دانلود کتاب Scene of the Cybercrime: Computer Forensics Handbook

فهرست مطالب :

Cover
Contents
Foreword
Chapter 1 Facing the Cybercrime Problem Head On
Introduction
Quantifying the Crisis
Defining Cybercrime
Moving from the General to the Specific
Understanding the Importance of Jurisdictional Issues
Differentiating Crimes That Use the Net from Crimes That Depend on the Net
Collecting Statistical Data on Cybercrime
Understanding the Crime Reporting System
Categorizing Crimes for the National Reporting System
Toward a Working Definition of Cybercrime
U.S. Federal and State Statutes
International Law:The United Nations Definition of Cybercrime
Categorizing Cybercrime
Developing Categories of Cybercrimes
Violent or Potentially Violent Cybercrime Categories
Nonviolent Cybercrime Categories
Prioritizing Cybercrime Enforcement
Fighting Cybercrime
Determining Who Will Fight Cybercrime
Educating Cybercrime Fighters
Educating Legislators and Criminal Justice Professionals
Educating Information Technology Professionals
Educating and Engaging the Community
Getting Creative in the Fight Against Cybercrime
Using Peer Pressure to Fight Cybercrime
Using Technology to Fight Cybercrime
Finding New Ways to Protect Against Cybercrime
Summary
Frequently Asked Questions
Resources
Chapter 2 Reviewing the History of Cybercrime
Introduction
Exploring Criminality in the Days of Standalone Computers
Sharing More Than Time
The Evolution of a Word
Understanding Early Phreakers, Hackers, and Crackers
Hacking Ma Bell’s Phone Network
Phamous Phreakers
Phreaking on the Other Side of the Atlantic
A Box for Every Color Scheme
From Phreaker to Hacker
Living on the LAN: Early Computer Network Hackers
How BBSs Fostered Criminal Behavior
How Online Services Made Cybercrime Easy
Introducing the ARPANet:: the Wild West of Networking
Sputnik Inspires ARPA
ARPA Turns Its Talents to Computer Technology
Network Applications Come into Their Own
The Internetwork Continues to Expand
The ARPANet of the 1980s
The Internet of the 1990s
The Worm Turns—and Security Becomes a Concern
Watching Crime Rise with the Commercialization of the Internet
Bringing the Cybercrime Story Up to Date
Understanding How New Technologies Create New Vulnerabilities
Why Cybercriminals Love Broadband
Why Cybercriminals Love Wireless
Why Cybercriminals Love Mobile Computing
Why Cybercriminals Love Sophisticated Web and E-Mail Technologies
Why Cybercriminals Love E-Commerce and Online Banking
Why Cybercriminals Love Instant Messaging
Why Cybercriminals Love New Operating Systems and Applications
Why Cybercriminals Love Standardization
Planning for the Future: How to Thwart Tomorrow’s Cybercriminal
Summary
Frequently Asked Questions
Resources
Chapter 3 Understanding the People on the Scene
Introduction
Understanding Cybercriminals
Profiling Cybercriminals
Understanding How Profiling Works
Reexamining Myths and Misconceptions About Cybercriminals
Constructing a Profile of the Typical Cybercriminal
Recognizing Criminal Motivations
Recognizing the Limitations of Statistical Analysis
Categorizing Cybercriminals
Criminals Who Use the Net as a Tool of the Crime
Criminals Who Use the Net Incidentially to the Crime
Real-Life Noncriminals Who Commit Crimes Online
Understanding Cybervictims
Categorizing Victims of Cybercrime
Making the Victim Part of the Crime-Fighting Team
Understanding Cyberinvestigators
Recognizing the Characteristics of a Good Cyberinvestigator
Categorizing Cyberinvestigators by Skill Set
Recruiting and Training Cyberinvestigators
Facilitating Cooperation: CEOs on the Scene
Summary
Frequently Asked Questions
Resources
Chapter 4 Understanding Computer Basics
Introduction
Understanding Computer Hardware
Looking Inside the Machine
Components of a Digital Computer
The Role of the Motherboard
The Roles of the Processor and Memory
The Role of Storage Media
Why This Matters to the Investigator
The Language of the Machine
Wandering Through a World of Numbers
Who’s on Which Base?
