Normal view MARC view ISBD view

Cybercrime investigators handbook / Graeme Edwards, PhD.

By: Edwards, Graeme (Financial and cybercrime investigator) [author.]

Language: English Publisher: Hoboken, New Jersey : John Wiley & Sons, Inc., [2019]Description: 1 online resourceContent type: text Media type: computer Carrier type: online resourceISBN: 9781119596301; 9781119596325Subject(s): Computer crimes -- InvestigationGenre/Form: Electronic books.DDC classification: 363.25/968 LOC classification: HV8079.C65Online resources: Full text is available at Wiley Online Library Click here to view

Contents:

TABLE OF CONTENTS List of Figures xi About the Author xiii Foreword xv Acknowledgments xvii Chapter 1: Introduction 1 Chapter 2: Cybercrime Offenses 9 Potential Cybercrime Offenses 11 Cybercrime Case Study 26 Notes 26 Chapter 3: Motivations of the Attacker 29 Common Motivators 30 Cybercrime Case Study I 33 Cybercrime Case Study II 34 Note 35 Chapter 4: Determining That a Cybercrime is Being Committed 37 Cyber Incident Alerts 38 Attack Methodologies 41 Cybercrime Case Study I 44 Cybercrime Case Study II 44 Notes 45 Chapter 5: Commencing a Cybercrime Investigation 47 Why Investigate a Cybercrime? 47 The Cyber Investigator 48 Management Support 48 Is There a Responsibility to Try to Get the Data Back? 50 Cybercrime Case Study 51 Notes 52 Chapter 6: Legal Considerations When Planning an Investigation 53 Role of the Law in a Digital Crimes Investigation 54 Protecting Digital Evidence 55 Preservation of the Chain of Custody 56 Protection of Evidence 59 Legal Implications of Digital Evidence Collection 60 Cybercrime Case Study 63 Note 63 Chapter 7: Initial Meeting with the Complainant 65 Initial Discussion 65 Complainant Details 68 Event Details 68 Cyber Security History 69 Scene Details 70 Identifying Offenses 71 Identifying Witnesses 71 Identifying Suspects 71 Identifying the Modus Operandi of Attack 72 Evidence: Technical 73 Evidence: Other 74 Cybercrime Case Study 74 Chapter 8: Containing and Remediating the Cyber Security Incident 77 Containing the Cyber Security Incident 77 Eradicating the Cyber Security Incident 80 Note 82 Chapter 9: Challenges in Cyber Security Incident Investigations 83 Unique Challenges 84 Cybercrime Case Study 91 Chapter 10: Investigating the Cybercrime Scene 93 The Investigation Team 96 Resources Required 101 Availability and Management of Evidence 104 Technical Items 105 Scene Investigation 123 What Could Possibly Go Wrong? 152 Cybercrime Case Study I 155 Cybercrime Case Study II 156 Notes 158 Chapter 11: Log File Identification, Preservation, Collection, and Acquisition 159 Log Challenges 160 Logs as Evidence 161 Types of Logs 162 Cybercrime Case Study 164 Notes 165 Chapter 12: Identifying, Seizing, and Preserving Evidence from Cloud-Computing Platforms 167 What is Cloud Computing? 167 What is the Relevance to the Investigator? 172 The Attraction of Cloud Computing for the Cybercriminal 173 Where is Your Digital Evidence Located? 174 Lawful Seizure of Cloud Digital Evidence 175 Preservation of Cloud Digital Evidence 177 Forensic Investigations of Cloud-Computing Servers 178 Remote Forensic Examinations 182 Cloud Barriers to a Successful Investigation 196 Suggested Tips to Assist Your Cloud-Based Investigation 203 Cloud-Computing Investigation Framework 206 Cybercrime Case Study 219 Notes 221 Chapter 13: Identifying, Seizing, and Preserving Evidence from Internet of Things Devices 225 What is the Internet of Things? 225 What is the Relevance to Your Investigation? 226 Where is Your Internet of Things Digital Evidence Located? 228 Lawful Seizure of Internet of Things Evidence 228 Notes 229 Chapter 14: Open Source Evidence 231 The Value of Open Source Evidence 231 Examples of Open Source Evidence 233 Note 236 Chapter 15: The Dark Web 237 Crime and the Dark Web 238 Notes 242 Chapter 16: Interviewing Witnesses and Suspects 243 Suspect Interviews 245 Witness Interviews 246 Preparing for an Interview 247 The Interview Process 250 Closing the Interview 254 Review of the Interview 254 Preparation of Brief for Referral to Police 255 Chapter 17: Review of Evidence 257 Chapter 18: Producing Evidence for Court 265 Digital Evidence and Its Admissibility 267 Preparing for Court 268 Chapter 19: Conclusion 273 Glossary 277 Index 283

