chapter 16 ©2011 eoghan casey. published by elsevier inc. all rights reserved. applying forensic...

Report

Tags:

Post on 13-Jan-2016

219 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Chapter 16

©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

Applying Forensic Science to Computers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.1 A selection of storage media and computerized devices.

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.2 Digital evidence form.

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.3 Digital Investigation Manager (DIM) from DFLabs used to maintain a database of evidential items and associated information.

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.4 Comparing bitstream copying to regular copying.

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.5 Additional class characteristics of EXIF file displayed using ACDSee. The date and time embedded in this file (15:53 on June 11, 2000) is inaccurate because the camera’s clock was not set to the correct time, emphasizing the importance of documenting system time when collecting any kind of computerized device.

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.6 Fragments of an overwritten JPEG file partially reconstituted by grafting a new header onto the file.

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.7 Histogram of date-time stamps (created and last modified) showing gaps during suspect’s shifts.

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.8 Conceptual image of 24-h clocks with MAC times for several days with a line connecting significant events on sequential days.

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 16.9 Forensic date and time decoder. These times are generally GMT and must be adjusted for time zones.

top related

casey, city of casey sport and physical more active
Documents
casey, quirk
Documents
clara casey
News & Politics
key points final elsevier - not content of property … ·...
Documents
casey solana
Education
powerpoint introduction to windows mobile...
Documents
places watch - santa clara county, californiaannie e. casey...
Documents
casey ragan
Documents
lynn moak, moak, casey & associates january 20, 2012moak,...
Documents
casey anthony - casey anthony 7-16-08 transcript
Documents
chapter 13 ©2011 eoghan casey. published by elsevier inc....
Documents
harlan carvey eoghan casey technical editorfr… ·...
Documents
casey - gait
Documents
casey@caseylucius.com
Documents
colman casey
Documents
casey weekly
Documents
creative sydney's changing sydney - presentation by eoghan...
Entertainment & Humor
casey, city of casey dra˝ sport and more active, physical
Documents
chapter 20 ©2011 eoghan casey. published by elsevier inc....
Documents
eoghan murphy real reorm, real progress td · eoghan murphy...
Documents