Cyber Forensics

Скачать в pdf «Cyber Forensics»












Cyber Forensics—A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes……………………………………………………………………………………………………………..1


Disclaimer…………………………………………………………………………………………………………………………6


Introduction………………………………………………………………………………………………………………………7


Background……………………………………………………………………………………………………………..8


Dimensions of the Problem………………………………………………………………………………………..9


Computer Forensics………………………………………………………………………………………………..10


Works Cited………………………………………………………………………………………………………11


Section I: Cyber Forensics……………………………………………………………………………………………….13


Chapter List……………………………………………………………………………………………………………13


……………………………………………………………………………………………………………………….13


Chapter 1: The Goal of the Forensic Investigation…………………………………………………………….14


Overview………………………………………………………………………………………………………………..14


Why Investigate………………………………………………………………………………………………………14


Internet Exceeds Norm…………………………………………………………………………………………….14


Inappropriate E-mail……………………………………………………………………………………………….16


Non-Work-Related Usage of Company Resources…………………………………………………….17


Theft of Information………………………………………………………………………………………………….18


Violation of Security Parameters……………………………………………………………………………….18


Intellectual Property Infraction…………………………………………………………………………………..19


Electronic Tampering……………………………………………………………………………………………….20


Establishing a Basis or Justification to Investigate……………………………………………………….21


Determine the Impact of Incident……………………………………………………………………………….22


Who to Call/Contact………………………………………………………………………………………………..24


If You Are the Auditor/Investigator……………………………………………………………………………..24


Resources………………………………………………………………………………………………………………25


Authority…………………………………………………………………………………………………………………25


Obligations/Goals……………………………………………………………………………………………………25


Reporting Hierarchy…………………………………………………………………………………………………25


Escalation Procedures……………………………………………………………………………………………..25


Time Frame……………………………………………………………………………………………………………26


Procedures……………………………………………………………………………………………………………..26


Precedence…………………………………………………………………………………………………………….26


Independence…………………………………………………………………………………………………………26


Chapter 2: How to Begin a Non-Liturgical Forensic Examination………………………………………27


Overview………………………………………………………………………………………………………………..27


Isolation of Equipment……………………………………………………………………………………………..27


Cookies………………………………………………………………………………………………………………….29


Bookmarks……………………………………………………………………………………………………………..31


History Buffer………………………………………………………………………………………………………….32


Cache……………………………………………………………………………………………………………………34


Temporary Internet Files…………………………………………………………………………………………..35


Tracking of Logon Duration and Times……………………………………………………………………….35


Recent Documents List……………………………………………………………………………………………36


Tracking of Illicit Software Installation and Use……………………………………………………………37


Chapter 2: How to Begin a Non-Liturgical Forensic Examination


The System Review…………………………………………………………………………………………………38


The Manual Review…………………………………………………………………………………………………41


Hidden Files……………………………………………………………………………………………………………42


How to Correlate the Evidence………………………………………………………………………………….43


Works Cited……………………………………………………………………………………………………….44


Chapter 3: The Liturgical Forensic Examination: Tracing Activity on a Windows-Based Desktop)………………………………………………………………………………………………………………………….45

Скачать в pdf «Cyber Forensics»