[...]... 1: Computer Crime, Computer Forensics, and Computer Security w Chapter 2: Current Practice w Chapter 3: Computer Forensics in Law Enforcement and National Security w Chapter 4: Computer Forensics in Forensic Accounting The second focus (Chapter 5 to 7) of this book is on intrusion investigation and intrusion forensics, on the inter-relationship between intrusion detection and intrusion forensics, and. .. that intrusions are a special kind of computer crime, and that intrusion forensics is correspondingly a specialization of computer forensics 1.4 Establishing a case in computer forensics Section 1.3 distinguished between crime assisted by computers and crime specifically targeting computers in order to establish the difference between computer forensics and intrusion forensics Both, however, rely upon computer- based... Here, we explore the special characteristics of computer- based evidence, and its place within the forensic tradition We can then introduce adequate definitions for both computer forensics and intrusion forensics 1.4 Establishing a case in computer forensics 13 Computer forensics and intrusion forensics, in both the broad sense (using any computer evidence) and narrow sense (focusing on courtadmissible... incidentally or 4 Computer Crime, Computer Forensics, and Computer Security whether perpetrated through or against a computer We outline a spectrum of ways in which people perpetrate familiar crimes or invent new ones This chapter then highlights that while computer forensics and intrusion forensics are rapidly gaining ground as valid subdisciplines of traditional forensics, there are both similarities and important... jurisdiction(s), the task of the computer and intrusion forensics investigator will become more critical in the future and is bound to become more complex Having standard references and resources for these personnel is an important step in the maturation of the field This book presents a careful and comprehensive treatment of the areas of computer forensics and intrusion forensics, thus Foreword by Eugene... increase, there has been a greater need to understand the causes and effects of intrusions, on-line crimes, and network-based attacks The critical importance of the areas of computer forensics, network forensics and intrusion forensics is growing, and will be of great importance in the years to come Recent events and recent legislation, both national and international, mean that this book is especially... otherwise involving computers 2 Intrusion forensics, which relates to the investigation of attacks or suspicious behavior directed against computers per se In both cases, information technology facilitates both the commission and the investigation of the act in question, and in that sense we see that intrusion forensics is a specific area of computer forensics, applied to computer intrusion activities... computer piracy 12 Computer Crime, Computer Forensics, and Computer Security For example, in the case of an extortion investigation, an investigator would begin by looking at the following: ‘‘ date and time stamps, e-mail, history log, Internet activity logs, temporary Internet files, and user names’’ [7] In contrast, a computer intrusion case suggests both more computer expertise and more computer- based... role computer evidence plays in information warfare (see Chapter 6) and other applications of preventative surveillance In Section 1.4.1 we overview the genesis of computer forensics and its emergence as a professional discipline, a topic treated in detail in Chapter 3 14 Computer Crime, Computer Forensics, and Computer Security 1.4.1 Computer forensic analysis within the forensic tradition Although computer. .. take place on private networks and via specialpurpose protocols An important point to note is that while computer forensics often speaks in legal terms like evidence, seizure, and investigation, not all computer- related misdeeds are criminal, and not all investigations result in court proceedings We will introduce broad definitions for computer forensics and intrusion forensics which include these less . between intrusion detection and intrusion forensics, and upon future developments: w Chapter 5: Case Studies w Chapter 6: Intrusion Detection and Intrusion Forensics w Chapter. . . . . . . . . . . . . 253 6 Intrusion Detection and Intrusion Forensics 257 6.1 Intrusion detection, computer forensics, and information warfare . . .