Cyber Crime Investigations (eBook)
432 Seiten
Elsevier Science (Verlag)
978-0-08-055363-4 (ISBN)
The book begins with the chapter What is Cyber Crime? This introductory chapter describes the most common challenges faced by cyber investigators today. The following chapters discuss the methodologies behind cyber investigations, and frequently encountered pitfalls. Issues relating to cyber crime definitions, the electronic crime scene, computer forensics, and preparing and presenting a cyber crime investigation in court will be examined. Not only will these topics be generally be discussed and explained for the novice, but the hard questions -the questions that have the power to divide this community- will also be examined in a comprehensive and thoughtful manner.
This book will serve as a foundational text for the cyber crime community to begin to move past current difficulties into its next evolution.
* This book has been written by a retired NYPD cyber cop, who has worked many high-profile computer crime cases
* Discusses the complex relationship between the public and private sector with regards to cyber crime
* Provides essential information for IT security professionals and first responders on maintaining chain of evidence
Written by a former NYPD cyber cop, this is the only book available that discusses the hard questions cyber crime investigators are asking.The book begins with the chapter "e;What is Cyber Crime? This introductory chapter describes the most common challenges faced by cyber investigators today. The following chapters discuss the methodologies behind cyber investigations; and frequently encountered pitfalls. Issues relating to cyber crime definitions, the electronic crime scene, computer forensics, and preparing and presenting a cyber crime investigation in court will be examined. Not only will these topics be generally be discussed and explained for the novice, but the hard questions -the questions that have the power to divide this community- will also be examined in a comprehensive and thoughtful manner. This book will serve as a foundational text for the cyber crime community to begin to move past current difficulties into its next evolution. - This book has been written by a retired NYPD cyber cop, who has worked many high-profile computer crime cases- Discusses the complex relationship between the public and private sector with regards to cyber crime- Provides essential information for IT security professionals and first responders on maintaining chain of evidence
Front Cover 1
Cyber Crime Investigations: Bridging the Gaps Between Security Professional, Law Enforcement, and Prosecutors 4
Copyright Page 5
Contents 12
Chapter 1. The Problem at Hand 22
Introduction 23
The Gaps in Cyber Crime Law 25
Unveiling the Myths Behind Cyber Crime 28
Prioritizing Evidence 32
Setting the Bar Too High 34
Summary 38
Works Referenced 38
Solutions Fast Track 40
Frequently Asked Questions 41
Chapter 2. “Computer Crime” Discussed 44
Introduction 45
Examining “Computer Crime” Definitions 45
Dissecting “Computer Crime” 54
Using Clear Language to Bridge the Gaps 59
Summary 63
Works Referenced 64
Solutions Fast Track 65
Frequently Asked Questions 67
Chapter 3. Preparing for Prosecution and Testifying 70
Introduction 71
Common Misconceptions 72
Chain of Custody 77
Keys to Effective Testimony 79
Differences between Civil and Criminal Cases 85
Summary 86
Solutions Fast Track 86
Frequently Asked Questions 88
Chapter 4. Cyber Investigative Roles 90
Introduction 91
Understanding Your Role as a Cyber Crime Investigator 93
The Role of Law Enforcement Officers 100
The Role of the Prosecuting Attorney 103
Summary 106
Solutions Fast Track 106
Frequently Asked Questions 108
Works Referenced 109
Chapter 5. Incident Response: Live Forensics and Investigations 110
Introduction 111
Postmortmem versus Live Forensics 111
Today’s Live Methods 120
Case Study: Live versus Postmortem 122
Computer Analysis for the Hacker Defender Program 125
Network Analysis 126
Summary 127
Special Thanks 127
References 127
Solutions Fast Track 128
Frequently Asked Questions 130
Chapter 6. Legal Issues of Intercepting WiFi Transmissions 132
Introduction 133
WiFi Technology 133
Understanding WiFi RF 138
Scanning RF 139
Eavesdropping on WiFi 141
Fourth Amendment Expectation of Privacy in WLANs 146
Summary 147
Works Cited 149
Solutions Fast Track 149
Frequently Asked Questions 151
Chapter 7. Seizure of Digital Information 154
Introduction 155
Defining Digital Evidence 158
Digital Evidence Seizure Methodology 162
Factors Limiting the Wholesale Seizure of Hardware 170
Other Options for Seizing Digital Evidence 180
Common Threads within Digital Evidence Seizure 198
Determining the Most Appropriate Seizure Method 201
Summary 204
Works Cited 207
Solutions Fast Track 210
Frequently Asked Questions 212
Chapter 8. Conducting Cyber Investigations 214
Introduction 215
Demystifying Computer/Cyber Crime 215
Understanding IP Addresses 219
The Explosion of Networking 223
