Scene of the Cybercrime

Cover
Contents
Foreword
Chapter 1 Facing the Cybercrime Problem Head On
	Introduction
		Quantifying the Crisis
	Defining Cybercrime
		Moving from the General to the Specific
		Understanding the Importance of Jurisdictional Issues
		Differentiating Crimes That Use the Net from Crimes That Depend on the Net
		Collecting Statistical Data on Cybercrime
			Understanding the Crime Reporting System
			Categorizing Crimes for the National Reporting System
		Toward a Working Definition of Cybercrime
			U.S. Federal and State Statutes
			International Law:The United Nations Definition of Cybercrime
	Categorizing Cybercrime
		Developing Categories of Cybercrimes
			Violent or Potentially Violent Cybercrime Categories
			Nonviolent Cybercrime Categories
		Prioritizing Cybercrime Enforcement
	Fighting Cybercrime
		Determining Who Will Fight Cybercrime
		Educating Cybercrime Fighters
			Educating Legislators and Criminal Justice Professionals
			Educating Information Technology Professionals
			Educating and Engaging the Community
		Getting Creative in the Fight Against Cybercrime
			Using Peer Pressure to Fight Cybercrime
			Using Technology to Fight Cybercrime
			Finding New Ways to Protect Against Cybercrime
	Summary
	Frequently Asked Questions
	Resources
Chapter 2 Reviewing the History of Cybercrime
	Introduction
	Exploring Criminality in the Days of Standalone Computers
		Sharing More Than Time
		The Evolution of a Word
	Understanding Early Phreakers, Hackers, and Crackers
		Hacking Ma Bell’s Phone Network
			Phamous Phreakers
			Phreaking on the Other Side of the Atlantic
			A Box for Every Color Scheme
			From Phreaker to Hacker
		Living on the LAN: Early Computer Network Hackers
		How BBSs Fostered Criminal Behavior
	How Online Services Made Cybercrime Easy
	Introducing the ARPANet:: the Wild West of Networking
		Sputnik Inspires ARPA
		ARPA Turns Its Talents to Computer Technology
		Network Applications Come into Their Own
		The Internetwork Continues to Expand
			The ARPANet of the 1980s
			The Internet of the 1990s
			The Worm Turns—and Security Becomes a Concern
	Watching Crime Rise with the Commercialization of the Internet
	Bringing the Cybercrime Story Up to Date
		Understanding How New Technologies Create New Vulnerabilities
			Why Cybercriminals Love Broadband
			Why Cybercriminals Love Wireless
			Why Cybercriminals Love Mobile Computing
			Why Cybercriminals Love Sophisticated Web and E-Mail Technologies
			Why Cybercriminals Love E-Commerce and Online Banking
			Why Cybercriminals Love Instant Messaging
			Why Cybercriminals Love New Operating Systems and Applications
			Why Cybercriminals Love Standardization
		Planning for the Future: How to Thwart Tomorrow’s Cybercriminal
	Summary
	Frequently Asked Questions
	Resources
Chapter 3 Understanding the People on the Scene
	Introduction
	Understanding Cybercriminals
		Profiling Cybercriminals
			Understanding How Profiling Works
			Reexamining Myths and Misconceptions About Cybercriminals
			Constructing a Profile of the Typical Cybercriminal
			Recognizing Criminal Motivations
			Recognizing the Limitations of Statistical Analysis
		Categorizing Cybercriminals
			Criminals Who Use the Net as a Tool of the Crime
			Criminals Who Use the Net Incidentially to the Crime
			Real-Life Noncriminals Who Commit Crimes Online
	Understanding Cybervictims
		Categorizing Victims of Cybercrime
			Making the Victim Part of the Crime-Fighting Team
	Understanding Cyberinvestigators
		Recognizing the Characteristics of a Good Cyberinvestigator
			Categorizing Cyberinvestigators by Skill Set
			Recruiting and Training Cyberinvestigators
		Facilitating Cooperation: CEOs on the Scene
	Summary
	Frequently Asked Questions
	Resources
Chapter 4 Understanding Computer Basics
	Introduction
	Understanding Computer Hardware
		Looking Inside the Machine
			Components of a Digital Computer
			The Role of the Motherboard
			The Roles of the Processor and Memory
			The Role of Storage Media
			Why This Matters to the Investigator
	The Language of the Machine
		Wandering Through a World of Numbers
			Who’s on Which Base?
