𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Computer forensics: investigating network intrusions and cybercrime

✍ Scribed by EC-Council

Publisher
Cengage Learning
Year
2009;2010
Tongue
English
Leaves
394
Series
Ec-Council Press Series: Computer Forensics
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks. Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating potential legal evidence. In full, this and the other four books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker's path through a client system. The series and accompanying labs help prepare the security student or professional to profile an intruder's footprint and gather all necessary information and evidence to support prosecution in a court of law. Network Intrusions and Cybercrime includes a discussion of tools used in investigations as well as information on investigating network traffic, web attacks, DOS attacks, Corporate Espionage and much more!

✦ Table of Contents

Front Cover......Page 1
Title Page......Page 3
Copyright......Page 4
Brief Table of Contents......Page 5
Table of Contents......Page 7
Preface......Page 19
Case Example......Page 27
The Intrusion Process......Page 28
Log Files as Evidence......Page 29
Examining Intrusion and Security Events......Page 30
Maintaining Credible IIS Log Files......Page 31
Syslog......Page 34
Tool: Socklog......Page 36
Tool: Microsoft Log Parser......Page 38
Tool: Firewall Analyzer......Page 39
Tool: Adaptive Security Analyzer (ASA) Pro......Page 40
Tool: GFI EventsManager......Page 41
Tool: Activeworx Security Center......Page 43
Linux Process Accounting......Page 44
Tool: NTsyslog......Page 45
Tool: EventLog Analyzer......Page 46
What Is NTP?......Page 47
Configuring the Windows Time Service......Page 53
Review Questions......Page 54
Hands-On Projects......Page 55
Key Terms......Page 57
Internetwork Addressing......Page 58
Overview of Network Protocols......Page 59
Session Layer, Presentation Layer, and Application Layer......Page 60
The Network Layer......Page 61
Shared Ethernet......Page 62
DNS Poisoning Techniques......Page 63
DNS Cache Poisoning......Page 64
Evidence Gathering from ARP Table......Page 65
Tool: Tcpdump......Page 66
Tool: WinDump......Page 67
Tool: NetIntercept......Page 68
Tool: Wireshark......Page 69
Tool: CommView......Page 70
Tool: SoftPerfect Network Protocol Analyzer......Page 71
Tool: HTTP Sniffer......Page 72
Tool: EtherDetect Packet Sniffer......Page 74
Tool: Iris Network Traffic Analyzer......Page 75
Tool: NetSetMan......Page 77
Tool: MaaTec Network Analyzer......Page 79
Tool: Colasoft Capsa Network Analyzer......Page 80
Tool: AnalogX PacketMon......Page 82
Tool: BillSniff......Page 83
Tool: Sniphere......Page 85
Tool: Atelier Web Ports Traffic Analyzer......Page 86
Tool: IPgrab......Page 88
Tool: Sniff-O-Matic......Page 89
Tool: GPRS Network Sniffer: Nokia LIG......Page 91
Tool: Siemens Monitoring Center......Page 92
Tool: NetWitness......Page 93
Tool: InfiniStream......Page 94
Tool: eTrust Network Forensics......Page 95
Tool: P2 Enterprise Shuttle......Page 97
Tool: Show Traffic......Page 98
Tool: Snort Intrusion Detection System......Page 99
Snort Rules......Page 100
Documenting the Evidence Gathered on a Network......Page 101
Evidence Reconstruction for Investigation......Page 102
Review Questions......Page 103
Hands-On Projects......Page 104
Introduction to Investigating Web Attacks......Page 111
Cross-Site Scripting (XSS)......Page 112
Cross-Site Request Forgery (CSRF)......Page 113
SQL Injection Attacks......Page 114
Cookie Poisoning......Page 115
Buffer Overflow......Page 116
Authentication Hijacking......Page 117
Log Tampering......Page 118
URL Interpretation Attack......Page 119
Log Security......Page 120
Investigating FTP Logs......Page 121
Investigating Apache Logs......Page 122
Web Page Defacement......Page 123
Defacement Using DNS Compromise......Page 124
Security Strategies for Web Applications......Page 125
Analog......Page 126
Deep Log Analyzer......Page 128
AWStats......Page 129
WebLog Expert......Page 130
Webalizer......Page 132
N-Stealth......Page 133
Acunetix Web Vulnerability Scanner......Page 134
dotDefender......Page 135
AccessDiver......Page 136
Emsa Web Monitor......Page 138
Paros......Page 139
HP WebInspect......Page 140
keepNI......Page 141
Mapper......Page 142
N-Stalker Web Application Security Scanner......Page 143
Nslookup......Page 144
Traceroute......Page 146
McAfee Visual Trace......Page 147
WHOIS......Page 148
IP Detective Suite......Page 150
Whois Lookup......Page 152
ActiveWhois......Page 154
LanWhoIs......Page 155
IP2country......Page 156
WebAgain......Page 157
CounterStorm-1......Page 159
Review Questions......Page 160
Hands-On Projects......Page 161
Key Terms......Page 165
Router Architecture......Page 166
The Routing Table and Its Components......Page 167
Types of Router Attacks......Page 168
Router Forensics Versus Traditional Forensics......Page 169
Investigation Steps......Page 170
Router Audit Tool (RAT)......Page 180
Link Logger......Page 181
Chapter Summary......Page 182
Review Questions......Page 183
Hands-On Projects......Page 184
Key Terms......Page 185
Ping of Death Attack......Page 186
Fraggle Attack......Page 187
Reflected Attack......Page 188
Classification of a DDoS Attack......Page 189
Network Connectivity......Page 191
Sequential Change-Point Detection......Page 192
