Center and We Prevent.org
• John R. Vacca, Identity Theft, PTR, 2003
• Ragner Benson, Acquiring New ID: How To Easily Use the Latest Computer Technology to Drop Out, Start Over, and Get on with your Life, Paladin, 2002.
• Schneier, Bruce. (2004).  Secrets and Lies:  Digital Security in a Networked World. Wiley, John & Sons, Incorporated.
• Sheldon Charrett, The Modern Identity Changer: How To Create a New Identity for Privacy and Personal Freedom, Paladin, 2002.

On Computer-Espionage:

• Joel McNamara, Secrets of Computer Espionage: Tactics and Countermeasures, Wiley,
  2003.
• Stoll, Cliff.  (2005).  The Cuckoo’s Egg:  Tracking a Spy through the Maze of Computer Espionage.  Pocket Books.

On Hacking:

• Christian Barnes, et.al, Hack Proofing Your Wireless Network, Syngress, 2002.
• Jon Erickson, Hacking: The Art of Exploitation, No Starch Press, 2003.
• Rob Flickenger, Wireless Hacks, O’Reilly, 2003.
• Michael O’Dea, Hack Notes: Windows Security, Osborne, 2003.
• Stuart McClure, et.al, Web Hacking: Attacks and Defense, Addison Wesley, 2003.
• Tom Parker, Eric Shaw, Ed Stroz, Matthew G. Devost & Marcus H Sachs, Cyber Adversary Characterization: Auditing the Hacker Mind, Rockland, MD:Syngress, 2004.
• Russ Rogers & Matthew G. Devost, Hacking a Terror Network: The Silent Threat of Covert Channels, Rockland, MD:Syngress, 2005.
• Ryan Russel, et.al, Stealing the Network: How To Own the Box, Syngress, 2003.
• Joel Scambray, Stuart McClure, George Kurtz, Hacking Exposed, 2nd ed, Osborne, 2001.
• Wallace Wang, Steal This Computer Book 3, No Starch Press, 2003.

On INFOSEC:

• Bidgoli H., Editor-in-Chief. (2006) Volume 1: Handbook of Information Security: Key Concepts, Infrastructure, Standards, and Protocols. Hoboken, New Jersey: Wiley.
• Bidgoli H., Editor-in-Chief. (2006) Volume 2: Handbook of Information Security: Information Warfare; Social, Legal and International Issues; and Security Foundations. Hoboken, New Jersey: Wiley.
• Bidgoli H., Editor-in-Chief. (2006) Volume 3: Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management. Hoboken, New Jersey: Wiley.
• Carl A. Roper, Risk Management for Security Professionals, B&H, 1999.
• Randall K Nichols, Daniel J Ryan and Julie JCH Ryan, Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves, McGraw-Hill, 2000.
• Edward Yourdon, Byte Wars: The Impact of September 11 on Information Technology, PH, 2002.
• Bruce Schneier, Beyond Fear: Thinking Sensibly about Security in an Uncertain World,
  Copernicus, 2003.
• Mitch Tulloch, Microsoft Encyclopedia of Security, Microsoft, 2003.
• Michael Cross, et.al, Security +, Syngress, 2003.
• Mark G Graff & Kenneth R van Wyk, Secure Coding: Principles and Practices, O’Reilly, 2003.
• Randall K Nichols and Panos C. Lekkas, Wireless Security: Models Threats and Solutions, McGraw-Hill, 2002.
• Merritt Maxim & David Pollino, Wireless Security, RSA Press, 2002.

On Biometric Security:

• John Chirillo and Scott Blaul, Implementing Biometric Security, Wiley, 2003.
• Anil Jain, Ruud Bolle and Sharath Pankanti, Biometrics: Personal Identification in Networked Society, KAP, 1999.
• Reid, Paul. (2003).  Biometrics for Network Security.  Pearson Education.

On Malware:

• Aycock, John. (2006).  Computer Viruses and Malware.   Springer-Verlag New York, LLC
• Chirstodorescu, M., Jha S., Maughan D., Song, D., Wang, C. (2006).  Malware Detection: Advances in Information Security.  Springer.
• Ed Skoudis and Lenny Zeltser, Malware: Fighting Malicious Code, PH, 2004.
• Julisch, K., Kruegel C. (2005).  Intrusion and Malware Detection and Vulnerability Assessment. Springer-VerlagNew York, LLC
• Roger A Grimes, Malicious Mobile Code: Virus Protection for Windows, O’Reilly, 2003.

On Network Applications:

• Charles Pfleeger and Shari Lawrence Pfleeger, Security in Computing, 3rd ed, PTR, 2003.
• Frederick Cooper, et.al, Implementing Internet Security, New Riders, 1996.
• Gregory B White, et.al, Computer System and Network Security, CRC, 1997.
• Matt Bishop, Computer Security: Art and Science, Addison Wesley, 2002.
• Neil Archibald, Seth Fogie, Dan Kamininsky, Johnny Long, Chris Hurley, Luke McOmie, Haroon Meer, Bruce Potter & Roelof Temmingh, Aggressive Network Self-Defense, Rockland, MD:Syngress, 2005.
• Vijay Ahuja, Network & Internet Security, Academic Press, 1996.
• Wesley J Noonan, Hardening the Network Infrastructure, NYC: McGraw Hill, 2004.
  Panos C. Lekkas, Network Processors: Architectures, Protocols and Platforms, McGraw-Hill, 2003.

Cell Phone Forensics