		Understanding the Binary Numbering System
			Converting Between Binary and Decimal
			Converting Between Binary and Hexadecimal
			Converting Text to Binary
		Encoding Nontext Files
		Why This Matters to the Investigator
	Understanding Computer Operating Systems
		Understanding the Role of the Operating System Software
		Differentiating Between Multitasking and Multiprocessing Types
			Multitasking
			Multiprocessing
		Differentiating Between Proprietary and Open Source Operating Systems
		An Overview of Commonly Used Operating Systems
			Understanding DOS
			Windows 1.x Through 3.x
			Windows 9x (95, 95b, 95c, 98, 98SE, and ME)
			Windows NT
			Windows 2000
			Windows XP
			Linux/UNIX
			Other Operating Systems
		Understanding File Systems
			FAT12
			FAT16
		VFAT
		FAT32
		NTFS
		Other File Systems
	Summary
	Frequently Asked Questions
	Resources
Chapter 5 Understanding Networking Basics
	Introduction
	Understanding How Computers Communicate on a Network
		Sending Bits and Bytes Across a Network
			Digital and Analog Signaling Methods
			How Multiplexing Works
			Directional Factors
			Timing Factors
			Signal Interference
			Packets, Segments, Datagrams, and Frames
			Access Control Methods
			Network Types and Topologies
			Why This Matters to the Investigator
		Understanding Networking Models and Standards
			The OSI Networking Model
			The DoD Networking Model
			The Physical/Data Link Layer Standards
			Why This Matters to the Investigator
		Understanding Network Hardware
			The Role of the NIC
			The Role of the Network Media
			The Roles of Network Connectivity Devices
			Why This Matters to the Investigator
		Understanding Network Software
			Understanding Client/Server Computing
			Server Software
			Client Software
			Network File Systems and File Sharing Protocols
			A Matter of (Networking) Protocol
	Understanding the TCP/IP Protocols Used on the Internet
		The Need for Standardized Protocols
		A Brief History of TCP/IP
		The Internet Protocol and IP Addressing
		How Routing Works
		The Transport Layer Protocols
		The MAC Address
		Name Resolution
		TCP/IP Utilities
		Network Monitoring Tools
		Why This Matters to the Investigator
	Summary
	Frequently Asked Questions
	Resources
Chapter 6 Understanding Network Intrusions and Attacks
	Introduction
	Understanding Network Intrusions and Attacks
		Intrusions vs. Attacks
		Recognizing Direct vs. Distributed Attacks
		Automated Attacks
		Accidental “Attacks”
		Preventing Intentional Internal Security Breaches
		Preventing Unauthorized External Intrusions
			Planning for Firewall Failures
			External Intruders with Internal Access
		Recognizing the “Fact of the Attack”
		Identifying and Categorizing Attack Types
	Recognizing Pre-intrusion/Attack Activities
		Port Scans
		Address Spoofing
			IP Spoofing
			ARP Spoofing
			DNS Spoofing
		Placement of Trojans
		Placement of Tracking Devices and Software
		Placement of Packet Capture and Protocol Analyzer Software
		Prevention and Response
	Understanding Password Cracking
		Brute Force
		Exploitation of Stored Passwords
		Interception of Passwords
		Password Decryption Software
		Social Engineering
		Prevention and Response
			General Password Protection Measures
			Protecting the Network Against Social Engineers
	Understanding Technical Exploits
		Protocol Exploits
			DoS Attacks That Exploit TCP/IP
			Source Routing Attacks
			Other Protocol Exploits
		Application Exploits
			Bug Exploits
			Mail Bombs
			Browser Exploits
			Web Server Exploits
			Buffer Overflows
		Operating System Exploits
			The WinNuke Out-of-Band Attack
			Windows Registry Attacks
			Other Windows Exploits
			UNIX Exploits
			Router Exploits
		Prevention and Response
	Attacking with Trojans,Viruses, and Worms
		Trojans
		Viruses
		Worms
		Prevention and Response
	Hacking for Nontechies
		The Script Kiddie Phenomenon
		The “Point and Click” Hacker
		Prevention and Response
	Summary
	Frequently Asked Questions
	Resources
Chapter 7 Understanding Cybercrime Prevention
	Introduction
	Understanding Network Security Concepts
		Applying Security Planning Basics
			Defining Security
			The Importance of Multilayered Security
			The Intrusion Triangle
			Removing Intrusion Opportunities
		Talking the Talk: Security Terminology
		Importance of Physical Security
			Protecting the Servers
			Keeping Workstations Secure
			Protecting Network Devices
	Understanding Basic Cryptography Concepts
		Understanding the Purposes of Cryptographic Security
			Authenticating Identity
			Providing Confidentiality of Data
			Ensuring Data Integrity
		Basic Cryptography Concepts
			Scrambling Text with Codes and Ciphers
			What Is Encryption?
