Scene of the Cybercrime Second Edition. Michael Cross



Similar documents
information security and its Describe what drives the need for information security.

EC-Council Ethical Hacking and Countermeasures

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Computer Hacking Forensic Investigator v8

Ethical Hacking Course Layout

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Network Incident Report

FORBIDDEN - Ethical Hacking Workshop Duration

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

IT Security Procedure

Loophole+ with Ethical Hacking and Penetration Testing

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Contents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix

Hands-On How-To Computer Forensics Training

Build Your Own Security Lab

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Course Title: Computer Forensic Specialist: Data and Image Files

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Certified Cyber Security Analyst VS-1160

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

Network Security Foundations


ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Building A Secure Microsoft Exchange Continuity Appliance

INTRUSION DETECTION SYSTEMS and Network Security

The Information Security Problem

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

INCIDENT RESPONSE CHECKLIST

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

Detailed Description about course module wise:

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Information Technology Career Cluster Advanced Cybersecurity Course Number:

Defending Against Data Beaches: Internal Controls for Cybersecurity

GFI White Paper PCI-DSS compliance and GFI Software products

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

CYBER FORENSICS (W/LAB) Course Syllabus

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

e-discovery Forensics Incident Response

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Web Security School Final Exam

Did you know your security solution can help with PCI compliance too?

INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION

External Supplier Control Requirements

Certified Secure Computer User

Certified Cyber Security Analyst VS-1160

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Firewalls Overview and Best Practices. White Paper

Cybercrime in Canadian Criminal Law

Data Security Incident Response Plan. [Insert Organization Name]

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Computer Security Literacy

Top tips for improved network security

COB 302 Management Information System (Lesson 8)

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Network Security Administrator

Network Security Policy

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Information Security Policy

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

FKCC AUP/LOCAL AUTHORITY

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Cybercrimes: A Multidisciplinary Analysis

Medical Networks and Operating Systems

CRYPTUS DIPLOMA IN IT SECURITY

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

An overview of IT Security Forensics

Banking Security using Honeypot

Best Practices For Department Server and Enterprise System Checklist

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

Networked Systems Security

Thanks for showing interest in Vortex IIT Delhi & What After College (WAC) Ethical Hacking Workshop.

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Network/Cyber Security

MSc Computer Security and Forensics. Examinations for / Semester 1

Ovation Security Center Data Sheet

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

CompTIA Security+ (Exam SY0-410)

INFORMATION SECURITY FOR YOUR AGENCY

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

(Instructor-led; 3 Days)

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Ovation Security Center Data Sheet

ICANWK406A Install, configure and test network security

Transcription:

Scene of the Cybercrime Second Edition Michael Cross

Chapter 1 Facing the Cybercrime Problem Head-On 1 Introduction 2 Defining Cybercrime 2 Understanding the Importance of Jurisdictional Issues 3 Quantifying Cybercrime 6 Differentiating Crimes That Use the Net from Crimes That Depend on the Net 8 Working toward a Standard Definition of Cybercrime 9 Categorizing Cybercrime 12 Collecting Statistical Data on Cybercrime 12 Developing Categories of Cybercrimes 15 Prioritizing Cybercrime Enforcement 28 Reasons for Cybercrimes 28 Fighting Cybercrime 29 Determining Who Will Fight Cybercrime 30 Educating Cybercrime Fighters 31 Getting Creative in the Fight against Cybercrime 35 Summary 38 Frequently Asked Questions 39 Chapter 2 The Evolution of Cybercrime 41 Introduction 42 Exploring Criminality in the Days of Stand-Alone Computers 43 Sharing More Than Time 43 The Evolution of a Word 44 Understanding Early Phreakers, Hackers, and Crackers 44 Hacking Ma Bell's Phone Network 45 Living on the LAN: Early Computer Network Hackers 46 How BBSes Fostered Criminal Behavior 47 How Online Services Made Cybercrime Easy 49 Introducing the ARPANET: The Wild West of Networking 50 Sputnik Inspires ARPA 50 ARPA Turns Its Talents to Computer Technology 50 Network Applications Come into Their Own 50 The Internetwork Continues to Expand 50 Watching Crime Rise with the Commercialization of the Internet 51 Bringing the Cybercrime Story Up-to-Date 52 Understanding How New Technologies Create New Vulnerabilities 52 Looking to the Future ~- Changes in Policing "3 Planning for the Future: How to Thwart Tomorrow's Cybercriminal 73 Summary ~<4 Frequently Asked Questions '5 Chapter 3 Understanding the People on the Scene 77 Introduction '^ Understanding Cybercriminals ''