The Explosion of Wireless Networks 227
Interpersonal Communication 232
Summary 236
Solutions Fast Track 236
Frequently Asked Questions 238
Chapter 9. Digital Forensics and Analyzing Data 240
Introduction 241
The Evolution of Computer Forensics 241
Phases of Digital Forensics 243
Summary 278
References 278
Solutions Fast Track 279
Frequently Asked Questions 280
Chapter 10. Cyber Crime Prevention 282
Introduction 283
Ways to Prevent Cyber Crime Targeted at You 284
Ways to Prevent Cyber Crime Targeted at the Family 289
Ways to Prevent Cyber Crime Targeted at Personal Property 293
Ways to Prevent Cyber Crime Targeted at a Business 296
Ways to Prevent Cyber Crime Targeted at an Organization 298
Ways to Prevent Cyber Crime Targeted at a Government Agency 299
Summary 302
Notes 302
Solutions Fast Track 302
Frequently Asked Questions 304
Appendix A: Legal Principles for Information Security Evaluations 306
Introduction 307
Uncle Sam Wants You: How Your Company’s Information Security Can Affect U.S. National Security (and Vice Versa) 308
Legal Standards Relevant to Information Security 313
Do It Right or Bet the Company:Tools to Mitigate Legal Liability 323
What to Cover in Security Evaluation Contracts 331
The First Thing We Do…? Why You Want Your Lawyers Involved from Start to Finish 351
Solutions Fast Track 360
Frequently Asked Questions 363
References 365
Appendix B: Investigating Insider Threat Using Enterprise Security Management. 372
What Is ESM? 373
What Is a Chinese Wall? 386
Data Sources 390
Bridging the Chinese Wall: Detection through Convergence 409
Conclusion 419
Index 420
Chapter 1 The Problem at Hand
Midway upon the journey of our life I found myself within a forest dark, For the straightforward pathway had been lost.
…
I cannot well repeat how there I entered, So full was I of slumber at the moment In which I had abandoned the true way
—Dante Alighieri
The Divine Comedy—Inferno
Solutions in this chapter:
Introduction
In the literary classic The Inferno, Dante wakes up from a semiconscious state only to find himself lost in the Dark Woods of Error. Uncertain how he came to stray from the True Way, Dante attempts to exit the woods and is immediately driven back by three beasts. Dante, faced with despair and having no hope of ever leaving the woods, is visited by the spirit of Virgil. Virgil, a symbol of Human Reason, explains he has been sent to lead Dante from error. Virgil tells him there can be no direct ascent to heaven past the beasts, for the man who would escape them must go a longer and harder way. Virgil offers to guide Dante, but only as far as Human Reason can go (Ciardi, 2001).
As with Dante, I too frequently “strayed from the True Way into the Dark Woods of Error” when investigating cyber crime. Often times, I found myself lost as a result of a lack of available information on how to handle the situations I confronted. Yet other times I wasn’t quite sure how I got to the point where I became lost. As a cyber crimes investigator, you’ve undoubtedly encountered similar situations where there was little or no guidance to aid you in your decision-making process. Often, you find yourself posting “hypothetical” questions to an anonymous list serve, in the hopes that some stranger’s answer might ring true. Although you’ve done your due diligence, sleepless nights accompany you as you contemplate how your decision will come back to haunt you.
We recently witnessed such an event with the Hewlett-Packard Board of Directors scandal. In this case, seasoned investigators within HP and the primary subcontracting company sought clarity on an investigative method they were implementing for an investigation. The investigators asked legal counsel to determine if the technique being used was legal or illegal. Legal counsel determined that the technique fell within a grey area, and did not constitute an illegal act. As a result, the investigators used it and were later arrested. This situation could befall any cyber crimes investigator.
Cyber crime investigations are still a relatively new phenomenon. Methods used by practitioners are still being developed and tested today. While attempts have been made to create a methodology on how to conduct these types of investigations, the techniques can still vary from investigator to investigator, agency to agency, corporation to corporation, and situation to situation. No definitive book exists on cyber crime investigation and computer forensic procedures at this time. Many of the existing methodologies, books, articles, and literature on the topic are based on a variety of research methods, or interpretations on how the author suggests one should proceed. The field of computer forensics is so new that the American Academy of Forensic Sciences is only now beginning to accept it as a discipline under its general section for forensic sciences. I suspect that cyber crime investigations and the computer forensic methodologies are still in their infancy stages and that the definitive manual has yet to be written.
