Muutke küpsiste eelistusi

Cyber Investigations [Pehme köide]

5.00/5 (4 hinnangut Goodreads-ist)
Edited by
  • Formaat: Paperback / softback, 272 pages, kõrgus x laius x paksus: 244x170x15 mm, kaal: 680 g
  • Ilmumisaeg: 10-Nov-2022
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119582318
  • ISBN-13: 9781119582311
Teised raamatud teemal:
Cyber InvestigationsSuurem pilt
  • Formaat: Paperback / softback, 272 pages, kõrgus x laius x paksus: 244x170x15 mm, kaal: 680 g
  • Ilmumisaeg: 10-Nov-2022
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119582318
  • ISBN-13: 9781119582311
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781119582311.html
Märksõnad:

A classroom tested introduction to cyber investigations with real-life examples included

Cyber Investigations provides an introduction to the topic, an overview of the investigation process applied to cyber investigations, a review of legal aspects of cyber investigations, a review of Internet forensics and open-source intelligence, a research-based chapter on anonymization, and a deep-dive on multimedia forensics. The content is structured in a consistent manner, with an emphasis on accessibility for students of computer science, information security, law enforcement, and military disciplines.

To aid in reader comprehension and seamless assimilation of the material, real-life examples and student exercises are provided throughout, as well as an Educational Guide for both teachers and students. The material has been classroom-tested and is a perfect fit for most learning environments.

Written by a highly experienced author team with backgrounds in law enforcement, academic research, and industry, sample topics covered in Cyber Investigations include:

  • The cyber investigation process, including developing an integrated framework for cyber investigations and principles for the integrated cyber investigation process (ICIP)
  • Cyber investigation law, including reasonable grounds to open a criminal cyber investigation and general conditions for privacy-invasive cyber investigation methods
  • Perspectives of internet and cryptocurrency investigations, including examples like the proxy seller, the scammer, and the disgruntled employee
  • Internet of things (IoT) investigations, including types of events leading to IoT investigations and new forensic challenges in the field
  • Multimedia Forensics facilitates the understanding of the role of multimedia in investigations, including how to leverage similarity matching, content-based tracing, and media metadata.
  • Anonymization networks discusses how anonymization networks work, and how do they impact investigations? Addressing aspects of tracing, monitoring, evidence acquisition, de-anonymization, and large investigations

Based on research, teaching material, experiences, and student feedback over several years, Cyber Investigations is ideal for all students and professionals in the cybersecurity industry, providing comprehensive subject coverage from faculty, associates, and former students of cyber security and digital forensics at the Norwegian University of Science and Technology (NTNU).