vi Contents Profiling Cybercriminals 1 Categorizing Cybercriminals 99 Understanding Cybervictims *"' Categorizing Victims of Cybercrime 10 Making the Victim Part of the Crime-Fighting Team HI Understanding Cyberinvestigators 1' 3 Recognizing the Characteristics of a Good Cyberinvestigator H3 Categorizing Cyberinvestigators by Skill Set 1" Recruiting and Training Cyberinvestigators H5 Facilitating Cooperation: CEOs on the Scene 117 Summary H" Frequently Asked Questions 11^ Chapter 4 Understanding the Technology "121 Introduction 122 Understanding Computer Hardware 123 Looking Inside the Machine 123 Storage Media 128 Digital Media Devices 143 Understanding Why These Technical Details Matter to the Investigator 150 The Language of the Machine 150 Wandering through a World of Numbers 151 Understanding the Binary Numbering System 152 Encoding Nontext Files 154 Understanding Why These Technical Details Matter to the Investigator 154 Understanding Computer Operating Systems 156 Understanding the Role of the Operating System Software 156 Differentiating between Multitasking and Multiprocessing Types 157 Differentiating between Proprietary and Open Source Operating Systems 159 An Overview of Commonly Used Operating Systems 160 File Systems 174 Understanding Network Basics 184 Network Operating Systems 185 Understanding Network Hardware 189 Protocols 194 Summary 199 Frequently Asked Questions 200 Chapter 5 The Computer Investigation Process 201 Introduction 202 Demystifying Computer/Cybercrime 202 Investigating Computer Crime 204 How an Investigation Starts 205 Investigation Methodology 210 Securing Evidence 211 Before the Investigation 213 Professional Conduct 218 Investigating Company Policy Violations 219 Policy and Procedure Development 219 Policy Violations 221 Warning Banners 223 Conducting a Computer Forensic Investigation 225 The Investigation Process 225

vii Assessing Evidence Acquiring Evidence Examining Evidence Documenting and Reporting Evidence 2V) Closing the Case 2 V; Summary 240 Frequently Asked Questions 241 Chapter 6 Computer Forensic Software and Hardware 243 Introduction 244 Disk Imaging 244 A History of Disk Imaging 245 Imaging Software 245 "Snapshot"Tools and File Copying 246 Forensic Software Tools 247 Visual TimeAnalyzer 247 X-Ways Forensics 248 Evidor 249 Slack Space and Data Recovery Tools 249 Additional Data Recovery Tools 250 File Integrity Checkers 252 Disk Imaging Tools and Toolkits 252 Web Site History and Favorites 255 Linux/UNIX Tools: LTools and MTools 256 Other Tools 257 Forensic Software Reference 258 Forensic Hardware Tools 297 ImageMASSter Solo-3 Forensic 297 LinkMASSter-2 Forensic 297 ImageMASSter 6007SAS 298 RoadMASSter-3 298 Disk Jockey IT 298 FastBloc 298 Forensic Hardware Tools Reference 299 Summary 301 Frequently Asked Questions 302 Chapter 7 Acquiring Data, Duplicating Data, and Recovering Deleted Files 305 Introduction 306 Recovering Deleted Files and Deleted Partitions 306 Recovering "Deleted" and "Erased" Data 3(17 Data Recovery in Linux 312 Recovering Deleted Files 313 Deleted File Recovery Tools 314 Recovering Deleted Partitions 321 Deleted Partition Recovery Tools 325 Data Acquisition and Duplication 329 Data Acquisition Tools 331 Recovering Data from Backups 333 Finding Hidden Data 334 Locating Forgotten Evidence 336 Defeating Data Recovery Techniques 341 T>I; ~n,^ 23d