Understanding the Binary Numbering System
Converting Between Binary and Decimal
Converting Between Binary and Hexadecimal
Converting Text to Binary
Encoding Nontext Files
Why This Matters to the Investigator
Understanding Computer Operating Systems
Understanding the Role of the Operating System Software
Differentiating Between Multitasking and Multiprocessing Types
Multitasking
Multiprocessing
Differentiating Between Proprietary and Open Source Operating Systems
An Overview of Commonly Used Operating Systems
Understanding DOS
Windows 1.x Through 3.x
Windows 9x (95, 95b, 95c, 98, 98SE, and ME)
Windows NT
Windows 2000
Windows XP
Linux/UNIX
Other Operating Systems
Understanding File Systems
FAT12
FAT16
VFAT
FAT32
NTFS
Other File Systems
Summary
Frequently Asked Questions
Resources
Chapter 5 Understanding Networking Basics
Introduction
Understanding How Computers Communicate on a Network
Sending Bits and Bytes Across a Network
Digital and Analog Signaling Methods
How Multiplexing Works
Directional Factors
Timing Factors
Signal Interference
Packets, Segments, Datagrams, and Frames
Access Control Methods
Network Types and Topologies
Why This Matters to the Investigator
Understanding Networking Models and Standards
The OSI Networking Model
The DoD Networking Model
The Physical/Data Link Layer Standards
Why This Matters to the Investigator
Understanding Network Hardware
The Role of the NIC
The Role of the Network Media
The Roles of Network Connectivity Devices
Why This Matters to the Investigator
Understanding Network Software
Understanding Client/Server Computing
Server Software
Client Software
Network File Systems and File Sharing Protocols
A Matter of (Networking) Protocol
Understanding the TCP/IP Protocols Used on the Internet
The Need for Standardized Protocols
A Brief History of TCP/IP
The Internet Protocol and IP Addressing
How Routing Works
The Transport Layer Protocols
The MAC Address
Name Resolution
TCP/IP Utilities
Network Monitoring Tools
Why This Matters to the Investigator
Summary
Frequently Asked Questions
Resources
Chapter 6 Understanding Network Intrusions and Attacks
Introduction
Understanding Network Intrusions and Attacks
Intrusions vs. Attacks
Recognizing Direct vs. Distributed Attacks
Automated Attacks
Accidental “Attacks”
Preventing Intentional Internal Security Breaches
Preventing Unauthorized External Intrusions
Planning for Firewall Failures
External Intruders with Internal Access
Recognizing the “Fact of the Attack”
Identifying and Categorizing Attack Types
Recognizing Pre-intrusion/Attack Activities
Port Scans
Address Spoofing
IP Spoofing
ARP Spoofing
DNS Spoofing
Placement of Trojans
Placement of Tracking Devices and Software
Placement of Packet Capture and Protocol Analyzer Software
Prevention and Response
Understanding Password Cracking
Brute Force
Exploitation of Stored Passwords
Interception of Passwords
Password Decryption Software
Social Engineering
Prevention and Response
General Password Protection Measures
Protecting the Network Against Social Engineers
Understanding Technical Exploits
Protocol Exploits
DoS Attacks That Exploit TCP/IP
Source Routing Attacks
Other Protocol Exploits
Application Exploits
Bug Exploits
Mail Bombs
Browser Exploits
Web Server Exploits
Buffer Overflows
Operating System Exploits
The WinNuke Out-of-Band Attack
Windows Registry Attacks
Other Windows Exploits
UNIX Exploits
Router Exploits
Prevention and Response
Attacking with Trojans,Viruses, and Worms
Trojans
Viruses
Worms
Prevention and Response
Hacking for Nontechies
The Script Kiddie Phenomenon
The “Point and Click” Hacker
Prevention and Response
Summary
Frequently Asked Questions
Resources
Chapter 7 Understanding Cybercrime Prevention
Introduction
Understanding Network Security Concepts
Applying Security Planning Basics
Defining Security
The Importance of Multilayered Security
The Intrusion Triangle
Removing Intrusion Opportunities
Talking the Talk: Security Terminology
Importance of Physical Security
Protecting the Servers
Keeping Workstations Secure
Protecting Network Devices
Understanding Basic Cryptography Concepts
Understanding the Purposes of Cryptographic Security
Authenticating Identity
Providing Confidentiality of Data
Ensuring Data Integrity
Basic Cryptography Concepts
Scrambling Text with Codes and Ciphers
What Is Encryption?
Securing Data with Cryptographic Algorithms
How Encryption Is Used in Information Security
What Is Steganography?
Modern Decryption Methods
Cybercriminals’ Use of Encryption and Steganography
Making the Most of Hardware and Software Security
Implementing Hardware-Based Security
Hardware-Based Firewalls
Authentication Devices
Implementing Software-Based Security
Cryptographic Software
Digital Certificates
The Public Key Infrastructure
Software-Based Firewalls
Understanding Firewalls
How Firewalls Use Layered Filtering
Packet Filtering
Circuit Filtering
Application Filtering
Integrated Intrusion Detection
Forming an Incident Response Team
Designing and Implementing Security Policies
Understanding Policy-Based Security
What Is a Security Policy?
Why This Matters to the Investigator
Evaluating Security Needs
Components of an Organizational Security Plan
Defining Areas of Responsibility
Analyzing Risk Factors
Assessing Threats and Threat Levels
Analyzing Organizational and Network Vulnerabilities
Analyzing Organizational Factors
Considering Legal Factors
Analyzing Cost Factors
Assessing Security Solutions
Complying with Security Standards
Government Security Ratings
Utilizing Model Policies
Defining Policy Areas
Password Policies
Other Common Policy Areas
Developing the Policy Document
Establishing Scope and Priorities
Policy Development Guidelines
Policy Document Organization
Educating Network Users on Security Issues
Policy Enforcement
Policy Dissemination
Ongoing Assessment and Policy Update
Summary
Frequently Asked Questions
Resources
Chapter 8 Implementing System Security
Introduction
How Can Systems Be Secured?
