Hkey_current_user software the silicon realms toolworks

This page intentionally left blank

ptg11539634

Digital Archaeology Th e ArT A n d Sc i e n c e o f

di g i TA l fo r e n S i c S

Michael W. Graves

Upper Saddle River, NJ • Boston • Indianapolis • San Francisco

New York • Toronto • Montreal • London • Munich • Paris • Madrid

Capetown • Sydney • Tokyo • Singapore • Mexico City

ptg11539634

Editor-in-Chief Bernard Goodwin

Development Editor Michael Thurston

Managing Editor John Fuller

Project Editor Elizabeth Ryan

Copy Editor Teresa Wilson

Indexer Infodex Indexing, Inc.

Proofreader Carol Lallier

Editorial Assistant Michelle Housley

Cover Designer Chuti Prasertsith

Compositor Graphic World, Inc.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals.

The author and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.

The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests. For more information, please contact:

U.S. Corporate and Government Sales (800) 382-3419 corpsales@pearsontechgroup.com

For sales outside the United States, please contact:

International Sales international@pearsoned.com

Visit us on the Web: informit.com/aw

Library of Congress Cataloging-in-Publication Data Graves, Michael W.

Digital archaeology : the art and science of digital forensics / Michael W. Graves, MSDIM.—First Edition. pages cm

Includes bibliographical references and index. ISBN 978-0-321-80390-0 (pbk. : alk. paper) 1. Computer crimes—Investigation. 2. Forensic sciences—Data processing. I.

Title. HV8079.C65G7293 2013 363.250285—dc23

2013020221 Copyright © 2014 Pearson Education, Inc.

All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. To obtain permission to use material from this work, please submit a written request to Pearson Education, Inc., Permissions Department, One Lake Street, Upper Saddle River, New Jersey 07458, or you may fax your request to (201) 236-3290.

ISBN-13: 978-0-321-80390-0 ISBN-10: 0-321-80390-6 Text printed in the United States on recycled paper at Edwards Brothers Malloy in Ann Arbor, Michigan. First printing, August 2013

ptg11539634

I guess I’m just a regular guy after all. In spite of the fact that my daughter’s assignment to draw a picture of one of her parents consisted of a silhouette of my head against a computer monitor—despite the fact that I learned that my son got a blue ribbon in marksmanship by seeing the award hanging on the wall—even though my wife had to remind me twice of anniversaries and dozens of times about birthdays—my family always stuck with me. This book is for them.

ptg11539634

This page intentionally left blank

ptg11539634

vii

co nTe nT S

Preface xiii

About the Author xxi

1 The Anatomy of a Digital Investigation 1 A Basic Model for Investigators 2

Understanding the Scope of the Investigation 8

Identifying the Stakeholders 12

The Art of Documentation 13

Chapter Review 21

Chapter Exercises 21

References 22

2 Laws Affecting Forensic Investigations 23 Constitutional Implications of Forensic Investigation 24

The Right to Privacy 29

The Expert Witness 31

Chapter Review 32

Chapter Exercises 32

References 33

ptg11539634

viii

3 Search Warrants and Subpoenas 35 Distinguishing between Warrants and Subpoenas 36

What Is a Search and When Is It Legal? 37

Basic Elements of Obtaining a Warrant 40

The Plain View Doctrine 43

The Warrantless Search 44

Subpoenas 50

Chapter Review 51

Chapter Exercises 52

References 52

4 Legislated Privacy Concerns 55 General Privacy 56

Financial Legislation 59

Privacy in Health Care and Education 62

Privileged Information 64

Chapter Review 67

Chapter Exercises 68

References 68

5 The Admissibility of Evidence 71 What Makes Evidence Admissible? 71

Keeping Evidence Authentic 76

Defining the Scope of the Search 84

When the Constitution Doesn’t Apply 84

Chapter Review 89

Chapter Exercises 89