| 000 -LEADER |
|---|
| fixed length control field |
10135cam a2200649 i 4500 |
| 005 - DATE AND TIME OF LATEST TRANSACTION |
|---|
| control field |
20250803184814.0 |
| 006 - FIXED-LENGTH DATA ELEMENTS--ADDITIONAL MATERIAL CHARACTERISTICS--GENERAL INFORMATION |
|---|
| fixed length control field |
m o d |
| 007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION |
|---|
| fixed length control field |
cr ||||||||||| |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
|---|
| fixed length control field |
250803t20232023njua ob 001 0 eng |
| 010 ## - LIBRARY OF CONGRESS CONTROL NUMBER |
|---|
| LC control number |
2022043548 |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9781119582311 |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
111958213X |
| Qualifying information |
electronic publication |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9781119582250 |
| Qualifying information |
electronic book |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
1119582253 |
| Qualifying information |
electronic book |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9781119582021 |
| Qualifying information |
electronic book |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
1119582024 |
| Qualifying information |
electronic book |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9781119582137 |
| Qualifying information |
(electronic bk.) |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| Cancelled/invalid ISBN |
1119582318 |
| 035 ## - SYSTEM CONTROL NUMBER |
|---|
| System control number |
(OCoLC)1347699121 |
| Canceled/invalid control number |
(OCoLC)1348608019 |
| 035 #9 - SYSTEM CONTROL NUMBER |
|---|
| System control number |
(OCLCCM-Owned)1347699121 |
| 041 ## - LANGUAGE CODE |
|---|
| Language code of text/sound track or separate title |
eng |
| 042 ## - AUTHENTICATION CODE |
|---|
| Authentication code |
pcc |
| 049 ## - LOCAL HOLDINGS (OCLC) |
|---|
| Holding library |
MAIN |
| 050 04 - LIBRARY OF CONGRESS CALL NUMBER |
|---|
| Classification number |
HV8079.C65 |
| Item number |
C933 2023 |
| 082 00 - DEWEY DECIMAL CLASSIFICATION NUMBER |
|---|
| Edition number |
23 |
| Classification number |
363.25/968 |
| 245 00 - TITLE STATEMENT |
|---|
| Title |
Cyber investigations : |
| Remainder of title |
a research based textbook for advanced studies / |
| Statement of responsibility, etc |
edited by André Årnes. |
| 264 #1 - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT) |
|---|
| Place of publication, distribution, etc |
Hoboken, NJ : |
| Name of publisher, distributor, etc |
John Wiley & Sons, Ltd, |
| Date of publication, distribution, etc |
2023. |
| 264 #4 - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT) |
|---|
| Date of publication, distribution, etc |
©2023 |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
1 online resource : |
| Other physical details |
illustrations (chiefly color) |
| 336 ## - CONTENT TYPE |
|---|
| Content type term |
text |
| Content type code |
txt |
| Source |
rdacontent |
| 337 ## - MEDIA TYPE |
|---|
| Media type term |
computer |
| Media type code |
c |
| Source |
rdamedia |
| 338 ## - CARRIER TYPE |
|---|
| Carrier type term |
online resource |
| Carrier type code |
cr |
| Source |
rdacarrier |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE |
|---|
| Bibliography, etc |
Includes bibliographical references and index. |
| 505 0# - CONTENTS |
|---|
| Formatted contents note |
