Scene of the Cybercrime, Second Edition is a completely revised and updated book which covers all of the technological, legal, and regulatory changes, which have occurred since the first edition. The book is written for dual audience, IT security professionals and members of law enforcement. It gives the technical experts a little peek into the law enforcement world, a highly structured environment where the letter of the law is paramount and procedures must be followed closely lest an investigation be contaminated and all the evidence collected rendered useless. It also provides law enforcement officers with an idea of some of the technical aspects of how cyber crimes are committed, and how technology can be used to track down and build a case against the criminals who commit them. Scene of the Cybercrime, Second Editions provides a roadmap that those on both sides of the table can use to navigate the legal and technical landscape to understand, prevent, detect, and successfully prosecute the criminal behavior that is as much a threat to the online community as traditional crime is to the neighborhoods in which we live. Also included is an all new chapter on Worldwide Forensics Acts and Laws.
* Companion Web site provides custom tools and scripts, which readers can download for conducting digital, forensic investigations.
* Special chapters outline how Cybercrime investigations must be reported and investigated by corporate IT staff to meet federal mandates from Sarbanes Oxley, and the Payment Card Industry (PCI) Data Security Standard
* Details forensic investigative techniques for the most common operating systems (Windows, Linux and UNIX) as well as cutting edge devices including iPods, Blackberries, and cell phones.
When it comes to computer crimes, the criminals got a big head start. But the law enforcement and IT security communities are now working diligently to develop the knowledge, skills, and tools to successfully investigate and prosecute Cybercrime cases. When the first edition of "e;Scene of the Cybercrime"e; published in 2002, it was one of the first books that educated IT security professionals and law enforcement how to fight Cybercrime. Over the past 5 years a great deal has changed in how computer crimes are perpetrated and subsequently investigated. Also, the IT security and law enforcement communities have dramatically improved their ability to deal with Cybercrime, largely as a result of increased spending and training. According to the 2006 Computer Security Institute's and FBI's joint Cybercrime report: 52% of companies reported unauthorized use of computer systems in the prior 12 months. Each of these incidents is a Cybecrime requiring a certain level of investigation and remediation. And in many cases, an investigation is mandates by federal compliance regulations such as Sarbanes-Oxley, HIPAA, or the Payment Card Industry (PCI) Data Security Standard. Scene of the Cybercrime, Second Edition is a completely revised and updated book which covers all of the technological, legal, and regulatory changes, which have occurred since the first edition. The book is written for dual audience; IT security professionals and members of law enforcement. It gives the technical experts a little peek into the law enforcement world, a highly structured environment where the "e;letter of the law"e; is paramount and procedures must be followed closely lest an investigation be contaminated and all the evidence collected rendered useless. It also provides law enforcement officers with an idea of some of the technical aspects of how cyber crimes are committed, and how technology can be used to track down and build a case against the criminals who commit them. Scene of the Cybercrime, Second Editions provides a roadmap that those on both sides of the table can use to navigate the legal and technical landscape to understand, prevent, detect, and successfully prosecute the criminal behavior that is as much a threat to the online community as "e;traditional"e; crime is to the neighborhoods in which we live. Also included is an all new chapter on Worldwide Forensics Acts and Laws. Companion Web site provides custom tools and scripts, which readers can download for conducting digital, forensic investigations Special chapters outline how Cybercrime investigations must be reported and investigated by corporate IT staff to meet federal mandates from Sarbanes Oxley, and the Payment Card Industry (PCI) Data Security Standard Details forensic investigative techniques for the most common operating systems (Windows, Linux and UNIX) as well as cutting edge devices including iPods, Blackberries, and cell phones
