Cyber Forensics : A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes
معرفی کتاب «Cyber Forensics : A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes» نوشتهٔ Albert J. Marcella Jr.; Robert S. Greenfield، منتشرشده توسط نشر Auerbach Publications در سال 2002. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
Given our increasing dependency on computing technology in daily business processes, and the growing opportunity to use engineering technologies to engage in illegal, unauthorized, and unethical acts aimed at corporate infrastructure, every organization is at risk. Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes provides a comprehensive, highly usable, and clearly organized resource to the issues, tools, and control techniques needed to successfully investigate illegal activities perpetuated through the use of information technology. Traditional forensics professionals use fingerprints, DNA typing, and ballistics analysis to make their case. Infosec professionals have to develop new tools for collecting, examining, and evaluating data in an effort to establish intent, culpability, motive, means, methods and loss resulting from e-crimes. The field bible for infosecurity professionals, this book introduces you to the broad field of cyber forensics and presents the various tools and techniques designed to maintain control over your organization. You will understand how to: Identify inappropriate uses of corporate IT Examine computing environments to identify and gather electronic evidence of wrongdoing Secure corporate systems from further misuse Identify individuals responsible for engaging in inappropriate acts taken with or without corporate computing systems Protect and secure electronic evidence from intentional or accidental modification or destruction Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes provides a set of varied resources for anyone required to look under the hood and behind closed doors of a virtual world to gather evidence and to establish credible audit trails of electronic wrong doing. Knowing how to identify, gather, document, and preserve evidence of electronic tampering and misuse makes reading this book and using the forensic audit procedures it discusses essential to protecting corporate assets. Header 1 Table of Contents 2 Cyber ForensicsŠA Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes 8 Disclaimer 13 Introduction 14 Background 15 Dimensions of the Problem 16 Computer Forensics 17 Works Cited 18 Section I: Cyber Forensics 20 Chapter List 20 20 Chapter 1: The Goal of the Forensic Investigation 21 Overview 21 Why Investigate 21 Internet Exceeds Norm 21 Inappropriate E-mail 23 Non-Work-Related Usage of Company Resources 24 Theft of Information 25 Violation of Security Parameters 25 Intellectual Property Infraction 26 Electronic Tampering 27 Establishing a Basis or Justification to Investigate 28 Determine the Impact of Incident 29 Who to Call/Contact 31 If You Are the Auditor/Investigator 31 Resources 32 Authority 32 Obligations/Goals 32 Reporting Hierarchy 32 Escalation Procedures 32 Time Frame 33 Procedures 33 Precedence 33 Independence 33 Chapter 2: How to Begin a Non-Liturgical Forensic Examination 34 Overview 34 Isolation of Equipment 34 Cookies 36 Bookmarks 38 History Buffer 39 Cache 41 Temporary Internet Files 42 Tracking of Logon Duration and Times 42 Recent Documents List 43 Tracking of Illicit Software Installation and Use 44 The System Review 45 The Manual Review 48 Hidden Files 49 How to Correlate the Evidence 50 Works Cited 51 Chapter 3: The Liturgical Forensic Examination: Tracing Activity on a Windows-Based Desktop 52 Gathering Evidence For Prosecution Purposes 52 Gathering Evidence Without Intent to Prosecute 52 The Microsoft Windows-Based Computer 53 General Guidelines To Follow 55 Cookies 57 Bookmarks/Favorites 60 Internet Explorer's History Buffer 61 Temporary Storage on the Hard Drive 62 Temporary Internet Files 63 System Registry 64 Enabling and Using Auditing via the Windows Operating System 68 Confiscation of Computer Equipment 72 Other Methods of Covert Monitoring 73 Chapter 4: Basics of Internet Abuse: What is Possible and Where to Look Under the Hood 75 Terms 75 Types