Table of Contents<br/>1 INTRODUCTION 1<br/><br/>1.1 INTRODUCTION 1<br/><br/>1.2 CYBERCRIME AND CYBERSECURITY 2<br/><br/>1.2.1 Cybercrime 2<br/><br/>1.2.2 Cybercriminals and Threat Actors 2<br/><br/>1.2.3 Cybersecurity 3<br/><br/>1.2.4 Threat Modeling – Cyber Kill Chain and MITRE ATT&CK 4<br/><br/>1.3 CYBER INVESTIGATIONS 5<br/><br/>1.3.1 Digital Forensics 5<br/><br/>1.3.2 Digital Evidence 5<br/><br/>1.3.3 Attribution 6<br/><br/>1.3.4 Cyber Threat Intelligence 6<br/><br/>1.3.5 Open-Source Intelligence (OSINT) 7<br/><br/>1.3.6 Operational Avalanche – A Real-World Example 7<br/><br/>1.4 CHALLENGES IN CYBER INVESTIGATIONS 8<br/><br/>1.5 FURTHER READING 10<br/><br/>1.6 CHAPTER OVERVIEW 10<br/><br/>1.7 COMMENTS ON CITATION AND NOTATION 11<br/><br/>1.8 EXERCISES 11<br/><br/>2 CYBER INVESTIGATION PROCESS 13<br/><br/>2.1 INTRODUCTION 13<br/><br/>2.2 INVESTIGATION AS INFORMATION WORK 14<br/><br/>2.3 DEVELOPING AN INTEGRATED FRAMEWORK FOR CYBER INVESTIGATIONS 15<br/><br/>2.4 PRINCIPLES FOR THE INTEGRATED CYBER INVESTIGATION PROCESS (ICIP) 18<br/><br/>2.4.1 Procedure and policy 18<br/><br/>2.4.2 Planning and documentation 19<br/><br/>2.4.3 Forming and testing of hypotheses 19<br/><br/>2.4.4 The dynamics of ICIP 20<br/><br/>2.4.5 Principles for handling digital evidence 21<br/><br/>2.4.6 Limitations 21<br/><br/>2.5 ICIP’S PROCEDURAL STAGES 22<br/><br/>2.5.1 Investigation initiation 22<br/><br/>2.5.2 Modeling 26<br/><br/>2.5.3 Planning and prioritization 29<br/><br/>2.5.4 Impact and risk assessment 33<br/><br/>2.5.5 Action and collection 35<br/><br/>2.5.6 Analysis and Integration 38<br/><br/>2.5.7 Documentation and presentation 43<br/><br/>2.5.8 Evaluation 50<br/><br/>2.6 COGNITIVE AND HUMAN ERROR IN CYBER INVESTIGATIONS 51<br/><br/>2.6.1 Cognitive factors 52<br/><br/>2.6.2 Cognitive biases 52<br/><br/>2.6.3 Countermeasures 54<br/><br/>2.7 SUMMARY 56<br/><br/>2.8 EXERCISES 56<br/><br/>3 CYBER INVESTIGATION LAW 58<br/><br/>3.1 CYBER INVESTIGATION IN CONTEXT 58<br/><br/>3.2 THE MISSIONS AND SOME IMPLICATIONS TO PRIVACY RIGHTS 59<br/><br/>3.2.1 The police, law enforcement agencies, and national security service 59<br/><br/>3.2.2 Reasonable ground to open a criminal (cyber) investigation 59<br/><br/>3.2.3 The legal framework(s) 60<br/><br/>3.2.4 General conditions for privacy-invasive cyber investigation methods 60<br/><br/>3.2.5 The private sector cyber investigator 62<br/><br/>3.3 THE DIFFERENT MANDATES OF THE LEA, NIS, AND THE POLICE 63<br/><br/>3.3.1 Law enforcing agencies and the police 63<br/><br/>3.3.2 The national intelligence service (NIS) 65<br/><br/>3.4 JURISDICTION AND INTERNATIONAL COOPERATION 66<br/><br/>3.4.1 The eNIS and the principle of sovereignty 66<br/><br/>3.4.2 The iNIS and the LEA – international cooperation 67<br/><br/>3.5 HUMAN RIGHTS IN THE CONTEXT OF CYBER INVESTIGATIONS 68<br/><br/>3.5.1 The right to fair trial 69<br/><br/>3.5.2 Covert cyber investigation 69<br/><br/>3.5.3 Technical investigation methods (technical hacking) 70<br/><br/>3.5.4 Methods based on social skills (social hacking) 73<br/><br/>3.5.5 Open-source intelligence / investigation 76<br/><br/>3.6 THE PRIVATE CYBER INVESTIGATOR 77<br/><br/>3.6.1 Cyber reconnaissance targeting a third party 77<br/><br/>3.6.2 Data protection and privacy rights 78<br/><br/>3.7 THE WAY AHEAD 78<br/><br/>3.8 SUMMARY 79<br/><br/>3.9 EXERCISES 79<br/><br/>4 PERSPECTIVES OF INTERNET AND CRYPTOCURRENCY INVESTIGATIONS 81<br/><br/>4.1 INTRODUCTION 81<br/><br/>4.2 CASE EXAMPLES 81<br/><br/>4.2.1 The proxy seller 81<br/><br/>4.2.2 The scammer 85<br/><br/>4.2.3 The disgruntled employee 87<br/><br/>4.3 NETWORKING ESSENTIALS 88<br/><br/>4.4 NETWORKS AND APPLICATIONS 89<br/><br/>4.4.1 Operational security 90<br/><br/>4.4.2 Open sources 90<br/><br/>4.4.3 Closed sources 90<br/><br/>4.4.4 Networks 91<br/><br/>4.4.5 Peer-to-peer 91<br/><br/>4.4.6 Applications 92<br/><br/>4.5 OPEN-SOURCE INTELLIGENCE (OSINT) 