Front Cover 1
Scene of the Cybercrime Second Edition 2
Copyright Page 3
Author 4
Author of First Edition 5
Contents 6
Chapter 1: Facing the Cybercrime Problem Head-On 14
Introduction 15
Defining Cybercrime 15
Understanding the Importance of Jurisdictional Issues 16
Quantifying Cybercrime 19
Differentiating Crimes That Use the Net from Crimes That Depend on the Net 21
Working toward a Standard Definition of Cybercrime 22
Categorizing Cybercrime 25
Collecting Statistical Data on Cybercrime 25
Developing Categories of Cybercrimes 28
Prioritizing Cybercrime Enforcement 41
Reasons for Cybercrimes 41
Fighting Cybercrime 42
Determining Who Will Fight Cybercrime 43
Educating Cybercrime Fighters 44
Getting Creative in the Fight against Cybercrime 48
Summary 51
Frequently Asked Questions 52
Chapter 2: The Evolution of Cybercrime 54
Introduction 55
Exploring Criminality in the Days of Stand-Alone Computers 56
Sharing More Than Time 56
The Evolution of a Word 57
Understanding Early Phreakers, Hackers, and Crackers 57
Hacking Ma Bell’s Phone Network 58
Living on the LAN: Early Computer Network Hackers 59
How BBSes Fostered Criminal Behavior 60
How Online Services Made Cybercrime Easy 62
Introducing the ARPANET: The Wild West of Networking 63
Sputnik Inspires ARPA 63
ARPA Turns Its Talents to Computer Technology 63
Network Applications Come into Their Own 63
The Internetwork Continues to Expand 63
Watching Crime Rise with the Commercialization of the Internet 64
Bringing the Cybercrime Story Up-to-Date 65
Understanding How New Technologies Create New Vulnerabilities 65
Looking to the Future 85
Changes in Policing 86
Planning for the Future: How to Thwart Tomorrow’s Cybercriminal 86
Summary 87
Frequently Asked Questions 88
Chapter 3: Understanding the People on the Scene 90
Introduction 91
Understanding Cybercriminals 92
Profiling Cybercriminals 94
Categorizing Cybercriminals 112
Understanding Cybervictims 120
Categorizing Victims of Cybercrime 121
Making the Victim Part of the Crime-Fighting Team 124
Understanding Cyberinvestigators 126
Recognizing the Characteristics of a Good Cyberinvestigator 126
Categorizing Cyberinvestigators by Skill Set 128
Recruiting and Training Cyberinvestigators 128
Facilitating Cooperation: CEOs on the Scene 130
Summary 131
Frequently Asked Questions 132
Chapter 4: Understanding the Technology 134
Introduction 135
Understanding Computer Hardware 136
Looking Inside the Machine 136
Storage Media 141
Digital Media Devices 156
Understanding Why These Technical Details Matter to the Investigator 163
The Language of the Machine 163
Wandering through a World of Numbers 164
Understanding the Binary Numbering System 165
Encoding Nontext Files 167
Understanding Why These Technical Details Matter to the Investigator 167
Understanding Computer Operating Systems 169
Understanding the Role of the Operating System Software 169
Differentiating between Multitasking and Multiprocessing Types 170
Differentiating between Proprietary and Open Source Operating Systems 172
An Overview of Commonly Used Operating Systems 173
File Systems 187
Understanding Network Basics 197
Network Operating Systems 198
Understanding Network Hardware 202
Protocols 207
Summary 212
Frequently Asked Questions 213
Chapter 5: The Computer Investigation Process 214
Introduction 215
Demystifying Computer/Cybercrime 215
Investigating Computer Crime 217
How an Investigation Starts 218
Investigation Methodology 223
Securing Evidence 224
Before the Investigation 226
Professional Conduct 231
Investigating Company Policy Violations 232
Policy and Procedure Development 232
Policy Violations 234
Warning Banners 236
Conducting a Computer Forensic Investigation 238
The Investigation Process 238
Assessing Evidence 242
Examining Evidence 249
Documenting and Reporting Evidence 252
Closing the Case 252
Summary 253
Frequently Asked Questions 254
Chapter 6: Computer Forensic Software and Hardware 256
Introduction 257
Disk Imaging 257
A History of Disk Imaging 258
Imaging Software 258
“Snapshot” Tools and File Copying 259
Forensic Software Tools 260
Visual TimeAnalyzer 260
X-Ways Forensics 261
Evidor 262
Slack Space and Data Recovery Tools 262
Additional Data Recovery Tools 263
File Integrity Checkers 265
Disk Imaging Tools and Toolkits 265
Web Site History and Favorites 268
Linux/UNIX Tools: LTools and MTools 269
Other Tools 270
Forensic Software Reference 271
Forensic Hardware Tools 310
Summary 314
Frequently Asked Questions 315
Chapter 7: Acquiring Data, Duplicating Data, and Recovering Deleted Files 318
Introduction 319
Recovering Deleted Files and Deleted Partitions 319
