Handbook of Computer Crime Investigation Forensic Tools and Technology

Curt Bryson spent 11 years in the U.S. Air Force. He was originally responsible for the security of some of the Air Force's most highly guarded Top Secret information while assigned in Berlin. Curt was later selected as a Special Agent in the U. S. Air Force Office of Special Investigations. He is experienced in a wide variety of investigations including high-tech and telecommunications crime, procurement fraud, homicide, child pornography, espionage, terrorism, hate crimes, and counter-intelligence. Curt is federally certified by the Department of Defense in computer forensics and has extensive knowledge of computer networks, computer security, Internet topography and architecture. He is also the lead instructor for NTI's Internet Investigations Course and articles written by him have been published in ISSA's publication, PASSWORD; as well as ISACA's Information Management magazine. He has also conducted training courses at the national conventions of ISACA, ACFE and ASIS. His instruction at California State University in Sacramento led to Curt being named as a preferred member of the Criminal Justice Scholastic Speaker's Bureau Eoghan Casey earned his Master of Arts in Educational Communication and Technology at NYU's School of Education. He received his Bachelor of Science in Mechanical Engineering from the University of California, Berkeley. Working on a research satellite project for four years, along with subsequent computer programming and network administration positions, developed his understanding of satellite operations, computer automation, and communication networks and their misuses. Eoghan is currently a System Security Administrator for Yale University, where he investigates computer intrusions, cyberstalking reports, and other computer-related crimes, and assists in the research and implementation of university wide security solutions and is a full partner and instructor with Knowledge Solutions LLC David F. Clark received his B.S. engineering degree with electrical option in 1987 from LeTourneau University in Texas. Subsequently he spent three and a half years in the Middle East working in RF engineering. He then moved to Finland where he spent six and a half years in various positions in the wireless technology industry involving quality, manufacturing, marketing, and engineering. He is currently working in the area of wireless network technology testing. He resides with his wife in the Dallas area Karen Frederick is a senior security engineer for the Rapid Response Team at NFR Security. She holds a bachelor's degree in Computer Science from the University of Wisconsin-Parkside, and she is currently completing her master's degree in Computer Science, focusing in network security, through the University of Idaho's Engineering Outreach program. Karen has over 10 years of experience in technical support, system administration and information security. She holds several certifications, including Microsoft Certified Systems Engineer + Internet, Check Point Certified Security Administrator, SANS GIAC Certified Intrusion Analyst, GIAC Certified Unix Security Administrator, and GIAC Certified Incident Handler. Karen regularly writes articles on intrusion detection for SecurityFocus.com K. Edward Gibbs has over 12 years in the computing industry and has spent the last six years focused on internetworking and Internet security - mainly firewalls and VPN, although he has recently been involved in various aspects of wireless technologies. Previously, he spent most of his time developing real-time, mission-critical software for various Fortune 500 companies. He currently lives in California with his wife and three children Troy Larson is a forensic computing and electronic evidence consultant based out of Seattle, Washington. Troy focuses primarily on electronic evidence and legal support matters, as well as research and development of advanced forensic computing and investigative techniques and training. He specializes in assisting attorneys handle electronic evidence throughout all facets of litigation, including discovery and expert testimony. He is a frequent speaker to attorney information systems, and information security groups on issues related to electronic evidence and forensic computing. Mr. Larson is an active member of the Washington State Bar. He received his undergraduate and law degrees from the University of California at Berkeley H. Morrow Long is the Director of the Information Security Office at Yale University. He holds a B.S. in Communications from the Boston University School of Communication (1981) and a M.S. C.I.S. (Computing and Information Systems) from the University of New Haven (1986). Morrow is a UNIX, NT and TCP/IP security expert, an author, consultant and educator with more than 17 years of experience with the IP (Internet Protocol) networking protocols and over 10 years of experience designing Internet/Intranet firewalls and information security solutions. Morrow has written and released several software programs into the public domain. Prior to working at Yale University Mr. Long was a Member Technical Staff at the ITT Advanced Technology Labs in Stratford and Shelton (1984-6) and a Lead Programmer Analyst developing INVESTWARE(TM) at New England Management Systems (NEMS 1982-84) Mark E. Luque is a computer forensics practitioner for the DoD Computer Forensics Laboratory. He spent the past four years performing computer forensics analysis and studying the process of Unix analysis. He developed a comprehensive intrusion analysis program focusing on post-mortem analysis of victim and subject file systems and performed dozens of media analysis studies supporting defense and federal investigations. Mark is a Master Sergeant for the United States Air Force and a Computer Information Science undergraduate with the University of Maryland John McLean holds a Bachelor and Master of Science in Criminal Justice from Northeastern University. He has an exceptional background in Law Enforcement with specialization in the areas of Computer Crime Investigation, Computer Forensics, Computer Child Exploitation and Computer Security. His past assignments include the U.S. Marine Corps, U.S. Secret Service, U.S. Attorney's Office, and Massachusetts Attorney General's Office. Sergeant McLean is currently with the Medford Police Department in Massachusetts where he is Supervisor of Investigation for the Computer Crime and Forensic Investigation Unit. John has investigated hundreds of diverse, technically challenging computer crime cases and has assisted