Preface xi
List of Contributors
xiii
List of Figures
xvii
List of Tables
xix
List of Examples
xxi
List of Definitions
xxiii
List of Legal Provisions
xxv
List of Equations
xxvii
List of Abbreviations
xxix
1 Introduction
1(12)
Andre Ames
1.1 Introduction
1(1)
1.2 Cybercrime and Cybersecurity
2(3)
1.2.1 Cybercrime
2(1)
1.2.2 Cybercriminals and Threat Actors
3(1)
1.2.3 Cybersecurity
4(1)
1.2.4 Threat Modeling - Cyber Kill Chain and MITRE ATT&CK
4(1)
1.3 Cyber Investigations
5(3)
1.3.1 Digital Forensics
5(1)
1.3.2 Digital Evidence
6(1)
1.3.3 Attribution
6(1)
1.3.4 Cyber Threat Intelligence
6(1)
1.3.5 Open-Source Intelligence (OSINT)
7(1)
1.3.6 Operational Avalanche - A Real-World Example
7(1)
1.4 Challenges in Cyber Investigations
8(1)
1.5 Further Reading
9(1)
1.6
Chapter Overview
10(1)
1.7 Comments on Citation and Notation
11(1)
1.8 Exercises
11(2)
2 Cyber Investigation Process
13(38)
Nina Sunde
2.1 Introduction
13(2)
2.2 Investigation as Information Work
15(1)
2.3 Developing an Integrated Framework for Cyber Investigations
15(3)
2.4 Principles for the Integrated Cyber Investigation Process (ICIP)
18(4)
2.4.1 Procedure and Policy
18(1)
2.4.2 Planning and Documentation
18(1)
2.4.3 Forming and Testing of Hypotheses
19(1)
2.4.4 The Dynamics of ICIP
20(1)
2.4.5 Principles for Handling Digital Evidence
20(2)
2.4.6 Limitations
22(1)
2.5 ICIP's Procedural Stages
22(22)
2.5.1 Investigation Initiation
22(3)
2.5.2 Modeling
25(2)
2.5.3 Planning and Prioritization
27(3)
2.5.4 Impact and Risk Assessment
30(2)
2.5.5 Action and Collection
32(2)
2.5.6 Analysis and Integration
34(3)
2.5.7 Documentation and Presentation
37(6)
2.5.8 Evaluation
43(1)
2.6 Cognitive and Human Error in Cyber Investigations
44(5)
2.6.1 Cognitive Factors
45(1)
2.6.2 Cognitive Biases
45(2)
2.6.3 Countermeasures
47(2)
2.7 Summary
49(1)
2.8 Exercises
49(2)
3 Cyber Investigation Law
51(24)
Inger Marie Sunde
3.1 Cyber Investigation in Context
51(1)
3.2 The Missions and Some Implications to Privacy Rights
52(5)
3.2.1 The Police, Law Enforcement Agencies, and National Security Service
52(1)
3.2.2 Reasonable Ground to Open a Criminal (Cyber) Investigation
53(1)
3.2.3 The Legal Framework(s)
53(1)
3.2.4 General Conditions for Privacy-Invasive Cyber Investigation Methods
54(2)
3.2.5 The Private Sector Cyber Investigator
56(1)
3.3 The Different Mandates of the LEA, NIS, and the Police
57(2)
3.3.1 Law Enforcing Agencies and the Police
57(1)
3.3.2 The National Intelligence Service (NIS)
58(1)
3.4 Jurisdiction and International Cooperation
59(3)
3.4.1 The eNIS and the Principle of Sovereignty
60(1)
3.4.2 The iNIS and the LEA - International Cooperation
61(1)
3.5 Human Rights in the Context of Cyber Investigations
62(8)
3.5.1 The Right to Fair Trial
62(1)
3.5.2 Covert Cyber Investigation
63(1)
3.5.3 Technical Investigation Methods (Technical Hacking)
64(3)
3.5.4 Methods Based on Social Skills (Social Hacking)
67(2)
3.5.5 Open-Source Intelligence/Investigation
69(1)
3.6 The Private Cyber Investigator
70(1)
3.6.1 Cyber Reconnaissance Targeting a Third Party
70(1)
3.6.2 Data Protection and Privacy Rights
71(1)
3.7 The Way Ahead
71(1)
3.8 Summary
72(1)
3.9 Exercises
72(3)
4 Perspectives of Internet and Cryptocurrency Investigations
75(28)
Petter Christian Bjelland
4.1 Introduction
75(1)
4.2 Case Examples
76(6)
4.2.1 The Proxy Seller
76(3)
4.2.2 The Scammer
79(2)
4.2.3 The Disgruntled Employee
81(1)
4.3 Networking Essentials
82(1)
4.4 Networks and Applications
83(3)
4.4.1 Operational Security
83(1)
4.4.2 Open Sources
84(1)
4.4.3 Closed Sources
84(1)
4.4.4 Networks
84(1)
4.4.5 Peer-to-Peer
85(1)
4.4.6 Applications
86(1)
4.5 Open-Source Intelligence (OSINT)
86(3)
4.5.1 Methodology
86(1)
4.5.2 Types of Open-Source Data
87(1)
4.5.3 Techniques for Gathering Open-Source Data
87(2)
4.6 Internet Browsers
89(2)
