Компьютерно-техническая экспертиза


Scene of the Cybercrime

Scene of the Cybercrime By Debra Littlejohn Shinder, Ed Tittel Paperback / August 2002 / 1931836655 Table of Contents Foreword Chapter 1 Facing the Cybercrime Problem Head On Introduction Quantifying the Crisis Defining Cybercrime Moving from the General to the Specific Understanding the Importance of Jurisdictional Issues Differentiating Crimes That Use the Net from Crimes That Depend on the Net Collecting Statistical Data on Cybercrime Understanding the Crime Reporting System Categorizing Crimes for the National Reporting System Toward a Working Definition of Cybercrime U.S. Federal and State Statutes International Law:The United Nations Definition of Cybercrime Categorizing Cybercrime Developing Categories of Cybercrimes Violent or Potentially Violent Cybercrime Categories Nonviolent Cybercrime Categories Prioritizing Cybercrime Enforcement Fighting Cybercrime Determining Who Will Fight Cybercrime Educating Cybercrime Fighters Educating Legislators and Criminal Justice Professionals Educating Information Technology Professionals Educating and Engaging the Community Getting Creative in the Fight Against Cybercrime Using Peer Pressure to Fight Cybercrime Using Technology to Fight Cybercrime Finding New Ways to Protect Against Cybercrime Summary Frequently Asked Questions Resources Chapter 2 Reviewing the History of Cybercrime Introduction Exploring Criminality in the Days of Standalone Computers Sharing More Than Time The Evolution of a Word Understanding Early Phreakers, Hackers, and Crackers Hacking Ma Bell’s Phone Network Phamous Phreakers Phreaking on the Other Side of the Atlantic A Box for Every Color Scheme From Phreaker to Hacker Living on the LAN: Early Computer Network Hackers How BBSs Fostered Criminal Behavior How Online Services Made Cybercrime Easy Introducing the ARPANet:: the Wild West of Networking Sputnik Inspires ARPA ARPA Turns Its Talents to Computer Technology Network Applications Come into Their Own The Internetwork Continues to Expand The ARPANet of the 1980s The Internet of the 1990s The Worm Turns—and Security Becomes a Concern Watching Crime Rise with the Commercialization of the Internet Bringing the Cybercrime Story Up to Date Understanding How New Technologies Create New Vulnerabilities Why Cybercriminals Love Broadband Why Cybercriminals Love Wireless Why Cybercriminals Love Mobile Computing Why Cybercriminals Love Sophisticated Web and E-Mail Technologies Why Cybercriminals Love E-Commerce and Online Banking Why Cybercriminals Love Instant Messaging Why Cybercriminals Love New Operating Systems and Applications Why Cybercriminals Love Standardization Planning for the Future: How to Thwart Tomorrow’s Cybercriminal Summary Frequently Asked Questions Resources Chapter 3 Understanding the People on the Scene Introduction Understanding Cybercriminals Profiling Cybercriminals Understanding How Profiling Works Reexamining Myths and Misconceptions About Cybercriminals Constructing a Profile of the Typical Cybercriminal Recognizing Criminal Motivations Recognizing the Limitations of Statistical Analysis Categorizing Cybercriminals Criminals Who Use the Net as a Tool of the Crime Criminals Who Use the Net Incidentially to the Crime Real-Life Noncriminals Who Commit Crimes Online Understanding Cybervictims Categorizing Victims of Cybercrime Making the Victim Part of the Crime-Fighting Team Understanding Cyberinvestigators Recognizing the Characteristics of a Good Cyberinvestigator Categorizing Cyberinvestigators by Skill Set Recruiting and Training Cyberinvestigators Facilitating Cooperation: CEOs on the Scene Summary Frequently Asked Questions Resources Chapter 4 Understanding Computer Basics Introduction Understanding Computer Hardware Looking Inside the Machine Components of a Digital Computer The Role of the Motherboard The Roles of the Processor and Memory The Role of Storage Media Why This Matters to the Investigator The Language of the Machine Wandering Through a World of Numbers Who’s on Which Base. Understanding the Binary Numbering System Converting Between Binary and Decimal Converting Between Binary and Hexadecimal Converting Text to Binary Encoding Nontext Files Why This Matters to the Investigator Understanding Computer Operating Systems Understanding the Role of the Operating System Software Differentiating Between Multitasking and Multiprocessing Types Multitasking Multiprocessing Differentiating Between Proprietary and Open Source Operating Systems An Overview of Commonly Used Operating Systems Understanding DOS Windows 1.x Through 3.x Windows 9x (95, 95b, 95c, 98, 98SE, and ME) Windows NT Windows 2000 Windows XP Linux/UNIX Other Operating Systems Understanding File Systems FAT12 FAT16 VFAT FAT32 NTFS Other File Systems Summary Frequently Asked Questions Resources Chapter 5 Understanding