Recovering “Deleted” and “Erased” Data 320
Data Recovery in Linux 325
Recovering Deleted Files 326
Deleted File Recovery Tools 327
Recovering Deleted Partitions 334
Deleted Partition Recovery Tools 338
Data Acquisition and Duplication 342
Data Acquisition Tools 344
Recovering Data from Backups 346
Finding Hidden Data 347
Locating Forgotten Evidence 349
Defeating Data Recovery Techniques 354
Summary 358
Frequently Asked Questions 359
Chapter 8: iPod, Cell Phone, PDA, and BlackBerry Forensics 360
Introduction 361
iPod/MP3 Forensics 361
Why Is an iPod Considered Alternative Media? 363
Imaging and Hashing 363
Hardware versus Nonhardware Imaging 363
Removing the Hard Drive 364
Acquiring Data 364
Using DD to Create an Image 365
Registry Keys 371
Types of iPods 372
File Types Supported 372
File Systems 372
“Hacking Tools” and Encrypted Home Directories 373
Evidence: Normal versus Not Normal 373
Uncovering What Should Not Be There 376
Analysis Tools 378
Cell Phone Forensics 379
How Cell Phones Work 379
Acquiring Evidence from Cell Phones 379
Storage of Cell Phones and Other Wireless Devices 381
PDA Forensics 383
Components of a PDA 383
Investigative Methods 384
PDA Investigative Tips 385
Deploying PDA Forensic Tools 387
BlackBerry Forensics 387
Operating System of the BlackBerry 387
BlackBerry Operation and Security 388
Forensic Examination of a BlackBerry 388
Attacking the BlackBerry 390
Securing the BlackBerry 390
Summary 391
Frequently Asked Questions 392
Chapter 9: Understanding E-mail and Internet Crimes 394
Introduction 395
Understanding E-mail and E-mail Forensics 395
E-mail Terminology 395
Understanding E-mail Headers 396
E-mail Forensics 401
Tracing a Domain Name or IP Address 402
Understanding Browser Security 405
Types of Dangerous Code 406
Making Browsers and E-mail Clients More Secure 407
Securing Web Browser Software 408
Investigating Child Pornography and Other Crimes That Victimize Children 413
Defining a Child 413
Understanding Child Pornography 414
The Role of the Internet in Promoting Child Pornography 419
Anti-Child Pornography Initiatives and Organizations 425
Cyberterrorism 427
Summary 430
Frequently Asked Questions 431
Chapter 10: Understanding Network Intrusions and Attacks 432
Introduction 433
Understanding Network Intrusions and Attacks 434
Intrusions versus Attacks 435
Recognizing Direct versus Distributed Attacks 436
Automated Attacks 438
Accidental “Attacks” 440
Preventing Intentional Internal Security Breaches 440
Preventing Unauthorized External Intrusions 441
Recognizing the “Fact of the Attack” 443
Identifying and Categorizing Attack Types 444
Recognizing Preintrusion/Attack Activities 444
Port Scans 445
Address Spoofing 448
Placement of Trojans 450
Placement of Tracking Devices and Software 450
Placement of Packet Capture and Protocol Analyzer Software 451
Prevention and Response 453
Understanding Technical Exploits 454
Protocol Exploits 454
Router Exploits 461
Prevention and Response 461
Attacking with Trojans, Viruses, and Worms 462
Trojans 464
Viruses 464
Worms 465
Prevention and Response 466
Hacking for Nontechies 467
The Script Kiddie Phenomenon 467
The “Point and Click” Hacker 468
Prevention and Response 468
Understanding Wireless Attacks 469
Basics of Wireless 469
Advantages of a Wireless Network 470
Disadvantages of a Wireless Network 471
Association of Wireless AP and a Device 471
Wireless Penetration Testing 472
Direct Connections to Wireless Access Points 473
Wireless Connection to a Wireless Access Point 473
Logging 475
Summary 476
Frequently Asked Questions 477
Chapter 11: Passwords, Vulnerabilities, and Exploits 480
Introduction 481
Authentication 481
When Is Authentication Necessary? 482
Authentication Protocols 483
Passwords 484
Password Policies 485
Locking Computers with Passwords 489
Understanding Password Cracking 492
Types of Password Cracking 492
Password Recovery Tools 493
Exploitation of Stored Passwords 497
Interception of Passwords 498
Password Decryption Software 498
Authentication Devices 499
Smart Card Authentication 500
Biometric Authentication 500
Social Engineering and Phishing 502
Phishing 502
Tailgating 503
Dumpster Diving 504
Prevention and Response 504
Vulnerabilities and Exploits 505
Application Exploits 506
Operating System Exploits 509
Prevention and Response 513
Summary 514
Frequently Asked Questions 515
Chapter 12: Understanding Cybercrime Prevention 518
Introduction 519
Understanding Security Concepts 519
Applying Security Planning Basics 520
Talking the Talk: Security Terminology 522
Understanding Basic Cryptography Concepts 524
Understanding the Purposes of Cryptographic Security 525
Basic Cryptography Concepts 528
