Forensic Computer Crime Investigation | Beginners To Pro

Tutorials & Methods
, , ,
1

-
-583×602 88 KB

The expanding availability of computers within society coupled with their ease of use and the unregulated Internet, which provides any number of hacking and attack tools for free download, has introduced into our society new challenges and threats at the same time. Our nation’s commercial, economic, and financial systems are now totally dependent on the rapid exchange of information, which requires a safe and secure exchange of data through our country’s vast computer networks. In fact, it is our nation’s
entire infrastructure of our power grid, transportation systems, hospital and health systems, water systems, food production and distribution systems, and governmental agencies that are operated by our computers and require that they continue to operate with both assurance and authenticity. Our reliance
on this infrastructure that has made our nation one of the richest and most dependable in the entire world is also our Achilles’ heel, and these computerbased infrastructure systems are vulnerable to human error, natural disaster, and exploitative attacks. The rapid pace of scientific and technological advancement has provided additional benefits to society; nevertheless, we must also be aware of the unintended and latent dysfunctional consequences that occasionally accompany such rapid growth and change. How we mitigate and manage these risks will in some cases be effective and, in other situations, require risk avoidance strategies.

Contents

  1. Computer Crime and the Electronic Crime Scene…1
    Thomas A. Johnson
    I. Introduction and Historical Developments…2
    II. Crime Scenes with Digital and Electronic Evidence …5
    III. Computers, Electronic Equipment, Devices, and Information
    Repositories …6
    A. The Value of Equipment and Information …7
    B. Information Repositories — Informational Value …8
    C. Information Collection…8
    D. Management of the Electronic Crime Scene …9
    E. Electronic Crime Scene Procedures…10
    F. Initiating the Forensic Computer Investigation …14
    G. Investigative Tools and Electronic Crime Scene
    Investigation …16
    IV. Legal Issues in the Searching and Seizure of Computers …16
    A. Searching and Seizing Computers without a Warrant…17
    B. Searching and Seizing Computers with a Warrant …18
    V. Summary …19
    References…20
  2. The Digital Investigative Unit: Staffing, Training, and Issues…21
    Chris Malinowski
    I. Unit Name …22
    II. Mission Statement…22
    A. One Unit’s History…30
    III. Investigations…31
    A. Responsibility …31
    B. Proactive versus Reactive…32
    C. Productivity and Metrics…33
    D. Resources …34
    IV. Staffing …36
    A. Case Investigator …38
    B. Lab Specialist…39
    C. Simple Case: Dual Role …40
    D. Participation with Other Agencies …42
    6 Forensic Computer Crime Investigation
    E. Civil Service: Performing Out-of-Title…42
    F. Recruitment, Hiring, and Retention…42
    G. Administrative Issues…43
    H. Retirement …43
    I. Advancement and Rewarding …44
  3. Unavailability of Personnel and the Interchangeable
    Man…45
    J. Misuse of Personnel…47
    K. Interviewing…48
    L. Training…50
    V. Summary …53
  4. Criminal Investigation Analysis and Behavior: Characteristics of
    Computer Criminals …55
    William L. Tafoya
    I. Annals of Profiling…58
    II. History …59
    A. Premodern Antecedents …59
    B. The FBI Era …62
    C. Successes and Failures…65
    III. Profiling Defined…65
    A. CIBA Defined …67
    IV. Review of the Literature …67
    V. Uncertainties…69
    A. Conceptual Considerations …69
    B. Investigative Dilemmas…70
    C. Interagency Obstacles …70
    D. Scholarly Concerns …71
