CyberForensics (eBook)
XIV, 170 Seiten
Humana Press (Verlag)
978-1-60761-772-3 (ISBN)
Cyberforensics is a fairly new word in the technology our industry, but one that n- ertheless has immediately recognizable meaning. Although the word forensics may have its origins in formal debates using evidence, it is now most closely associated with investigation into evidence of crime. As the word cyber has become synonymous with the use of electronic technology, the word cyberforensics bears no mystery. It immediately conveys a serious and concentrated endeavor to identify the evidence of crimes or other attacks committed in cyberspace. Nevertheless, the full implications of the word are less well understood. Cyberforensic activities remain a mystery to most people, even those fully immersed in the design and operation of cyber te- nology. This book sheds light on those activities in a way that is comprehensible not only to technology professionals but also to the technology hobbyist and those simply curious about the ?eld. When I started contributing to the ?eld of cybersecurity, it was an obscure ?eld, rarely mentioned in the mainstream media. According to the FBI, by 2009 organized crime syndicates were making more money via cybercrime than in drug traf?- ing. In spite of the rise in cybercrime and the advance of sophisticated threat actors online, the cyber security profession continues to lag behind in its ability to inves- gate cybercrime and understand the root causes of cyber attacks. In the late 1990s I worked to respond to sophisticated attacks as part of the U. S.
Contents 4
Foreword 5
Contributors 7
CyberForensics Chapter Abstracts 8
Introduction 8
The Complex World of Corporate CyberForensics Investigations 8
Investigating Large-Scale Data Breach Cases 9
Insider Threat Investigations 9
Accounting Forensics 9
Analyzing Malicious Software 9
Network Packet Forensics 10
RAM and File Systems Investigations 10
One Picture is Worth a Million Bytes 10
Cybercrime and Law Enforcement Cooperation 11
Technology Malpractice 11
Chaptet 1 Introduction 12
1.1 A Brief History 12
1.2 A CyberForensic Framework 14
1.3 Expert Explanations 15
Notes 16
Chaptet 2 The Complex World of Corporate CyberForensics Investigations 18
2.1 Investigation Characteristics 18
2.2 The Investigative Approach 19
2.3 Case Study 30
2.3.1 The Incident 30
2.3.2 The Environment 30
2.3.3 Initial Investigation 30
2.3.4 Extended Analysis 32
2.3.5 Investigation Conclusions 33
2.4 Issues and Trends 34
2.4.1 CyberForensics in the Corporate Environment 34
2.4.2 Considerations for the Future 35
Notes 37
Chaptet 3 Investigating Large-Scale Data Breach Cases 39
3.1 Investigation Characteristics 39
3.2 Investigation Approach 44
3.2.1 Set Investigation Control Points 44
3.2.2 Manage the Unknown Unknowns 45
3.2.3 Information Flow and Data Discovery Exercise 46
3.2.4 Network Discovery 46
3.2.5 Accurately Scope Evidence and Acquisition 47
3.2.6 Detect and Manage Misinformation 47
3.2.7 Leverage Fraud Data 47
3.3 Case Study 48
3.3.1 Company Profile 48
3.3.2 Account Data Compromise 48
3.3.3 Investigation 48
3.3.4 Investigation Control Points 49
3.3.5 Investigative Procedure 49
3.3.6 Network Analysis 49
3.3.7 Forensic Work 50
3.3.8 Scoping Exercise 50
3.3.9 Wireless Vulnerability 50
3.3.10 Lessons Learned 51
3.4 Issues and Trends 52
Notes 53
Chaptet 4 Insider Threat Investigations 54
4.1 Investigation Characteristics 54
4.2 Investigative Approach 55
4.2.1 Due Diligence 55
4.2.2 Forensic Interviews 56
4.2.3 Cyber Surveillance 56
4.3.3.1 Network Surveillance 57
4.3.3.2 Computer Surveillance 57
4.3 Case Study 58
4.3.1 Situation 58
4.3.2 Action 58
4.3.3 Outcome 59
4.4 Issues and Trends 59
4.4.1 Anatomy of a Cyber Attack 59
4.4.2 Emerging and Key Capabilities for CyberForensics 60
Chaptet 5 Accounting Forensics 61
5.1 Investigation Characteristics 61
5.2 Investigative Approach 62
5.3 Case Study 63
5.4 Issues and Trends 65
Notes 65
Chaptet 6 Analyzing Malicious Software 66
6.1 Investigation Characteristics 66
6.1.1 Malware Analysis as Partof the Forensic Investigation 66
6.1.2 Common Malware Characteristics 67
6.1.3 Dual-Phased Analysis Process 68
6.2 Investigative Approach 68
6.2.1 Malware Analysis Laboratory 68
6.3.1.1 Isolating the Malware Laboratory 69
6.2.2 Behavioral Analysis 70
6.2.2.1 Real-Time Monitoring of the System 70
6.2.2.2 Identifying Important Changes to the System 72
6.2.2.3 Monitoring the Network 72
6.2.2.4 Interacting with Malware 73
6.2.2.5 Automated Behavioral Analysis 73
6.2.3 Code Analysis 74
