Компьютерно-техническая экспертиза

Книги

Computer and Intrusion Forensics

Computer and Intrusion Forensics By George Mohay, Alison Anderson, Byron Collie, Olivier de Vel, Rod McKemmish Hardcover / April 2003 / 1580533698 Table of Contents Foreword by Eugene Spafford Preface Acknowledgments Disclaimer 1.Computer Crime, Computer Forensics, and Computer Security 1.1 Introduction 1.2 Human behavior in the electronic age 1.3 The nature of computer crime 1.4 Establishing a case in computer forensics 1.4.1 Computer forensic analysis within the forensic tradition 1.4.2 The nature of digital evidence 1.4.3 Retrieval and analysis of digital evidence 1.4.4 Sources of digital evidence 1.5 Legal considerations 1.6 Computer security and its relationship to computer forensics 1.6.1 Basic communications on the Internet 1.6.2 Computer security and computer forensics 1.7 Overview of the following chapters References 2 2.Current Practice 2.1 Introduction 2.2 Electronic evidence 2.2.1 Secure boot, write blockers and forensic platforms 2.2.2 Disk file organization 2.2.3 Disk and file imaging and analysis 2.2.4 File deletion, media sanitization 2.2.5 Mobile telephones, PDAs 2.2.6 Discovery of electronic evidence 2.3 Forensic tools 2.3.1 EnCase 2.3.2 ILook Investigator 2.3.3 CFIT 2.4 Emerging procedures and standards 2.4.1 Seizure and analysis of electronic evidence 2.4.2 National and international standards 2.5 Computer crime legislation and computer forensics 2.5.1 Council of Europe convention on cybercrime and other international activities 2.5.2 Carnivore and RIPA 2.5.3 Antiterrorism legislation 2.6 Networks and intrusion forensics References 3 3.Computer Forensics in Law Enforcement and National Security 3.1 The origins and history of computer forensics 3.2 The role of computer forensics in law enforcement 3.3 Principles of evidence 3.3.1 Jurisdictional issues 3.3.2 Forensic principles and methodologies 3.4 Computer forensics model for law enforcement 3.4.1 Computer forensic—secure, analyze, present (CFSAP) model 3.5 Forensic examination 3.5.1 Procedures 3.5.2 Analysis 3.5.3 Presentation 3.6 Forensic resources and tools 3.6.1 Operating systems 3.6.2 Duplication 3.6.3 Authentication 3.6.4 Search 3.6.5 Analysis 3.6.6 File viewers 3.7 Competencies and certification 3.7.1 Training courses 3.7.2 Certification 3.8 Computer forensics and national security 3.8.1 National security 3.8.2 Critical infrastructure protection 3.8.3 National security computer forensic organizations References 4 4.Computer Forensics in Forensic Accounting 4.1 Auditing and fraud detection 4.1.1 Detecting fraud—the auditor and technology 4.2 Defining fraudulent activity 4.2.1 What is fraud 4.2.2 Internal fraud versus external fraud 4.2.3 Understanding fraudulent behavior 4.3 Technology and fraud detection 4.3.1 Data mining and fraud detection 4.3.2 Digit analysis and fraud detection 4.3.3 Fraud detection tools 4.4 Fraud detection techniques 4.4.1 Fraud detection through statistical analysis 4.4.2 Fraud detection through pattern and relationship analysis 4.4.3 Dealing with vagueness in fraud detection 4.4.4 Signatures in fraud detection 4.5 Visual analysis techniques 4.5.1 Link or relationship analysis 4.5.2 Time-line analysis 4.5.3 Clustering 4.6 Building a fraud analysis model 4.6.1 Stage 1 : Define objectives 4.6.2 Stage 2 : Environmental scan 4.6.3 Stage 3 : Data acquisition 4.6.4 Stage 4 : Define fraud rules 4.6.5 Stage 5 : Develop analysis methodology 4.6.6 Stage 6 : Data analysis 4.6.7 Stage 7 : Review results References Appendix 4A 5 5.Case Studies 5.1 Introduction 5.2 The case of ‘‘Little Nicky’’ Scarfo 5.2.1 The legal challenge 5.2.2 Keystroke logging system 5.3 The case of ‘‘El Griton’’ 5.3.1 Surveillance on Harvard’s computer network 5.3.2 Identification of the intruder: Julio Cesar Ardita 5.3.3 Targets of Ardita’s activities 5.4 Melissa 5.4.1 A word on macro viruses 5.4.2 The virus 5.4.3 Tracking the author 5.5 The World Trade Center bombing (1993) and Operation Oplan Bojinka 5.6 Other cases 5.6.1 Testing computer forensics in court 5.6.2 The case of the tender document References 6 6.Intrusion Detection and Intrusion Forensics 6.1 Intrusion detection, computer forensics, and information warfare 6.2 Intrusion detection systems 6.2.1 The evolution of IDS 6.2.2 IDS in practice 6.2.3 IDS interoperability and correlation 6.3 Analyzi ng computer intrusions 6.3.1 Event log analysis 6.3.2 Time-lining 6.4 Network security 6.4.1 Defense in depth 6.4.2 Monitoring of computer networks and systems 6.4.3 Attack types, attacks, and system vulnerabilities 6.5 Intrusion forensics 6.5.1 Incident response and investigation 6.5.2 Analysis of an attack 6.5.3 A case study—security in cyberspace 6.6 Future directions for IDS and intrusion forensics References 7 7.Research Directions and Future Developments 7.1 Introduction 7.2 Forensic data mining—finding useful patterns in evidence 7.3 Text categorization 7.4 Authorship attribution: identifying e-mail authors 7.5 Association rule mining—application to investigative profiling 7.6 Evidence extraction, link analysis, and link discovery 7.6.1 Evidence extraction and link analysis 7.6.2 Link discovery 7.7 Stegoforensic analysis 7.8 Image mining 7.9 Cryptography and cryptanalysis 7.10 The future—society and technology References Acronyms About the Authors Index

Прикрепленные файлы

Оценить статью:
Рейтинг статьи: 3