viii Contents Summary 345 Frequently Asked Questions 346 Chapter 8 ipod, Cell Phone, PDA, and BlackBerry Forensics 347 Introduction 348 ipod/mp3 Forensics 348 Why Is an ipod Considered Alternative Media? 350 Imaging and Hashing 350 Hardware versus Nonhardware Imaging 350 Removing the Hard Drive 351 Acquiring Data 351 Using DD to Create an Image 352 Registry Keys 358 Types of ipods 359 File Types Supported 359 File Systems 359 "Hacking Tools" and Encrypted Home Directories 360 Evidence: Normal versus Not Normal 360 Uncovering What Should Not Be There 363 Analysis Tools 365 Cell Phone Forensics 366 How Cell Phones Work 366 Acquiring Evidence from Cell Phones 366 Storage of Cell Phones and Other Wireless Devices 368 PDA Forensics 370 Components of a PDA 370 Investigative Methods 371 PDA Investigative Tips 372 Deploying PDA Forensic Tools 374 BlackBerry Forensics 374 Operating System of the BlackBerry 374 BlackBerry Operation and Security 375 Forensic Examination of a BlackBerry 375 Attacking the BlackBerry 377 Securing the BlackBerry 377 Summary 378 Frequently Asked Questions 379 Chapter 9 Understanding E-mail and Internet Crimes 381 Introduction 382 Understanding E-mail and E-mail Forensics 382 E-mail Terminology 382 Understanding E-mail Headers 383 E-mail Forensics 388 Tracing a Domain Name or IP Address 389 Understanding Browser Security 392 Types of Dangerous Code 393 Making Browsers and E-mail Clients More Secure 394 Securing Web Browser Software 395 Investigating Child Pornography and Other Crimes That Victimize Children 400 Defining a Child 400 Understanding Child Pornography 401 The Role of the Internet in Promoting Child Pornography 406

ix Anti-Child Pornography Initiatives and Organizations 412 Cyberterrorism 414 Summary 417 Frequently Asked Questions 418 Chapter 10 Understanding Network Intrusions and Attacks 419 Introduction 420 Understanding Network Intrusions and Attacks 421 Intrusions versus Attacks 422 Recognizing Direct versus Distributed Attacks 423 Automated Attacks 425 Accidental "Attacks" 427 Preventing Intentional Internal Security Breaches 427 Preventing Unauthorized External Intrusions 428 Recognizing the "Fact of the Attack" 430 Identifying and Categorizing Attack Types 431 Recognizing Preintrusion/Attack Activities 431 Port Scans 432 Address Spoofing 435 Placement oftrojans 437 Placement of Tracking Devices and Software 437 Placement of Packet Capture and Protocol Analyzer Software 438 Prevention and Response 440 Understanding Technical Exploits 441 Protocol Exploits 441 Router Exploits 448 Prevention and Response 448 Attacking with Trojans, Viruses, and Worms 449 Trojans 451 Viruses 451 Worms 452 Prevention and Response 453 Hacking for Nontechies 454 The Script Kiddie Phenomenon 454 The "Point and Click" Hacker 455 Prevention and Response 455 Understanding Wireless Attacks 456 Basics ofwireless 456 Advantages of a Wireless Network 457 Disadvantages of a Wireless Network 458 Association ofwireless AP and a Device 458 Wireless Penetration Testing 459 Direct Connections to Wireless Access Points 460 Wireless Connection to a Wireless Access Point 460 Logging 462 Summary 463 Frequently Asked Questions 464 Chapter 11 Passwords, Vulnerabilities, and Exploits 467 Introduction 468 Authentication 468 When Is Authentication Necessary? 469 Authentication Protocols 470

