Description
Taylor & Francis Ltd Cyber Crime Investigators Field Guide 2Nd Edition 2005 by Bruce Middleton
Many excellent hardware and software products exist to protect our data communications sytems, but security threats dictate that they must be further enhanced. Many laws implemented during the past 15 years have provided law enforcement with more teeth to take a bite out of cyber crime, but there is still a need for individuals who know how to investigate computer network security incidents. Organizations demand experts with both investigative talents and a technical knowledge of how cyberspace really works. Cyber Crime Investigator's Field Guide, Second Edition provides the investigative framework that needs to be followed, along with information about how cyberspace works and the tools that reveal the who, what, when, where, why, and how in the investigation of cyber crime.This volume offers a valuable Q&A by subject area, an extensive overview of recommended reference materials, and a detailed case study. Appendices highlight attack signatures, UNIX/Linux commands, Cisco PIX commands, port numbers targeted by trojan horses, and more. THE INITIAL CONTACTChapter Questions CLIENT SITE ARRIVAL Chapter Questions EVIDENCE COLLECTION PROCEDURES Detailed Procedures for Obtaining a Bitstream Backup of a Hard DriveChapter Questions EVIDENCE COLLECTION AND ANALYSIS TOOLS SafeBackGetTime FileList, FileCnvt, and Excel (c) GetFree Swap Files and GetSwapGetSlack Temporary FilesTextSearch Plus CRCMD5DiskSig Chapter Questions ACCESSDATA'S FORENSIC TOOL KIT Creating a Case Working on an Existing Case Chapter Questions GUIDANCE SOFTWARE'S ENCASE Chapter Questions ILOOK INVESTIGATOR Chapter Questions PASSWORD RECOVERY Chapter Questions QUESTIONS AND ANSWERS BY SUBJECT AREAEvidence Collection LegalEvidence Analysis UNIX Military Hackers BackTracing (TraceBack)LogsEncryptionGovernmentNetworking E-Mail RECOMMENDED REFERENCE MATERIALS PERL and C Scripts UNIX, Windows, NetWare, and MacintoshComputer Internals Computer Networking Web Sites of InterestCASE STUDY Recommendations APPENDIX A: GLOSSARY APPENDIX B: PORT NUMBERS USED BY MALICIOUS TROJAN HORSE PROGRAMSAPPENDIX C: ATTACK SIGNATURESAPPENDIX D: UNIX/LINUX COMMANDS APPENDIX E: CISCO PIX FIREWALL COMMANDSPIX Command Reference APPENDIX F: DISCOVERING UNAUTHORIZED ACCESSTO YOUR COMPUTERAPPENDIX G: ELECTROMAGNETIC FIELD ANALYSIS (EFA) "TICKLER"APPENDIX H: THE INTELLIGENCE COMMUNITY SINCE 9/11APPENDIX I: ANSWERS TO CHAPTER QUESTIONS