Investigating Computer-Related Crime (2^nd Ed.)

Since the last edition of this book was written more than a decade ago, cybercrime has evolved. Motives have not changed, but new means and opportunities have arisen with the advancement of the digital age. Investigating Computer-Related Crime: Second Edition incorporates the results of research and practice in a variety of venues, growth in the field, and new technology to offer a fresh look at the topic of digital investigation.

Following an introduction to cybercrime and its impact on society, this book examines:

• Malware and the important differences between targeted attacks and general attacks
• The framework for conducting a digital investigation, how it is conducted, and some of the key issues that arise over the course of an investigation
• How the computer forensic process fits into an investigation
• The concept of system glitches vs. cybercrime and the importance of weeding out incidents that don?t need investigating
• Investigative politics that occur during the course of an investigation, whether to involve law enforcement, and when an investigation should be stopped
• How to prepare for cybercrime before it happens
• End-to-end digital investigation
• Evidence collection, preservation, management, and effective use
• How to critique your investigation and maximize lessons learned

This edition reflects a heightened focus on cyber stalking and cybercrime scene assessment, updates the tools used by digital forensic examiners, and places increased emphases on following the cyber trail and the concept of end-to-end digital investigation. Discussion questions at the end of each chapter are designed to stimulate further debate into this fascinating field.

The Nature of Cybercrime. Cybercrime as We Enter the Twenty-First Century. The Potential Impacts of Cybercrime. Malware Attacks. Surgical Strikes and Shotgun Blasts. Investigating Cybercrime. A Framework for Conducting an Investigation of a Computer Security Incident. Look for the Hidden Flaw. Analyzing the Remnants of a Computer Security Incident. Launching the Investigation. Determining If a Crime Has Taken Place. Cover-Ups Are Common. Involving the Authorities. When an Investigation Cannot Continue. Preparing for Cybercrime. Building a Corporate Cyber "SWAT Team". Privacy and Computer Crime. Introduction to End-to-End Digital Investigation. Collecting and Analyzing Evidence of a Computer Crime. Using Evidence Effectively. Conducting Incident Postmortems. Appendix A. Appendix B. Appendix C. Index.

Peter Stephenson, PhD, is a cyber criminologist, digital investigator, and digital forensic scientist at Norwich University (Vermont). He is a writer, researcher, and lecturer on information assurance, digital investigation, and forensics on large-scale computer networks. He has lectured extensively on digital investigation and security, and has written, edited, or contributed to 16 books and several hundred articles in major national and international trade, technical, and scientific publications.

Dr. Stephenson is a Fellow of the Institute for Communications, Arbitration, and Forensics in the United Kingdom, an associate member of the American Academy of Forensic Sciences, a member of the Vidocq Society, and on the board of Vermont InfraGard. He holds the CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), and FICAF (Fellow of the Institute for Communications Arbitration and Forensics) designations, and his research is focused on cybercrime assessment and profiling compromised networks.

Keith Gilbert is a senior information security specialist on the Verizon RISK Team. He obtained both his BS and MS in information assurance from Norwich University and is an experienced digital forensic analyst. Gilbert has worked in both the public and private sectors among organizations ranging from 50 to 200,000 employees. He holds the Global Information Assurance Certification (GIAC) Certified Forensic Analyst (GCFA) and GIAC Certified Incident Handler (GCIH) certifications and is an associate of the International Information Systems Security Certification Consortium ((ISC)2).