Networking Basics Introduction Understanding How Computers Communicate on a Network Sending Bits and Bytes Across a Network Digital and Analog Signaling Methods How Multiplexing Works Directional Factors Timing Factors Signal Interference Packets, Segments, Datagrams, and Frames Access Control Methods Network Types and Topologies Why This Matters to the Investigator Understanding Networking Models and Standards The OSI Networking Model The DoD Networking Model The Physical/Data Link Layer Standards Why This Matters to the Investigator Understanding Network Hardware The Role of the NIC The Role of the Network Media The Roles of Network Connectivity Devices Why This Matters to the Investigator Understanding Network Software Understanding Client/Server Computing Server Software Client Software Network File Systems and File Sharing Protocols A Matter of (Networking) Protocol Understanding the TCP/IP Protocols Used on the Internet The Need for Standardized Protocols A Brief History of TCP/IP The Internet Protocol and IP Addressing How Routing Works The Transport Layer Protocols The MAC Address Name Resolution TCP/IP Utilities Network Monitoring Tools Why This Matters to the Investigator Summary Frequently Asked Questions Resources Chapter 6 Understanding Network Intrusions and Attacks Introduction Understanding Network Intrusions and Attacks Intrusions vs.Attacks Recognizing Direct vs. Distributed Attacks Automated Attacks Accidental “Attacks” Preventing Intentional Internal Security Breaches Preventing Unauthorized External Intrusions Planning for Firewall Failures External Intruders with Internal Access Recognizing the “Fact of the Attack” Identifying and Categorizing Attack Types Recognizing Pre-intrusion/Attack Activities Port Scans Address Spoofing IP Spoofing ARP Spoofing DNS Spoofing Placement of Trojans Placement of Tracking Devices and Software Placement of Packet Capture and Protocol Analyzer Software Prevention and Response Understanding Password Cracking Brute Force Exploitation of Stored Passwords Interception of Passwords Password Decryption Software Social Engineering Prevention and Response General Password Protection Measures Protecting the Network Against Social Engineers Understanding Technical Exploits Protocol Exploits DoS Attacks That Exploit TCP/IP Source Routing Attacks Other Protocol Exploits Application Exploits Bug Exploits Mail Bombs Browser Exploits Web Server Exploits Buffer Overflows Operating System Exploits The WinNuke Out-of-Band Attack Windows Registry Attacks Other Windows Exploits UNIX Exploits Router Exploits Prevention and Response Attacking with Trojans,Viruses, and Worms Trojans Viruses Worms Prevention and Response Hacking for Nontechies The Script Kiddie Phenomenon The “Point and Click” Hacker Prevention and Response Summary Frequently Asked Questions Resources Chapter 7 Understanding Cybercrime Prevention Introduction Understanding Network Security Concepts Applying Security Planning Basics Defining Security The Importance of Multilayered Security The Intrusion Triangle Removing Intrusion Opportunities Talking the Talk: Security Terminology Importance of Physical Security Protecting the Servers Keeping Workstations Secure Protecting Network Devices Understanding Basic Cryptography Concepts Understanding the Purposes of Cryptographic Security Authenticating Identity Providing Confidentiality of Data Ensuring Data Integrity Basic Cryptography Concepts Scrambling Text with Codes and Ciphers What Is Encryption. Securing Data with Cryptographic Algorithms How Encryption Is Used in Information Security What Is Steganography. Modern Decryption Methods Cybercriminals’ Use of Encryption and Steganography Making the Most of Hardware and Software Security Implementing Hardware-Based Security Hardware-Based Firewalls Authentication Devices Implementing Software-Based Security Cryptographic Software Digital Certificates The Public Key Infrastructure Software-Based Firewalls Understanding Firewalls How Firewalls Use Layered Filtering Packet Filtering Circuit Filtering Application Filtering Integrated Intrusion Detection Forming an Incident Response Team Designing and Implementing Security Policies Understanding Policy-Based Security What Is a Security Policy. Why This Matters to the Investigator Evaluating Security Needs Components of an Organizational Security Plan Defining Areas of Responsibility Analyzing Risk Factors Assessing Threats and Threat Levels Analyzing Organizational and Network Vulnerabilities Analyzing Organizational Factors Considering Legal Factors Analyzing Cost Factors Assessing Security Solutions Complying with Security Standards Government Security Ratings Utilizing Model Policies Defining Policy Areas Password Policies Other Common Policy Areas Developing the Policy Document Establishing Scope and Priorities Policy Development Guidelines Policy