Cybercrime Investigators Handbook
1st Edition
Published on 18. September 2019
Book
Hardback
320 pages
978-1-119-59628-8 (ISBN)
Description
The investigator's practical guide for cybercrime evidence identification and collection
Cyber attacks perpetrated against businesses, governments, organizations, and individuals have been occurring for decades. Many attacks are discovered only after the data has been exploited or sold on the criminal markets. Cyber attacks damage both the finances and reputations of businesses and cause damage to the ultimate victims of the crime. From the perspective of the criminal, the current state of inconsistent security policies and lax investigative procedures is a profitable and low-risk opportunity for cyber attacks. They can cause immense harm to individuals or businesses online and make large sums of money--safe in the knowledge that the victim will rarely report the matter to the police. For those tasked with probing such crimes in the field, information on investigative methodology is scarce. The Cybercrime Investigators Handbook is an innovative guide that approaches cybercrime investigation from the field-practitioner's perspective.
While there are high-quality manuals for conducting digital examinations on a device or network that has been hacked, the Cybercrime Investigators Handbook is the first guide on how to commence an investigation from the location the offence occurred--the scene of the cybercrime--and collect the evidence necessary to locate and prosecute the offender. This valuable contribution to the field teaches readers to locate, lawfully seize, preserve, examine, interpret, and manage the technical evidence that is vital for effective cybercrime investigation.
* Fills the need for a field manual for front-line cybercrime investigators
* Provides practical guidance with clear, easy-to-understand language
* Approaches cybercrime form the perspective of the field practitioner
* Helps companies comply with new GDPR guidelines
* Offers expert advice from a law enforcement professional who specializes in cybercrime investigation and IT security
Cybercrime Investigators Handbook is much-needed resource for law enforcement and cybercrime investigators, CFOs, IT auditors, fraud investigators, and other practitioners in related areas.
More details
Other editions
Additional editions
Graeme Edwards
Cybercrime Investigators Handbook
E-Book
09/2019
1st Edition
Wiley
€52.99
Available for download
Graeme Edwards
Cybercrime Investigators Handbook
E-Book
09/2019
1st Edition
Wiley
€52.99
Available for download
Person
DR. GRAEME EDWARDS, CFE, has been a cybercrime investigator with the Queensland Police Service Financial and Cyber Crime Group and has worked on numerous successful criminal investigations involving local and international jurisdictions. He facilitated the creation of the Victims of Financial Crimes Support Group to support those suffering losses associated with financial or cybercrime. Graeme is an experienced conference speaker and cybercrime investigation educator, provider of training in a corporate environment and conducts post investigation analysis. He has a Doctorate of Information Technology focusing on computer security, computer networking, and cloud computing investigation strategies.
Content
List of Figures
About the Author
Acknowledgments
Foreword
Chapter 1: Introduction
Chapter 2: Cybercrime offences
2.1 Potential cybercrime offences
2.2 Cybercrime case study
2.3 References
Chapter 3: Motivations of the attacker
3.1 Common motivators
3.2 Cybercrime case study
3.3 Cybercrime case study
3.4 References
Chapter 4: Identifying a cybercrime is being committed
4.1 Cyber incident alerts
4.2 Attack methodologies
4.3 Cybercrime case study
4.4 Cybercrime case study
4.5 References
Chapter 5: Commencing a cybercrime investigation
5.1 Why investigate a cybercrime?
5.2 The cyber investigator
5.3 Management support
5.4 Is there a responsibility to try and get the data back?
5.5 Cybercrime case study
5.6 References
Chapter 6: Legal considerations for planning an investigation
6.1 Role of the law in a digital crimes investigation
6.2 Protecting digital evidence
6.3 Preservation of the Chain of Custody
6.4 Protection of evidence
6.5 Legal implications of digital evidence collection
6.6 Cybercrime case study
6.7 References
Chapter 7: Initial meeting with the complainant
7.1 Initial discussion
7.2 Complainant details
7.3 Event details
7.4 Cyber security history
7.5 Scene details
7.6 Identifying offences
7.7 Identifying witnesses
7.8 Identifying suspects
7.9 Identifying Modus Operandi of attack
7.10 Evidence: Technical
7.11 Evidence: Other
7.12 Cybercrime case study
Chapter 8: Containing and remediating the Cyber Security Incident
8.1 Containing the cyber security incident
8.2 Remediating the cyber security incident
Chapter 9: Challenges in cyber security incident investigations
9.1 Unique challenges
9.2 Cybercrime case study
Chapter 10: Investigating the cybercrime scene
10.1 The investigation team
10.2 Resources required
10.3 Evidence available and management
10.3.1 Technical
10.3.2 Non-technical and physical items
10.3.3 Evidence capture and handling
10.3.4 Identification of Evidence
10.3.5 Collection of Digital Evidence
10.3.6 Acquisition of Digital Evidence
10.3.7 Preservation of Evidence
10.4 Scene Investigation
10.4.1 Prior to leaving for the scene
10.4.2 Scene action by investigators
10.4.3 Identifying the network architecture
10.4.4 Dealing with fixed and networked devices
10.4.5 Return to your location
10.5 What could possibly go wrong?
10.6 Cybercrime case study
10.7 Cybercrime case study
10.8 References
Chapter 11: Log files Identification, preservation, collection and acquisition
11.1 Log challenges
11.2 Logs as evidence
11.3 Types of logs
11.4 Cybercrime case study
11.5 References
Chapter 12: Identification, seizure and preservation of evidence from cloud computing platforms
12.1 What is cloud computing?
12.2 What is the relevance to the investigator?
12.3 Attraction of cloud computing to the cybercriminal
12.4 Where is your digital evidence located?
12.5 Lawful seizure of cloud digital evidence
12.6 Preservation of cloud digital evidence
12.7 Forensic investigations in cloud computing servers
12.7.1 Identification of Evidence
12.7.2 Collection of Evidence
12.7.3 Acquisition of Evidence
12.7.4 Preservation of Evidence
12.8 Remote forensics examinations
12.8.1 Identification of Evidence
12.8.2 Collection of Evidence
12.8.3 Acquisition of Evidence
12.8.4 Preservation of Evidence
12.8.5 Presentation of Evidence
12.9 Cloud barriers to a successful investigation
12.10 Suggested tips to assist your cloud-based investigation
12.11 Cloud-computing investigation framework
12.11.1 Proposed investigative framework
12.12. Cybercrime case study
12.13 References
Chapter 13: Identifying, seizure and preservation of evidence from Internet of Things devices
13.1 What is the Internet of Things?
13.2 What is the relevance to your investigation?
13.3 Where is your IoT digital evidence located?
13.4 Lawful seizure of IoT evidence
13.5 References
Chapter 14: Open source evidence
14.1 The value of open source evidence
14.2 Examples of open source evidence
14.3 References
Chapter 15: The Dark Web
15.1 Crime and the dark web
15.2 References
Chapter 16: Interviewing witnesses and suspects
16.1 Suspect interviews
16.2 Witness interview
16.3 Preparing for an interview
16.4 The interview process
16.4 Closing the interview
16.5 Review of interview
16.6 Preparation of brief for referral to police
Chapter 17: Review of evidence
Chapter 18: Producing evidence for court
18.1 Digital evidence and its admissibility
18.2 Preparing for court
18.3 References
Chapter 19: Conclusion
Glossary
Index