Making the Most of Hardware and Software Security 541
Implementing Software-Based Security 542
Understanding Firewalls 545
How Firewalls Use Layered Filtering 545
Integrated Intrusion Detection 547
Forming an Incident Response Team 547
Designing and Implementing Security Policies 550
Understanding Policy-Based Security 550
Evaluating Security Needs 552
Complying with Security Standards 559
Developing the Policy Document 561
Educating Network Users on Security Issues 564
Summary 566
Frequently Asked Questions 567
Chapter 13: Implementing System Security 568
Introduction 569
How Can Systems Be Secured? 569
The Security Mentality 570
Elements of System Security 571
Implementing Broadband Security Measures 571
Broadband Security Issues 574
Deploying Antivirus Software 575
Defining Strong User Passwords 577
Setting Access Permissions 577
Disabling File and Print Sharing 578
Using NAT 579
Deploying a Firewall 580
Disabling Unneeded Services 580
Configuring System Auditing 581
Implementing Web Server Security 581
DMZ versus Stronghold 582
Isolating the Web Server 583
Web Server Lockdown 583
Maintaining Integrity 585
Rogue Web Servers 586
Understanding Operating System Security 586
Installing Patches and Service Packs 587
Verifying User Account Security 587
Removing Applications That Aren’t Required 588
Logging 588
Backing Up Data 591
Microsoft Operating Systems 592
Understanding Security and UNIX/Linux Operating Systems 594
Understanding Security and Macintosh Operating Systems 596
Understanding Mainframe Security 597
Understanding Wireless Security 597
Access Control 599
Understanding Physical Security 603
Access Control 603
Environment 604
Summary 608
Frequently Asked Questions 609
Chapter 14: Implementing Cybercrime Detection Techniques 610
Introduction 611
Security Auditing and Log Files 612
Auditing for Windows Platforms 613
Auditing for UNIX and Linux Platforms 619
Firewall Logs, Reports, Alarms, and Alerts 620
Commercial Intrusion Detection Systems 623
Characterizing Intrusion Detection Systems 624
Commercial IDS Players 627
IP Spoofing and Other Antidetection Tactics 628
Honeypots, Honeynets, and Other “Cyberstings” 629
Summary 631
Frequently Asked Questions 633
Chapter 15: Collecting and Preserving Digital Evidence 636
Introduction 637
Understanding the Role of Evidence in a Criminal Case 638
Defining Evidence 639
Admissibility of Evidence 641
Forensic Examination Standards 641
Collecting Digital Evidence 642
Evidence Collection 642
Preserving Digital Evidence 643
Preserving Volatile Data 643
Special Considerations 644
Recovering Digital Evidence 646
Deleted Files 647
Data Recovery Software and Documentation 647
Decrypting Encrypted Data 648
Documenting Evidence 648
Evidence Tagging and Marking 649
Evidence Logs 650
Documenting the Chain of Custody 650
Computer Forensic Resources 652
Computer Forensic Training and Certification 652
Computer Forensic Equipment and Software 653
Computer Forensic Services 654
Computer Forensic Information 655
Understanding Legal Issues 655
Searching and Seizing Digital Evidence 655
Privacy Laws 663
Summary 664
Frequently Asked Questions 665
Chapter 16: Building the Cybercrime Case 666
Introduction 667
Major Factors Complicating Prosecution 668
Difficulty of Defining the Crime 668
Jurisdictional Issues 682
The Nature of the Evidence 688
Human Factors 689
Overcoming Obstacles to Effective Prosecution 692
The Investigative Process 692
Investigative Tools 694
Steps in an Investigation 699
Defining Areas of Responsibility 702
Summary 703
Frequently Asked Questions 704
Chapter 17: Becoming an Expert Witness 706
Introduction 707
Understanding the Expert Witness 707
Qualifying As an Expert Witness 708
Types of Expert Witnesses 713
Testimony and Evidence 717
Testifying As an Expert Witness 721
Layout of a Court Room 722
Order of Trial Proceedings 725
Summary 737
Frequently Asked Questions 738
Index 740
| Erscheint lt. Verlag | 21.7.2008 |
|---|---|
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Mathematik / Informatik ► Informatik ► Theorie / Studium | |
| Mathematik / Informatik ► Mathematik ► Algebra | |
| Mathematik / Informatik ► Mathematik ► Angewandte Mathematik | |
| Recht / Steuern ► Allgemeines / Lexika | |
| Recht / Steuern ► EU / Internationales Recht | |
| Recht / Steuern ► Strafrecht ► Kriminologie | |
| Sozialwissenschaften | |
| Technik | |
| ISBN-10 | 0-08-048699-1 / 0080486991 |
| ISBN-13 | 978-0-08-048699-4 / 9780080486994 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 10,8 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
EPUB (Adobe DRM)Größe: 6,3 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