    E. Related Issues …71
    VI. Education and Training…72
    VII. Science or Art?..73
    A. The Status Quo …73
    B. Profiling Process…74
    C. Risk Levels …76
  5. Low Risk …76
  6. Moderate Risk …76
  7. High Risk…76
    B. Behavioral Assessment of the Crime Scene …76
  8. Victimology …77
  9. Typology …77
    VIII. Predictive Indicators …78
    Contents 7
    IX. Methodology…80
    X. Indicators of Further Positive Developments …80
    A. Neurolinguistic Analysis …81
    B. Neurotechnology Research…81
    C. Checkmate …81
    XI. Insider Threat …82
    XII. The Future of Cyberprofiling…82
    References…83
    Web Sources…89
    Acknowledgements…90
  10. Investigative Strategy and Utilities …91
    Deputy Ross E. Mayfield
    I. Introduction …91
    II. The Growing Importance of Computer Forensic Investigations …92
    III. Computer Crime Investigations Viewed as a System …93
    IV. Is There a Crime? …94
    V. Who Has Jurisdiction? …94
    VI. Gathering Intelligence about the Case …94
    VI. Determining the Critical Success Factors for a Case…99
    VII. Gathering Critical Evidence …100
    IX. The Raid…100
    X. Processing: Critical Evidence Recovery from Electronic Media …103
  11. Drive Duplication Utilities…103
  12. Search Utilities …104
  13. Graphic and File Viewer Utilities…104
  14. Recovering Deleted Evidence …104
  15. Disk Utilities…104
  16. Hash or Checksum Utilities …105
  17. Passwords and Encrypted Media …105
  18. Evidence Recovery from RAM Memory …106
  19. Forensic Suite Software…106
  20. Network Drive Storage …106
    XII. The Investigator as a Determined Intruder …107
    XIII. Mayfield’s Paradox …107
    XIV. Chain of Custody …108
    XV. Exhibits, Reports, and Findings …108
    XVI. Expert Testimony …109
    XVII. Summary…109
    Credits …110
    8 Forensic Computer Crime Investigation
  21. Computer Forensics & Investigation: The Training Organization …111
    Fred B. Cotton
    I. Overview…111
    II. Hands-on Training Environment …111
    III. Course Design …114
    IV. Specialized or Update Training…115
    V. Personnel …117
    VI. Equipment …120
    VII. Materials …123
    VIII. Funding…123
    IX. Record Keeping …124
    X. Testing and Certification …126
    XI. Summation …127
  22. Internet Crimes Against Children…129
    Monique Mattei Ferraro, JD, CISSP with Sgt. Joseph Sudol
    I. Background…129
    II. Computer-Assisted and Internet Crimes Against Children…133
    III. Law Enforcement Efforts…142
    IV. Conclusion…146
    References…148
  23. Challenges to Digital Forensic Evidence…149
    Fred Cohen
    I. Basics…149
    A. Faults and Failures …149
    B. Legal Issues …150
    C. The Latent Nature of Evidence…150
    D. Notions Underlying “Good Practice” …151
    E. The Nature of Some Legal Systems and Refuting
    Challenges…151
    F. Overview…152
    II. Identifying Evidence …152
    A. Common Misses …152
    B. Information Not Sought …153
    C. False Evidence …153
    D. Nonstored Transient Information …153
    E. Good Practice…154
    III. Evidence Collection …154
    A. Establishing Presence…154
    B. Chain of Custody…155
    C. How the Evidence Was Created …155
    D. Typical Audit Trails…155
    Contents 9
    E. Consistency of Evidence…155
    F. Proper Handling during Collection …156
    G. Selective Collection and Presentation …156
    H. Forensic Imaging…157
    I. Nonstored Transient Information …158
    J. Secret Science and Countermeasures …159
    IV. Seizure Errors …160
    A. Warrant Scope Excess …160
    B. Acting for Law Enforcement …161
    C. Wiretap Limitations and Title 3 …161
    D. Detecting Alteration…162
    E. Collection Limits…162
    F. Good Practice…163
    G. Fault Type Review…164
    V. Transport of Evidence…164
    A. Possession and Chain of Custody…164
