"Many excellent hardware and software products exist to protect our data communications systems, but security threats dictate that they must be further enhanced. Numerous laws implemented over the past 30 years have provided law enforcement with more teeth to take a bite out of cybercrime, but there continues to be a need for individuals who know how to investigate computer network security incidents. Organizations demand experts with both investigative talents and a technical knowledge of how cyberspacereally works. Cyber Crime Investigator's Field Guide, Third Edition provides the investigative framework that needs to be followed, along with information about how cyberspace works and the tools that reveal the who, what, when, where, why, and how in the investigation of cybercrime. This volume is also well constructed for use in a college classroom environment, with questions at the end of each chapter (a separate answer guide is available for instructors). This volume also offers a valuable Q&A by subject area, an extensive overview of recommended reference materials, and a detailed case study. Appendices highlight attack signatures, IOC's (Indicator's of Compromise), UNIX / Linux commands, PowerShell commands, Windows commands, Cisco commands, and more. Also included in this 3rd edition is a section on rail transportation security, a synopsis of laws focused on cybercrime, Python 3.X programs, PowerShell programs, WireShark PCAP file analysis, use of Kali Linux tools, and more. Features: Analyses of the usage of the latest evidence collection and analysis tools Covers everything from what to do upon arrival at the scene until the investigation is complete, including chain of evidence"--
This third edition provides the investigative framework that needs to be followed, along with information about how cyberspace works and the tools that reveal the who, where, what, when, why and how in the investigation of cybercrime.
| Preface |
|
xi | |
| About the author |
|
xiii | |
|
|
|
1 | (4) |
|
|
|
3 | (2) |
|
|
|
5 | (4) |
|
|
|
8 | (1) |
|
3 Evidence collection procedures |
|
|
9 | (20) |
|
You are Now Sitting in Front of the victim's system -- What Should Your Approach Be? |
|
|
10 | (2) |
|
Let's step back for a minute and look at the big network picture |
|
|
12 | (3) |
|
|
|
12 | (1) |
|
|
|
12 | (1) |
|
|
|
12 | (1) |
|
|
|
12 | (1) |
|
|
|
12 | (1) |
|
|
|
12 | (1) |
|
|
|
13 | (1) |
|
|
|
13 | (1) |
|
|
|
13 | (1) |
|
|
|
13 | (1) |
|
|
|
13 | (1) |
|
|
|
13 | (1) |
|
|
|
13 | (1) |
|
|
|
13 | (1) |
|
|
|
14 | (1) |
|
|
|
14 | (1) |
|
|
|
14 | (1) |
|
|
|
14 | (1) |
|
|
|
15 | (1) |
|
|
|
15 | (1) |
|
|
|
16 | (1) |
|
Microsoft Windows Operating Systems and file system types |
|
|
17 | (2) |
|
Detailed procedures for obtaining a bitstream backup of a hard drive |
|
|
19 | (8) |
|
|
|
20 | (7) |
|
|
|
27 | (2) |
|
4 Evidence collection and analysis tools |
|
|
29 | (40) |
|
|
|
29 | (3) |
|
|
|
32 | (1) |
|
FileList, FileCnvt, and Excel |
|
|
32 | (1) |
|
|
|
33 | (1) |
|
|
|
34 | (2) |
|
|
|
36 | (1) |
|
|
|
37 | (5) |
|
|
|
38 | (1) |
|
|
|
38 | (1) |
|
|
|
39 | (1) |
|
|
|
40 | (1) |
|
|
|
41 | (1) |
|
|
|
42 | (4) |
|
|
|
46 | (1) |
|
|
|
47 | (19) |
|
|
|
48 | (1) |
|
|
|
48 | (3) |
|
|
|
51 | (1) |
|
|
|
52 | (1) |
|
|
|