Summary: "This book provides the reader with the knowledge and investigative methodology on how to investigate cybercrime from a field practitioner's perspective. Cybercrime is aggressively targeting governments, businesses and individuals of all levels in increasing numbers, law enforcement can provide only limited support and civilian investigators have to take responsibility for investigating their own crimes. While there are very high-quality manuals for conducting digital examinations on a device or network that has been hacked, there is no known guide for those who want to use this information to commence an investigation from the location the offence occurred with the intention of location and prosecuting the attacker. That is, from the cybercrime scene. This book provides a valuable contribution to the actual practical ground level investigation including evidence location, lawful seizure, preservation, examination, interpretation and management. These are core duties which if not completed correctly, leads to poor quality and incomplete investigations. It is believed this handbook will sit alongside the other texts stated and fill the gap in the marketplace where the front-line investigator has limited guidance on how to react at the cybercrime scene whilst the offence is occurring. In addition, this book will also help those companies that are GDPR (General Data Protection Regulation, a European Union regulation that instituted new new rules governing the use and manipulation of personal data) follow a plan if their data is compromised"-- Provided by publisher.

Tags from this library: No tags from this library for this title. Log in to add tags.

Average rating: 0.0 (0 votes)

Holdings ( 1 )
Title notes
Comments ( 0 )

Item type	Current location	Home library	Call number	Status	Date due	Barcode	Item holds
EBOOK	COLLEGE LIBRARY	COLLEGE LIBRARY	363.25968 Ed965 2019 (Browse shelf)	Available		CL-52960

Total holds: 0

Includes index.

ABOUT THE AUTHOR
Dr. Graeme Edwards (Brisbane, Australia), CFE, is an investigator with the Queensland Police Service Financial and Cyber Crime Group. He identifies cyber criminals operating within the Queensland jurisdiction and locates the digital and associated evidence to identify them. In addition, he has been part of a U.S.-Australia joint cybercrime task force. He created the Victims of Financial Crimes Support Group to support those suffering the personal, emotional, and financial costs associated with being the victim of a financial or cybercrime. This support group has been featured on A Current Affair, 60 Minutes, and ANC News. He is an experienced conference speaker and conducts cyber and financial crime investigation courses for the Queensland Police Service. He has a Doctorate of Information Technology, and a Masters of Information Technology focusing on computer security, computer networking, and cryptology