6.2.3.1 Structure of the Executable File 74
6.2.3.2 Embedded Strings 75
6.2.3.3 References to External Functions 75
6.2.3.4 The Executable's Instructions 75
6.2.4 Creating the Analysis Report 76
6.3 Case Study 76
6.3.1 Initial Analysis Steps 77
6.3.2 Behavioral Analysis Steps 77
6.3.3 Code Analysis Steps 80
6.4 Issues and Trends 85
6.4.1 Packed Malware 85
6.4.2 Anti-virtualization Defenses 88
6.4.3 Other Anti-analysis Trends 88
Notes 89
Chaptet 7 Network Packet Forensics 91
7.1 Investigation Characteristics 91
7.1.1 What Is Network Forensics? 92
7.2 Investigative Approach 94
7.2.1 Input Developed from Existing Security Technology Sources 95
7.2.2 Input Received from Someone in the Organization 96
7.3 Case Studies 97
7.3.1 Case Study ''1: The ''Drive by'' 97
7.3.1.1 Requirements 97
7.3.1.2 Detection and Response 98
7.3.1.3 Incident Analysis 99
7.3.1.4 Resolution 100
7.3.2 Case Study #2: Covert Channels, Advanced Data Leakage, and Command Shells 101
7.3.2.1 Requirements 101
7.3.2.2 Incident Analysis 104
7.3.2.3 Resolution 104
7.4 Future Trends and the Way Forward 105
7.4.1 Network Forensics Becomes a Mainstream Process 105
7.4.2 The Continued Rise of Antiforensics Techniques 106
Notes 107
Chaptet 8 RAM and File Systems Investigations 108
8.1 Investigation Characteristics 108
8.2 Investigative Approach 110
8.2.1 General Data Acquisition 110
8.2.1.1 Volatile Data Versus Nonvolatile Data 110
8.2.1.2 Unix Versus Windows 110
8.2.2 Virtual Memory 111
8.2.2.1 RAM (Random Access Memory) 111
8.2.2.2 SWAP File 112
8.2.3 File Systems 112
8.2.3.1 Windows File Systems 112
8.2.3.2 Unix File Systems 113
8.2.4 Data Acquisition 113
8.2.4.1 Steps in the Acquisition Process 113
8.2.5 Analysis Approach 114
8.2.6 Deliberately Hidden Data 114
8.2.6.1 Hidden in the Computer 115
8.2.6.2 Hidden Within a File 116
8.3 Case Study 116
8.3.1 Background 116
8.3.2 The Investigation Process 117
8.3.3 Conclusion 119
8.4 Issues and Trends 120
8.4.1 Issues 120
8.4.1.1 Usage of Standards 120
8.4.2 Trends 120
8.4.2.1 E-Discovery 120
8.4.2.2 Anti-forensics 121
Notes 121
Chaptet 9 One Picture is Worth a Million Bytes 122
9.1 Investigation Characteristics 122
9.2 Investigative Approach 124
9.2.1 Interactive Data Visualization 124
9.2.2 Unified Data Views 124
9.2.3 Collaborative Analysis 125
9.3 Case Study 125
9.3.1 Case Background 125
9.3.2 Connecting to Data and Profiling Network Traffic 126
9.3.3 Connecting the Dots to Identify Cybercrime Suspects 128
9.3.4 Integrating Other Sources of Data to Build a Stronger Case 130
9.4 Issues and Trends 133
Notes 133
Chaptet 10 Cybercrime and Law Enforcement Cooperation 134
10.1 Investigation Characteristics 134
10.1.1 Organizational Characteristics 134
10.1.2 Technical Characteristics 136
10.1.3 Investigator Role 137
10.2 Investigative Approach 138
10.2.1 Polices and Procedures 138
10.2.2 Electronic Crime Scene 138
10.2.3 Communication Patterns 139
10.3 Case Studies 140
10.3.1 Defense Industry Case Study 140
10.3.2 Health Care Industry Case Study 141
10.3.3 Financial Industry Case Study 142
10.3.4 Court Appearances 142
10.4 Issues and Trends 142
10.4.1 International Issues 142
10.4.2 Inertia and Resistance to Cooperation 143
10.4.3 Conclusion 143
Notes 144
Chaptet 11 Technology Malpractice 145
11.1 Investigation Characteristics 145
11.2 Investigative Approach 147
11.3 Case Study 149
11.4 Issues and Trends 150
11.4.1 Managed Security Service Provider (MSSP) 150
11.4.2 Cloud Computing 151
11.4.3 Accountability 151
Notes 152
Glossary 153
Index 156
Erscheint lt. Verlag | 10.9.2010 |
---|---|
Reihe/Serie | Springer’s Forensic Laboratory Science Series | Springer’s Forensic Laboratory Science Series |
Zusatzinfo | XIV, 170 p. |
Verlagsort | Totowa |
Sprache | englisch |
Themenwelt | Informatik ► Office Programme ► Outlook |
Mathematik / Informatik ► Informatik ► Theorie / Studium | |
Medizin / Pharmazie ► Medizinische Fachgebiete | |
Studium ► 1. Studienabschnitt (Vorklinik) ► Biochemie / Molekularbiologie | |
Recht / Steuern ► Strafrecht ► Kriminologie | |
Sozialwissenschaften | |
Wirtschaft ► Betriebswirtschaft / Management ► Marketing / Vertrieb | |
Schlagworte | child pornography • Computer • Computer forensics • Crime • cybercrime • cyberforensics, security, computers, internet • Data Security • Identity Theft • Internet • Mainframe • Methodology • search engine marketing (SEM) • Technology |
ISBN-10 | 1-60761-772-2 / 1607617722 |
ISBN-13 | 978-1-60761-772-3 / 9781607617723 |
Haben Sie eine Frage zum Produkt? |
Größe: 6,6 MB
DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich