Computer Evidence: Collection and Preservation, 2nd Edition

  • Christopher L.T. Brown
  • ISBN-10: 1584506997  |  ISBN-13: 9781584506997
  • 518 Pages
  • Previous Editions: 2006
  • © 2010 | Published
  • List Price = $ 49.99
  • For quantity discounts, Contact your Representative
  • For single copy purchases, visit



As computers and data systems continue to evolve, they expand into every facet of our personal and business lives. Never before has our society been so information and technology driven. Because computers, data communications, and data storage devices have become ubiquitous, few crimes or civil disputes do not involve them in some way. This book teaches law enforcement, system administrators, information technology security professionals, legal professionals, and students of computer forensics how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. It has been updated to take into account changes in federal rules of evidence and case law that directly address digital evidence, as well as to expand upon portable device collection.

Features and Benefits

  • Covers key areas such as rules of evidence, evidence dynamics, network topologies, collecting volatile data, imaging methodologies, and forensics labs and workstations.
  • Provides a practical field guide to evidence collection and preservation that will help maintain evidence acceptability.
  • Teaches criminal investigators everything they need to know to ensure the integrity of their digital evidence.
  • Includes a CD-ROM with several demo and freeware software applications as well as document templates, worksheets, and references.

Table of Contents

Part I: Computer Forensics and Evidence Dynamics;
Chapter 1: Computer Forensics Essentials;
Chapter 2: Rules of Evidence, Case Law, and Regulation;
Chapter 3: Evidence Dynamics;

Part II: Information Systems;
Chapter 4: Interview, Policy, and Audit;
Chapter 5: Network Topology and Architecture;
Chapter 6: Volatile Data;

Part III: Data Storage Systems and Media;
Chapter 7: Physical Disk Technologies;
Chapter 8: SAN, NAS, and RAID;
Chapter 9: Removable Media;

Part IV: Artifact Collection;
Chapter 10: Tools, Preparation, and Documentation;
Chapter 11: Collecting Volatile Data;
Chapter 12: Imaging Methodologies;
Chapter 13: Large System Collection;
Chapter 14: Personal Portable Device Collection

Part V: Archiving and Maintaining Evidence;
Chapter 15: The Forensics Workstation;
Chapter 16: The Forensics Lab;
Chapter 17: Whats Next;

Part IV: Computer Evicence Collection and Preservation Appendixes;
Appendix A: Sample Chain of Custody Form;
Appendix B: Evidence Collection Worksheet;
Appendix C: Evidence Access Worksheet;
Appendix D: Forensics Field Kit;
Appendix E: Hexadecimal Flags for Partition Types;
Appendix F: Forensics Tools for Digital Evidence Collection;
Appendix G: Agencies, Contacts, and Resources;
Appendix H: Cisco Router Command Cheat Sheet;
Appendix I: About the CD-ROM

Meet the Author

Author Bio

Christopher L.T. Brown

Christopher L. T. Brown, CISSP, is the founder and CTO of Technology Pathways. He is the chief architect of the Technology Pathways ProDiscover family of security products. Prior to his position with Technology Pathways, Mr. Brown served in key technology positions at several companies including GlobalApp, Inc., CompuVision, Inc., and StoragePoint, Inc. He is retired from a career with the U.S. Navy, where he managed a large team of technicians working in the area of information warfare and network security operations. In addition to his demanding duties as ProDiscover’s chief architect, Mr. Brown teaches network security and computer forensics at the University of California at San Diego and has written numerous books on Windows, Security, the Internet, and forensics. He served as president of the San Diego HTCIA chapter in 2006, first vice president in 2005, second vice president in 2003, and was the 2007 HTCIA International conference chair. He attended UCSD and holds numerous career certifications from (ISC)2, Microsoft, Cisco, CompTIA, and CITRIX.