53 | (2) |
|
|
|
55 | (1) |
|
|
|
56 | (2) |
|
|
|
58 | (1) |
|
|
|
58 | (1) |
|
|
|
59 | (1) |
|
|
|
60 | (1) |
|
|
|
61 | (1) |
|
|
|
62 | (1) |
|
|
|
62 | (1) |
|
|
|
63 | (1) |
|
|
|
63 | (1) |
|
|
|
64 | (2) |
|
|
|
66 | (1) |
|
|
|
67 | (2) |
|
5 AccessData's Forensic Toolkit |
|
|
69 | (16) |
|
|
|
69 | (2) |
|
Working on an existing case |
|
|
71 | (12) |
|
|
|
83 | (2) |
|
6 Guidance Software's EnCase |
|
|
85 | (28) |
|
|
|
111 | (2) |
|
|
|
113 | (16) |
|
|
|
127 | (2) |
|
|
|
129 | (4) |
|
|
|
132 | (1) |
|
9 Questions and answers by subject area |
|
|
133 | (18) |
|
|
|
133 | (2) |
|
|
|
135 | (2) |
|
|
|
137 | (4) |
|
|
|
141 | (1) |
|
|
|
141 | (2) |
|
|
|
143 | (1) |
|
|
|
144 | (1) |
|
|
|
145 | (1) |
|
|
|
146 | (1) |
|
|
|
146 | (1) |
|
|
|
147 | (4) |
|
10 Recommended: Reference materials |
|
|
151 | (6) |
|
|
|
151 | (1) |
|
UNIX, Windows, NetWare, and Macintosh |
|
|
152 | (1) |
|
|
|
153 | (1) |
|
|
|
154 | (1) |
|
|
|
154 | (3) |
|
|
|
157 | (42) |
|
|
|
158 | (4) |
|
|
|
162 | (22) |
|
|
|
184 | (1) |
|
|
|
184 | (1) |
|
|
|
184 | (1) |
|
|
|
184 | (11) |
|
|
|
195 | (4) |
|
|
|
195 | (1) |
|
|
|
196 | (1) |
|
Intrusion Detection Systems |
|
|
196 | (1) |
|
|
|
197 | (1) |
|
|
|
197 | (2) |
|
|
|
199 | (18) |
|
13 Transhumanism, robotics, and medical devices |
|
|
217 | (12) |
|
14 Memory and incident response system commands |
|
|
229 | (8) |
|
15 Making use of open-source intelligence (OSINT) |
|
|
237 | (24) |
| Appendix A Glossary |
|
261 | (6) |
| Appendix B Port numbers of interest |
|
267 | (4) |
| Appendix C Attack signatures |
|
271 | (4) |
| Appendix D UNIX/Linux commands |
|
275 | (16) |
| Appendix E Cisco firewall commands |
|
291 | (6) |
| Appendix F Discovering unauthorized access to your computer |
|
297 | (4) |
| Appendix G Electromagnetic field analysis (EFA) |
|
301 | (2) |
| Appendix H The intelligence community since 9/11 |
|
303 | (10) |
| Appendix I Answers to chapter questions |
|
313 | (6) |
| Index |
|
319 | |
Bruce Middleton, CISSP, CEH, NSA IAM, and PMP, is a graduate of the University of Houston (BSEET), located in Houston, Texas, and of DeVry University (MBA).
Bruce has over 25 years of experience in the design and security of data communications networks. He began his career with the National Security Agency (NSA) while serving in the United States Army. He has worked on a number of extremely interesting projects for the intelligence community, Department of Defense, and other federal government agencies over the past three decades while working with government contractors such as Boeing, United Technologies, BAE Systems, Harris, and General Dynamics. Bruce was also a key player on the design/security of the communication system for NASAs International Space Station and a registered private detective in the state of Virginia.
Bruce is an international speaker on computer crime and has authored numerous articles for Security Management magazine and is a member of the FBIs InfraGard program. His latest venture for the past 5 years has been in the rail transportation industry with a global rail powerhouse named Alstom (Alstom.com), a French company headquartered in Paris, France, where Bruce served as the North American Regional Cyber Security Manager.
Lisainfo e-raamatute kohta