book

Cyber Crime and Cyber Terrorism Investigator's Handbook

by Babak Akhgar, Andrew Staniforth, Francesca Bosco

July 2014

Intermediate to advanced

306 pages

10h 32m

English

Syngress

Read now

Unlock full access

Cover image
Title page
Table of Contents
Copyright
Acknowledgments
Endorsements
Contributors
Author Biography
Babak AkhgarAndrew StaniforthFrancesca Bosco
Foreword
Preface

Chapter 1: Cyberspace: The new frontier for policing?
AbstractThe Shape of the ChallengeThe Size of the ChallengeThe ResponseConclusion
Chapter 2: Definitions of Cyber Terrorism
AbstractIntroductionThe Confusion About Cyber TerrorismCyber Terrorism DefinitionHas Cyber Terrorism Ever Occurred?Conclusions
Chapter 3: New and emerging threats of cyber crime and terrorism
AbstractIntroductionSome Historic MilestonesCyber Security Lessons not Learned from Previous ICT Innovation CyclesOrganizational Aspects not Learned From Previous ICT Innovation CyclesEmerging ThreatsConclusions
Chapter 4: Police investigation processes: practical tools and techniques for tackling cyber crimes
AbstractIntroductionInvestigative Decision MakingInvestigative Problem SolvingDeveloping Investigative HypothesisInvestigative InnovationInvestigators Contact ManagementInvestigating Crime and TerrorConclusion
Chapter 5: Cyber-specifications: capturing user requirements for cyber-security investigations
AbstractIntroductionUser Requirements and the Need for a User-Centered Approach?Balancing Technological and Human CapabilitiesConducting User Requirements ElicitationCapturing and Communicating User RequirementsConclusionAcknowledgment
Chapter 6: High-tech investigations of cyber crime
AbstractIntroductionHigh-Tech Investigations and ForensicsCore Concepts of High-Tech InvestigationsDigital LandscapesThe “Crime Scene”Reviewing the RequirementsStarting the AnalysisCore EvidenceCase StudySummary
Chapter 7: Seizing, imaging, and analyzing digital evidence: step-by-step guidelines
AbstractIntroductionEstablishing CrimeCollecting Evidence for a Search WarrantReported by a Third PartyIdentification of a Suspects Internet Protocol AddressIP SpoofingAnonymizing Proxy Relay ServicesIntrusion Detection Systems, Network Traffic and Firewall LogsInterviews with SuspectsAnalysis of Suspects MediaDoxingCollecting EvidenceSeizing EquipmentSearch for Written PasswordsForensic AcquisitionRAMImageForensic AnalysisAnti-forensicsRAM AnalysisData Carving and Magic ValuesMedia Storage ForensicsPartitionsMaster Boot RecordThe VBR and BIOS Parameter BlockFile SystemFile TableSearching for EvidenceKeyword and Phrases SearchRecovering Deleted InformationRecovering Deleted Files and FoldersRecovering Deleted PartitionsWhere Evidence HidesRegistryMost Recently Used ListsLastWrite TimeHiberfil.sysPagefil.sysSystem Volume Information FoldersChapter Summary
Chapter 8: Digital forensics education, training and awareness
AbstractIntroductionDigital Forensics Laboratory Preparation and TrainingDigital Anti Forensics Tools and ApproachesThe Main Difficulties Faced by Law Enforcement Officers Fighting Cyber-CrimeEducational Provision for the Study of Computer ForensicsThe CFM MethodologyConclusions
Chapter 9: Understanding the situational awareness in cybercrimes: case studies
AbstractIntroductionTaxonomical Classification of Cybercrime/CyberterrorismCase StudiesPolitical/Publicity/Self-Actualization: The Case of the Syrian Electronic ArmyThe Case of StuxnetThe Cyber-Attacks on BanksThe Case of the Anonymous Attacks on ScientologySelf-Actualization: The Case of “Mafiaboy”Strategic Responses to Cyber AttacksConcluding Remarks
Chapter 10: Terrorist use of the internet
AbstractTerrorist Use of the InternetPropaganda—Indoctrination—RecruitmentThe Role of the VideoOnline Forums—BlogsOnline Social Network ServicesRadicalization Process on the InternetParticular Case: Lone WolfInformation SharingFuture DevelopmentsConclusion
Chapter 11: ICT as a protection tool against child exploitation
AbstractIntroductionKey Issues and ChallengesInformation Awareness and Better EducationGovernment Responsibilities and Legal FrameworkTechnical Issues and ChallengesChild-Centered Information FlowsCBCT Response SystemConclusions
Chapter 12: Cybercrime classification and characteristics
AbstractIntroductionWhat is Cybercrime?What Are the Classifications and Types of Cybercrime?Cybercrime CategoriesCyber-Attack Methods and ToolsConclusion
Chapter 13: Cyber terrorism: Case studies
AbstractIntroductionCase Studies—Activities in Cyberspace Attributed to Terrorist OrganizationsAnalysis of CapabilitiesTechnological Capabilities, Intelligence Guidance, and Operational CapacityConclusion
Chapter 14: Social media and Big Data
AbstractIntroductionBig Data: The Asymmetric Distribution of Control Over Information and Possible RemediesBig Data and Social Surveillance: Public and Private Interplay in Social ControlThe Role of the E.U. Reform on Data Protection in Limiting the Risks of Social SurveillancePreserving the E.U. Data Protection Standard in a Globalized World
Chapter 15: Social media and its role for LEAs: Review and applications
AbstractIntroductionFeatures of Social Media Users and UseLEA Usage Scenarios for Social MediaConcluding Remarks
Chapter 16: The rise of cyber liability insurance
AbstractA Brief History of InsuranceBusiness Interruption InsuranceWhat Is Cyber Liability?Cyber Risks—A Growing ConcernThe Cyber ThreatA Changing Regulatory LandscapeICO NotificationWhat Does Cyber Liability Insurance Cover?Who Offers Cyber Liability Insurance and What Should Customers Look Out For?Conclusion
Chapter 17: Responding to cyber crime and cyber terrorism—botnets an insidious threat
AbstractIntroductionA Botnet RoadmapBotnets How Do They Work. Network Topologies and ProtocolsCase Study—Eurograbber (2012)Case Study—ZeroAccess (2013)Countermeasures for Fighting Botnets or Mitigating Botnets EffectsConclusion and Future Trends (TOR, Mobile and Social Networks)
Chapter 18: Evolution of TETRA through the integration with a number of communication platforms to support public protection and disaster relief (PPDR)
AbstractIntroductionTechnological and Economic Barriers and IssuesProgress Beyond the State-of-the-ArtProposed PPDR Communication Network Architectural SolutionsConclusion
Index

Content preview from Cyber Crime and Cyber Terrorism Investigator's Handbook

Chapter 7

Seizing, imaging, and analyzing digital evidence

step-by-step guidelines

David Day

Abstract

Hiding and obfuscating their identities and digital evidence are now common activities for many malicious hackers. This coupled with anti-forensic and anonymizing techniques, such as encryption and proxy relays, have made the aims of the digital investigator more difficult to achieve. It is simple to make errors which cause vital evidence to remain undetected, or worse having found it go on to contaminate it through poor practice. This chapter suggests best practices to help obtain exhibits and uncover obfuscated evidence while maintaining its integrity for submission in court.

Keywords

Cybercrime

Hacker

Digital forensics

Disk

RAM

Anti-forensics ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780128007433

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design