This page intentionally left blank
ptg11539634
Digital Archaeology Th e ArT A n d Sc i e n c e o f
di g i TA l fo r e n S i c S
Michael W. Graves
Upper Saddle River, NJ • Boston • Indianapolis • San Francisco
New York • Toronto • Montreal • London • Munich • Paris • Madrid
Capetown • Sydney • Tokyo • Singapore • Mexico City
ptg11539634
Editor-in-Chief Bernard Goodwin
Development Editor Michael Thurston
Managing Editor John Fuller
Project Editor Elizabeth Ryan
Copy Editor Teresa Wilson
Indexer Infodex Indexing, Inc.
Proofreader Carol Lallier
Editorial Assistant Michelle Housley
Cover Designer Chuti Prasertsith
Compositor Graphic World, Inc.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals.
The author and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.
The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests. For more information, please contact:
U.S. Corporate and Government Sales (800) 382-3419 corpsales@pearsontechgroup.com
For sales outside the United States, please contact:
International Sales international@pearsoned.com
Visit us on the Web: informit.com/aw
Library of Congress Cataloging-in-Publication Data Graves, Michael W.
Digital archaeology : the art and science of digital forensics / Michael W. Graves, MSDIM.—First Edition. pages cm
Includes bibliographical references and index. ISBN 978-0-321-80390-0 (pbk. : alk. paper) 1. Computer crimes—Investigation. 2. Forensic sciences—Data processing. I.
Title. HV8079.C65G7293 2013 363.250285—dc23
2013020221 Copyright © 2014 Pearson Education, Inc.
All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. To obtain permission to use material from this work, please submit a written request to Pearson Education, Inc., Permissions Department, One Lake Street, Upper Saddle River, New Jersey 07458, or you may fax your request to (201) 236-3290.
ISBN-13: 978-0-321-80390-0 ISBN-10: 0-321-80390-6 Text printed in the United States on recycled paper at Edwards Brothers Malloy in Ann Arbor, Michigan. First printing, August 2013
ptg11539634
I guess I’m just a regular guy after all. In spite of the fact that my daughter’s assignment to draw a picture of one of her parents consisted of a silhouette of my head against a computer monitor—despite the fact that I learned that my son got a blue ribbon in marksmanship by seeing the award hanging on the wall—even though my wife had to remind me twice of anniversaries and dozens of times about birthdays—my family always stuck with me. This book is for them.
ptg11539634
This page intentionally left blank
ptg11539634
vii
co nTe nT S
Preface xiii
About the Author xxi
1 The Anatomy of a Digital Investigation 1 A Basic Model for Investigators 2
Understanding the Scope of the Investigation 8
Identifying the Stakeholders 12
The Art of Documentation 13
Chapter Review 21
Chapter Exercises 21
References 22
2 Laws Affecting Forensic Investigations 23 Constitutional Implications of Forensic Investigation 24
The Right to Privacy 29
The Expert Witness 31
Chapter Review 32
Chapter Exercises 32
References 33
ptg11539634
viii
3 Search Warrants and Subpoenas 35 Distinguishing between Warrants and Subpoenas 36
What Is a Search and When Is It Legal? 37
Basic Elements of Obtaining a Warrant 40
The Plain View Doctrine 43
The Warrantless Search 44
Subpoenas 50
Chapter Review 51
Chapter Exercises 52
References 52
4 Legislated Privacy Concerns 55 General Privacy 56
Financial Legislation 59
Privacy in Health Care and Education 62
Privileged Information 64
Chapter Review 67
Chapter Exercises 68
References 68
5 The Admissibility of Evidence 71 What Makes Evidence Admissible? 71
Keeping Evidence Authentic 76
Defining the Scope of the Search 84
When the Constitution Doesn’t Apply 84
Chapter Review 89
Chapter Exercises 89