Cyber Crime Investigator's Field Guide
eBook - ePub

Cyber Crime Investigator's Field Guide

  1. 338 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Cyber Crime Investigator's Field Guide

About this book

Transhumanism, Artificial Intelligence, the Cloud, Robotics, Electromagnetic Fields, Intelligence Communities, Rail Transportation, Open-Source Intelligence (OSINT)—all this and more is discussed in Cyber Crime Investigator's Field Guide, Third Edition. Many excellent hardware and software products exist to protect our data communications systems, but security threats dictate that they must be all the more enhanced to protect our electronic environment.

Many laws, rules, and regulations have been implemented over the past few decades that have provided our law enforcement community and legal system with the teeth needed to take a bite out of cybercrime. But there is still a major need for individuals and professionals who know how to investigate computer network security incidents and can bring them to a proper resolution. Organizations demand experts with both investigative talents and a technical knowledge of how cyberspace really works. The third edition provides the investigative framework that needs to be followed, along with information about how cyberspace works and the tools that reveal the who, where, what, when, why, and how in the investigation of cybercrime.

Features



  • New focus area on rail transportation, OSINT, medical devices, and transhumanism / robotics



  • Evidence collection and analysis tools



  • Covers what to do from the time you receive "the call, " arrival on site, chain of custody, and more

This book offers a valuable Q&A by subject area, an extensive overview of recommended reference materials, and a detailed case study. Appendices highlight attack signatures, Linux commands, Cisco firewall commands, port numbers, and more.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Cyber Crime Investigator's Field Guide by Bruce Middleton in PDF and/or ePUB format, as well as other popular books in Computer Science & Cryptography. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Auerbach Publications
Year
2022
Print ISBN
9780367682309
eBook ISBN
9781000610499
Edition
3
Topic
Computer Science
Subtopic
Cryptography
Index
Computer Science

Chapter 1 The initial contact

DOI: 10.1201/9781003134817-1
When you are first contacted by a client, whether it be in person, over the telephone, or via e-mail, before you plunge headlong into the new case, some specific questions require answers up front. The answers to these questions will help you to be much better prepared when you actually arrive at the client’s site to collect evidence and interview personnel. Also remember that the cases you may be involved with vary tremendously. A short listing of case types would include:
  • Web page defacement
  • Hospital patient databases maliciously altered
  • Engineering design databases maliciously altered
  • Murder
  • Alibis
  • Espionage/Sabotage
  • Trade secret theft
  • Stolen corporate marketing plans
  • Computer network used as a jump-off point to attack other networks
  • Computer-controlled building environmental controls maliciously modified
  • Stolen corporate bid and proposal information
  • Military weapons systems altered
  • Satellite communication system takeover
Because so many different types of cases exist, review the questions listed below and choose those that apply to your situation. Ignore those that do not apply. Also, depending on your situation, think about the order in which you ask the questions. Note that your client may or may not know the answers to certain questions. Even if the client does not know the answers, these questions begin the thinking process for both you and the client. Add additional questions as you see fit, but keep in mind that this should be a short discussion: its purpose is to help you be better prepared when you arrive at the client’s site, not to have the answers to every question you can think of at this time. Ensure that the communication medium you are using is secure regarding the client and the information you are collecting, i.e., should you use encrypted e-mail? Should you use an STE (Secure Terminal Equipment; replaced the earlier STU III) or other pieces of communications equipment that allow secure voice and data communication (such as encryption) using SCIP (Secure Communications Interoperability Protocol), etc.? Questions you should ask (and these can vary depending on what country you are working in and the technologies they have in use) and requests that you may need to make of the client include:
  • Do you have an IDS (Intrusion Detection System) and/or an IPS (Intrusion Prevention System) in place? If so, which vendor?
  • Who first noticed the incident?
  • Is the attacker still online?
  • Are there any suspects?
  • Are security policies/procedures in place?
  • Have there been any contacts with ISPs (Internet Service Providers) and LEOs (law enforcement organizations)?
  • Why do you think there was a break-in?
  • How old is the equipment?
  • Can you quickly provide me with an electronic copy of your network architecture over a secure medium?
  • What operating systems are utilized at your facility?
  • Are the drives FAT, NTFS, or …?
  • What type of hardware platforms is utilized at your facility (Intel, Sparc, RISC [Reduced Instruction Set Computer], etc.)?
  • Do the compromised systems have CD-ROM drives, diskette drives, etc.?
  • Are these systems classified or is the area I will be in classified? At what level? Where do I fax my clearance?
  • What sizes are the hard drives on the compromised systems? SSD in use?
  • Will the system administrator be available when I arrive, along with any other experts you may have for the compromised system (platform level, operating system level, critical applications running on the system)?
  • What type of information did the compromised system hold? Is this information crucial to your business?
  • Will one of your network infrastructure experts be at my disposal when I arrive on site (personnel who know the organization’s network – routers, hubs, switches, firewalls, etc.)?
  • Have your physical security personnel secured the area surrounding the compromised systems so that no one enters the area? If not, please do so.
  • Does the crime scene area forbid or preclude the use of electronic communication devices such as cellular telephones, pagers, etc.?
  • Please have a copy of the system backup tapes for the past 30 days available for me.
  • Please put together a list of all the personnel involved with the compromised system and any projects the system is involved with.
  • Please check your system logs. When I arrive, have a listing that shows who accessed the compromised system in the past 24 hours.
  • Do the compromised systems have SCSI (Small Computer Systems Interface) or parallel ports (or both) or something else?
  • Please do not touch anything. Do not turn off any systems or power, etc.
  • What are the names of hotels close by where I can stay?
  • My expected arrival time is 6 pm. Will there be a cafeteria open so I can obtain something to eat?
  • Please do not mention the incident to anyone who does not absolutely need to know.

