Hacking Exposed Computer Forensics, Second Edition : Computer Forensics Secrets & Solutions

"Provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties it all the complex pieces together with real-world case studies. ...Delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations." —Brian H. Karney, COO, AccessData Corporation The latest strategies for investigating cyber-crime Identify and investigate computer criminals of all stripes with help from this fully updated. real-world resource. Hacking Exposed Computer Forensics, Second Edition explains how to construct a high-tech forensic lab, collect prosecutable evidence, discover e-mail and system file clues, track wireless activity, and recover obscured documents. Learn how to re-create an attacker's footsteps, communicate with counsel, prepare court-ready reports, and work through legal and organizational challenges. Case studies straight from today's headlines cover IP theft, mortgage fraud, employee misconduct, securities fraud, embezzlement, organized crime, and consumer fraud cases. Effectively uncover, capture, and prepare evidence for investigation Store and process collected data in a highly secure digital forensic lab Restore deleted documents, partitions, user activities, and file systems Analyze evidence gathered from Windows, Linux, and Macintosh systems Use the latest Web and client-based e-mail tools to extract relevant artifacts Overcome the hacker's anti-forensic, encryption, and obscurity techniques Unlock clues stored in cell phones, PDAs, and Windows Mobile devices Prepare legal documents that will hold up to judicial and defense scrutiny Contents 12 Acknowledgments 20 Introduction 22 Part I: Preparing for an Incident 26 Case Study: Lab Preparations 27 Cashing Out 27 Preparing for a Forensics Operation 27 1 The Forensics Process 30 Types of Investigations 31 The Role of the Investigator 34 Elements of a Good Process 37 Defining a Process 40 After the Investigation 43 2 Computer Fundamentals 44 The Bottom-up View of a Computer 45 Types of Media 50 3 Forensic Lab Environment Preparation 66 The Ultimate Computer Forensic Lab 67 Forensic Computers 73 Forensic Hardware and Software Tools 78 The Flyaway Kit 80 Case Management 81 Bonus: Linux or Windows? 84 Part II: Collecting the Evidence 86 Case Study: The Collections Agency 87 Preparations 87 Revelations 87 Collecting Evidence 87 4 Forensically Sound Evidence Collection 88 Collecting Evidence from a Single System 89 Common Mistakes in Evidence Collection 119 5 Remote Investigations and Collections 122 Privacy Issues 123 Remote Investigations 124 Remote Collections 137 Encrypted Volumes or Drives 147 USB Thumb Drives 150 Part III: Forensic Investigation Techniques 152 Case Study: Analyzing the Data 153 Digging for Clues 153 We're Not Done. Yet. 153 Finally 154 6 Microsoft Windows Systems Analysis 156 Windows File Systems 157 Recovering Deleted Files 163 Windows Artifacts 175 7 Linux Analysis 186 The Linux File System (ext2 and ext3) 187 Linux Analysis 191 8 Macintosh Analysis 200 The Evolution of the Mac OS 201 Looking at a Mac Disk or Image 203 Deleted Files 211 A Closer Look at Macintosh Files 217 Mac as a Forensics Platform 220 9 Defeating Anti-forensic Techniques 222 Obscurity Methods 223 Privacy Measures 230 10 Enterprise Storage Analysis 246 The Enterprise Data Universe 247 Working with NAS Systems 249 Working with SAN Systems 250 Working with Tapes 251 Full-Text Indexing 256 Mail Servers 259 11 E-mail Analysis 264 Finding E-mail Artifacts 265 Converting E-mail Formats 266 Obtaining Web-based E-mail (Webmail) from Online Sources 266 Client-based E-mail 268 Web-Based E-mail 286 Investigating E-mail Headers 292 12 Tracking User Activity 298 Microsoft Office Forensics 299 Tracking Web Usage 308 Operating System User Logs 323 13 Forensic Analysis of Mobile Devices 328 Collecting and Analyzing Mobile Device Evidence 330 Password-protected Windows Devices 356 Conclusion 363 Part IV: Presenting Your Findings 364 Case Study: Wrapping Up the Case 365 He Said, She Said... 365 14 Documenting the Investigation 366 Read Me 367 Internal Report 368 Declaration 371 Affidavit 375 Expert Report 376 15 The Justice System 382 The Criminal Court System 383 The Civil Justice System 384 Expert Status 389 Part V: Putting It All Together 392 Case Study: Now What? 393 Mr. Blink Becomes an Investigator 393 Time to Understand the Business Issues 393 16 IP Theft 394 What Is IP Theft? 395 IP Theft Ramifications 396 Types of Theft 398 Tying It Together 414 17 Employee Misconduct 418 What Is Employee Misconduct? 419 Ramifications 420 Types of Misconduct 423 Tying It Together 437 18 Employee Fraud 442 What Is Employee Fraud? 443 Ramifications 444 Types of Employee Fraud 445 Tying It Together 457 19 Corporate Fraud 460 What Is Corporate Fraud? 