Cyber Crime Investigator'S Field Guide 2nd Ed.

Description: Many excellent hardware and software products exist to protect our data communications sytems, but security threats dictate that they must be further enhanced. Many laws implemented during the past 15 years have provided law enforcement with more teeth to take a bite out of cyber crime, but there is still a need for individuals who know how to investigate computer network security incidents. Organizations demand experts with both investigative talents and a technical knowledge of how cyberspace really works. Cyber Crime Investigator's Field Guide, Second Edition provides the investigative framework that needs to be followed, along with information about how cyberspace works and the tools that reveal the who, what, when, where, why, and how in the investigation of cyber crime. This volume offers a valuable Q&A by subject area, an extensive overview of recommended reference materials, and a detailed case study. Appendices highlight attack signatures, UNIX/Linux commands, Cisco PIX commands, port numbers targeted by trojan horses, and more.

Contents: THE INITIAL CONTACT Chapter Questions CLIENT SITE ARRIVAL Chapter Questions EVIDENCE COLLECTION PROCEDURES Detailed Procedures for Obtaining a Bitstream Backup of a Hard Drive Chapter Questions EVIDENCE COLLECTION AND ANALYSIS TOOLS SafeBack GetTime FileList, FileCnvt, and ExcelA(c) GetFree Swap Files and GetSwap GetSlack Temporary Files TextSearch Plus CRCMD5 DiskSig Chapter Questions ACCESSDATA'S FORENSIC TOOL KIT Creating a Case Working on an Existing Case Chapter Questions GUIDANCE SOFTWARE'S ENCASE Chapter Questions ILOOK INVESTIGATOR Chapter Questions PASSWORD RECOVERY Chapter Questions QUESTIONS AND ANSWERS BY SUBJECT AREA Evidence Collection Legal Evidence Analysis UNIX Military Hackers BackTracing (TraceBack) Logs Encryption Government Networking E-Mail RECOMMENDED REFERENCE MATERIALS PERL and C Scripts UNIX, Windows, NetWare, and Macintosh Computer Internals Computer Networking Web Sites of Interest CASE STUDY Recommendations APPENDIX A: GLOSSARY APPENDIX B: PORT NUMBERS USED BY MALICIOUS TROJAN HORSE PROGRAMS APPENDIX C: ATTACK SIGNATURES APPENDIX D: UNIX/LINUX COMMANDS APPENDIX E: CISCO PIX FIREWALL COMMANDS PIX Command Reference APPENDIX F: DISCOVERING UNAUTHORIZED ACCESS TO YOUR COMPUTER APPENDIX G: ELECTROMAGNETIC FIELD ANALYSIS (EFA) "TICKLER" APPENDIX H: THE INTELLIGENCE COMMUNITY SINCE 9/11 APPENDIX I: ANSWERS TO CHAPTER QUESTIONS