product iamge

Cyber Investigations: A Research Based Introduction for Advanced Studies

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

CYBER INVESTIGATIONS

A classroom tested introduction to cyber investigations with real-life examples included

Cyber Investigations provides an introduction to the topic, an overview of the investigation process applied to cyber investigations, a review of legal aspects of cyber investigations, a review of Internet forensics and open-source intelligence, a research-based chapter on anonymization, and a deep-dive in to multimedia forensics. The content is structured in a consistent manner, with an emphasis on accessibility for students of computer science, information security, law enforcement, and military disciplines.

To aid in reader comprehension and seamless assimilation of the material, real-life examples and student exercises are provided throughout, as well as an Educational Guide for both teachers and students. The material has been classroom-tested and is a perfect fit for most learning environments.

Written by a highly experienced author team with backgrounds in law enforcement, academic research, and industry, sample topics covered in Cyber Investigations include:

  • The cyber investigation process, including developing an integrated framework for cyber investigations and principles for the integrated cyber investigation process (ICIP)
  • Cyber investigation law, including reasonable grounds to open a criminal cyber investigation and general conditions for privacy-invasive cyber investigation methods
  • Perspectives of internet and cryptocurrency investigations, including examples like the proxy seller, the scammer, and the disgruntled employee
  • Internet of things (IoT) investigations, including types of events leading to IoT investigations and new forensic challenges in the field
  • Multimedia forensics facilitates the understanding of the role of multimedia in investigations, including how to leverage similarity matching, content-based tracing, and media metadata.
  • Anonymization networks discusses how such networks work, and how they impact investigations? It addresses aspects of tracing, monitoring, evidence acquisition, de-anonymization, and large investigations

Based on research, teaching material, experiences, and student feedback over several years, Cyber Investigations is ideal for all students and professionals in the cybersecurity industry, providing comprehensive subject coverage from faculty, associates, and former students of cyber security and digital forensics at the Norwegian University of Science and Technology (NTNU).