The Security Mentality
Elements of System Security
Implementing Broadband Security Measures
Broadband Security Issues
Deploying Antivirus Software
Defining Strong User Passwords
Setting Access Permissions
Disabling File and Print Sharing
Using NAT
Deploying a Firewall
Disabling Unneeded Services
Configuring System Auditing
Implementing Browser and E-Mail Security
Types of Dangerous Code
JavaScript
ActiveX
Java
Making Browsers and E-Mail Clients More Secure
Restricting Programming Languages
Keep Security Patches Current
Cookie Awareness
Securing Web Browser Software
Securing Microsoft Internet Explorer
Securing Netscape Navigator
Securing Opera
Implementing Web Server Security
DMZ vs. Stronghold
Isolating the Web Server
Web Server Lockdown
Managing Access Control
Handling Directory and Data Structures
Scripting Vulnerabilities
Logging Activity
Backups
Maintaining Integrity
Rogue Web Servers
Understanding Security and Microsoft Operating Systems
General Microsoft Security Issues
NetBIOS
Widespread Automated Functionality
IRDP Vulnerability
NIC Bindings
Securing Windows 9x Computers
Securing a Windows NT 4.0 Network
Securing a Windows 2000 Network
Windows .NET:The Future of Windows Security
Understanding Security and UNIX/Linux Operating Systems
Understanding Security and Macintosh Operating Systems
Understanding Mainframe Security
Understanding Wireless Security
Summary
Frequently Asked Questions
Resources
Chapter 9 Implementing Cybercrime Detection Techniques
Introduction
Security Auditing and Log Files
Auditing for Windows Platforms
Auditing for UNIX and Linux Platforms
Firewall Logs, Reports, Alarms, and Alerts
Understanding E-Mail Headers
Tracing a Domain Name or IP Address
Commercial Intrusion Detection Systems
Characterizing Intrusion Detection Systems
Commercial IDS Players
IP Spoofing and Other Antidetection Tactics
Honeypots, Honeynets, and Other “Cyberstings”
Summary
Frequently Asked Questions
Resources
Chapter 10 Collecting and Preserving Digital Evidence
Introduction
Understanding the Role of Evidence in a Criminal Case
Defining Evidence
Admissibility of Evidence
Forensic Examination Standards
Collecting Digital Evidence
The Role of First Responders
The Role of Investigators
The Role of Crime Scene Technicians
Preserving Digital Evidence
Preserving Volatile Data
Disk Imaging
A History of Disk Imaging
Imaging Software
Standalone Imaging Tools
Role of Imaging in Computer Forensics
“Snapshot”Tools and File Copying
Special Considerations
Environmental Factors
Retaining Time and Datestamps
Preserving Data on PDAs and Handheld Computers
Recovering Digital Evidence
Recovering “Deleted” and “Erased” Data
Decrypting Encrypted Data
Finding Hidden Data
Where Data Hides
Detecting Steganographic Data
Alternate Datastreams
Methods for Hiding Files
The Recycle Bin
Locating Forgotten Evidence
Web Caches and URL Histories
Temp Files
Swap and Page Files
Recovering Data from Backups
Defeating Data Recovery Techniques
Overwriting the Disk
Degaussing or Demagnetizing
Physically Destroying the Disk
Documenting Evidence
Evidence Tagging and Marking
Evidence Logs
Documenting Evidence Analysis
Documenting the Chain of Custody
Computer Forensics Resources
Computer Forensics Training and Certification
Computer Forensics Equipment and Software
Computer Forensics Services
Computer Forensics Information
Understanding Legal Issues
Searching and Seizing Digital Evidence
U.S. Constitutional Issues
Search Warrant Requirements
Search Without Warrant
Seizure of Digital Evidence
Forfeiture Laws
Privacy Laws
The Effects of the U.S. Patriot Act
Summary
Frequently Asked Questions
Resources
Chapter 11 Building the Cybercrime Case
Introduction
Major Factors Complicating Prosecution
Difficulty of Defining the Crime
Bodies of Law
Types of Law
Levels of Law
Basic Criminal Justice Theory
Elements of the Offense
Level and Burden of Proof
Jurisdictional Issues
Defining Jurisdiction
Statutory Law Pertaining to Jurisdiction
Case Law Pertaining to Jurisdiction
International Complications
Practical Considerations
The Nature of the Evidence
Human Factors
Law Enforcement “Attitude”
The High-Tech Lifestyle
Natural-Born Adversaries?
Overcoming Obstacles to Effective Prosecution
The Investigative Process
Investigative Tools
Steps in an Investigation
Defining Areas of Responsibility
Testifying in a Cybercrime Case
The Trial Process
Testifying as an Evidentiary Witness
Testifying as an Expert Witness
Giving Direct Testimony
Cross-Examination Tactics
Using Notes and Visual Aids
Summary
Frequently Asked Questions
Resources
Afterword
Appendix: Fighting Cybercrime on a Global Scale
Index
Related Titles