Chapter questions

  • 1. List five different case types.
  • 2. List eight questions you should have answers to before you arrive at the client site.
  • 3. Can the order in which you ask questions be important?
  • 4. What are the two major reasons for putting together a list of pertinent questions and obtaining answers?

Chapter 2 Client site arrival

DOI: 10.1201/9781003134817-2
On the way to the client’s site (whether by car, train, or aircraft), do not waste time. Focus on reviewing the answers the client gave to the questions in Chapter 1. If you were able to obtain it, review the network topology diagram that was sent to you. Discuss with your team members (if you are operating as part of a team) various approaches to the problem at hand. Know what your plan of attack is going to be by the time you arrive on site at the client’s premises. If you are part of a team, remember that only one person is in charge. Everyone on the team must completely support the team leader at the client’s site.
The first thing to do at the client’s site is to go through a pre-briefing. This is about a 15-minute period in which you interface with the client and the personnel the client has gathered to help in your investigation, giving you the opportunity to ask some additional questions, meet key personnel you will be working with (managers, system administrators, key project personnel who used the compromised system, security personnel, etc.), and obtain an update on the situ...

Table of contents

  1. Cover
  2. Half-Title
  3. Title
  4. Copyright
  5. Dedication
  6. Contents
  7. Preface
  8. About the author
  9. 1 The initial contact
  10. 2 Client site arrival
  11. 3 Evidence collection procedures
  12. 4 Evidence collection and analysis tools
  13. 5 AccessData’s Forensic Toolkit
  14. 6 Guidance Software’s EnCase
  15. 7 ILook Investigator
  16. 8 Password recovery
  17. 9 Questions and answers by subject area
  18. 10 Recommended: Reference materials
  19. 11 Case study
  20. 12 Rail transportation
  21. 13 Transhumanism, robotics, and medical devices
  22. 14 Memory and incident response system commands
  23. 15 Making use of open-source intelligence (OSINT)
  24. Appendix A: Glossary
  25. Appendix B: Port numbers of interest
  26. Appendix C: Attack signatures
  27. Appendix D: UNIX/Linux commands
  28. Appendix E: Cisco firewall commands
  29. Appendix F: Discovering unauthorized access to your computer
  30. Appendix G: Electromagnetic field analysis (EFA)
  31. Appendix H: The intelligence community since 9/11
  32. Appendix I: Answers to chapter questions
  33. Index