			Securing Data with Cryptographic Algorithms
			How Encryption Is Used in Information Security
			What Is Steganography?
			Modern Decryption Methods
			Cybercriminals’ Use of Encryption and Steganography
	Making the Most of Hardware and Software Security
		Implementing Hardware-Based Security
			Hardware-Based Firewalls
			Authentication Devices
		Implementing Software-Based Security
			Cryptographic Software
			Digital Certificates
			The Public Key Infrastructure
			Software-Based Firewalls
	Understanding Firewalls
		How Firewalls Use Layered Filtering
			Packet Filtering
			Circuit Filtering
			Application Filtering
		Integrated Intrusion Detection
	Forming an Incident Response Team
	Designing and Implementing Security Policies
		Understanding Policy-Based Security
			What Is a Security Policy?
			Why This Matters to the Investigator
		Evaluating Security Needs
			Components of an Organizational Security Plan
			Defining Areas of Responsibility
			Analyzing Risk Factors
			Assessing Threats and Threat Levels
			Analyzing Organizational and Network Vulnerabilities
			Analyzing Organizational Factors
			Considering Legal Factors
			Analyzing Cost Factors
			Assessing Security Solutions
		Complying with Security Standards
			Government Security Ratings
			Utilizing Model Policies
		Defining Policy Areas
			Password Policies
			Other Common Policy Areas
		Developing the Policy Document
			Establishing Scope and Priorities
			Policy Development Guidelines
			Policy Document Organization
		Educating Network Users on Security Issues
			Policy Enforcement
			Policy Dissemination
			Ongoing Assessment and Policy Update
	Summary
	Frequently Asked Questions
	Resources
Chapter 8 Implementing System Security
	Introduction
		How Can Systems Be Secured?
		The Security Mentality
		Elements of System Security
	Implementing Broadband Security Measures
		Broadband Security Issues
		Deploying Antivirus Software
		Defining Strong User Passwords
		Setting Access Permissions
		Disabling File and Print Sharing
		Using NAT
		Deploying a Firewall
		Disabling Unneeded Services
		Configuring System Auditing
	Implementing Browser and E-Mail Security
		Types of Dangerous Code
			JavaScript
			ActiveX
			Java
		Making Browsers and E-Mail Clients More Secure
			Restricting Programming Languages
			Keep Security Patches Current
			Cookie Awareness
		Securing Web Browser Software
			Securing Microsoft Internet Explorer
		Securing Netscape Navigator
		Securing Opera
	Implementing Web Server Security
		DMZ vs. Stronghold
		Isolating the Web Server
		Web Server Lockdown
			Managing Access Control
			Handling Directory and Data Structures
			Scripting Vulnerabilities
			Logging Activity
			Backups
		Maintaining Integrity
		Rogue Web Servers
	Understanding Security and Microsoft Operating Systems
		General Microsoft Security Issues
			NetBIOS
			Widespread Automated Functionality
			IRDP Vulnerability
			NIC Bindings
		Securing Windows 9x Computers
			Securing a Windows NT 4.0 Network
			Securing a Windows 2000 Network
			Windows .NET:The Future of Windows Security
	Understanding Security and UNIX/Linux Operating Systems
	Understanding Security and Macintosh Operating Systems
	Understanding Mainframe Security
	Understanding Wireless Security
	Summary
	Frequently Asked Questions
	Resources
Chapter 9 Implementing Cybercrime Detection Techniques
	Introduction
