Cybercrime Investigators Handbook.

Cover -- Title Page -- Copyright -- Contents -- List of Figures -- About the Author -- Foreword -- Acknowledgments -- Chapter 1 Introduction -- Chapter 2 Cybercrime Offenses -- Potential Cybercrime Offenses -- Industrial Espionage -- Theft of Information Such as Identities, Staff Files, and Accounts -- Computer Hacking to Gain Access to System Resources -- Gaining or Exceeding Authorized Access Levels to Obtain Highly Restricted Data -- Exploiting Information Security Weaknesses through the Supply Chain, Including Third‐Party Contractors -- Stealing Credit Card Data for Selling Online, or Card‐Not‐Present Fraud -- Gaining Access to a System or Device through Malicious Software -- Damaging the Reputation of a Competitor to Gain a Market Advantage -- Changes to Computer Systems or Devices -- Vandalism to Prove the Skills of the Attacker -- Drive‐by Downloads of Malicious Software -- Interfering with Access to a Network -- Ransomware -- Phishing Attacks and Money Laundering -- Business Email Compromise Fraud -- Social Engineering Fraud -- Cybercrime Case Study -- Notes -- Chapter 3 Motivations of the Attacker -- Common Motivators -- Revenge -- Opportunity -- Greed -- Test of Skill -- Business Competitor -- Professional Criminal -- Issue‐Motivated Attacker -- Geopolitics -- Terrorism -- Cybercrime Case Study I -- Cybercrime Case Study II -- Note -- Chapter 4 Determining That a Cybercrime Is Being Committed -- Cyber Incident Alerts -- Attack Methodologies -- Cybercrime Case Study I -- Cybercrime Case Study II -- Notes -- Chapter 5 Commencing a Cybercrime Investigation -- Why Investigate a Cybercrime? -- The Cyber Investigator -- Management Support -- Is There a Responsibility to Try to Get the Data Back? -- Cybercrime Case Study -- Notes -- Chapter 6 Legal Considerations When Planning an Investigation.

Role of the Law in a Digital Crimes Investigation -- Protecting Digital Evidence -- Preservation of the Chain of Custody -- Protection of Evidence -- Legal Implications of Digital Evidence Collection -- Cybercrime Case Study -- Note -- Chapter 7 Initial Meeting with the Complainant -- Initial Discussion -- Complainant Details -- Event Details -- Cyber Security History -- Scene Details -- Identifying Offenses -- Identifying Witnesses -- Identifying Suspects -- Identifying the Modus Operandi of Attack -- Evidence: Technical -- Evidence: Other -- Cybercrime Case Study -- Chapter 8 Containing and Remediating the Cyber Security Incident -- Containing the Cyber Security Incident -- Eradicating the Cyber Security Incident -- Note -- Chapter 9 Challenges in Cyber Security Incident Investigations -- Unique Challenges -- Defining Investigation Boundaries and Management Objectives -- Identifying Potential Offenses (Criminal and/or Civil) -- Identifying Compromised Data and/or Resources -- Identifying Suspects and Motivations -- Identifying Exploited Vulnerabilities -- Securing Evidence -- Understanding the Legal Jurisdiction Where the Incident Occurred and the Evidence Exists -- Locating Digital Evidence in a Timely Manner -- Maintaining the Chain of Evidence across Multiple Jurisdictions -- Understanding the Complexity of the Evidence -- Synchronizing the Time on Event Logs across the System Architecture -- Understanding the Cost of Multijurisdictional Investigations -- Assessing Impact Costs -- Cybercrime Case Study -- Chapter 10 Investigating the Cybercrime Scene -- The Investigation Team -- How Many People Do You Need? -- Determine the Skills Required -- Resources Required -- Availability and Management of Evidence -- Technical Items -- Nontechnical and Physical Items -- Evidence Capture and Handling -- Identification of Evidence.

Collection of Digital Evidence -- Acquisition of Digital Evidence -- Preservation of Evidence -- Scene Investigation -- Prior to Leaving for the Scene -- Scene Action by Investigators -- Identifying the Network Architecture -- Dealing with Fixed and Networked Devices -- Returning to Your Location -- What Could Possibly Go Wrong? -- Assault of Investigators -- Honest Mistakes Being Made -- Exhibits Left at the Scene -- Changing Terms of Reference by the Complainant -- Poor Record Keeping -- Loss of the Chain of Evidence -- Not Obtaining Statements When You Had the Chance -- Being Underresourced -- Careless Comments by the Investigation Team Being Overheard -- Cybercrime Case Study I -- Cybercrime Case Study II -- Notes -- Chapter 11 Log File Identification, Preservation, Collection, and Acquisition -- Log Challenges -- Logs as Evidence -- Types of Logs -- Cybercrime Case Study -- Notes -- Chapter 12 Identifying, Seizing, and Preserving Evidence from Cloud‐Computing Platforms -- What is Cloud Computing? -- What Is the Relevance to the Investigator? -- The Attraction of Cloud Computing for the Cybercriminal -- Where Is Your Digital Evidence Located? -- Lawful Seizure of Cloud Digital Evidence -- Preservation of Cloud Digital Evidence -- Forensic Investigations of Cloud‐Computing Servers -- Identification of Evidence -- Collection of Evidence -- Acquisition of Evidence -- Preservation of Evidence -- Remote Forensic Examinations -- Identification of Evidence -- Collection of Evidence -- Acquisition of Evidence -- Preservation of Evidence -- Presentation of Evidence -- Cloud Barriers to a Successful Investigation -- Suggested Tips to Assist Your Cloud‐Based Investigation -- Cloud‐Computing Investigation Framework -- Proposed Investigative Framework -- Cybercrime Case Study -- Notes.

Chapter 13 Identifying, Seizing, and Preserving Evidence from Internet of Things Devices -- What Is the Internet of Things? -- What Is the Relevance to Your Investigation? -- Where Is Your Internet of Things Digital Evidence Located? -- Lawful Seizure of Internet of Things Evidence -- Notes -- Chapter 14 Open Source Evidence -- The Value of Open Source Evidence -- Examples of Open Source Evidence -- Note -- Chapter 15 The Dark Web -- Crime and the Dark Web -- Notes -- Chapter 16 Interviewing Witnesses and Suspects -- Suspect Interviews -- Witness Interviews -- Preparing for an Interview -- The Interview Process -- Introduction to the Witness Interview -- Body of Interview -- Closing the Interview -- Review of the Interview -- Preparation of Brief for Referral to Police -- Chapter 17 Review of Evidence -- Chapter 18 Producing Evidence for Court -- Digital Evidence and Its Admissibility -- Preparing for Court -- Chapter 19 Conclusion -- Glossary -- Index -- EULA.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.