| Foreword | p. xi |
| Preface | p. xvii |
| Acknowledgments | p. xix |
| Disclaimer | p. xxi |
| Computer Crime, Computer Forensics, and Computer Security | p. 1 |
| Introduction | p. 1 |
| Human behavior in the electronic age | p. 4 |
| The nature of computer crime | p. 6 |
| Establishing a case in computer forensics | p. 12 |
| Computer forensic analysis within the forensic tradition | p. 14 |
| The nature of digital evidence | p. 21 |
| Retrieval and analysis of digital evidence | p. 23 |
| Sources of digital evidence | p. 27 |
| Legal considerations | p. 29 |
| Computer security and its relationship to computer forensics | p. 31 |
| Basic communications on the Internet | p. 32 |
| Computer security and computer forensics | p. 35 |
| Overview of the following chapters | p. 37 |
| References | p. 39 |
| Current Practice | p. 41 |
| Introduction | p. 41 |
| Electronic evidence | p. 42 |
| Secure boot, write blockers and forensic platforms | p. 44 |
| Disk file organization | p. 46 |
| Disk and file imaging and analysis | p. 49 |
| File deletion, media sanitization | p. 57 |
| Mobile telephones, PDAs | p. 59 |
| Discovery of electronic evidence | p. 61 |
| Forensic tools | p. 63 |
| EnCase | p. 67 |
| ILook Investigator | p. 69 |
| CFIT | p. 72 |
| Emerging procedures and standards | p. 76 |
| Seizure and analysis of electronic evidence | p. 77 |
| National and international standards | p. 86 |
| Computer crime legislation and computer forensics | p. 90 |
| Council of Europe convention on cybercrime and other international activities | p. 90 |
| Carnivore and RIPA | p. 94 |
| Antiterrorism legislation | p. 98 |
| Networks and intrusion forensics | p. 103 |
| References | p. 104 |
| Computer Forensics in Law Enforcement and National Security | p. 113 |
| The origins and history of computer forensics | p. 113 |
| The role of computer forensics in law enforcement | p. 117 |
| Principles of evidence | p. 121 |
| Jurisdictional issues | p. 123 |
| Forensic principles and methodologies | p. 123 |
| Computer forensics model for law enforcement | p. 128 |
| Computer forensic--secure, analyze, present (CFSAP) model | p. 128 |
| Forensic examination | p. 133 |
| Procedures | p. 133 |
| Analysis | p. 143 |
| Presentation | p. 146 |
| Forensic resources and tools | p. 147 |
| Operating systems | p. 147 |
| Duplication | p. 149 |
| Authentication | p. 152 |
| Search | p. 153 |
| Analysis | p. 154 |
| File viewers | p. 159 |
| Competencies and certification | p. 160 |
| Training courses | p. 163 |
| Certification | p. 164 |
| Computer forensics and national security | p. 164 |
| National security | p. 165 |
| Critical infrastructure protection | p. 167 |
| National security computer forensic organizations | p. 168 |
| References | p. 169 |
| Computer Forensics in Forensic Accounting | p. 175 |
| Auditing and fraud detection | p. 175 |
| Detecting fraud--the auditor and technology | p. 176 |
| Defining fraudulent activity | p. 177 |
| What is fraud? | p. 178 |
| Internal fraud versus external fraud | p. 180 |
| Understanding fraudulent behavior | p. 183 |
| Technology and fraud detection | p. 184 |
| Data mining and fraud detection | p. 187 |
| Digit analysis and fraud detection | p. 188 |
| Fraud detection tools | p. 189 |
| Fraud detection techniques | p. 190 |
| Fraud detection through statistical analysis | p. 191 |
| Fraud detection through pattern and relationship analysis | p. 200 |
| Dealing with vagueness in fraud detection | p. 204 |
| Signatures in fraud detection | p. 205 |
| Visual analysis techniques | p. 206 |
| Link or relationship analysis | p. 207 |
| Time-line analysis | p. 209 |
| Clustering | p. 210 |
| Building a fraud analysis model | p. 211 |
| Stage 1: Define objectives | p. 212 |
| Stage 2: Environmental scan | p. 214 |
| Stage 3: Data acquisition | p. 215 |
| Stage 4: Define fraud rules | p. 216 |
| Stage 5: Develop analysis methodology | p. 217 |
| Stage 6: Data analysis | p. 217 |
| Stage 7: Review results | p. 218 |
| References | p. 219 |
| Appendix 4A | p. 221 |
| Case Studies | p. 223 |
| Introduction | p. 223 |
| The case of "Little Nicky" Scarfo | p. 223 |
| The legal challenge | p. 225 |
| Keystroke logging system | p. 226 |
| The case of "El Griton" | p. 229 |
| Surveillance on Harvard's computer network | p. 230 |
| Identification of the intruder: Julio Cesar Ardita | p. 231 |
| Targets of Ardita's activities | p. 232 |
| Melissa | p. 236 |
| A word on macro viruses | p. 236 |
| The virus | p. 237 |
| Tracking the author | p. 239 |
| The World Trade Center bombing (1993) and Operation Oplan Bojinka | p. 242 |
| Other cases | p. 244 |
| Testing computer forensics in court | p. 244 |
| The case of the tender document | p. 248 |
| References | p. 253 |
| Intrusion Detection and Intrusion Forensics | p. 257 |
| Intrusion detection, computer forensics, and information warfare | p. 257 |
| Intrusion detection systems | p. 264 |
| The evolution of IDS | p. 264 |
| IDS in practice | p. 267 |
| IDS interoperability and correlation | p. 274 |
| Analyzing computer intrusions | p. 276 |
| Event log analysis | p. 278 |
| Time-lining | p. 280 |
| Network security | p. 285 |
| Defense in depth | p. 285 |
| Monitoring of computer networks and systems | p. 288 |
| Attack types, attacks, and system vulnerabilities | p. 295 |
| Intrusion forensics | p. 303 |
| Incident response and investigation | p. 303 |
| Analysis of an attack | p. 306 |
| A case study--security in cyberspace | p. 308 |
| Future directions for IDS and intrusion forensics | p. 310 |
| References | p. 312 |
| Research Directions and Future Developments | p. 319 |
| Introduction | p. 319 |
| Forensic data mining--finding useful patterns in evidence | p. 323 |
| Text categorization | p. 327 |
| Authorship attribution: identifying e-mail authors | p. 331 |
| Association rule mining--application to investigative profiling | p. 335 |
| Evidence extraction, link analysis, and link discovery | p. 339 |
| Evidence extraction and link analysis | p. 340 |
| Link discovery | p. 343 |
| Stegoforensic analysis | p. 345 |
| Image mining | p. 349 |
| Cryptography and cryptanalysis | p. 355 |
| The future--society and technology | p. 360 |
| References | p. 364 |
| Acronyms | p. 369 |
| About the Authors | p. 379 |
| Index | p. 383 |
| Table of Contents provided by Ingram. All Rights Reserved. |
![Cocktail Codex : Fundamentals, Formulas, Evolutions [A Cocktail Recipe Book] - David Kaplan](https://www.booktopia.com.au/covers/200/9781607749707/null/cocktail-codex.jpg)