4.6.1 HTTP, HTML, JavaScript, and Cache
89(1)
4.6.2 Uniform Resource Locators (URLs)
90(1)
4.6.3 Cookies and Local Storage
90(1)
4.6.4 Developer Tools
90(1)
4.6.5 Forensic Tools
91(1)
4.7 Cryptocurrencies
91(3)
4.7.1 Addresses and Transactions
92(1)
4.7.2 Privacy
92(1)
4.7.3 Heuristics
93(1)
4.7.4 Exploring Transactions
94(1)
4.8 Preparation for Analysis
94(6)
4.8.1 Entity Extraction
94(1)
4.8.2 Machine Translation and Transliteration
95(1)
4.8.3 Metadata Extraction
96(1)
4.8.4 Visualization and Analysis
97(3)
4.9 Summary
100(1)
4.10 Exercises
100(3)
5 Anonymity and Forensics
103(26)
Lasse Overlier
5.1 Introduction
104(4)
5.1.1 Anonymity
104(2)
5.1.2 Degree of Anonymity
106(2)
5.2 Anonymous Communication Technologies
108(15)
5.2.1 High-Latency Anonymity
109(1)
5.2.2 Low-Latency Anonymity
110(1)
5.2.3 Anonymous Proxy
111(1)
5.2.4 Cascading Proxies
112(1)
5.2.5 Anonymity Networks
113(10)
5.2.6 Recent Live Messaging and Voice Communication
123(1)
5.3 Anonymity Investigations
123(3)
5.3.1 Digital Forensics and Anonymous Communication
124(1)
5.3.2 Local Logs
124(1)
5.3.3 Network Logs
124(1)
5.3.4 Live Forensics and Investigations
125(1)
5.4 Summary
126(1)
5.5 Exercises
127(2)
6 Internet of Things Investigations
129(38)
Jens-Petter Sandvik
6.1 Introduction
129(1)
6.2 What Is IoT?
130(17)
6.2.1 A (Very) Short and Incomplete History
130(2)
6.2.2 Application Areas
132(4)
6.2.3 Models and Concepts
136(3)
6.2.4 Protocols
139(8)
6.3 IoT Investigations
147(4)
6.3.1 Types of Events Leading to Investigations
148(2)
6.3.2 Identifying an IoT Investigation
150(1)
6.4 IoT Forensics
151(14)
6.4.1 IoT and Existing Forensic Areas
152(2)
6.4.2 Models
154(4)
6.4.3 New Forensic Challenges
158(7)
6.5 Summary
165(1)
6.6 Exercises
165(2)
7 Multimedia Forensics
167(38)
Jens-Petter Sandvik
Lasse Overlier
7.1 Metadata
168(1)
7.2 Image Forensics
168(22)
7.2.1 Image Trustworthiness
170(1)
7.2.2 Types of Examinations
170(2)
7.2.3 Photography Process Flow
172(2)
7.2.4 Acquisition Fingerprints
174(4)
7.2.5 Image Coding Fingerprints
178(2)
7.2.6 Editing Fingerprints
180(4)
7.2.7 Deepfake Creation and Detection
184(6)
7.3 Video Forensics
190(5)
7.3.1 Video Process Flow
190(1)
7.3.2 Reproduction Detection
190(1)
7.3.3 Source Device Identification
191(4)
7.4 Audio Forensics
195(4)
7.4.1 Audio Fundamentals
196(2)
7.4.2 Digital Audio Recording Process
198(1)
7.4.3 Authenticity Analysis
199(4)
7.4.4 Container Analysis
199(1)
7.4.5 Content-Based Analysis
199(1)
7.4.6 Electric Network Frequency
200(1)
7.4.7 Audio Enhancements
201(1)
7.4.8 Other Audio Forensic Methods
202(1)
7.5 Summary
203(1)
7.6 Exercises
203(2)
8 Educational Guide
205(8)
Kyle Porter
8.1 Academic Resources
205(2)
8.2 Professional and Training Organizations
207(1)
8.3 Nonacademic Online Resources
208(1)
8.4 Tools
208(3)
8.4.1 Disk Analysis Tools
208(1)
8.4.2 Memory Analysis Tools
209(1)
8.4.3 Network Analysis Tools
209(1)
8.4.4 Open-Source Intelligence Tools
210(1)
8.4.5 Machine Learning
210(1)
8.5 Corpora and Data Sets
211(1)
8.6 Summary
212(1)
References 213(18)
Index 231
André Årnes is an experienced cyber security leader with extensive experience from industry, law enforcement, and academia. He joined White Label Consultancy, a lean and fast-growing international cyber security and data protection consultancy, as a Co-owner & Partner for Cyber Security in January 2022. He served as the Global Chief Security Officer of Telenor Group from 2015 to 2021, leading Telenors global cyber security transformation. He also has extensive experience with cyber investigations and digital forensics from the Norwegian Criminal Investigation Service (Kripos). He is a part-time Professor at the Norwegian University of Science and Technology (NTNU) and the Editor of the successful text, Digital Forensics, published by Wiley in 2017.