Investigating DoS Attacks......Page 193
Hop-by-Hop IP Traceback......Page 194
Backscatter Traceback......Page 195
IP Traceback with IPSec......Page 197
Control Channel Detection......Page 198
Tools for Locating IP Addresses......Page 199
Tool: Friendly Pinger......Page 200
Tool: Admin’s Server Monitor......Page 201
Tool: Tail4Win......Page 202
Tool: Status2k......Page 203
Chapter Summary......Page 204
Review Questions......Page 205
Case Example......Page 207
Internet Crimes......Page 208
Obtain a Search Warrant......Page 210
IP Addresses......Page 211
Domain Name System (DNS)......Page 212
Analysis of WHOIS Information......Page 215
URL Redirection......Page 221
Embedded JavaScript......Page 223
Downloading a Single Page or an Entire Web Site......Page 224
Trace the E-Mail Addresses......Page 228
Tool: NeoTrace (now McAfee Visual Trace)......Page 231
Generate a Report......Page 232
Chapter Summary......Page 233
Hands-On Projects......Page 234
Key Terms......Page 235
E-Mail Client......Page 236
E-Mail Server......Page 237
E-Mail Crime......Page 238
Spamming......Page 239
Mail Bombing......Page 240
Mail Storm......Page 241
Obtaining a Search Warrant and Seizing the Computer and E-Mail Account......Page 242
Viewing and Copying E-Mail Headers in Microsoft......Page 243
Viewing and Copying E-Mail Headers in Gmail......Page 244
Examining an E-Mail Header......Page 245
Examining Additional Files......Page 249
Examine the Originating IP Address......Page 250
Using Specialized E-Mail Forensic Tools......Page 251
Tool: Forensic Toolkit (FTK)......Page 253
Tool: E-Mail Detective......Page 254
Tool: E-mail Examiner by Paraben......Page 255
Trace the E-Mail......Page 256
Tool: eMailTrackerPro......Page 258
U.S. Laws against E-Mail Crime: CAN-SPAM Act......Page 260
Chapter Summary......Page 261
Hands-On Projects......Page 262
Introduction to Investigating Corporate Espionage......Page 265
Information That Corporate Spies Seek......Page 266
Techniques of Spying......Page 267
Defense Against Corporate Spying......Page 268
Bait: Honeypots and Honeytokens......Page 269
Analyze Signatures......Page 270
Investigating Corporate Espionage Cases......Page 271
Tool: Activity Monitor......Page 272
Tool: Track4Win......Page 273
Tool: SpyBuddy......Page 274
Tool: Privatefirewall......Page 275
Tool: SpyCop......Page 276
Tool: Spy Sweeper......Page 278
Tool: CounterSpy......Page 280
Tool: iMonitorPC......Page 281
Guidelines for Writing Employee-Monitoring Policies......Page 283
Review Questions......Page 284
Hands-On Projects......Page 285
Introduction to Investigating Trademark and Copyright Infringement......Page 287
Service Mark and Trade Dress......Page 288
Trademark Infringement......Page 289
Steps for Investigating Trademark Infringements......Page 294
How Long Does a Copyright Last?......Page 295
How Are Copyrights Enforced?......Page 296
Plagiarism......Page 297
Patent......Page 309
Tool: http://www.ip.com......Page 310
Intellectual Property......Page 311
Tool: Windows Media Digital Rights Management......Page 312
Tool: IntelliProtector......Page 314
The Digital Millennium Copyright Act (DMCA) of 1998......Page 316
The Lanham (Trademark) Act (15 USC §§ 1051–1127)......Page 317
Online Copyright Infringement Liability Limitation Act......Page 318
Trade Marks Act, 1999......Page 319
Trademark Law......Page 320
The Trade Marks Act 1995......Page 321
The Copyright Act 1968: Section 132......Page 322
Trademarks Act 1994 (TMA)......Page 323
Patents Act No. 57 of 1978......Page 324
Chapter Summary......Page 325
Hands-On Projects......Page 326
Key Terms......Page 329
Types of Sexual Harassment......Page 330
Hostile Work Environment Harassment......Page 331
Sexual Harassment Statistics......Page 332
Stalking......Page 333
Guidelines for Stalking Victims......Page 334
Complaint Procedures......Page 335
Sexual Harassment Investigations......Page 336
Preventive Steps......Page 337
The Civil Rights Act of 1991......Page 338
Anti-Discrimination Act 1991......Page 339
Sample Complaint Form......Page 340
Review Questions......Page 343
Hands-On Projects......Page 344
Key Terms......Page 345
People Involved in Child Pornography......Page 346
Citizens’ Committee......Page 347
Steps for Investigating Child Pornography......Page 348
Step 5: Check Metadata of Files and Folders Related to Pornography......Page 349
Step 6: Check and Recover Browser Information......Page 351
Guidelines to Avoid Child Pornography on the Web......Page 355
Tool: iProtectYou......Page 356
Tool: Web Control for Parents......Page 357
Tool: ChatGuard......Page 359
Child Pornography Legislation Survey......Page 361
Β§ 18 U.S.C. 1466A......Page 366
Article 380ter of the Penal Code......Page 367
Amendment of Section 2 of Act 65 of 1996......Page 368
Scottish Laws Against Child Pornography......Page 369
Anti-Child-Pornography Organizations......Page 370
Innocent Images National Initiative......Page 371
Anti-Child Porn Organization......Page 372
Think U Know......Page 373
Virtual Global Taskforce......Page 374
International Centre for Missing & Exploited Children......Page 375
Financial Coalition Against Child Pornography......Page 377
Canadian Centre for Child Protection......Page 379
Cybertip.ca......Page 380
Child Focus......Page 381
Chapter Summary......Page 383
Review Questions......Page 384
Hands-On Projects......Page 385
INDEX......Page 387

