Computer Forensics JumpStart, Second Edition
Computer Forensics JumpStart. Launch Your Career in Computer Forensics—Quickly and Effectively Written by a team of computer forensics experts, Computer Forensics JumpStart provides all the core information you need to launch your career in this fast-growing field: Conducting a computer forensics investigation Examining the layout of a network Finding hidden data Capturing images Identifying, collecting, and preserving computer evidence Understanding encryption and examining encrypted files Documenting your case Evaluating common computer forensic tools Presenting computer evidence in court as an expert witness.
Chapter 3 Computer Evidence. Chapter 4 Common Tasks. Chapter 5 Capturing the Data Image. Managers have a legal responsibility to police what is happening within their own computer systems, as demonstrated by the Sarbanes-Oxley Act. Management training is usually geared more toward compliance issues and the cost of putting preventative measures in place. IT professionals, on the other hand, need training that is geared more toward return on investment ROI in order to obtain funding for security projects and computer crime awareness, which includes new vulnerabilities.
They should be trained on how laws are made, how crimes are investigated, and how crimes are prosecuted. This training could help eliminate the reluctance that organizations have about contacting law enforcement when security breaches occur or when crimes are committed.
Computer Forensics JumpStart, Book by Michael G. Solomon (Paperback) | childpunchloco.tk
Its programs are designed to educate security professionals, auditors, system administrators, network administrators, chief information security officers, and chief information officers. End Users Legislation such as Sarbanes-Oxley will not change behaviors simply because it is law. This is similar to speeding. Laws against driving over a certain speed do not stop 15 16 Chapter 1 some people from speeding. In fact, many speeders are repeat offenders. People adopt new patterns of behavior only when their old ones are no longer effective. The goal of training is to change behavior.
As mentioned previously, management must be trained and become an integral part of the education and training process in order for the users to buy into it. The hardest environment to control is that of the end user. Training and education are vital parts of any organization that has computer users or Internet access. Security Awareness malware Another name for malicious code. This includes viruses, logic bombs, and worms. A network is only as strong as its weakest link. We hear this phrase time and time again.
Humans are considered to be the weakest link. Social engineering plays on human nature to carry out an attack. Which is easier, getting an employee to give you a password or running password-cracking software?
Obviously, getting an employee to give you the password would eliminate a lot of effort on your part. Social engineering is hard to detect because you have very little influence over lack of common sense or ignorance on the part of employees, but education should help eliminate ignorance. Most business environments are fast paced and service oriented. The Need for Computer Forensics Take this scenario for example. The client is extremely important and could bring millions of dollars in revenue to the company.
However, if the help desk staff member supplies the password as requested, he could be giving it to an intruder. Not having the time to train them yourself is no excuse for not training employees at all. How Much Is Actually Monitored? Security experts have the capability to monitor vast amounts of data.
They can track Internet access, read employee e-mail messages, record phone calls, and monitor network access. All this monitoring creates a large amount of data. How much you should monitor depends on how much information you want to store.
Keep in mind that your monitoring plan should be clear-cut and built around specific goals and policies. Without proper planning and policies, you can quickly fill your log files and hard drives with useless or unused information. If the policy requires auditing large amounts of data, make sure that the hardware has the additional space needed, as well as processing power and memory.
Monitoring can be as simple or complex as you want to make it. Be consistent regardless of the plan you create. Many organizations monitor an extensive amount of information, while others, especially small ones, may monitor little or nothing. Each organization has different needs.
Law enforcement professionals may determine that their caseloads are too extensive for the manpower they have. Maybe the equipment they are using is outdated. Perhaps they have issues with a particular type of software. Corporate organizations may want to make sure they formulate security policies by assessing risk, threats, and their exposure factor to determine how best to keep their networking environment safe. Corporations can also have outdated equipment or applications, making their networks more vulnerable.
Training and education will make a good start, but you must constantly update your knowledge of new hardware, software, and threats. You should recognize how they affect your work and your organization so that you can continuously reassess your vulnerabilities. Remember, a computer forensic technician is a combination of a private eye and a computer scientist.
Terms to Know backdoor intrusion detection best practices logic bomb computer forensics malware disaster recovery security policies electronic discovery social engineering incident virus incident response worm 19 20 Chapter 1 Review Questions 1. What is electronic discovery? Name some examples of electronic discovery items. The recovery of data focuses on what four factors? Who works under more restrictive rules, law enforcement officials or corporate employees?
What is incident response? What is the difference between a virus and a worm? What law was passed to avoid future accounting scandals such as those involving Enron and WorldCom? Name some factors that will determine which criminal cases get priority.
- TEN FUN THINGS TO DO IN HUNTINGTON;
- Computer Forensics JumpStart, Second Edition [Book].
Name a good resource for computer forensics training for law enforcement. This motto is especially true in the computer forensics field. In order to do a thorough job, a computer forensic investigator should know how the network under investigation is laid out, what devices are in use, what types of operating systems are installed, and what types of filesystems are being used. Most organizations have incident response teams that can help provide this information for forensic situations.
As an investigator, you need to know your legal limits and be familiar with the laws of the locality where the crime was committed, as well as the laws where the perpetrator is located to be sure that any case you build will stand up in a court of law. Most of the groundwork needed to build a case can be done ahead of time so that when the need arises, the task can be done more efficiently. This chapter guides you through these processes. Information stored on these devices remains constant or intact.
Computer Forensics JumpStart
By comparison, devices such as keyboards, monitors, and printers do not permanently store data. These devices are used to send data to and receive data from the computer. After the computer is turned off, these devices do not store information. However, a trained computer forensic investigator using specialized techniques can find data or evidence on these devices even after they have been turned off. Because technology is constantly changing, keeping up-to-date on new types of devices and methods of communication is important.
You also need to determine which of these technologies and devices are permitted in the organization being investigated, because employees frequently add their own devices as a matter of convenience and intruders will use them as a method of gathering information. For example, when you type on your keyboard, the keyboard sends input to the computer which, in turn, outputs what you type on the screen.