Cyber Crime Investigator's Field Guide
Bruce Middleton
- 338 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
Cyber Crime Investigator's Field Guide
Bruce Middleton
About This Book
Transhumanism, Artificial Intelligence, the Cloud, Robotics, Electromagnetic Fields, Intelligence Communities, Rail Transportation, Open-Source Intelligence (OSINT)—all this and more is discussed in Cyber Crime Investigator's Field Guide, Third Edition. Many excellent hardware and software products exist to protect our data communications systems, but security threats dictate that they must be all the more enhanced to protect our electronic environment.
Many laws, rules, and regulations have been implemented over the past few decades that have provided our law enforcement community and legal system with the teeth needed to take a bite out of cybercrime. But there is still a major need for individuals and professionals who know how to investigate computer network security incidents and can bring them to a proper resolution. Organizations demand experts with both investigative talents and a technical knowledge of how cyberspace really works. The third edition provides the investigative framework that needs to be followed, along with information about how cyberspace works and the tools that reveal the who, where, what, when, why, and how in the investigation of cybercrime.
Features
- New focus area on rail transportation, OSINT, medical devices, and transhumanism / robotics
-
- Evidence collection and analysis tools
-
- Covers what to do from the time you receive "the call, " arrival on site, chain of custody, and more
-
This book offers a valuable Q&A by subject area, an extensive overview of recommended reference materials, and a detailed case study. Appendices highlight attack signatures, Linux commands, Cisco firewall commands, port numbers, and more.
Frequently asked questions
Information
Chapter 1 The initial contact
- Web page defacement
- Hospital patient databases maliciously altered
- Engineering design databases maliciously altered
- Murder
- Alibis
- Espionage/Sabotage
- Trade secret theft
- Stolen corporate marketing plans
- Computer network used as a jump-off point to attack other networks
- Computer-controlled building environmental controls maliciously modified
- Stolen corporate bid and proposal information
- Military weapons systems altered
- Satellite communication system takeover
- Do you have an IDS (Intrusion Detection System) and/or an IPS (Intrusion Prevention System) in place? If so, which vendor?
- Who first noticed the incident?
- Is the attacker still online?
- Are there any suspects?
- Are security policies/procedures in place?
- Have there been any contacts with ISPs (Internet Service Providers) and LEOs (law enforcement organizations)?
- Why do you think there was a break-in?
- How old is the equipment?
- Can you quickly provide me with an electronic copy of your network architecture over a secure medium?
- What operating systems are utilized at your facility?
- Are the drives FAT, NTFS, or …?
- What type of hardware platforms is utilized at your facility (Intel, Sparc, RISC [Reduced Instruction Set Computer], etc.)?
- Do the compromised systems have CD-ROM drives, diskette drives, etc.?
- Are these systems classified or is the area I will be in classified? At what level? Where do I fax my clearance?
- What sizes are the hard drives on the compromised systems? SSD in use?
- Will the system administrator be available when I arrive, along with any other experts you may have for the compromised system (platform level, operating system level, critical applications running on the system)?
- What type of information did the compromised system hold? Is this information crucial to your business?
- Will one of your network infrastructure experts be at my disposal when I arrive on site (personnel who know the organization’s network – routers, hubs, switches, firewalls, etc.)?
- Have your physical security personnel secured the area surrounding the compromised systems so that no one enters the area? If not, please do so.
- Does the crime scene area forbid or preclude the use of electronic communication devices such as cellular telephones, pagers, etc.?
- Please have a copy of the system backup tapes for the past 30 days available for me.
- Please put together a list of all the personnel involved with the compromised system and any projects the system is involved with.
- Please check your system logs. When I arrive, have a listing that shows who accessed the compromised system in the past 24 hours.
- Do the compromised systems have SCSI (Small Computer Systems Interface) or parallel ports (or both) or something else?
- Please do not touch anything. Do not turn off any systems or power, etc.
- What are the names of hotels close by where I can stay?
- My expected arrival time is 6 pm. Will there be a cafeteria open so I can obtain something to eat?
- Please do not mention the incident to anyone who does not absolutely need to know.
Chapter questions
- 1. List five different case types.
- 2. List eight questions you should have answers to before you arrive at the client site.
- 3. Can the order in which you ask questions be important?
- 4. What are the two major reasons for putting together a list of pertinent questions and obtaining answers?