CHAPTER 55
CYBER INVESTIGATION1
Peter Stephenson
55.1.1 Defining Cyber Investigation
55.1.2 Distinguishing between Cyber Forensics and Cyber Investigation
55.1.3 DFRWS Framework Classes
55.2 END-TO-END DIGITAL INVESTIGATION
55.2.2 Analysis of Individual Events
55.2.3 Preliminary Correlation
55.2.6 Second-Level Correlation
55.2.8 Chain of Evidence Construction
55.3 APPLYING THE FRAMEWORK AND EEDI
55.3.1 Supporting the EEDI Process
55.3.2 Investigative Narrative
55.4 USING EEDI AND THE FRAMEWORK
55.5 MOTIVE, MEANS, AND OPPORTUNITY: PROFILING ATTACKERS
55.1 INTRODUCTION.
Cyber investigation (also widely known as digital investigation) as a discipline has changed markedly since publication of the fourth edition of this Handbook in 2002. In 1999, when Investigating Computer Related Crime2 was published, practitioners in the field were just beginning to speculate as to how cyber investigations would be carried out. At that time, the idea of cyber investigation was almost completely congruent with the practice of computer forensics. Today (as this is being written in April 2008), we ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access