Cyber Forensics
eBook - ePub

Cyber Forensics

Examining Emerging and Hybrid Technologies

  1. 336 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Cyber Forensics

Examining Emerging and Hybrid Technologies

About this book

Threat actors, be they cyber criminals, terrorists, hacktivists or disgruntled employees, are employing sophisticated attack techniques and anti-forensics tools to cover their attacks and breach attempts. As emerging and hybrid technologies continue to influence daily business decisions, the proactive use of cyber forensics to better assess the risks that the exploitation of these technologies pose to enterprise-wide operations is rapidly becoming a strategic business objective. This book moves beyond the typical, technical approach to discussing cyber forensics processes and procedures. Instead, the authors examine how cyber forensics can be applied to identifying, collecting, and examining evidential data from emerging and hybrid technologies, while taking steps to proactively manage the influence and impact, as well as the policy and governance aspects of these technologies and their effect on business operations.

A world-class team of cyber forensics researchers, investigators, practitioners and law enforcement professionals have come together to provide the reader with insights and recommendations into the proactive application of cyber forensic methodologies and procedures to both protect data and to identify digital evidence related to the misuse of these data. This book is an essential guide for both the technical and non-technical executive, manager, attorney, auditor, and general practitioner who is seeking an authoritative source on how cyber forensics may be applied to both evidential data collection and to proactively managing today's and tomorrow's emerging and hybrid technologies. The book will also serve as a primary or supplemental text in both under- and post-graduate academic programs addressing information, operational and emerging technologies, cyber forensics, networks, cloud computing and cybersecurity.

Trusted by 375,005 students

Access to over 1 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
CRC Press
Year
2021
Topic
Computer Science
eBook ISBN
9781000424935
Subtopic
Cyber Security
Index
Computer Science

Chapter 1 Cyber forensics

Compliance and auditing

Douglas Menendez

Contents

  1. Introduction
  2. Cyber Forensics Event Timeline
  3. Why Is Cyber Forensics Important?
  4. Cyber Forensics and Today’s Auditing Profession
  5. Cyber Forensics: A Timeline of Significant Contributions
  6. Cyber Forensics: Solving Digital Crimes One Byte at a Time
  7. Future Challenges for Cyber Forensics
  8. Cyber Forensics Relevant Laws and Regulations
  9. Computer Fraud and Abuse Act (CFAA)
    1. Cybercrime federal legislation – evolution
  10. State Legislation
  11. Hacking Laws and Punishments
    1. Definition of hacking and types of hackers
    2. Federal hacking laws
    3. Hacking laws: State laws
  12. Cyber Forensics Policies and Controls
    1. Policies
    2. Guidelines and procedures
  13. Performing the Forensic Process
    1. Phase 1 – Data collection
    2. Phase 2 – Examination
    3. Phase 3 – Analysis
    4. Phase 4 – Reporting
  14. Quality Standards for Digital Forensics
  15. Management Standards
  16. Workforce Standards
  17. Cyber Forensic Certifications
  18. CFCE – Certified Forensic Computer Examiner
  19. CHFI – Computer Hacking Forensic Investigator
  20. GCFA – GIAC Certified Forensic Analyst
  21. GCFE – GIAC Certified Forensic Examiner
  22. CCE – Certified Computer Examiner
  23. Certifications Compared: GCFE vs. CFCE vs. CCE
  24. Vendor-specific Certifications
  25. EnCase Certified Examiner (EnCE) Certification Program
  26. Best Digital Forensics Certifications
  27. The Role of Audit in Cyber Forensics
    1. External audit’s role in cyber forensics
    2. Internal audit
  28. Cyber Forensics Case Studies
  29. Eminent Cases Solved with Digital Forensics
  30. Summary
  31. Notes

