Cybercrime investigators handbook / Graeme Edwards, PhD.
By: Edwards, Graeme (Financial and cybercrime investigator) [author.]
Language: English Publisher: Hoboken, New Jersey : John Wiley & Sons, Inc., [2019]Description: 1 online resourceContent type: text Media type: computer Carrier type: online resourceISBN: 9781119596301; 9781119596325Subject(s): Computer crimes -- InvestigationGenre/Form: Electronic books.DDC classification: 363.25/968 LOC classification: HV8079.C65Online resources: Full text is available at Wiley Online Library Click here to viewItem type | Current location | Home library | Call number | Status | Date due | Barcode | Item holds |
---|---|---|---|---|---|---|---|
EBOOK | COLLEGE LIBRARY | COLLEGE LIBRARY | 363.25968 Ed965 2019 (Browse shelf) | Available | CL-52960 |
Includes index.
ABOUT THE AUTHOR
Dr. Graeme Edwards (Brisbane, Australia), CFE, is an investigator with the Queensland Police Service Financial and Cyber Crime Group. He identifies cyber criminals operating within the Queensland jurisdiction and locates the digital and associated evidence to identify them. In addition, he has been part of a U.S.-Australia joint cybercrime task force. He created the Victims of Financial Crimes Support Group to support those suffering the personal, emotional, and financial costs associated with being the victim of a financial or cybercrime. This support group has been featured on A Current Affair, 60 Minutes, and ANC News. He is an experienced conference speaker and conducts cyber and financial crime investigation courses for the Queensland Police Service. He has a Doctorate of Information Technology, and a Masters of Information Technology focusing on computer security, computer networking, and cryptology
TABLE OF CONTENTS
List of Figures xi
About the Author xiii
Foreword xv
Acknowledgments xvii
Chapter 1: Introduction 1
Chapter 2: Cybercrime Offenses 9
Potential Cybercrime Offenses 11
Cybercrime Case Study 26
Notes 26
Chapter 3: Motivations of the Attacker 29
Common Motivators 30
Cybercrime Case Study I 33
Cybercrime Case Study II 34
Note 35
Chapter 4: Determining That a Cybercrime is Being Committed 37
Cyber Incident Alerts 38
Attack Methodologies 41
Cybercrime Case Study I 44
Cybercrime Case Study II 44
Notes 45
Chapter 5: Commencing a Cybercrime Investigation 47
Why Investigate a Cybercrime? 47
The Cyber Investigator 48
Management Support 48
Is There a Responsibility to Try to Get the Data Back? 50
Cybercrime Case Study 51
Notes 52
Chapter 6: Legal Considerations When Planning an Investigation 53
Role of the Law in a Digital Crimes Investigation 54
Protecting Digital Evidence 55
Preservation of the Chain of Custody 56
Protection of Evidence 59
Legal Implications of Digital Evidence Collection 60
Cybercrime Case Study 63
Note 63
Chapter 7: Initial Meeting with the Complainant 65
Initial Discussion 65
Complainant Details 68
Event Details 68
Cyber Security History 69
Scene Details 70
Identifying Offenses 71
Identifying Witnesses 71
Identifying Suspects 71
Identifying the Modus Operandi of Attack 72
Evidence: Technical 73
Evidence: Other 74
Cybercrime Case Study 74
Chapter 8: Containing and Remediating the Cyber Security Incident 77
Containing the Cyber Security Incident 77
Eradicating the Cyber Security Incident 80
Note 82
Chapter 9: Challenges in Cyber Security Incident Investigations 83
Unique Challenges 84
Cybercrime Case Study 91
Chapter 10: Investigating the Cybercrime Scene 93
The Investigation Team 96
Resources Required 101
Availability and Management of Evidence 104
Technical Items 105
Scene Investigation 123
What Could Possibly Go Wrong? 152
Cybercrime Case Study I 155
Cybercrime Case Study II 156
Notes 158
Chapter 11: Log File Identification, Preservation, Collection, and Acquisition 159
Log Challenges 160
Logs as Evidence 161
Types of Logs 162
Cybercrime Case Study 164
Notes 165
Chapter 12: Identifying, Seizing, and Preserving Evidence from Cloud-Computing Platforms 167
What is Cloud Computing? 167
What is the Relevance to the Investigator? 172
The Attraction of Cloud Computing for the Cybercriminal 173
Where is Your Digital Evidence Located? 174
Lawful Seizure of Cloud Digital Evidence 175
Preservation of Cloud Digital Evidence 177
Forensic Investigations of Cloud-Computing Servers 178
Remote Forensic Examinations 182
Cloud Barriers to a Successful Investigation 196
Suggested Tips to Assist Your Cloud-Based Investigation 203
Cloud-Computing Investigation Framework 206
Cybercrime Case Study 219
Notes 221
Chapter 13: Identifying, Seizing, and Preserving Evidence from Internet of Things Devices 225
What is the Internet of Things? 225
What is the Relevance to Your Investigation? 226
Where is Your Internet of Things Digital Evidence Located? 228
Lawful Seizure of Internet of Things Evidence 228
Notes 229
Chapter 14: Open Source Evidence 231
The Value of Open Source Evidence 231
Examples of Open Source Evidence 233
Note 236
Chapter 15: The Dark Web 237
Crime and the Dark Web 238
Notes 242
Chapter 16: Interviewing Witnesses and Suspects 243
Suspect Interviews 245
Witness Interviews 246
Preparing for an Interview 247
The Interview Process 250
Closing the Interview 254
Review of the Interview 254
Preparation of Brief for Referral to Police 255
Chapter 17: Review of Evidence 257
Chapter 18: Producing Evidence for Court 265
Digital Evidence and Its Admissibility 267
Preparing for Court 268
Chapter 19: Conclusion 273
Glossary 277
Index 283
"This book provides the reader with the knowledge and investigative methodology on how to investigate cybercrime from a field practitioner's perspective. Cybercrime is aggressively targeting governments, businesses and individuals of all levels in increasing numbers, law enforcement can provide only limited support and civilian investigators have to take responsibility for investigating their own crimes. While there are very high-quality manuals for conducting digital examinations on a device or network that has been hacked, there is no known guide for those who want to use this information to commence an investigation from the location the offence occurred with the intention of location and prosecuting the attacker. That is, from the cybercrime scene. This book provides a valuable contribution to the actual practical ground level investigation including evidence location, lawful seizure, preservation, examination, interpretation and management. These are core duties which if not completed correctly, leads to poor quality and incomplete investigations. It is believed this handbook will sit alongside the other texts stated and fill the gap in the marketplace where the front-line investigator has limited guidance on how to react at the cybercrime scene whilst the offence is occurring. In addition, this book will also help those companies that are GDPR (General Data Protection Regulation, a European Union regulation that instituted new new rules governing the use and manipulation of personal data) follow a plan if their data is compromised"-- Provided by publisher.
Description based on print version record and CIP data provided by publisher.
There are no comments for this item.