    B. Packaging for Transport …164
    C. Due Care Takes Time …165
    D. Good Practice…165
    VI. Storage of Evidence…165
    A. Decay with Time…165
    B. Evidence of Integrity …166
    C. Principles of Best Practices …166
    VII. Evidence Analysis …167
    A. Content …167
    B. Contextual Information …167
    C. Meaning …168
    D. Process Elements…168
    E. Relationships …169
    F. Ordering or Timing …169
    G. Location …170
    H. Inadequate Expertise…170
    I. Unreliable Sources …171
    J. Simulated Reconstruction …171
    K. Reconstructing Elements of Digital Crime Scenes…172
    L. Good Practice in Analysis …174
  24. The Process of Elimination…174
  25. The Scientific Method …175
  26. The Daubert Guidelines …175
  27. Digital Data Is Only a Part of the Overall Picture …176
  28. Just Because a Computer Says So Doesn’t Make It So…177
    VIII. Overall Summary …178
    10 Forensic Computer Crime Investigation
  29. Strategic Aspects in International Forensics…179
    Dario Forte, CFE, CISM
    I. The Current Problem of Coordinated Attacks …179
    II. The New Antibacktracing and Antiforensics Tools, and Onion
    Routing …180
    A. Using Covert Channels to Elude Traffic Analysis:
    NCovert …180
    B. Difficulties in Backtracing Onion Router Traffic …181
  30. The Goal: Protection from Traffic Analysis …181
  31. Onion Routing: What It Is …181
  32. The Differences with the Other Anonymizers…182
  33. The Onion Routing Roadmap …183
  34. A Glossary of Project Terms …183
  35. The Potential Dangers of Onion Routers …186
  36. Onion Routers in the Real World: The Dual Use
    of Dual Use…187
    III. Planning an International Backtracing Procedure: Technical and
    Operational Aspects…188
    A. Some Commonly Used Tools in Digital and Network
    Forensics …191
  37. Why Use Freeware and Open Source for Digital
    Forensics?..191
  38. Tcpdump …192
  39. Sanitize…192
  40. A Series of Questions …194
  41. More Tools…194
  42. Snort …195
    B. The CLF Paradigm (Common Log Format) …196
  43. Where the Logging Information Could Be Found …197
    IV. Preventive Methods: Information Sharing and Honeynets …198
    A. Deploying Honeynet: Background and Implications…198
  44. Low- and High-Interaction Honeypots …198
  45. Two Types: More Risks…201
  46. Honeypots in Detail: The Variations…201
  47. How Investigators Can Use Honeynets…203
    V. An Example of International Cooperation: Operation Root Kit …203
    VI. Conclusions …205
    References…205
  48. Cyber Terrorism…207
    Thomas A. Johnson
    I. Policy Issues Regarding Cyber Terrorism…210
    Contents 11
    II. Cyber Terror Policy Issues Linking Congress and Executive
    Branch of Government…214
    A. Protection of Critical Infrastructure Sectors …215
    B. Securing Cyberspace …215
    III. Information Warriors …218
    IV. Net War and Cyber War …220
    V. Cyber Intelligence or Cyber Terrorism…222
    VI. Research Issues in Cyber Terrorism…224
    VII. Summary …226
    References…226
  49. Future Perspectives…229
    Thomas A. Johnson
    I. Network Infrastructure: Security Concerns…230
    II. The Role of Education and Training…231
    III. The Emergence of a New Academic Discipline…232
    IV. Our Nation’s Investment in Cyber Security Research…235
    V. Recommendations…235
    VI. Conclusion…237
    References…237
  50. Concluding Remarks…239
    Thomas A. Johnson
    Appendix A. Executive Summary…243
    Appendix B. Executive Summary…253
    Appendix C. Computer Security Incident Handling Guide…265
    Appendix D. Sample Language for Search Warrants and Accompanying
    Affidavits to Search and Seize Computers…281
    Forensic Computer Crime Investigation Text …299
    Contributing Author Biographies …299
    Index…305

Download here

Happy learning!

10 Likes