Introduction

The constructs of compliance and auditing may vary depending upon industry and application. To begin this chapter on common ground, we will first take a brief look at exactly what compliance and auditing is, from a broad, more global perspective. In many instances throughout this book, the reader will encounter terms such as examiner and investigator. While auditing involves both the process of examination and investigation, there is both an operational as well as functional difference between the two processes.
Let’s start with some definitions of compliance and auditing.
  • The definition of compliance is: ‘the action of complying with a command,” or “the state of meeting rules or standards.’ In the corporate world, it’s defined as the process of making sure your company and employees follow all laws, regulations, standards, and ethical practices that apply to your organization and industry 1
The definition of an audit is the process of evaluation or analysis of something to determine its accuracy. In the business world, auditing can be focused on financial, operational, or information technology:
  • Financial Auditing:
    The process of verifying a company’s financial information. An auditor examines a company’s accounting books and records in order to determine whether the company is following appropriate accounting procedures. An auditor issues an opinion in a report that says whether the financial statements “present fairly” the company’s financial position and its operational results in accordance with Generally Accepted Accounting Principles (GAAP).2
  • Operational Auditing:
    An independent review and examination of records and activities to assess the adequacy of operational controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures.3
  • Information Technology Auditing:
    An independent review and examination of system records and activities in order to test the adequacy and effectiveness of data security and data integrity procedures, to ensure compliance with established policy and operational procedures, and to recommend any necessary changes.4
There are also two main categories of auditing: internal and external.
  • Definition of Internal Auditing:
    Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.5
  • Definition of External Auditing:
    External auditing is an independent function outside of the organization that assesses the financial and risk associated aspects in order to comply with statutory audit requirements. The main role of external audit is to provide an opinion whether the company financial statements present a true and fair view of the company’s financial results. The external audit function is managed by the external auditor, who in the United States is typically a Certified Public Accountant.6
The audit work performed by an auditor is different from the investigation work performed by cyber forensic professionals (see Table 1.1).
The remainder of this chapter will focus the reader’s attention on a review and examination of auditing and compliance and the rapidly growing field of cyber forensics.
As defined by UpGuard, Cyber forensics is a branch of forensic science focused on the recovery and investigation of material found in digital devices and cybercrimes. Throughout this book, cyber forensics, digital forensics, and computer forensics are used interchangeably.
As society increases reliance on computer systems and cloud computing, cyber forensics becomes a crucial aspect of law enforcement agencies and businesses. The reader interested in a deeper review of cyber forensics and cloud computer is directed to Chapter 4 and Ronald L. Krutz’s examination of the subject.
Table 1.1 Auditing vs. investigation comparison7
Basis for comparisonAuditingInvestigation
MeaningThe process of inspecting the books of accounts of an entity and reporting on it is known as Auditing.An inquiry conducted for establishing a specific fact or truth is known as Investigation.
NatureGeneral ExaminationCritical and in-depth examination
EvidencesThe evidences are persuasive in nature.The evidences are unquestionable; therefore, its nature is decisive.
Time HorizonAnnuallyAs per requirement
Performed byCertified Public Accountant or Chartered AccountantExperts
ReportingGeneral PurposeConfidential
ObligatoryYesNo
AppointmentAn auditor is appointed by the shareholders of the company.The management or shareholders or a third party can appoint investigator.
ScopeSeeks to form an opinion on financial statements.Seeks to answer the questions that are asked in the engagement letter.
Cyber forensics is concerned with the identification, preservation, examination, and analysis of digital evidence, using scientifically accepted and validated processes to be used in and outside of a court of law.
While its roots stretch back to the personal computing revolution in the late 1970s, cyber forensics began to take shape in the 1990s, and it wasn't until the early 21st century that countries like the United States began rolling out nation-wide policies.8
Addressed throughout this chapter will be a discussion of a cyber forensics event timeline, relevant laws, and regulations along with applicable cyber forensic policies and procedures. Equally important will be a review and discussion of best practices for cyber forensics compliance, along with cyber forensic certifications.
By the end of this chapter, we will examine the role of audit in cyber forensics and using cyber forensics proactively to mitigate fraud.

Cyber Forensics Event Timeline

Before we look at a cyber forensics event timeline, it is important to first understand some of the major milestones in cybersecurity breaches.
Cybersecurity is an evolving field that is in a constant state of flux (see Table 1.2). Hackers are unrelenting in their search for vulnerabilities to exploit, while information security professionals try to assure that information and assets are properly protected. By understanding the cyber events of the past, we can hopefully learn and improve our future cybersecurity policies, processes, and procedures.
Table 1.2 Cybersecurity breach milestones9
DateThreat ActorDescription
Early 1970sBob ThomasThomas wrote the ‘Creeper,’ a self-replicating program that used ARAPNET to infect DEC PDP-10 computer and display the message, ‘I’m the creeper, catch me if you can!’
1976–2006Greg Chung Boeing CorporationChung stole $2 billion (US) worth of aerospace docs and gave them to China. 225,000 pages of sensitive material were recovered in his home. This was one of the largest insider attacks in history with malicious intent to supply China with proprietary military and spacecraft intel.
2013Edward SnowdenFormer CIA employee and contractor for the US government copied and leaked classified information from the National Security Agency.
2013–2014UnknownLargest Data Breach. Yahoo reported a breach by a group of hackers that jeopardized the accounts of all 3 billion users. Everything from names to passwords and security question answers were compromised. Yahoo failed to report this breach until 2016 and was fined $35 million by the SEC for failure to disclose the breach in a timely manner.
2015UnknownThe US Office of Personne...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Contents
  7. Preface
  8. Acknowledgements
  9. Editor
  10. Contributors
  11. Chapter 1 Cyber forensics: Compliance and auditing
  12. Chapter 2 IoT and the role of cyber forensics
  13. Chapter 3 Cyber forensics: Examining commercial Unmanned Aircraft Systems (UASs) and Unmanned Aerial Vehicles (UAVs)
  14. Chapter 4 Cloud forensics
  15. Chapter 5 Forensics of the digital social triangle with an emphasis on Deepfakes
  16. Chapter 6 Operational technology, industrial control systems, and cyber forensics
  17. Chapter 7 Cyber forensics and risk management
  18. Chapter 8 Mobile device forensics: An introduction
  19. Chapter 9 Forensic accounting and the use of E-discovery and cyber forensics
  20. Chapter 10 Cyber forensic tools and utilities
  21. Index

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Cyber Forensics by Albert J. Marcella, Al Marcella in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.