{"product_id":"cybercrime-investigators-handbook-isbn-9781119596288","title":"Cybercrime Investigators Handbook","description":"\u003cp\u003e\u003cb\u003eThe investigator’s practical guide for cybercrime evidence identification and collection\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCyber attacks perpetrated against businesses, governments, organizations, and individuals have been occurring for decades. Many attacks are discovered only after the data has been exploited or sold on the criminal markets. Cyber attacks damage both the finances and reputations of businesses and cause damage to the ultimate victims of the crime. From the perspective of the criminal, the current state of inconsistent security policies and lax investigative procedures is a profitable and low-risk opportunity for cyber attacks. They can cause immense harm to individuals or businesses online and make large sums of money—safe in the knowledge that the victim will rarely report the matter to the police. For those tasked with probing such crimes in the field, information on investigative methodology is scarce. The \u003ci\u003eCybercrime Investigators Handbook\u003c\/i\u003e is an innovative guide that approaches cybercrime investigation from the field-practitioner’s perspective.\u003c\/p\u003e \u003cp\u003eWhile there are high-quality manuals for conducting digital examinations on a device or network that has been hacked, the \u003ci\u003eCybercrime Investigators Handbook\u003c\/i\u003e is the first guide on how to commence an investigation from the location the offence occurred—the scene of the cybercrime—and collect the evidence necessary to locate and prosecute the offender. This valuable contribution to the field teaches readers to locate, lawfully seize, preserve, examine, interpret, and manage the technical evidence that is vital for effective cybercrime investigation.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eFills the need for a field manual for front-line cybercrime investigators\u003c\/li\u003e \u003cli\u003eProvides practical guidance with clear, easy-to-understand language\u003c\/li\u003e \u003cli\u003eApproaches cybercrime form the perspective of the field practitioner\u003c\/li\u003e \u003cli\u003eHelps companies comply with new GDPR guidelines\u003c\/li\u003e \u003cli\u003eOffers expert advice from a law enforcement professional who specializes in cybercrime investigation and IT security\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003e\u003ci\u003eCybercrime Investigators Handbook \u003c\/i\u003eis much-needed resource for law enforcement and cybercrime investigators, CFOs, IT auditors, fraud investigators, and other practitioners in related areas.\u003c\/p\u003e \u003cp\u003eList of Figures xi\u003c\/p\u003e \u003cp\u003eAbout the Author xiii\u003c\/p\u003e \u003cp\u003eForeword xv\u003c\/p\u003e \u003cp\u003eAcknowledgments xvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1: Introduction 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2: Cybercrime Offenses 9\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePotential Cybercrime Offenses 11\u003c\/p\u003e \u003cp\u003eCybercrime Case Study 26\u003c\/p\u003e \u003cp\u003eNotes 26\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3: Motivations of the Attacker 29\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCommon Motivators 30\u003c\/p\u003e \u003cp\u003eCybercrime Case Study I 33\u003c\/p\u003e \u003cp\u003eCybercrime Case Study II 34\u003c\/p\u003e \u003cp\u003eNote 35\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4: Determining That a Cybercrime is Being Committed 37\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCyber Incident Alerts 38\u003c\/p\u003e \u003cp\u003eAttack Methodologies 41\u003c\/p\u003e \u003cp\u003eCybercrime Case Study I 44\u003c\/p\u003e \u003cp\u003eCybercrime Case Study II 44\u003c\/p\u003e \u003cp\u003eNotes 45\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5: Commencing a Cybercrime Investigation 47\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhy Investigate a Cybercrime? 47\u003c\/p\u003e \u003cp\u003eThe Cyber Investigator 48\u003c\/p\u003e \u003cp\u003eManagement Support 48\u003c\/p\u003e \u003cp\u003eIs There a Responsibility to Try to Get the Data Back? 50\u003c\/p\u003e \u003cp\u003eCybercrime Case Study 51\u003c\/p\u003e \u003cp\u003eNotes 52\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6: Legal Considerations When Planning an Investigation 53\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRole of the Law in a Digital Crimes Investigation 54\u003c\/p\u003e \u003cp\u003eProtecting Digital Evidence 55\u003c\/p\u003e \u003cp\u003ePreservation of the Chain of Custody 56\u003c\/p\u003e \u003cp\u003eProtection of Evidence 59\u003c\/p\u003e \u003cp\u003eLegal Implications of Digital Evidence Collection 60\u003c\/p\u003e \u003cp\u003eCybercrime Case Study 63\u003c\/p\u003e \u003cp\u003eNote 63\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7: Initial Meeting with the Complainant 65\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInitial Discussion 65\u003c\/p\u003e \u003cp\u003eComplainant Details 