In the following pages and chapters, areas of difficulties, misconceptions, and flaws in the cyber investigative methodology will be discussed in an attempt to bridge the gaps. This book is by no means intended to be the definitive book on cyber crime investigations. Rather, it is designed to be a guide, as Virgil was to Dante, to help you past the “Beasts” and place you back on the road to the True Way. While I anticipate readers of this book to disagree with some of the authors’ opinions, it is my hope that it will serve to create a dialogue within our community that addresses the many issues concerning cyber crime investigations. Dante was brought to the light by a guide—a guide that symbolized Human Reason. We, too, can overcome the gaps that separate and isolate the cyber-investigative communities by using this same faculty, our greatest gift.
WARNING
In the Hewlett-Packard case, legal consul did not fully understand the laws relating to such methodologies and technological issues. The lesson for investigators here is don’t sit comfortable with an action you’ve taken because corporate consul told you it was okay to do it. This is especially true within the corporate arena. In the HP case, several investigators were arrested, including legal consul, for their actions.
The Gaps in Cyber Crime Law
When I started my stint as a “Cyber Detective” many cyber crime laws were nonexistent, information on the topic was scarce, and there were only a handful of investigators working these types of cases. Today, cyber crime laws are still poorly worded or simply don’t apply to the types of crimes being investigated. Additionally, many cyber crimes laws still vary from state to state. Attempts to address cyber crimes in the law are thwarted by the speed at which technology changes compared to the rate at which laws are created or revised.
In a research report published by the National Institute of Justice in 2001, researchers determined that uniform laws, which kept pace with electronic crimes, were among the top ten critical needs for law enforcement (National Institute of Justice, 2001). It found that laws were often outpaced by the speed of technological change. These gaps in the law were created by the length of time it took for legislation to be created or changed to meet the prosecutorial demands of cyber crimes.
In 2003, I worked a child pornography case that demonstrated the gap between the legal framework and changing technology. In this case, I arrested a suspect who was a known trader in the child pornography industry. He had set up a file server that traded pictures and videos of child porn. This site was responsible for trading child porn with hundreds of users around the world on a daily basis. So the idea was to take over control of the file server and record the activities of the users who logged on. Knowing that I would essentially be recording the live activity of unsuspecting individuals, it was prudent to think I would need a wiretap order from the court. The only problem was that child pornography was not listed as one of the underlying crimes for which you could obtain a wiretap order under the New York State Criminal Procedure Code. Some of the crimes for which wiretapping was allowed at the time included murder, arson, criminal mischief, and falsifying business records—but not child pornography. As a result, we relied on the fact that New York State was a one-party consent state. This allowed me to record my side of the conversation—in this case, the computer activity. However, a problem still arose with the issue of privacy as it pertained to the IP addresses of the individuals logging in. The legal question was whether the unsuspecting users had a reasonable expectation of privacy as it related to their IP address. This issue caused great debates among the legal scholars involved. Nevertheless, we erred on the side of caution and obtained a trap and trace order. This court order allowed us to record the inbound connections of unsuspecting suspects and trace their connection back to their Internet service provider. We then issued subpoenas to identify the connection location and referred the case to the local jurisdiction. In the end, numerous arrests were made and cases where generated around the world. This is an example where the legal framework did not address our situation.
TIP
One-party consent state The wiretap laws differ from state to state, and the # party consent refers to the number of parties that must consent to the recording of a conversation in a given state. Two-party states require that both parties consent to the recording of the conversation. Many times you may hear a recording when calling a company informing you that the conversation is going to be recorded. This helps fulfill the consent requirement for states that require both parties to consent. In the case discussed, one-party consent means that only one of the conversation’s participants needs to agree in order to record the conversation. Traditionally, one-party consent applied to only telephone conversations, but in today’s world, consent can include the recording of electronic communications.
Trap and trace Trap and trace refers to a court order that allows law enforcement to capture calls to and from a location. Originally, it applied only to telephones but with the advent of computers and Voice over IP, it now encompasses other types of communication methods.
Notes from the Underground …
Warrants
Whenever there is a question of...
| Erscheint lt. Verlag | 18.4.2011 |
|---|---|
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Informatik ► Theorie / Studium ► Kryptologie | |
| Mathematik / Informatik ► Informatik ► Web / Internet | |
| Recht / Steuern ► Strafrecht ► Kriminologie | |
| Sozialwissenschaften | |
| Wirtschaft ► Betriebswirtschaft / Management | |
| ISBN-10 | 0-08-055363-X / 008055363X |
| ISBN-13 | 978-0-08-055363-4 / 9780080553634 |
| Haben Sie eine Frage zum Produkt? |
EPUB (Adobe DRM)Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