πŸ“œ SIMILAR VOLUMES

Computer Forensics: Investigating Networ
πŸ“ Computer Forensics: Investigating Network Intrusions and Cybercrime
✍ EC-Council πŸ“‚ Library πŸ“… 2009 πŸ› Cengage Learning 🌐 English

The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecti

Advancements in Cybercrime Investigation
πŸ“ Advancements in Cybercrime Investigation and Digital Forensics
✍ A. Harisha & Amarnath Mishra & Chandra Singh πŸ“‚ Library πŸ“… 2023 πŸ› CRC Press 🌐 English

Vast manpower and resources are needed to investigate cybercrimes. The use of new advanced technologies, such as machine learning combined with automation, are effective in providing significant additional support in prevention of cyber-attacks, in the speedy recovery of data, and in reducing human

Computer and intrusion forensics
πŸ“ Computer and intrusion forensics
✍ George Mohay, Alison Anderson, Byron Collie, Olivier de Vel, Rodney McKemmish πŸ“‚ Library πŸ“… 2003 πŸ› Artech House 🌐 English
Computer and intrusion forensics
πŸ“ Computer and intrusion forensics
✍ George Mohay, Alison Anderson, Byron Collie, Olivier de Vel, Rodney McKemmish πŸ“‚ Library πŸ“… 2003 πŸ› Artech House 🌐 English
Computer and intrusion forensics
πŸ“ Computer and intrusion forensics
✍ George Mohay, Alison Anderson, Byron Collie, Olivier de Vel, Rodney McKemmish πŸ“‚ Library πŸ“… 2003 πŸ› Artech House 🌐 English

A comprehensive and broad introduction to computer and intrusion forensics, this practical book helps you master the tools, techniques and underlying concepts you need to know, covering the areas of law enforcement, national security and the private sector. The book presents case studies from around