92<br/><br/>4.5.1 Methodology 92<br/><br/>4.5.2 Types of open-source data 93<br/><br/>4.5.3 Techniques for gathering open-source data 93<br/><br/>4.6 INTERNET BROWSERS 95<br/><br/>4.6.1 HTTP, HTML, JavaScript and cache 95<br/><br/>4.6.2 Uniform Resource Locators (URLs) 96<br/><br/>4.6.3 Cookies and local storage 96<br/><br/>4.6.4 Developer tools 97<br/><br/>4.6.5 Forensic tools 97<br/><br/>4.7 CRYPTOCURRENCIES 98<br/><br/>4.7.1 Addresses and transactions 98<br/><br/>4.7.2 Privacy 99<br/><br/>4.7.3 Heuristics 100<br/><br/>4.7.4 Exploring transactions 100<br/><br/>4.8 PREPARATION FOR ANALYSIS 100<br/><br/>4.8.2 Visualization and analysis 103<br/><br/>4.9 SUMMARY 106<br/><br/>4.10 EXERCISES 106<br/><br/>5 ANONYMITY AND FORENSICS 107<br/><br/>5.1 INTRODUCTION 107<br/><br/>5.1.1 Anonymity 108<br/><br/>5.1.2 Anonymous communication technologies 112<br/><br/>5.2 ANONYMITY INVESTIGATIONS 129<br/><br/>5.2.1 Digital forensics and anonymous communication 130<br/><br/>5.3 SUMMARY 132<br/><br/>5.4 EXERCISES 132<br/><br/>6 INTERNET OF THINGS INVESTIGATIONS 135<br/><br/>6.1 INTRODUCTION 135<br/><br/>6.2 WHAT IS IOT? 136<br/><br/>6.2.1 A (very) short and incomplete history 136<br/><br/>6.2.2 Application areas 138<br/><br/>6.2.3 Models and concepts 142<br/><br/>6.2.4 Protocols 146<br/><br/>6.3 IOT INVESTIGATIONS 154<br/><br/>6.3.1 Types of events leading to investigations 156<br/><br/>6.3.2 Identifying an IoT investigation 158<br/><br/>6.4 IOT FORENSICS 160<br/><br/>6.4.1 IoT and existing forensic areas 160<br/><br/>6.4.2 Models 163<br/><br/>6.4.3 New forensic challenges 168<br/><br/>6.5 SUMMARY 175<br/><br/>6.6 EXERCISES 175<br/><br/>7 MULTIMEDIA FORENSICS 177<br/><br/>7.1 METADATA 177<br/><br/>7.2 IMAGE FORENSICS 179<br/><br/>7.2.1 Image trustworthiness 180<br/><br/>7.2.2 Types of examinations 180<br/><br/>7.2.3 Photography process flow 182<br/><br/>7.2.4 Acquisition fingerprints 184<br/><br/>7.2.5 Image coding fingerprints 189<br/><br/>7.2.6 Editing fingerprints 191<br/><br/>7.2.7 Deepfake creation and detection 195<br/><br/>7.3 VIDEO FORENSICS 202<br/><br/>7.3.1 Video process flow 202<br/><br/>7.3.2 Reproduction detection 203<br/><br/>7.3.3 Source device identification 203<br/><br/>7.4 AUDIO FORENSICS 208<br/><br/>7.4.1 Audio fundamentals 208<br/><br/>7.4.2 Digital audio recording process 211<br/><br/>7.4.3 Authenticity analysis 212<br/><br/>7.4.4 Container analysis 212<br/><br/>7.4.5 Content-based analysis 212<br/><br/>7.4.6 Electric network frequency 213<br/><br/>7.4.7 Audio enhancements 214<br/><br/>7.4.8 Other audio forensic methods 215<br/><br/>7.5 SUMMARY 216<br/><br/>7.6 EXERCISES 216<br/><br/>8 EDUCATIONAL GUIDE 219<br/><br/>8.1 ACADEMIC RESOURCES 219<br/><br/>8.2 PROFESSIONAL AND TRAINING ORGANIZATIONS 220<br/><br/>8.3 NON-ACADEMIC ONLINE RESOURCES 221<br/><br/>8.4 TOOLS 222<br/><br/>8.4.1 Disk Analysis Tools 222<br/><br/>8.4.2 Memory Analysis Tools 223<br/><br/>8.4.3 Network Analysis Tools 223<br/><br/>8.4.4 Open-Source Intelligence Tools 223<br/><br/>8.4.5 Machine Learning 224<br/><br/>8.5 CORPORA AND DATA SETS 225<br/><br/>8.6 SUMMARY 226 <br/><br/>9 AUTHORS 227<br/><br/>10 WORKS CITED 231<br/><br/>11 INDEX 247 |
| 520 ## - SUMMARY, ETC. |
|---|
| Summary, etc |
"Cyber Investigations provides an introduction to the topic, an overview of the investigation process applied to cyber investigations, a review of legal aspects of cyber investigations, a deep-dive into tracing and open source intelligence, a review of media forensics, a research-based chapter on anonymization, and an industry perspective on advanced persistent threat. The content will be structured in a consistent manner, with an emphasize on accessibility for students of computer science, information security, law enforcement and military disciplines. Real-life examples and student exercises will be provided throughout. The material has been classroom tested"-- |
