Cyber Crime Investigator's Field Guide, Second Edition

Published:
January 25, 2005 by Auerbach Publications - 296 Pages
Author(s):
Bruce Middleton, Harris Corporation, Virginia, USA

Purchasing Options

Paperback
$83.95
Add to cart
ISBN 9780849327681
Cat# AU2768
 

Features

  • Analyzes the use of the latest evidence collection and analysis tools
  • Details how to use evidence collection and analysis tools including AccessData's Forensic Tool Kit®, Guidance Software's EnCase® 3 & 4, ILook Investigator©, and a variety of tools from NTI
  • Covers everything from what to do upon arrival at the scene until the investigation is complete, including chain of evidence

    • Summary

    Many excellent hardware and software products exist to protect our data communications sytems, but security threats dictate that they must be further enhanced. Many laws implemented during the past 15 years have provided law enforcement with more teeth to take a bite out of cyber crime, but there is still a need for individuals who know how to investigate computer network security incidents. Organizations demand experts with both investigative talents and a technical knowledge of how cyberspace really works. Cyber Crime Investigator's Field Guide, Second Edition provides the investigative framework that needs to be followed, along with information about how cyberspace works and the tools that reveal the who, what, when, where, why, and how in the investigation of cyber crime.

    This volume offers a valuable Q&A by subject area, an extensive overview of recommended reference materials, and a detailed case study. Appendices highlight attack signatures, UNIX/Linux commands, Cisco PIX commands, port numbers targeted by trojan horses, and more.

    Table of Contents

    THE INITIAL CONTACT
    Chapter Questions

    CLIENT SITE ARRIVAL
    Chapter Questions

    EVIDENCE COLLECTION PROCEDURES
    Detailed Procedures for Obtaining a Bitstream Backup of a Hard Drive
    Chapter Questions

    EVIDENCE COLLECTION AND ANALYSIS TOOLS
    SafeBack
    GetTime
    FileList, FileCnvt, and Excel©
    GetFree
    Swap Files and GetSwap
    GetSlack
    Temporary Files
    TextSearch Plus
    CRCMD5
    DiskSig
    Chapter Questions

    ACCESSDATA'S FORENSIC TOOL KIT
    Creating a Case
    Working on an Existing Case
    Chapter Questions

    GUIDANCE SOFTWARE'S ENCASE
    Chapter Questions

    ILOOK INVESTIGATOR
    Chapter Questions

    PASSWORD RECOVERY
    Chapter Questions

    QUESTIONS AND ANSWERS BY SUBJECT AREA
    Evidence Collection
    Legal
    Evidence Analysis
    UNIX
    Military
    Hackers
    BackTracing (TraceBack)
    Logs
    Encryption
    Government
    Networking
    E-Mail

    RECOMMENDED REFERENCE MATERIALS
    PERL and C Scripts
    UNIX, Windows, NetWare, and Macintosh
    Computer Internals
    Computer Networking
    Web Sites of Interest

    CASE STUDY
    Recommendations

    APPENDIX A: GLOSSARY

    APPENDIX B: PORT NUMBERS USED BY MALICIOUS
    TROJAN HORSE PROGRAMS

    APPENDIX C: ATTACK SIGNATURES

    APPENDIX D: UNIX/LINUX COMMANDS

    APPENDIX E: CISCO PIX FIREWALL COMMANDS
    PIX Command Reference

    APPENDIX F: DISCOVERING UNAUTHORIZED ACCESS
    TO YOUR COMPUTER

    APPENDIX G: ELECTROMAGNETIC FIELD ANALYSIS
    (EFA) "TICKLER"

    APPENDIX H: THE INTELLIGENCE COMMUNITY SINCE
    9/11

    APPENDIX I: ANSWERS TO CHAPTER QUESTIONS

    Related Titles