Document Organization Educating Network Users on Security Issues Policy Enforcement Policy Dissemination Ongoing Assessment and Policy Update Summary Frequently Asked Questions Resources Chapter 8 Implementing System Security Introduction How Can Systems Be Secured. The Security Mentality Elements of System Security Implementing Broadband Security Measures Broadband Security Issues Deploying Antivirus Software Defining Strong User Passwords Setting Access Permissions Disabling File and Print Sharing Using NAT Deploying a Firewall Disabling Unneeded Services Configuring System Auditing Implementing Browser and E-Mail Security Types of Dangerous Code JavaScript ActiveX Java Making Browsers and E-Mail Clients More Secure Restricting Programming Languages Keep Security Patches Current Cookie Awareness Securing Web Browser Software Securing Microsoft Internet Explorer Securing Netscape Navigator Securing Opera Implementing Web Server Security DMZ vs. Stronghold Isolating the Web Server Web Server Lockdown Managing Access Control Handling Directory and Data Structures Scripting Vulnerabilities Logging Activity Backups Maintaining Integrity Rogue Web Servers Understanding Security and Microsoft Operating Systems General Microsoft Security Issues NetBIOS Widespread Automated Functionality IRDP Vulnerability NIC Bindings Securing Windows 9x Computers Securing a Windows NT 4.0 Network Securing a Windows 2000 Network Windows .NET:The Future of Windows Security Understanding Security and UNIX/Linux Operating Systems Understanding Security and Macintosh Operating Systems Understanding Mainframe Security Understanding Wireless Security Summary Frequently Asked Questions Resources Chapter 9 Implementing Cybercrime Detection Techniques Introduction Security Auditing and Log Files Auditing for Windows Platforms Auditing for UNIX and Linux Platforms Firewall Logs, Reports,Alarms, and Alerts Understanding E-Mail Headers Tracing a Domain Name or IP Address Commercial Intrusion Detection Systems Characterizing Intrusion Detection Systems Commercial IDS Players IP Spoofing and Other Antidetection Tactics Honeypots, Honeynets, and Other “Cyberstings” Summary Frequently Asked Questions Resources Chapter 10 Collecting and Preserving Digital Evidence Introduction Understanding the Role of Evidence in a Criminal Case Defining Evidence Admissibility of Evidence Forensic Examination Standards Collecting Digital Evidence The Role of First Responders The Role of Investigators The Role of Crime Scene Technicians Preserving Digital Evidence Preserving Volatile Data Disk Imaging A History of Disk Imaging Imaging Software Standalone Imaging Tools Role of Imaging in Computer Forensics “Snapshot” Tools and File Copying Special Considerations Environmental Factors Retaining Time and Datestamps Preserving Data on PDAs and Handheld Computers Recovering Digital Evidence Recovering “Deleted” and “Erased” Data Decrypting Encrypted Data Finding Hidden Data Where Data Hides Detecting Steganographic Data Alternate Datastreams Methods for Hiding Files The Recycle Bin Locating Forgotten Evidence Web Caches and URL Histories Temp Files Swap and Page Files Recovering Data from Backups Defeating Data Recovery Techniques Overwriting the Disk Degaussing or Demagnetizing Physically Destroying the Disk Documenting Evidence Evidence Tagging and Marking Evidence Logs Documenting Evidence Analysis Documenting the Chain of Custody Computer Forensics Resources Computer Forensics Training and Certification Computer Forensics Equipment and Software Computer Forensics Services Computer Forensics Information Understanding Legal Issues Searching and Seizing Digital Evidence U.S. Constitutional Issues Search Warrant Requirements Search Without Warrant Seizure of Digital Evidence Forfeiture Laws Privacy Laws The Effects of the U.S. Patriot Act Summary Frequently Asked Questions Resources Chapter 11 Building the Cybercrime Case Introduction Major Factors Complicating Prosecution Difficulty of Defining the Crime Bodies of Law Types of Law Levels of Law Basic Criminal Justice Theory Elements of the Offense Level and Burden of Proof Jurisdictional Issues Defining Jurisdiction Statutory Law Pertaining to Jurisdiction Case Law Pertaining to Jurisdiction International Complications Practical Considerations The Nature of the Evidence Human Factors Law Enforcement “Attitude” The High-Tech Lifestyle Natural-Born Adversaries. Overcoming Obstacles to Effective Prosecution The Investigative Process Investigative Tools Steps in an Investigation Defining Areas of Responsibility Testifying in a Cybercrime Case The Trial Process Testifying as an Evidentiary Witness Testifying as an Expert Witness Giving Direct Testimony Cross-Examination Tactics Using Notes and Visual Aids Summary Frequently Asked Questions Resources Afterword Appendix Index

Прикрепленные файлы

Оценить статью: