List of Figures xi
About the Author xiii
Foreword xv
Acknowledgments xvii
Chapter 1: Introduction 1
Chapter 2: Cybercrime Offenses 9
Potential Cybercrime Offenses 11
Cybercrime Case Study 26
Notes 26
Chapter 3: Motivations of the Attacker 29
Common Motivators 30
Cybercrime Case Study I 33
Cybercrime Case Study II 34
Note 35
Chapter 4: Determining That a Cybercrime is Being Committed 37
Cyber Incident Alerts 38
Attack Methodologies 41
Cybercrime Case Study I 44
Cybercrime Case Study II 44
Notes 45
Chapter 5: Commencing a Cybercrime Investigation 47
Why Investigate a Cybercrime? 47
The Cyber Investigator 48
Management Support 48
Is There a Responsibility to Try to Get the Data Back? 50
Cybercrime Case Study 51
Notes 52
Chapter 6: Legal Considerations When Planning an Investigation 53
Role of the Law in a Digital Crimes Investigation 54
Protecting Digital Evidence 55
Preservation of the Chain of Custody 56
Protection of Evidence 59
Legal Implications of Digital Evidence Collection 60
Cybercrime Case Study 63
Note 63
Chapter 7: Initial Meeting with the Complainant 65
Initial Discussion 65
Complainant Details 68
Event Details 68
Cyber Security History 69
Scene Details 70
Identifying Offenses 71
Identifying Witnesses 71
Identifying Suspects 71
Identifying the Modus Operandi of Attack 72
Evidence: Technical 73
Evidence: Other 74
Cybercrime Case Study 74
Chapter 8: Containing and Remediating the Cyber Security Incident 77
Containing the Cyber Security Incident 77
Eradicating the Cyber Security Incident 80
Note 82
Chapter 9: Challenges in Cyber Security Incident Investigations 83
Unique Challenges 84
Cybercrime Case Study 91
Chapter 10: Investigating the Cybercrime Scene 93
The Investigation Team 96
Resources Required 101
Availability and Management of Evidence 104
Technical Items 105
Scene Investigation 123
What Could Possibly Go Wrong? 152
Cybercrime Case Study I 155
Cybercrime Case Study II 156
Notes 158
Chapter 11: Log File Identification, Preservation, Collection, and Acquisition 159
Log Challenges 160
Logs as Evidence 161
Types of Logs 162
Cybercrime Case Study 164
Notes 165
Chapter 12: Identifying, Seizing, and Preserving Evidence from Cloud-Computing Platforms 167
What is Cloud Computing? 167
What is the Relevance to the Investigator? 172
The Attraction of Cloud Computing for the Cybercriminal 173
Where is Your Digital Evidence Located? 174
Lawful Seizure of Cloud Digital Evidence 175
Preservation of Cloud Digital Evidence 177
Forensic Investigations of Cloud-Computing Servers 178
Remote Forensic Examinations 182
Cloud Barriers to a Successful Investigation 196
Suggested Tips to Assist Your Cloud-Based Investigation 203
Cloud-Computing Investigation Framework 206
Cybercrime Case Study 219
Notes 221
Chapter 13: Identifying, Seizing, and Preserving Evidence from Internet of Things Devices 225
What is the Internet of Things? 225
What is the Relevance to Your Investigation? 226
Where is Your Internet of Things Digital Evidence Located? 228
Lawful Seizure of Internet of Things Evidence 228
Notes 229
Chapter 14: Open Source Evidence 231
The Value of Open Source Evidence 231
Examples of Open Source Evidence 233
Note 236
Chapter 15: The Dark Web 237
Crime and the Dark Web 238
Notes 242
Chapter 16: Interviewing Witnesses and Suspects 243
Suspect Interviews 245
Witness Interviews 246
Preparing for an Interview 247
The Interview Process 250
Closing the Interview 254
Review of the Interview 254
Preparation of Brief for Referral to Police 255
Chapter 17: Review of Evidence 257
Chapter 18: Producing Evidence for Court 265
Digital Evidence and Its Admissibility 267
Preparing for Court 268
Chapter 19: Conclusion 273
Glossary 277
Index 283