| Assigning source |
Provided by publisher. |
| 545 0# - BIOGRAPHICAL OR HISTORICAL DATA |
|---|
| Biographical or historical note |
About the Author<br/>André Årnes is an experienced cyber security leader with extensive experience from industry, law enforcement, and academia. He joined White Label Consultancy, a lean and fast-growing international cyber security and data protection consultancy, as a Co-owner & Partner for Cyber Security in January 2022. He served as the Global Chief Security Officer of Telenor Group from 2015 to 2021, leading Telenor’s global cyber security transformation. He also has extensive experience with cyber investigations and digital forensics from the Norwegian Criminal Investigation Service (Kripos). He is a part-time Professor at the Norwegian University of Science and Technology (NTNU) and the Editor of the successful text, Digital Forensics, published by Wiley in 2017. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Computer crimes |
| General subdivision |
Investigation. |
| Authority record control number |
http://id.loc.gov/authorities/subjects/sh85029493 |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Digital forensic science. |
| Authority record control number |
http://id.loc.gov/authorities/subjects/sh2018000110 |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Computer security. |
| Authority record control number |
http://id.loc.gov/authorities/subjects/sh90001862 |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Electronic discovery (Law) |
| Authority record control number |
http://id.loc.gov/authorities/subjects/sh2005004626 |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Forensic sciences. |
| Authority record control number |
http://id.loc.gov/authorities/subjects/sh90001487 |
| 650 #6 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Criminalité informatique |
| General subdivision |
Enquêtes. |
| 650 #6 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Sécurité informatique. |
| 650 #6 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Communication électronique des pièces. |
| 650 #6 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Criminalistique. |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
forensic science. |
| Source of heading or term |
aat |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Computer crimes |
| General subdivision |
Investigation |
| Source of heading or term |
fast |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Computer security |
| Source of heading or term |
fast |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Digital forensic science |
| Source of heading or term |
fast |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Electronic discovery (Law) |
| Source of heading or term |
fast |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Forensic sciences |
| Source of heading or term |
fast |
| 655 #4 - INDEX TERM--GENRE/FORM |
|---|
| Genre/form data or focus term |
Electronic books. |
| 700 1# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Årnes, André, |
| Dates associated with a name |
1976- |
| Relator term |
editor. |
| 856 ## - ELECTRONIC LOCATION AND ACCESS |
|---|
| Uniform Resource Identifier |
https://onlinelibrary.wiley.com/doi/book/10.1002/9781119582021 |
| Link text |
Full text is available at Wiley Online Library Click here to view |
| 942 ## - ADDED ENTRY ELEMENTS |
|---|
| Source of classification or shelving scheme |
|
| Item type |
EBOOK |