	Security Auditing and Log Files
		Auditing for Windows Platforms
		Auditing for UNIX and Linux Platforms
	Firewall Logs, Reports, Alarms, and Alerts
	Understanding E-Mail Headers
	Tracing a Domain Name or IP Address
	Commercial Intrusion Detection Systems
		Characterizing Intrusion Detection Systems
		Commercial IDS Players
	IP Spoofing and Other Antidetection Tactics
	Honeypots, Honeynets, and Other “Cyberstings”
	Summary
	Frequently Asked Questions
	Resources
Chapter 10 Collecting and Preserving Digital Evidence
	Introduction
	Understanding the Role of Evidence in a Criminal Case
		Defining Evidence
		Admissibility of Evidence
		Forensic Examination Standards
	Collecting Digital Evidence
		The Role of First Responders
		The Role of Investigators
		The Role of Crime Scene Technicians
	Preserving Digital Evidence
		Preserving Volatile Data
		Disk Imaging
			A History of Disk Imaging
			Imaging Software
			Standalone Imaging Tools
			Role of Imaging in Computer Forensics
		“Snapshot”Tools and File Copying
		Special Considerations
			Environmental Factors
			Retaining Time and Datestamps
			Preserving Data on PDAs and Handheld Computers
	Recovering Digital Evidence
		Recovering “Deleted” and “Erased” Data
		Decrypting Encrypted Data
		Finding Hidden Data
			Where Data Hides
			Detecting Steganographic Data
			Alternate Datastreams
			Methods for Hiding Files
			The Recycle Bin
		Locating Forgotten Evidence
			Web Caches and URL Histories
			Temp Files
			Swap and Page Files
		Recovering Data from Backups
		Defeating Data Recovery Techniques
			Overwriting the Disk
			Degaussing or Demagnetizing
			Physically Destroying the Disk
	Documenting Evidence
		Evidence Tagging and Marking
		Evidence Logs
		Documenting Evidence Analysis
		Documenting the Chain of Custody
	Computer Forensics Resources
		Computer Forensics Training and Certification
			Computer Forensics Equipment and Software
			Computer Forensics Services
			Computer Forensics Information
	Understanding Legal Issues
		Searching and Seizing Digital Evidence
			U.S. Constitutional Issues
			Search Warrant Requirements
			Search Without Warrant
			Seizure of Digital Evidence
			Forfeiture Laws
		Privacy Laws
		The Effects of the U.S. Patriot Act
	Summary
	Frequently Asked Questions
	Resources
Chapter 11 Building the Cybercrime Case
	Introduction
	Major Factors Complicating Prosecution
		Difficulty of Defining the Crime
			Bodies of Law
			Types of Law
			Levels of Law
			Basic Criminal Justice Theory
			Elements of the Offense
			Level and Burden of Proof
		Jurisdictional Issues
			Defining Jurisdiction
			Statutory Law Pertaining to Jurisdiction
			Case Law Pertaining to Jurisdiction
			International Complications
			Practical Considerations
		The Nature of the Evidence
		Human Factors
			Law Enforcement “Attitude”
			The High-Tech Lifestyle
			Natural-Born Adversaries?
	Overcoming Obstacles to Effective Prosecution
	The Investigative Process
		Investigative Tools
			Steps in an Investigation
			Defining Areas of Responsibility
	Testifying in a Cybercrime Case
		The Trial Process
			Testifying as an Evidentiary Witness
			Testifying as an Expert Witness
			Giving Direct Testimony
			Cross-Examination Tactics
			Using Notes and Visual Aids
	Summary
	Frequently Asked Questions
	Resources
Afterword
Appendix: Fighting Cybercrime on a Global Scale
Index
Related Titles