Investigating computer-related crime

Written by an experienced information security specialist, Investigating Computer-Related Crime is tailored to the needs of corporate information professionals and investigators. It gives a step-by-step approach to understanding and investigating security problems, and offers the technical information, legal information, and computer forensic techniques you need to preserve the security of your company's information. Investigating Computer-Related Crime discusses the nature of cyber crime, its impact in the 21st century, its investigation and the difficulties encountered by both public law enforcement officials and private investigators. By detailing an investigation and providing helpful case studies, this book offers insights into collecting and preserving evidence, interrogating suspects and witnesses; handling the crime in progress, and issues in involving the authorities. The seasoned author offers valuable, firsthand information on using the forensic utilities for preserving evidence and searching for hidden information, to help you devise solutions to the computer-related crimes that threaten the well-being of your company.

Forward by Michael Anderson-New Technologies, Inc., Former Special Agent IRS Preface What This Book is About Who Should Read This Book THE NATURE OF CYBER CRIME Cyber Crime as We Enter the 21st Century What is Cyber Crime? How Does Today's Cyber Crime Differ From the Hacker Exploits of Yesterday? The Reality of Information Warfare in the Corporate Environment Industrial Espionage-Hackers For Hire Public Law Enforcement's Role in Cyber Crime Investigations The Role of Private Cyber Crime Investigators and Security Consultants in Investigations The Potential Impacts of Cyber Crime Data Thieves Misinformation Denial of Service Rogue Code Attacks Viruses, Trojan Horses and Worms Logic Bombs Responding to Rogue Code Attacks Protection of Extended Mission Critical Computer Systems Surgical Strikes and Shotgun Blasts Symptoms of a Surgical Strike Masquerading Case Study: The Case of the Cyber Surgeon Symptoms of Shotgun Blasts "Up Yours"-Mailbombs Data Floods INVESTIGATING CYBER CRIME A Framework for Conducting an Investigation of a Computer Security Incident Managing Intrusions Why We Need an Investigative Framework What Should an Investigative Framework Provide? Drawbacks for the Corporate Investigator A Generalized Investigative Framework for Corporate Investigators Look for the Hidden Flaw The Human Aspects of Cyber Crime Investigation Motive, Means and Opportunity The Difference Between "Evidence" and "Proof" Look for the Logical Error Vanity Analyzing the Remnants of a Computer Security Incident What We Mean by a "Computer Security Incident" We Never Get the Call Soon Enough Cyber Forensic Analysis-Computer Crimes Involving Networks Computer Forensic Analysis-Computer Crimes at the Computer Software Forensic Analysis-Who Wrote the Code? The Limitations of System Logs The Logs May Tell the Tale-But There are No Logs Multiple Log Analysis Launching an Investigation Securing the Virtual Crime Scene Collecting and Preserving Evidence Interrogating and Interviewing Suspects and Witnesses Developing and Testing an Intrusion Hypothesis Investigating Alternative Explanations You May Never Catch the Culprit Damage Control and Containment Determining if a Crime Has Taken Place Statistically, You Probably Don't Have a Crime Believe Your Indications What Constitutes Evidence? Using Tools to Verify That a Crime Has Occurred Unix Crash Dump Analysis Recovering Data From Damaged Disks Examining Logs-Special Tools Can Help Clues From Witness Interviews Maintaining Crime Scene Integrity Until You Make a Determination Case Study: The Case of the CAD/CAM Cad Case Study: The Case of the Client-Server Handling the Crime in Progress Intrusions-The Intruder is Still On-Line Should You Trap, Shut Down or Scare Off the Intruder? Trap and Trace Techniques Legal Issues in Trap and Trace Stinging-Goat Files and Honey Pots "It Never Happened"-Cover-Ups are Common Case Study: The Case of the Innocent Intruder The Importance of Well Documented Evidence Maintaining a Chain of Custody Politically Incorrect-Understanding Why People Cover Up for a Cyber Crook Involving the Authorities Who Has Jurisdiction? What Happens When You Involve Law Enforcement Agencies? Making the Decision When an Investigation Can't Continue When and Why Should You Stop an Investigation? Legal Liability and Fiduciary Duty Political Issues PREPARING FOR CYBER CRIME Building a Corporate Cyber "SWAT Team" Why Do Organizations Need a Cyber SWAT Team? What Does a Cyber SWAT Team Do? Who Belongs on a Cyber SWAT Team? Training Investigative Teams Privacy and Computer Crime The Importance of Formal Policies Who Owns the E-mail? The Disk Belongs to the Organization, But What About the Data? The "Privacy Act"(s) Wiretap Laws USING THE FORENSIC UTILITIES Preface To This Section-How the Section is Organized Preserving Evidence-First Steps "Marking" Evidence With an MD5 Hash and M-Crypt Taking a Hard Disk Inventory with FileList Using SafeBack 2.0 To Take an Image of a Fixed Disk Searching For Hidden Information The Intelligent Filter IP Filter GetSlack GetFree SeeJunk Text Search Pro Using the Norton Utilities Handling Floppy Disks AnaDisk Copying Floppies to a Work Disk Disks Within Disks