Cybercrime Investigators Handbook

Ulteriori informazioni

The investigator's practical guide for cybercrime evidence identification and collection
 
Cyber attacks perpetrated against businesses, governments, organizations, and individuals have been occurring for decades. Many attacks are discovered only after the data has been exploited or sold on the criminal markets. Cyber attacks damage both the finances and reputations of businesses and cause damage to the ultimate victims of the crime. From the perspective of the criminal, the current state of inconsistent security policies and lax investigative procedures is a profitable and low-risk opportunity for cyber attacks. They can cause immense harm to individuals or businesses online and make large sums of money--safe in the knowledge that the victim will rarely report the matter to the police. For those tasked with probing such crimes in the field, information on investigative methodology is scarce. The Cybercrime Investigators Handbook is an innovative guide that approaches cybercrime investigation from the field-practitioner's perspective.
 
While there are high-quality manuals for conducting digital examinations on a device or network that has been hacked, the Cybercrime Investigators Handbook is the first guide on how to commence an investigation from the location the offence occurred--the scene of the cybercrime--and collect the evidence necessary to locate and prosecute the offender. This valuable contribution to the field teaches readers to locate, lawfully seize, preserve, examine, interpret, and manage the technical evidence that is vital for effective cybercrime investigation.
* Fills the need for a field manual for front-line cybercrime investigators
* Provides practical guidance with clear, easy-to-understand language
* Approaches cybercrime form the perspective of the field practitioner
* Helps companies comply with new GDPR guidelines
* Offers expert advice from a law enforcement professional who specializes in cybercrime investigation and IT security
 
Cybercrime Investigators Handbook is much-needed resource for law enforcement and cybercrime investigators, CFOs, IT auditors, fraud investigators, and other practitioners in related areas.

Sommario

List of Figures xi
 
About the Author xiii
 
Foreword xv
 
Acknowledgments xvii
 
Chapter 1: Introduction 1
 
Chapter 2: Cybercrime Offenses 9
 
Potential Cybercrime Offenses 11
 
Cybercrime Case Study 26
 
Notes 26
 
Chapter 3: Motivations of the Attacker 29
 
Common Motivators 30
 
Cybercrime Case Study I 33
 
Cybercrime Case Study II 34
 
Note 35
 
Chapter 4: Determining That a Cybercrime is Being Committed 37
 
Cyber Incident Alerts 38
 
Attack Methodologies 41
 
Cybercrime Case Study I 44
 
Cybercrime Case Study II 44
 
Notes 45
 
Chapter 5: Commencing a Cybercrime Investigation 47
 
Why Investigate a Cybercrime? 47
 
The Cyber Investigator 48
 
Management Support 48
 
Is There a Responsibility to Try to Get the Data Back? 50
 
Cybercrime Case Study 51
 
Notes 52
 
Chapter 6: Legal Considerations When Planning an Investigation 53
 
Role of the Law in a Digital Crimes Investigation 54
 
Protecting Digital Evidence 55
 
Preservation of the Chain of Custody 56
 
Protection of Evidence 59
 
Legal Implications of Digital Evidence Collection 60
 
Cybercrime Case Study 63
 
Note 63
 
Chapter 7: Initial Meeting with the Complainant 65
 
Initial Discussion 65
 
Complainant Details 68
 
Event Details 68
 
Cyber Security History 69
 
Scene Details 70
 
Identifying Offenses 71
 
Identifying Witnesses 71
 
Identifying Suspects 71
 
Identifying the Modus Operandi of Attack 72
 
Evidence: Technical 73
 
Evidence: Other 74
 
Cybercrime Case Study 74
 
Chapter 8: Containing and Remediating the Cyber Security Incident 77
 
Containing the Cyber Security Incident 77
 
Eradicating the Cyber Security Incident 80
 
Note 82
 
Chapter 9: Challenges in Cyber Security Incident Investigations 83
 
Unique Challenges 84
 
Cybercrime Case Study 91
 
Chapter 10: Investigating the Cybercrime Scene 93
 
The Investigation Team 96
 
Resources Required 101
 
Availability and Management of Evidence 104
 
Technical Items 105
 
Scene Investigation 123
 
What Could Possibly Go Wrong? 152
 
Cybercrime Case Study I 155
 
Cybercrime Case Study II 156
 
Notes 158
 
Chapter 11: Log File Identification, Preservation, Collection, and Acquisition 159
 
Log Challenges 160
 
Logs as Evidence 161
 
Types of Logs 162
 
Cybercrime Case Study 164
 
Notes 165
 
Chapter 12: Identifying, Seizing, and Preserving Evidence from Cloud-Computing Platforms 167
 
What is Cloud Computing? 167
 
What is the Relevance to the Investigator? 172
 
The Attraction of Cloud Computing for the Cybercriminal 173
 
Where is Your Digital Evidence Located? 174
 
Lawful Seizure of Cloud Digital Evidence 175
 
Preservation of Cloud Digital Evidence 177
 
Forensic Investigations of Cloud-Computing Servers 178
 
Remote Forensic Examinations 182
 
Cloud Barriers to a Successful Investigation 196
 
Suggested Tips to Assist Your Cloud-Based Investigation 203
 
Cloud-Computing Investigation Framework 206
 
Cybercrime Case Study 219
 
Notes 221
 
Chapter 13: Identifying, Seizing, and Preserving Evidence from Internet of Things Devices 225
 
What is the Internet of Things? 225
&n

Info autore

DR. GRAEME EDWARDS, CFE, has been a cybercrime investigator with the Queensland Police Service Financial and Cyber Crime Group and has worked on numerous successful criminal investigations involving local and international jurisdictions. He facilitated the creation of the Victims of Financial Crimes Support Group to support those suffering losses associated with financial or cybercrime. Graeme is an experienced conference speaker and cybercrime investigation educator, provider of training in a corporate environment and conducts post investigation analysis. He has a Doctorate of Information Technology focusing on computer security, computer networking, and cloud computing investigation strategies.