eBook - ePub
Cyber Crime Investigator's Field Guide
Bruce Middleton
This is a test
- 338 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Cyber Crime Investigator's Field Guide
Bruce Middleton
Book details
Book preview
Table of contents
Citations
About This Book
Transhumanism, Artificial Intelligence, the Cloud, Robotics, Electromagnetic Fields, Intelligence Communities, Rail Transportation, Open-Source Intelligence (OSINT)—all this and more is discussed in Cyber Crime Investigator's Field Guide, Third Edition. Many excellent hardware and software products exist to protect our data communications systems, but security threats dictate that they must be all the more enhanced to protect our electronic environment.
Many laws, rules, and regulations have been implemented over the past few decades that have provided our law enforcement community and legal system with the teeth needed to take a bite out of cybercrime. But there is still a major need for individuals and professionals who know how to investigate computer network security incidents and can bring them to a proper resolution. Organizations demand experts with both investigative talents and a technical knowledge of how cyberspace really works. The third edition provides the investigative framework that needs to be followed, along with information about how cyberspace works and the tools that reveal the who, where, what, when, why, and how in the investigation of cybercrime.
Features
- New focus area on rail transportation, OSINT, medical devices, and transhumanism / robotics
-
- Evidence collection and analysis tools
-
- Covers what to do from the time you receive "the call, " arrival on site, chain of custody, and more
-
This book offers a valuable Q&A by subject area, an extensive overview of recommended reference materials, and a detailed case study. Appendices highlight attack signatures, Linux commands, Cisco firewall commands, port numbers, and more.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Cyber Crime Investigator's Field Guide an online PDF/ePUB?
Yes, you can access Cyber Crime Investigator's Field Guide by Bruce Middleton in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Ciberseguridad. We have over one million books available in our catalogue for you to explore.
Information
Chapter 1 The initial contact
DOI: 10.1201/9781003134817-1
When you are first contacted by a client, whether it be in person, over the telephone, or via e-mail, before you plunge headlong into the new case, some specific questions require answers up front. The answers to these questions will help you to be much better prepared when you actually arrive at the client’s site to collect evidence and interview personnel. Also remember that the cases you may be involved with vary tremendously. A short listing of case types would include:
- Web page defacement
- Hospital patient databases maliciously altered
- Engineering design databases maliciously altered
- Murder
- Alibis
- Espionage/Sabotage
- Trade secret theft
- Stolen corporate marketing plans
- Computer network used as a jump-off point to attack other networks
- Computer-controlled building environmental controls maliciously modified
- Stolen corporate bid and proposal information
- Military weapons systems altered
- Satellite communication system takeover
Because so many different types of cases exist, review the questions listed below and choose those that apply to your situation. Ignore those that do not apply. Also, depending on your situation, think about the order in which you ask the questions. Note that your client may or may not know the answers to certain questions. Even if the client does not know the answers, these questions begin the thinking process for both you and the client. Add additional questions as you see fit, but keep in mind that this should be a short discussion: its purpose is to help you be better prepared when you arrive at the client’s site, not to have the answers to every question you can think of at this time. Ensure that the communication medium you are using is secure regarding the client and the information you are collecting, i.e., should you use encrypted e-mail? Should you use an STE (Secure Terminal Equipment; replaced the earlier STU III) or other pieces of communications equipment that allow secure voice and data communication (such as encryption) using SCIP (Secure Communications Interoperability Protocol), etc.? Questions you should ask (and these can vary depending on what country you are working in and the technologies they have in use) and requests that you may need to make of the client include:
- Do you have an IDS (Intrusion Detection System) and/or an IPS (Intrusion Prevention System) in place? If so, which vendor?
- Who first noticed the incident?
- Is the attacker still online?
- Are there any suspects?
- Are security policies/procedures in place?
- Have there been any contacts with ISPs (Internet Service Providers) and LEOs (law enforcement organizations)?
- Why do you think there was a break-in?
- How old is the equipment?
- Can you quickly provide me with an electronic copy of your network architecture over a secure medium?
- What operating systems are utilized at your facility?
- Are the drives FAT, NTFS, or …?
- What type of hardware platforms is utilized at your facility (Intel, Sparc, RISC [Reduced Instruction Set Computer], etc.)?
- Do the compromised systems have CD-ROM drives, diskette drives, etc.?
- Are these systems classified or is the area I will be in classified? At what level? Where do I fax my clearance?
- What sizes are the hard drives on the compromised systems? SSD in use?
- Will the system administrator be available when I arrive, along with any other experts you may have for the compromised system (platform level, operating system level, critical applications running on the system)?
- What type of information did the compromised system hold? Is this information crucial to your business?
- Will one of your network infrastructure experts be at my disposal when I arrive on site (personnel who know the organization’s network – routers, hubs, switches, firewalls, etc.)?
- Have your physical security personnel secured the area surrounding the compromised systems so that no one enters the area? If not, please do so.
- Does the crime scene area forbid or preclude the use of electronic communication devices such as cellular telephones, pagers, etc.?
- Please have a copy of the system backup tapes for the past 30 days available for me.
- Please put together a list of all the personnel involved with the compromised system and any projects the system is involved with.
- Please check your system logs. When I arrive, have a listing that shows who accessed the compromised system in the past 24 hours.
- Do the compromised systems have SCSI (Small Computer Systems Interface) or parallel ports (or both) or something else?
- Please do not touch anything. Do not turn off any systems or power, etc.
- What are the names of hotels close by where I can stay?
- My expected arrival time is 6 pm. Will there be a cafeteria open so I can obtain something to eat?
- Please do not mention the incident to anyone who does not absolutely need to know.
Chapter questions
- 1. List five different case types.
- 2. List eight questions you should have answers to before you arrive at the client site.
- 3. Can the order in which you ask questions be important?
- 4. What are the two major reasons for putting together a list of pertinent questions and obtaining answers?
Chapter 2 Client site arrival
DOI: 10.1201/9781003134817-2
On the way to the client’s site (whether by car, train, or aircraft), do not waste time. Focus on reviewing the answers the client gave to the questions in Chapter 1. If you were able to obtain it, review the network topology diagram that was sent to you. Discuss with your team members (if you are operating as part of a team) various approaches to the problem at hand. Know what your plan of attack is going to be by the time you arrive on site at the client’s premises. If you are part of a team, remember that only one person is in charge. Everyone on the team must completely support the team leader at the client’s site.
The first thing to do at the client’s site is to go through a pre-briefing. This is about a 15-minute period in which you interface with the client and the personnel the client has gathered to help in your investigation, giving you the opportunity to ask some additional questions, meet key personnel you will be working with (managers, system administrators, key project personnel who used the compromised system, security personnel, etc.), and obtain an update on the situ...