68\u003c\/p\u003e \u003cp\u003eEvent Details 68\u003c\/p\u003e \u003cp\u003eCyber Security History 69\u003c\/p\u003e \u003cp\u003eScene Details 70\u003c\/p\u003e \u003cp\u003eIdentifying Offenses 71\u003c\/p\u003e \u003cp\u003eIdentifying Witnesses 71\u003c\/p\u003e \u003cp\u003eIdentifying Suspects 71\u003c\/p\u003e \u003cp\u003eIdentifying the Modus Operandi of Attack 72\u003c\/p\u003e \u003cp\u003eEvidence: Technical 73\u003c\/p\u003e \u003cp\u003eEvidence: Other 74\u003c\/p\u003e \u003cp\u003eCybercrime Case Study 74\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8: Containing and Remediating the Cyber Security Incident 77\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eContaining the Cyber Security Incident 77\u003c\/p\u003e \u003cp\u003eEradicating the Cyber Security Incident 80\u003c\/p\u003e \u003cp\u003eNote 82\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9: Challenges in Cyber Security Incident Investigations 83\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnique Challenges 84\u003c\/p\u003e \u003cp\u003eCybercrime Case Study 91\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10: Investigating the Cybercrime Scene 93\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Investigation Team 96\u003c\/p\u003e \u003cp\u003eResources Required 101\u003c\/p\u003e \u003cp\u003eAvailability and Management of Evidence 104\u003c\/p\u003e \u003cp\u003eTechnical Items 105\u003c\/p\u003e \u003cp\u003eScene Investigation 123\u003c\/p\u003e \u003cp\u003eWhat Could Possibly Go Wrong? 152\u003c\/p\u003e \u003cp\u003eCybercrime Case Study I 155\u003c\/p\u003e \u003cp\u003eCybercrime Case Study II 156\u003c\/p\u003e \u003cp\u003eNotes 158\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11: Log File Identification, Preservation, Collection, and Acquisition 159\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eLog Challenges 160\u003c\/p\u003e \u003cp\u003eLogs as Evidence 161\u003c\/p\u003e \u003cp\u003eTypes of Logs 162\u003c\/p\u003e \u003cp\u003eCybercrime Case Study 164\u003c\/p\u003e \u003cp\u003eNotes 165\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12: Identifying, Seizing, and Preserving Evidence from Cloud-Computing Platforms 167\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat is Cloud Computing? 167\u003c\/p\u003e \u003cp\u003eWhat is the Relevance to the Investigator? 172\u003c\/p\u003e \u003cp\u003eThe Attraction of Cloud Computing for the Cybercriminal 173\u003c\/p\u003e \u003cp\u003eWhere is Your Digital Evidence Located? 174\u003c\/p\u003e \u003cp\u003eLawful Seizure of Cloud Digital Evidence 175\u003c\/p\u003e \u003cp\u003ePreservation of Cloud Digital Evidence 177\u003c\/p\u003e \u003cp\u003eForensic Investigations of Cloud-Computing Servers 178\u003c\/p\u003e \u003cp\u003eRemote Forensic Examinations 182\u003c\/p\u003e \u003cp\u003eCloud Barriers to a Successful Investigation 196\u003c\/p\u003e \u003cp\u003eSuggested Tips to Assist Your Cloud-Based Investigation 203\u003c\/p\u003e \u003cp\u003eCloud-Computing Investigation Framework 206\u003c\/p\u003e \u003cp\u003eCybercrime Case Study 219\u003c\/p\u003e \u003cp\u003eNotes 221\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13: Identifying, Seizing, and Preserving Evidence from Internet of Things Devices 225\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat is the Internet of Things? 225\u003c\/p\u003e \u003cp\u003eWhat is the Relevance to Your Investigation? 226\u003c\/p\u003e \u003cp\u003eWhere is Your Internet of Things Digital Evidence Located? 228\u003c\/p\u003e \u003cp\u003eLawful Seizure of Internet of Things Evidence 228\u003c\/p\u003e \u003cp\u003eNotes 229\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14: Open Source Evidence 231\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Value of Open Source Evidence 231\u003c\/p\u003e \u003cp\u003eExamples of Open Source Evidence 233\u003c\/p\u003e \u003cp\u003eNote 236\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15: The Dark Web 237\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCrime and the Dark Web 238\u003c\/p\u003e \u003cp\u003eNotes 242\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16: Interviewing Witnesses and Suspects 243\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSuspect Interviews 245\u003c\/p\u003e \u003cp\u003eWitness Interviews 246\u003c\/p\u003e \u003cp\u003ePreparing for an Interview 247\u003c\/p\u003e \u003cp\u003eThe Interview Process 250\u003c\/p\u003e \u003cp\u003eClosing the Interview 254\u003c\/p\u003e \u003cp\u003eReview of the Interview 254\u003c\/p\u003e \u003cp\u003ePreparation of Brief for Referral to Police 255\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17: Review of Evidence 257\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 18: Producing Evidence for Court 265\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDigital Evidence and Its Admissibility 267\u003c\/p\u003e \u003cp\u003ePreparing for Court 268\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 19: Conclusion 273\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGlossary 277\u003c\/p\u003e \u003cp\u003eIndex 283\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eD\u003csmall\u003eR\u003c\/small\u003e. GRAEME EDWARDS,\u003c\/b\u003e \u003cb\u003eCFE,\u003c\/b\u003e has been a cybercrime investigator with the Queensland Police Service Financial and Cyber Crime Group and has worked on numerous successful criminal investigations involving local and international jurisdictions. He facilitated the creation of the Victims of Financial Crimes Support Group to support those suffering losses associated with financial or cybercrime. Graeme is an experienced conference speaker and cybercrime investigation educator, provider of training in a corporate environment and conducts post investigation analysis. He has a Doctorate of Information Technology focusing on computer security, computer networking, and cloud computing investigation strategies.   \u003c\/p\u003e\u003cp\u003eCybercrime can be immensely damaging to the reputation and the finances of target organizations. Yet cybercriminals are rarely investigated and prosecuted, an anomaly that gives them the freedom to wreak havoc. Investigators need to improve their capacity for tracking down the perpetrators of cybercrime so costly losses can be recouped and attackers held to account for their actions. Investigating cybercrimes also sends a message to stakeholders that an organization is serious about security—a crucial step in times of wavering loyalty in the wake of an attack. \u003c\/p\u003e\u003cp\u003eUntil now, there has been no front-line guide to investigating cyber attacks at the crime scene. Starting with the assumption that a cybercrime investigator's goal is to identify and locate the perpetrators, \u003ci\u003eCybercrime Investigators Handbook\u003c\/i\u003e elaborates an investigative methodology that should become indispensable to field practitioners. Author Graeme Edwards draws on decades of experience as a financial and cybercrime investigator with law enforcement to provide guidance on responding at the time of attack discovery, all the way through to evidence identification, collection, management and presentation in court. \u003c\/p\u003e\u003cp\u003eTracking down cybercriminals requires an understanding of the attacker's mind and motives, as well as the tools and techniques used to undertake a successful security breach. From there, professionals tasked with responding to attacks must be able to glean evidence from early alerts that something is amiss. This is fundamental background knowledge, and without it no investigation is likely to proceed smoothly. This book prepares investigators with the information they need to step into any crime scene with confidence, progress to identifying the source of the attack, and identify potential evidence leading to the identification of the attacker. \u003c\/p\u003e\u003cp\u003e\u003ci\u003eCybercrime Investigators Handbook\u003c\/i\u003e then delves into the many technical aspects of investigating cyber events. Readers will develop an understanding of how to manage crime scenes, access and read log files, understand criminals operating in online criminal markets via the dark web, and identifying and seizing cloud-based evidence. Although these topics are designed to facilitate in-depth investigation into cyber attacks, readers with non-technical backgrounds will appreciate the comprehensive glossary and concise lists designed to facilitate effective cyber security practices. \t   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eTHE ESSENTIAL PRACTITIONER'S GUIDE TO LOCATING CYBER ATTACKERS\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eIn the wake of a cyberattack, organizations are often in a state of chaos. Employees, stakeholders, and leadership are concerned for the future of the business and the potential fallout extending to their personal lives. Reputations and finances are equally at stake. In such an environment, taking action to identify the perpetrators of the crime is an important step toward reestablishing order and minimizing damage. \u003c\/p\u003e\u003cp\u003e\u003ci\u003eCybercrime Investigators Handbook\u003c\/i\u003e is a thorough guide to understanding cybercrime, identifying evidence, and locating criminals with the intent to prosecute and recover stolen data. Starting from the moment an attack is discovered and proceeding through the stages of commencing an investigation, managing the crime scene, and protecting evidence, this book walks you through each stage of the process using easy to understand non-technical language. \u003c\/p\u003e\u003cp\u003eInside, you'll find clear explanations of technical concepts needed to understand cyberattacks and track down their sources. This guide provides a complete set of instructions on navigating complex computer systems and the dark corners of the internet to bring cyber criminals to justice.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989018853605,"sku":"NP9781119596288","price":65.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119596288.jpg?v=1761782458","url":"https:\/\/k12savings.com\/es\/products\/cybercrime-investigators-handbook-isbn-9781119596288","provider":"K12savings","version":"1.0","type":"link"}