462 Ramifications 462 Types of Corporate Fraud 464 20 Organized Cyber Crime 478 The Changing Landscape of Hacking 479 Types of Hacks and the Role of Computer Forensics 482 Money Laundering 490 21 Consumer Fraud 496 What Is Consumer Fraud? 498 Ramifications 498 Types of Consumer Fraud 500 Tying It Together 516 A Searching Techniques 518 Regular Expressions 519 Index 524 A 524 B 524 C 525 D 527 E 528 F 531 G 532 H 533 I 533 J 534 K 535 L 535 M 536 N 537 O 538 P 538 R 539 S 540 T 541 U 542 V 542 W 543 X 543 Y 543 Z 543 0071626778 9780071626774 0071626778,9780071626774 "Provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties it all the complex pieces together with real-world case studies...Delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations." --Brian H. Karney, COO, AccessData CorporationThe latest strategies for investigating cyber-crimeIdentify and investigate computer criminals of all stripes with help from this fully updated. real-world resource. Hacking Exposed Computer Forensics, Second Edition explains how to construct a high-tech forensic lab, collect prosecutable evidence, discover e-mail and system file clues, track wireless activity, and recover obscured documents. Learn how to re-create an attacker's footsteps, communicate with council, prepare court-ready reports, and work through legal and organizational challenges. Case studies straight from today's headlines cover IP theft, mortgage fraud, employee misconduct, securities fraud, embezzlement, organized crime, and consumer fraud cases.Effectively uncover, capture, and prepare evidence for investigationStore and process collected data in a highly secure digital forensic labRestore deleted documents, partitions, user activities, and file systemsAnalyze evidence gathered from Windows, Linux, and Macintosh systemsUse the latest Web and client-based e-mail tools to extract relevant artifactsOvercome the hacker's anti-forensic, encryption, and obscurity techniquesUnlock clues stored in cell phones, PDAs, and Windows Mobile devicesPrepare legal documents that will hold up to judicial and defense scrutiny Publisher's Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. The latest strategies for investigating cyber-crime Identify and investigate computer criminals of all stripes with help from this fully updated. real-world resource. Hacking Exposed Computer Forensics, Second Edition explains how to construct a high-tech forensic lab, collect prosecutable evidence, discover e-mail and system file clues, track wireless activity, and recover obscured documents. Learn how to re-create an attacker's footsteps, communicate with counsel, prepare court-ready reports, and work through legal and organizational challenges. Case studies straight from today's headlines cover IP theft, mortgage fraud, employee misconduct, securities fraud, embezzlement, organized crime, and consumer fraud cases. Investigate computer crime, corporate malfeasance, and hacker break-ins quickly and effectively with help from this practical and comprehensive resource. You'll get expert information on crucial procedures to successfully prosecute violators while avoiding the pitfalls of illicit searches, privacy violations, and illegally obtained evidence. It's all here--from collecting actionable evidence, re-creating the criminal timeline, and zeroing in on a suspect to uncovering obscured and deleted code, unlocking encrypted files, and preparing lawful affidavits. Plus, you'll get in-depth coverage of the latest PDA and cell phone investigation techniques and real-world case studies. This second edition explains how to construct a high-tech forensic lab, collect prosecutable evidence, discover e-mail and system file clues, track wireless activity, and recover obscured documents. Learn how to re-create an attacker's footsteps, communicate with counsel, prepare court-ready reports, and work through legal and organizational challenges. Case studies straight from today's headlines cover IP theft, mortgage fraud, employee misconduct, securities fraud, embezzlement, organized crime, and consumer fraud cases. -- Edited summary from book Leading experts in computer forensics reveal the secrets and strategies for investigating computer crime, in an updated edition that includes six new chapters that cover IP theft, employee misconduct, securities fraud, embezzlement, organized crime and hacking, and foreign corrupt practices and money laundering. Original. With case studies straight from today's headlines; this reall-world resource explains how to construct a high-tech forensic lab; collect prosecutable evidence; discover e-mail and system file clues; track wireless activity; and recover obscured documents. -- Edited summary from book