Cyber Crime Investigator's Field Guide (2^nd Ed.)

Many excellent hardware and software products exist to protect our data communications sytems, but security threats dictate that they must be further enhanced. Many laws implemented during the past 15 years have provided law enforcement with more teeth to take a bite out of cyber crime, but there is still a need for individuals who know how to investigate computer network security incidents. Organizations demand experts with both investigative talents and a technical knowledge of how cyberspace really works. Cyber Crime Investigator's Field Guide, Second Edition provides the investigative framework that needs to be followed, along with information about how cyberspace works and the tools that reveal the who, what, when, where, why, and how in the investigation of cyber crime.

This volume offers a valuable Q&A by subject area, an extensive overview of recommended reference materials, and a detailed case study. Appendices highlight attack signatures, UNIX/Linux commands, Cisco PIX commands, port numbers targeted by trojan horses, and more.

THE INITIAL CONTACT
Chapter Questions

CLIENT SITE ARRIVAL
Chapter Questions

EVIDENCE COLLECTION PROCEDURES
Detailed Procedures for Obtaining a Bitstream Backup of a Hard Drive
Chapter Questions

EVIDENCE COLLECTION AND ANALYSIS TOOLS
SafeBack
GetTime
FileList, FileCnvt, and Excel©
GetFree
Swap Files and GetSwap
GetSlack
Temporary Files
TextSearch Plus
CRCMD5
DiskSig
Chapter Questions

ACCESSDATA'S FORENSIC TOOL KIT
Creating a Case
Working on an Existing Case
Chapter Questions

GUIDANCE SOFTWARE'S ENCASE
Chapter Questions

ILOOK INVESTIGATOR
Chapter Questions

PASSWORD RECOVERY
Chapter Questions

QUESTIONS AND ANSWERS BY SUBJECT AREA
Evidence Collection
Legal
Evidence Analysis
UNIX
Military
Hackers
BackTracing (TraceBack)
Logs
Encryption
Government
Networking
E-Mail

RECOMMENDED REFERENCE MATERIALS
PERL and C Scripts
UNIX, Windows, NetWare, and Macintosh
Computer Internals
Computer Networking
Web Sites of Interest

CASE STUDY
Recommendations

APPENDIX A: GLOSSARY

APPENDIX B: PORT NUMBERS USED BY MALICIOUS
TROJAN HORSE PROGRAMS

APPENDIX C: ATTACK SIGNATURES

APPENDIX D: UNIX/LINUX COMMANDS

APPENDIX E: CISCO PIX FIREWALL COMMANDS
PIX Command Reference

APPENDIX F: DISCOVERING UNAUTHORIZED ACCESS
TO YOUR COMPUTER

APPENDIX G: ELECTROMAGNETIC FIELD ANALYSIS
(EFA) "TICKLER"

APPENDIX H: THE INTELLIGENCE COMMUNITY SINCE
9/11

APPENDIX I: ANSWERS TO CHAPTER QUESTIONS

Information security professionals in business, government, and the military; developers of cyber-forensic hardware and software; police and private investigators; internal and external auditors; fraud examiners, bankers, insurance investigators