Schweitzer Fachinformationen
Wenn es um professionelles Wissen geht, ist Schweitzer Fachinformationen wegweisend. Kunden aus Recht und Beratung sowie Unternehmen, öffentliche Verwaltungen und Bibliotheken erhalten komplette Lösungen zum Beschaffen, Verwalten und Nutzen von digitalen und gedruckten Medien.
Overview of the latest techniques and practices used in digital forensics and how to apply them to the investigative process
Practical Cyber Intelligence provides a thorough and practical introduction to the different tactics, techniques, and procedures that exist in the field of cyber investigation and cyber forensics to collect, preserve, and analyze digital evidence, enabling readers to understand the digital landscape and analyze legacy devices, current models, and models that may be created in the future. Readers will learn how to determine what evidence exists and how to find it on a device, as well as what story it tells about the activities on the device.
Over 100 images and tables are included to aid in reader comprehension, and case studies are included at the end of the book to elucidate core concepts throughout the text.
To get the most value from this book, readers should be familiar with how a computer operates (e.g., CPU, RAM, and disk), be comfortable interacting with both Windows and Linux operating systems as well as Bash and PowerShell commands and have a basic understanding of Python and how to execute Python scripts.
Practical Cyber Intelligence includes detailed information on:
Focusing on methodology that is accessible to everyone without any special tools, Practical Cyber Intelligence is an essential introduction to the topic for all professionals looking to enter or advance in the field of cyber investigation, including cyber security practitioners and analysts and law enforcement agents who handle digital evidence.
Adam Tilmar Jakobsen works for the Danish National Police Agency's special crime unit hunting down cyber criminals. Throughout his career he has worked on international cases with Europol and the FBI. Adam's journey into cybersecurity and intelligence began in the Danish Army Intelligence, where he honed his skills in SIGINT, OSINT, HUMINT, and all-source intelligence. In this role, he executed a wide range of defense, intelligence, and attack missions. Transitioning to Bluewater Shipping, Adam initially served as a Solution Architect before pivoting towards information security, where he oversaw critical security operations.
Intelligence analysis is the process of using data to comprehend a situation or problem and support decision-making. It involves collecting and analyzing data from various sources, such as human intelligence, signals intelligence, open-source information, and other types of data, to provide insights and inform decision-makers. Intelligence analysts employ a range of tools and techniques, including data mining, statistical analysis, and modeling, to discern trends, patterns, and relationships within the data. They then utilize this information to formulate hypotheses, make predictions, and offer recommendations for action. Intelligence analysis is applied across numerous fields, including national security, law enforcement, and business. You might be wondering what it has to do with digital forensics. They have a lot in common; they are both about identifying the most likely hypotheses based on the available data. The thing is we would always like to be precise in forensics, but that is not always possible as the necessary data might not be available to give a precise and scientific answer. In these cases, we have to look at the available data, understand the story it is telling, and then give an estimate of what most likely has happened. This is why the first section is about the tools used in intelligence analysis.
The intelligence life cycle1 is a framework that outlines the various stages involved in the process of collecting, analyzing, and disseminating intelligence. The typical stages of the intelligence process life cycle include:
These stages are interconnected and often overlap, with the ultimate goal of the intelligence process being to deliver timely and accurate information to decision-makers, thereby enabling them to take well-informed actions.
This stage is the foundation of the intelligence life cycle. It is about establishing a strategy for what is needed gathering the necessary data and tackling the different cases hitting your desk. This is about identifying what question the decision maker need answered to meet their objectives. Which defines what tool and data sources are needed, to formulate an answer to the question, have been given.
In the collection phase, raw data is obtained from different sources that are needed to facilitate the analysis. A good idea is to implement a collection management framework.2 The job of this tool is to help manage and create structure around the numerous data sources and the information that can be obtained from each source. This is done by maintaining a data sheet that outlines all the sources available. The expected data you can retrieve from each source, and the specific questions each source can answer; I have created an example of a collection management framework for a SOC in Table 1.1.
Table 1.1 Collection framework.
Your collection framework will definitely look different, but it should be able to give you a general idea. What makes this useful is that it clearly defines what data is available to you and what it can be used for. That way you do not have to rely on people's memories to remember what sources are available, and what they can be used for. Do not underestimate the usefulness of this tool; if you are ever in a situation where you ask yourself if you have a data source that could be used to answer X questions, then you need this tool. Another usage of this tool is to identify if you have blackspots in your data sources or if you have overlaps in capabilities.
During the processing stage, the raw data collected transforms into a format that can be easily understood by humans or interpreted by relevant computer systems. This step is crucial for preparing the data for in-depth analysis and interpretation by intelligence analysts or automated tools.
An essential aspect of this stage is evaluating the relevance and reliability of the data gathered. Analysts need to carefully examine the data to ensure its accuracy and ascertain its importance concerning the intelligence requirement. This process may entail cross-referencing data from multiple sources to authenticate its credibility and establish its relevance.
When processing threat reports from various vendors, it can be temping to create a Rosetta stone for that translation threat actors from across different vendors. The reason cyber threat intelligence organizations do not utilize the same naming convention for threat actors is because they do not have the same collection coverage and the method in which they cluster intrusion together is different depending upon their intelligence requirements, and we do not know all the details of the adversary, and this reason why unitize their own name scheme. The reason why we should not try to cluster together actor from different vendor as it will most likely be wrong.
The process of intelligence analysis3 involves breaking down a complex problem or concept into smaller, simpler parts to better understand it and draw meaningful conclusions. It is a crucial step in an investigation, where information needs to be systematically examined and evaluated to identify patterns, connections, and insights that can help shed light on the case. The objective is to transform data into actionable information.
When it comes to digital evidence, expert examiners play a critical role in data analysis, as the data can be ambiguous, taken out of context, or simply incorrect, which may lead to wrongful conclusions. A good digital forensics expert possesses the ability to understand the context around the data and use analytical judgment to make objective conclusions about the evidence. This involves employing critical thinking skills, logical reasoning, and a systematic approach to assess and evaluate information based on the available evidence.
The good thing there are a variety of tools and techniques at our disposal, including statistical analysis, network analysis, and trend analysis, among others. The choice of technique depends on the type of investigation and the data available.
Structured analytic techniques4 are a set of tools used to help analysts systematically analyze complex information. They provide a systematic and transparent approach to analysis to reduce bias, improve the quality of the analysis, and support more effective decision-making.
Structured analytic techniques typically involve the following steps:
Using structured analytic techniques offers several benefits to analysts and decision-makers. First, it helps to ensure a more systematic and rigorous approach to the analysis, which can help to improve the accuracy and reliability of the results. Second, it...
Dateiformat: ePUBKopierschutz: Adobe-DRM (Digital Rights Management)
Systemvoraussetzungen:
Das Dateiformat ePUB ist sehr gut für Romane und Sachbücher geeignet – also für „fließenden” Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein „harter” Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.Bitte beachten Sie: Wir empfehlen Ihnen unbedingt nach Installation der Lese-Software diese mit Ihrer persönlichen Adobe-ID zu autorisieren!
Weitere Informationen finden Sie in unserer E-Book Hilfe.
