NCJ Number
195119
Date Published
2002
Length
81 pages
Annotation
This chapter provides an overview of how to retrieve forensic evidence contained on a computer network.
Abstract
The authors of this chapter note that there is a plethora of information concerning human activity that is contained on computer networks. They explain that according to Locard’s Exchange Principle, every time an offender comes into contact with a location or another person, an exchange of evidence occurs. To extrapolate this in terms of computer usage, the authors explain that every time an offender uses a computer network, information about that offender and their crime may be recorded and saved by the computer. This chapter explains how forensic experts can retrieve valuable criminal information using computer networks. An overview of network protocols is offered as well as a discussion on how to collect and document evidence on a network. The chapter also explains potential sources of evidence on networked systems and different types of network devices. The authors offer numerous case examples to help clarify their main points. Tables, figures, references