numberous Federal, State & Local Police Agencies with computer crime investigations. He is also an instructor for the Department of Justice, Massachusetts Criminal Justice Training Council, Northeastern University, and other private and public organizations Sigurd E. Murphy, a government contractor from Veridian Information Solutions, is currently a Computer Forensic Examiner with the U.S. Department of Defense Computer Forensic Laboratory (DCFL). He focuses on computer intrusions and investigations in the Windows NT environment. Sig received his Bachelor of Arts in Psychology with a minor in Computer Science from Georgetown University. Previous to his employment at the DCFL, he worked as a Senior Technology Consultant, and later as Manager of Lab and Network security for Georgetown University John Patzakis joined Guidance Software as general counsel in January 2000 from the law firm of Corey & Patzakis, of which he was a founder. A senior partner practicing primarily in the areas of insurance and business litigation, his focus shifted in 1998 to issues relating to the discovery and admissibility of electronic evidence. Guidance Software presented an excellent opportunity for John to combine his legal talents with his knowledge of technology at the leading computer forensics software company. Upon receiving his juris doctorate from Santa Clara University School of Law, John was admitted to the California State Bar in December 1992. Prior to receiving his law degree, John received a bachelor of arts in political science from the University of Southern California in 1989. He began his legal career at the Los Angeles, California civil litigation firm of Cotkin & Collins, where he served as an associate in the firm's business litigation department Steve Romig is in charge of the Ohio State University Incident Response Team, which provides incident response assistance, training, consulting, and security auditing service for The Ohio State University community. He is also working with a group of people from Central Ohio businesses to improve Internet security response and practices in the Ohio area. Steve received his Bachelor's degree in Math (Computer Science Track) from Carnegie Mellon University in 1983. In years past Steve has worked as lead UNIX system administrator at one site with 40,000 users and 12 hosts and another site with 3000 users and over 500 hosts. Most recently Steve has been working on tools to make it easier to investigate network-related evidence of computer security incidents, such as the Review package for viewing the contents of tcpdump logs, and the flow-tools package from Mark Fullmer for looking at Cisco net flow logs Keith Seglem, a government contractor from Veridian Information Solutions, has been a Senior Computer Forensic Examiner with the U.S. Department of Defense Computer Forensic Laboratory since its inception over 3 years ago. He focuses on Unix and computer intrusion investigation and analysis. Keith began programming during high school in 1975 and went on to major in Computer Science with a minor in Psychology at New Mexico Tech. He worked as an engineers assistant at the National Radio Astronomy Observatory, VLA, in New Mexico, and later as a programmer at what is now the Energetic Materials Research and Testing Center in socorro. After a serious case of burnout, he joined the U.S. Air Force. He began his Air Force career in Electronic Warfare, progressed into digital signal intelligence, and retired as a Computer Security Officer. While on active duty, he completed AAS and BSED degrees. Since retiring he has been involved with and received commendations from various law enforcement organizations including the FBI, DEA, AFOSI and DCIS Bob Sheldon is vice president of Guidance Software, holds a bachelor's degree in economics, is certified in applications programming, and has completed coursework in network and Internet operations. Having served in law enforcement for 20 years, Bob's last assignment prior to joining the company was as supervisor for the computer forensics team of the California Department of Insurance, Fraud Division. He has been conducting computer-based investigations on seized computers since 1988 and has received more than 350 hours of formal training. Bob is certified to instruct on both the specialities of computer and economic crime and seizure and the examination of microcomputers at the California Commission on Peace Officer Standards and Training Institute for Criminal Investigation. He has testified regarding computer evidence in cases involving fraud, narcotics and homicide Todd G. Shipley is a Detective Sergeant with the Reno, Nevada Police Department. He has over 22 years experience as a police officer with 16 of those years conducting and managing criminal investigations. He currently supervises his department's Financial Crimes and Computer Crimes Units. For the past ten years he has been actively involved in developing law enforcement response to technology crime. He speaks and teaches regularly on technology crime investigations. He holds certification in Computer Forensics as a Certified Forensic Computer Examiner from the International Association of Computer Investigative Specialists and is a Certified Fraud Examiner Scott Stevens graduated with a Bachelor of Science Degree in Business Administration from Fort Lewis College in Durango, Colorado. Scott has been with NTI since 1998 and is currently Vice President of Marketing. While at NTI he has dealt extensively with hundreds of law enforcement and military computer forensics specialists. He has completed NTI's forensic training program and has lectured concerning automated computer forensic processes and software tools at the Los Alamos National Laboratory in New Mexico and for numerous professional organizations Ronald van der Knijff received his BSc degree in electrical engineering in 1991 from the Rijswijk Institute of Technology. After performing military service as a Signal Officer he obtained his MSc degree in Information Technology in 1996 from the Eindhoven University of Technology. Since then he has worked at the Digital Technology department of the Netherlands Forensic Institute as a scientific investigator and is currently responsible for the embedded systems group. He also lectures on 'Smart Cards and Biometrics' at the EUFORCE Masters Program 'Information Technology' at the Technical University of Eindhoven, and on 'Cards & IT' at the 'Dutch Police Academy'Casey, Eoghan is the author of 'Handbook of Computer Crime Investigation Forensic Tools and Technology' with ISBN 9780121631031 and ISBN 0121631036.