Passwords 471 Password Policies 472 Locking Computers with Passwords 476 Understanding Password Cracking 479 Types of Password Cracking 479 Password Recovery Tools 480 Exploitation of Stored Passwords 484 Interception of Passwords 485 Password Decryption Software 485 Authentication Devices 486 Smart Card Authentication 487 Biometric Authentication 487 Social Engineering and Phishing 489 Phishing 489 Tailgating 490 Dumpster Diving 491 Prevention and Response 491 Vulnerabilities and Exploits 492 Application Exploits 493 Operating System Exploits 496 Prevention and Response 500 Summary 501 Frequently Asked Questions 502 Chapter 12 Understanding Cybercrime Prevention 505 Introduction 506 Understanding Security Concepts 506 Applying Security Planning Basics 507 Talking the Talk: Security Terminology 509 Understanding Basic Cryptography Concepts 511 Understanding the Purposes of Cryptographic Security 512 Basic Cryptography Concepts 515 Making the Most of Hardware and Software Security 528 Implementing Hardware-Based Security 528 Implementing Software-Based Security 529 Understanding Firewalls 532 How Firewalls Use Layered Filtering 532 Integrated Intrusion Detection 534 Forming an Incident Response Team 534 Designing and Implementing Security Policies 537 Understanding Policy-Based Security 537 Evaluating Security Needs 539 Complying with Security Standards 546 Developing the Policy Document 548 Educating Network Users on Security Issues 551 Summary 553 Frequently Asked Questions 554 Chapter 13 Implementing System Security 555 Introduction 556 How Can Systems Be Secured? 556 The Security Mentality 557 Elements of System Security 558

xi Implementing Broadband Security Measures 558 Broadband Security Issues 561 Deploying Antivirus Software 562 Defining Strong User Passwords 564 Setting Access Permissions 564 Disabling File and Print Sharing 565 Using NAT 5M, Deploying a Firewall 567 Disabling Unneeded Services 567 Configuring System Auditing 568 Implementing Web Server Security 568 DMZ versus Stronghold 569 Isolating the Web Server 570 Web Server Lockdown 570 Maintaining Integrity 572 Rogue Web Servers 573 Understanding Operating System Security 573 Installing Patches and Service Packs 574 Verifying User Account Security 574 Removing Applications That Aren't Required 575 Logging 575 Backing Up Data 578 Microsoft Operating Systems 579 Understanding Security and UNIX/Linux Operating Systems 581 Understanding Security and Macintosh Operating Systems 583 Understanding Mainframe Security 584 Understanding Wireless Security 584 Access Control 586 Understanding Physical Security 590 Access Control 590 Environment 591 Summary 595 Frequently Asked Questions 596 Chapter 14 Implementing Cybercrime Detection Techniques 597 Introduction 598 Security Auditing and Log Files 599 Auditing for Windows Platforms 600 Auditing for UNIX and Linux Platforms 606 Firewall Logs, Reports, Alarms, and Alerts 607 Commercial Intrusion Detection Systems 610 Characterizing Intrusion Detection Systems 6II Commercial IDS Players 614 IP Spoofing and Other Antidetection Tactics 615 Honeypots, Honeynets, and Other "Cyberstings" 616 Summary 618 Frequently Asked Questions 620 Chapter 15 Collecting and Preserving Digital Evidence 623 Introduction 624 Understanding the Role of Evidence in a Criminal Case 625 Defining Evidence 626 Admissibility of Evidence 628

xii Contents Forensic Examination Standards 628 Collecting Digital Evidence 629 Evidence Collection 629 Preserving Digital Evidence 630 Preserving Volatile Data 630 Special Considerations 631 Recovering Digital Evidence 633 Deleted Files 634 Data Recovery Software and Documentation 634 Decrypting Encrypted Data 635 Documenting Evidence 635 Evidence Tagging and Marking 636 Evidence Logs 637 Documenting the Chain of Custody 637 Computer Forensic Resources 639 Computer Forensic Training and Certification 639 Computer Forensic Equipment and Software 640 Computer Forensic Services 641 Computer Forensic Information 642 Understanding Legal Issues 642 Searching and Seizing Digital Evidence 642 Privacy Laws 650 Summary 651 Frequently Asked Questions 652 Chapter 16 Building the Cybercrime Case 653 Introduction 654 Major Factors Complicating Prosecution 655 Difficulty of Defining the Crime 655 Jurisdictional Issues 669 The Nature of the Evidence 675 Human Factors 676 Overcoming Obstacles to Effective Prosecution 679 The Investigative Process 679 Investigative Tools 681 Steps in an Investigation 686 Defining Areas of Responsibility 689 Summary 690 Frequently Asked Questions 691 Chapter 17 Becoming an Expert Witness 693 Introduction 694 Understanding the Expert Witness 694 Qualifying As an Expert Witness 695 Types of Expert Witnesses 700 Testimony and Evidence 704 Testifying As an Expert Witness 708 Layout of a Court Room 709 Order of Trial Proceedings 712 Summary 724 Frequently Asked Questions 725 Index 727

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information