Author(s): André Årnes
Publisher: Wiley
Year: 2023

Language: English
Pages: 269
City: Hoboken

Cover
Title Page
Copyright Page
Contents
Preface
List of Contributors
List of Figures
List of Tables
List of Examples
List of Definitions
List of Legal Provisions
List of Equations
List of Abbreviations
Chapter 1 Introduction
1.1 Introduction
1.2 Cybercrime and Cybersecurity
1.2.1 Cybercrime
1.2.2 Cybercriminals and Threat Actors
1.2.3 Cybersecurity
1.2.4 Threat Modeling – Cyber Kill Chain and MITRE ATT&CK
1.3 Cyber Investigations
1.3.1 Digital Forensics
1.3.2 Digital Evidence
1.3.3 Attribution
1.3.4 Cyber Threat Intelligence
1.3.5 Open-Source Intelligence (OSINT)
1.3.6 Operational Avalanche – A Real-World Example
1.4 Challenges in Cyber Investigations
1.5 Further Reading
1.6 Chapter Overview
1.7 Comments on Citation and Notation
1.8 Exercises
Chapter 2 Cyber Investigation Process
2.1 Introduction
2.2 Investigation as Information Work
2.3 Developing an Integrated Framework for Cyber Investigations
2.4 Principles for the Integrated Cyber Investigation Process (ICIP)
2.4.1 Procedure and Policy
2.4.2 Planning and Documentation
2.4.3 Forming and Testing of Hypotheses
2.4.4 The Dynamics of ICIP
2.4.5 Principles for Handling Digital Evidence
2.4.6 Limitations
2.5 ICIP’s Procedural Stages
2.5.1 Investigation Initiation
2.5.2 Modeling
2.5.3 Planning and Prioritization
2.5.4 Impact and Risk Assessment
2.5.5 Action and Collection
2.5.6 Analysis and Integration
2.5.7 Documentation and Presentation
2.5.8 Evaluation
2.6 Cognitive and Human Error in Cyber Investigations
2.6.1 Cognitive Factors
2.6.2 Cognitive Biases
2.6.3 Countermeasures
2.7 Summary
2.8 Exercises
Chapter 3 Cyber Investigation Law
3.1 Cyber Investigation in Context
3.2 The Missions and Some Implications to Privacy Rights
3.2.1 The Police, Law Enforcement Agencies, and National Security Service
3.2.2 Reasonable Ground to Open a Criminal (Cyber) Investigation
3.2.3 The Legal Framework(s)
3.2.4 General Conditions for Privacy-Invasive Cyber Investigation Methods
3.2.5 The Private Sector Cyber Investigator
3.3 The Different Mandates of the LEA, NIS, and the Police
3.3.1 Law Enforcing Agencies and the Police
3.3.2 The National Intelligence Service (NIS)
3.4 Jurisdiction and International Cooperation
3.4.1 The eNIS and the Principle of Sovereignty
3.4.2 The iNIS and the LEA – International Cooperation
3.5 Human Rights in the Context of Cyber Investigations
3.5.1 The Right to Fair Trial
3.5.2 Covert Cyber Investigation
3.5.3 Technical Investigation Methods (Technical Hacking)
3.5.4 Methods Based on Social Skills (Social Hacking)
3.5.5 Open-Source Intelligence/Investigation
3.6 The Private Cyber Investigator
3.6.1 Cyber Reconnaissance Targeting a Third Party
3.6.2 Data Protection and Privacy Rights
3.7 The Way Ahead
3.8 Summary
3.9 Exercises
Chapter 4 Perspectives of Internet and Cryptocurrency Investigations
4.1 Introduction
4.2 Case Examples
4.2.1 The Proxy Seller
4.2.2 The Scammer
4.2.3 The Disgruntled Employee
4.3 Networking Essentials
4.4 Networks and Applications
4.4.1 Operational Security
4.4.2 Open Sources
4.4.3 Closed Sources
4.4.4 Networks
4.4.5 Peer-to-Peer
4.4.6 Applications
4.5 Open-Source Intelligence (OSINT)
4.5.1 Methodology
4.5.2 Types of Open-Source Data
4.5.3 Techniques for Gathering Open-Source Data
4.6 Internet Browsers
4.6.1 HTTP, HTML, JavaScript, and Cache
4.6.2 Uniform Resource Locators (URLs)
4.6.3 Cookies and Local Storage
4.6.4 Developer Tools
4.6.5 Forensic Tools
4.7 Cryptocurrencies
4.7.1 Addresses and Transactions
4.7.2 Privacy
4.7.3 Heuristics
4.7.4 Exploring Transactions
4.8 Preparation for Analysis
4.8.1 Entity Extraction
4.8.2 Machine Translation and Transliteration
4.8.3 Metadata Extraction
4.8.4 Visualization and Analysis
4.9 Summary
4.10 Exercises
Chapter 5 Anonymity and Forensics
5.1 Introduction
5.1.1 Anonymity
5.1.2 Degree of Anonymity
5.2 Anonymous Communication Technologies
5.2.1 High-Latency Anonymity
5.2.2 Low-Latency Anonymity
5.2.3 Anonymous Proxy
5.2.4 Cascading Proxies
5.2.5 Anonymity Networks
5.2.6 Recent Live Messaging and Voice Communication
5.3 Anonymity Investigations
5.3.1 Digital Forensics and Anonymous Communication
5.3.2 Local Logs
5.3.3 Network Logs
5.3.4 Live Forensics and Investigations
5.4 Summary
5.5 Exercises
Chapter 6 Internet of Things Investigations
6.1 Introduction
6.2 What Is IoT?
6.2.1 A (Very) Short and Incomplete History
6.2.2 Application Areas
6.2.3 Models and Concepts
6.2.4 Protocols
6.3 IoT Investigations
6.3.1 Types of Events Leading to Investigations
6.3.2 Identifying an IoT Investigation
6.4 IoT Forensics
6.4.1 IoT and Existing Forensic Areas
6.4.2 Models
6.4.3 New Forensic Challenges
6.5 Summary
6.6 Exercises
Chapter 7 Multimedia Forensics
7.1 Metadata
7.2 Image Forensics
7.2.1 Image Trustworthiness
7.2.2 Types of Examinations
7.2.3 Photography Process Flow
7.2.4 Acquisition Fingerprints
7.2.5 Image Coding Fingerprints
7.2.6 Editing Fingerprints
7.2.7 Deepfake Creation and Detection
7.3 Video Forensics
7.3.1 Video Process Flow
7.3.2 Reproduction Detection
7.3.3 Source Device Identification
7.4 Audio Forensics
7.4.1 Audio Fundamentals
7.4.2 Digital Audio Recording Process
7.4.3 Authenticity Analysis
7.4.4 Container Analysis
7.4.5 Content-Based Analysis
7.4.6 Electric Network Frequency
7.4.7 Audio Enhancements
7.4.8 Other Audio Forensic Methods
7.5 Summary
7.6 Exercises
Chapter 8 Educational Guide
8.1 Academic Resources
8.2 Professional and Training Organizations
8.3 Nonacademic Online Resources
8.4 Tools
8.4.1 Disk Analysis Tools
8.4.2 Memory Analysis Tools
8.4.3 Network Analysis Tools
8.4.4 Open-Source Intelligence Tools
8.4.5 Machine Learning
8.5 Corpora and Data Sets
8.6 Summary
References
Index
EULA