of Users 76 E-Mail Tracking 76 IP Address Construction 76 Browser Tattoos 76 How an Internet Search works 77 Swap Files 81 ISPs 82 Servers 82 Works Cited 82 Chapter 5: Tools of the Trade: Automated Tools Used to Secure a System Throughout the Stages of a Forensic Investigation 84 Overview 84 Detection Tools 84 Protection Tools 91 Analysis Tools 94 Chapter 6: Network Intrusion Management and Profiling 98 Overview 98 Common Intrusion Scenarios 98 Intrusion Profiling 102 Creating the Profile 103 Conclusion 110 Chapter 7: Cyber Forensics and the Legal System 112 Overview 112 How the System Works 112 Issues of Evidence 113 Hacker, Cracker, or Saboteur 115 Best Practices 122 Notes 122 Acknowledgments 123 Section II: Federal and International Guidelines 124 Chapter List 124 124 References 125 Chapter 8: Searching and Seizing Computers and Obtaining Electronic Evidence 125 Recognizing and Meeting Title III Concerns in Computer Investigations 130 Computer Records and the Federal Rules of Evidence 138 Proposed Standards for the Exchange of Digital Evidence 141 Recovering and Examining Computer Forensic Evidence 147 International Principles for Computer Evidence 148 Chapter 9: Computer Crime Policy and Programs 150 The National Infrastructure Protection Center Advisory 01-003 150 The National Information Infrastructure Protection Act of 1996 153 Distributed Denial of Service Attacks 164 The Melissa Virus 170 Cybercrime Summit: A Law Enforcement/Information Technology Industry Dialogue 170 Chapter 10: International Aspects of Computer Crime 172 Council of Europe Convention on Cybercrime 172 Council of Europe Convention on Cybercrime Frequently Asked Questions 175 Internet as the Scene of Crime 175 Challenges Presented to Law Enforcement by High-Tech and Computer Criminals 176 Problems of Criminal Procedural Law Connected with Information Technology 176 Combating High-Tech and Computer-Related Crime 176 Vienna International Child Pornography Conference 178 OECD Guidelines for Cryptography Policy 178 Fighting Cybercrime: What are the Challenges Facing Europe? 178 Chapter 11: Privacy Issues in the High-Tech Context 179 Law Enforcement Concerns Related to Computerized Databases 179 Enforcing the Criminal Wiretap Statute 181 Referring Potential Privacy Violations to the Department of Justice for Investigation and Prosecution 181 Testimony on Digital Privacy 182 Chapter 12: Critical Infrastructure Protection 183 Attorney General Janet Reno's Speech on Critical Infrastructure Protection 183 Protecting the Nation's Critical Infrastructures: Presidential Decision Directive 63 183 The Clinton Administration's Policy on Critical Infrastructure Protection: Presidential Decision Directive 63 184 Foreign Ownership Interests in the American Communications Infrastructure 194 Carnivore and the Fourth Amendment 195 Chapter 13: Electronic Commerce: Legal Issues 202 Overview 202 Guide for Federal Agencies on Implementing Electronic Processes 202 Consumer Protection in the Global Electronic Marketplace 203 The Government Paperwork Elimination Act 203 Internet Gambling 204 Sale of Prescription Drugs Over the Internet 204 Guidance on Implementing the Electronic Signatures in Global And National Commerce Act (E-SIGN) 205 Part I: General Overview of the E-SIGN Act 205 The Electronic Frontier: the Challenge of Unlawful Conduct Involving the Use of the Internet 222 Internet Health Care Fraud 224 Jurisdiction in Law Suits 225 Electronic Case Filing at the Federal Courts 232 Notes 233 Chapter 14: Legal Considerations in Designing and Implementing Electronic Processes: A Guide for Federal Agencies 236 Executive Summary 236 Introduction 244 I. Why Agencies Should Consider Legal Risks 245 II. Legal Issues to Consider in "Going Paperless" 249 III. Reducing The Legal Risks in "Going Paperless" 262 Conclusion 273 Notes 274 Chapter 15: Encryption 280 Department of Justice FAQ on Encryption Policy (April 24, 1998) 280 Interagency and State and Federal Law Enforcement Cooperation 280 Law Enforcement's Concerns Related to Encryption 280 Privacy in a Digital Age: Encryption and Mandatory Access 281 Modification of H.R. 695 287 Security and Freedom Through Encryption Act 288 OECD Guidelines for Cryptography