TABLE OF CONTENTS
List of Figures xi

About the Author xiii

Foreword xv

Acknowledgments xvii

Chapter 1: Introduction 1

Chapter 2: Cybercrime Offenses 9

Potential Cybercrime Offenses 11

Cybercrime Case Study 26

Notes 26

Chapter 3: Motivations of the Attacker 29

Common Motivators 30

Cybercrime Case Study I 33

Cybercrime Case Study II 34

Note 35

Chapter 4: Determining That a Cybercrime is Being Committed 37

Cyber Incident Alerts 38

Attack Methodologies 41

Cybercrime Case Study I 44

Cybercrime Case Study II 44

Notes 45

Chapter 5: Commencing a Cybercrime Investigation 47

Why Investigate a Cybercrime? 47

The Cyber Investigator 48

Management Support 48

Is There a Responsibility to Try to Get the Data Back? 50

Cybercrime Case Study 51

Notes 52

Chapter 6: Legal Considerations When Planning an Investigation 53

Role of the Law in a Digital Crimes Investigation 54

Protecting Digital Evidence 55

Preservation of the Chain of Custody 56

Protection of Evidence 59

Legal Implications of Digital Evidence Collection 60

Cybercrime Case Study 63

Note 63

Chapter 7: Initial Meeting with the Complainant 65

Initial Discussion 65

Complainant Details 68

Event Details 68

Cyber Security History 69

Scene Details 70

Identifying Offenses 71

Identifying Witnesses 71

Identifying Suspects 71

Identifying the Modus Operandi of Attack 72

Evidence: Technical 73

Evidence: Other 74

Cybercrime Case Study 74

Chapter 8: Containing and Remediating the Cyber Security Incident 77

Containing the Cyber Security Incident 77

Eradicating the Cyber Security Incident 80

Note 82

Chapter 9: Challenges in Cyber Security Incident Investigations 83

Unique Challenges 84

Cybercrime Case Study 91

Chapter 10: Investigating the Cybercrime Scene 93

The Investigation Team 96

Resources Required 101

Availability and Management of Evidence 104

Technical Items 105

Scene Investigation 123

What Could Possibly Go Wrong? 152

Cybercrime Case Study I 155

Cybercrime Case Study II 156

Notes 158

Chapter 11: Log File Identification, Preservation, Collection, and Acquisition 159

Log Challenges 160

Logs as Evidence 161

Types of Logs 162

Cybercrime Case Study 164

Notes 165

Chapter 12: Identifying, Seizing, and Preserving Evidence from Cloud-Computing Platforms 167

What is Cloud Computing? 167

What is the Relevance to the Investigator? 172

The Attraction of Cloud Computing for the Cybercriminal 173

Where is Your Digital Evidence Located? 174

Lawful Seizure of Cloud Digital Evidence 175

Preservation of Cloud Digital Evidence 177

Forensic Investigations of Cloud-Computing Servers 178

Remote Forensic Examinations 182

Cloud Barriers to a Successful Investigation 196

Suggested Tips to Assist Your Cloud-Based Investigation 203

Cloud-Computing Investigation Framework 206

Cybercrime Case Study 219

Notes 221

Chapter 13: Identifying, Seizing, and Preserving Evidence from Internet of Things Devices 225

What is the Internet of Things? 225

What is the Relevance to Your Investigation? 226

Where is Your Internet of Things Digital Evidence Located? 228

Lawful Seizure of Internet of Things Evidence 228

Notes 229

Chapter 14: Open Source Evidence 231

The Value of Open Source Evidence 231

Examples of Open Source Evidence 233

Note 236

Chapter 15: The Dark Web 237

Crime and the Dark Web 238

Notes 242

Chapter 16: Interviewing Witnesses and Suspects 243

Suspect Interviews 245

Witness Interviews 246

Preparing for an Interview 247

The Interview Process 250

Closing the Interview 254

Review of the Interview 254

Preparation of Brief for Referral to Police 255

Chapter 17: Review of Evidence 257

Chapter 18: Producing Evidence for Court 265

Digital Evidence and Its Admissibility 267

Preparing for Court 268

Chapter 19: Conclusion 273

Glossary 277

Index 283

"This book provides the reader with the knowledge and investigative methodology on how to investigate cybercrime from a field practitioner's perspective. Cybercrime is aggressively targeting governments, businesses and individuals of all levels in increasing numbers, law enforcement can provide only limited support and civilian investigators have to take responsibility for investigating their own crimes. While there are very high-quality manuals for conducting digital examinations on a device or network that has been hacked, there is no known guide for those who want to use this information to commence an investigation from the location the offence occurred with the intention of location and prosecuting the attacker. That is, from the cybercrime scene. This book provides a valuable contribution to the actual practical ground level investigation including evidence location, lawful seizure, preservation, examination, interpretation and management. These are core duties which if not completed correctly, leads to poor quality and incomplete investigations. It is believed this handbook will sit alongside the other texts stated and fill the gap in the marketplace where the front-line investigator has limited guidance on how to react at the cybercrime scene whilst the offence is occurring. In addition, this book will also help those companies that are GDPR (General Data Protection Regulation, a European Union regulation that instituted new new rules governing the use and manipulation of personal data) follow a plan if their data is compromised"-- Provided by publisher.

Description based on print version record and CIP data provided by publisher.

There are no comments for this item.

to post a comment.