Policy 292 Recommended Reading 292 Chapter 16: Intellectual Property 293 Prosecuting Intellectual Property Crimes Guidance 293 Deciding Whether to Prosecute an Intellectual Property Case 293 Government Reproduction of Copyrighted Materials 293 Federal Statutes Protecting Intellectual Property Rights 293 IP Sentencing Guidelines 296 Intellectual Property Policy and Programs 299 Copyrights, Trademarks and Trade Secrets 301 Section III: Forensics Tools 303 Chapter List 303 303 Chapter 17: Forensic and Security Assessment Tools 304 Detection, Protection, and Analysis 304 Detection and Prevention Tools for the PC Desktop 304 Analysis Tools 306 Applications 308 Additional Free Forensics Software Tools 314 Chapter 18: How to Report Internet-Related Crime 315 Overview 315 The Internet Fraud Complaint Center (IFCC) 316 Chapter 19: Internet Security: An Auditor's Basic Checklist 317 Firewalls 317 Supported Protocols 318 Anti-Virus Updates 318 Software Management Systems 319 Backup Processes and Procedures 319 Intra-Network Security 319 Section IV: Appendices 321 Appendix List 321 321 Appendix A: Glossary of Terms 321 A-C 321 D 324 E-G 326 H-I 329 K-Q 330 R-S 331 T-W 333 Appendix B: Recommended Reading List 336 Books 336 Articles 339 Web Sites 340 List of Exhibits 344 Chapter 2: How to Begin a Non-Liturgical Forensic Examination 344 Chapter 3: The Liturgical Forensic Examination: Tracing Activity on a Windows-Based Desktop 344 Chapter 4: Basics of Internet Abuse: What is Possible and Where to Look Under the Hood 344 Chapter 5: Tools of the Trade: Automated Tools Used to Secure a System Throughout the Stages of a Forensic Investigation 345 Chapter 6: Network Intrusion Management and Profiling 345 Chapter 8: Searching and Seizing Computers and Obtaining Electronic Evidence 345 Chapter 9: Computer Crime Policy and Programs 345 Chapter 11: Privacy Issues in the High-Tech Context 345 Chapter 12: Critical Infrastructure Protection 346 Chapter 13: Electronic Commerce: Legal Issues 346 Chapter 14: Legal Considerations in Designing and Implementing Electronic Processes: A Guide for Federal Agencies 346 Chapter 18: How to Report Internet-Related Crime 346 Given our increasing dependency on computing technology in daily business processes, and the growing opportunity to use engineering technologies to engage in illegal, unauthorized, and unethical acts aimed at corporate infrastructure, every organization is at risk. Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes provides a comprehensive, highly usable, and clearly organized resource to the issues, tools, and control techniques needed to successfully investigate illegal activities perpetuated through the use of information technology.Traditional forensics professionals use fingerprints, DNA typing, and ballistics analysis to make their case. Infosec professionals have to develop new tools for collecting, examining, and evaluating data in an effort to establish intent, culpability, motive, means, methods and loss resulting from e-crimes. The field bible for infosecurity professionals, this book introduces you to the broad field of cyber forensics and presents the various tools and techniques designed to maintain control over your organization. You will understand how to:oIdentify inappropriate uses of corporate IToExamine computing environments to identify and gather electronic evidence of wrongdoingoSecure corporate systems from further misuseoIdentify individuals responsible for engaging in inappropriate acts taken with or without corporate computing systemsoProtect and secure electronic evidence from intentional or accidental modification or destructionCyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes provides a set of varied resources for anyone required to look under the hood and behind closed doors of a virtual world to gather evidence and to establish credible audit trails of electronic wrong doing. Knowing how to identify, gather, document, and preserve evidence of electronic tampering and misuse makes reading this book and using the forensic audit procedures it discusses essential to protecting corporate assets.
دانلود کتاب Cyber Forensics : A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes