Cyber Forensics
Examining Emerging and Hybrid Technologies
- 336 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
About This Book
Threat actors, be they cyber criminals, terrorists, hacktivists or disgruntled employees, are employing sophisticated attack techniques and anti-forensics tools to cover their attacks and breach attempts. As emerging and hybrid technologies continue to influence daily business decisions, the proactive use of cyber forensics to better assess the risks that the exploitation of these technologies pose to enterprise-wide operations is rapidly becoming a strategic business objective. This book moves beyond the typical, technical approach to discussing cyber forensics processes and procedures. Instead, the authors examine how cyber forensics can be applied to identifying, collecting, and examining evidential data from emerging and hybrid technologies, while taking steps to proactively manage the influence and impact, as well as the policy and governance aspects of these technologies and their effect on business operations.
A world-class team of cyber forensics researchers, investigators, practitioners and law enforcement professionals have come together to provide the reader with insights and recommendations into the proactive application of cyber forensic methodologies and procedures to both protect data and to identify digital evidence related to the misuse of these data. This book is an essential guide for both the technical and non-technical executive, manager, attorney, auditor, and general practitioner who is seeking an authoritative source on how cyber forensics may be applied to both evidential data collection and to proactively managing today's and tomorrow's emerging and hybrid technologies. The book will also serve as a primary or supplemental text in both under- and post-graduate academic programs addressing information, operational and emerging technologies, cyber forensics, networks, cloud computing and cybersecurity.
Frequently asked questions
Information
Chapter 1 Cyber forensics
Compliance and auditing
Contents
- Introduction
- Cyber Forensics Event Timeline
- Why Is Cyber Forensics Important?
- Cyber Forensics and Today’s Auditing Profession
- Cyber Forensics: A Timeline of Significant Contributions
- Cyber Forensics: Solving Digital Crimes One Byte at a Time
- Future Challenges for Cyber Forensics
- Cyber Forensics Relevant Laws and Regulations
- Computer Fraud and Abuse Act (CFAA)
- Cybercrime federal legislation – evolution
- State Legislation
- Hacking Laws and Punishments
- Definition of hacking and types of hackers
- Federal hacking laws
- Hacking laws: State laws
- Cyber Forensics Policies and Controls
- Policies
- Guidelines and procedures
- Performing the Forensic Process
- Phase 1 – Data collection
- Phase 2 – Examination
- Phase 3 – Analysis
- Phase 4 – Reporting
- Quality Standards for Digital Forensics
- Management Standards
- Workforce Standards
- Cyber Forensic Certifications
- CFCE – Certified Forensic Computer Examiner
- CHFI – Computer Hacking Forensic Investigator
- GCFA – GIAC Certified Forensic Analyst
- GCFE – GIAC Certified Forensic Examiner
- CCE – Certified Computer Examiner
- Certifications Compared: GCFE vs. CFCE vs. CCE
- Vendor-specific Certifications
- EnCase Certified Examiner (EnCE) Certification Program
- Best Digital Forensics Certifications
- The Role of Audit in Cyber Forensics
- External audit’s role in cyber forensics
- Internal audit
- Cyber Forensics Case Studies
- Eminent Cases Solved with Digital Forensics
- Summary
- Notes
Introduction
- The definition of compliance is: ‘the action of complying with a command,” or “the state of meeting rules or standards.’ In the corporate world, it’s defined as the process of making sure your company and employees follow all laws, regulations, standards, and ethical practices that apply to your organization and industry 1
- Financial Auditing:The process of verifying a company’s financial information. An auditor examines a company’s accounting books and records in order to determine whether the company is following appropriate accounting procedures. An auditor issues an opinion in a report that says whether the financial statements “present fairly” the company’s financial position and its operational results in accordance with Generally Accepted Accounting Principles (GAAP).2
- Operational Auditing:An independent review and examination of records and activities to assess the adequacy of operational controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures.3
- Information Technology Auditing:An independent review and examination of system records and activities in order to test the adequacy and effectiveness of data security and data integrity procedures, to ensure compliance with established policy and operational procedures, and to recommend any necessary changes.4
- Definition of Internal Auditing:Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.5
- Definition of External Auditing:External auditing is an independent function outside of the organization that assesses the financial and risk associated aspects in order to comply with statutory audit requirements. The main role of external audit is to provide an opinion whether the company financial statements present a true and fair view of the company’s financial results. The external audit function is managed by the external auditor, who in the United States is typically a Certified Public Accountant.6
Basis for comparison | Auditing | Investigation |
---|---|---|
Meaning | The process of inspecting the books of accounts of an entity and reporting on it is known as Auditing. | An inquiry conducted for establishing a specific fact or truth is known as Investigation. |
Nature | General Examination | Critical and in-depth examination |
Evidences | The evidences are persuasive in nature. | The evidences are unquestionable; therefore, its nature is decisive. |
Time Horizon | Annually | As per requirement |
Performed by | Certified Public Accountant or Chartered Accountant | Experts |
Reporting | General Purpose | Confidential |
Obligatory | Yes | No |
Appointment | An auditor is appointed by the shareholders of the company. | The management or shareholders or a third party can appoint investigator. |
Scope | Seeks to form an opinion on financial statements. | Seeks to answer the questions that are asked in the engagement letter. |
Cyber Forensics Event Timeline
Date | Threat Actor | Description |
---|---|---|
Early 1970s | Bob Thomas | Thomas wrote the ‘Creeper,’ a self-replicating program that used ARAPNET to infect DEC PDP-10 computer and display the message, ‘I’m the creeper, catch me if you can!’ |
1976–2006 | Greg Chung Boeing Corporation | Chung stole $2 billion (US) worth of aerospace docs and gave them to China. 225,000 pages of sensitive material were recovered in his home. This was one of the largest insider attacks in history with malicious intent to supply China with proprietary military and spacecraft intel. |
2013 | Edward Snowden | Former CIA employee and contractor for the US government copied and leaked classified information from the National Security Agency. |
2013–2014 | Unknown | Largest Data Breach. Yahoo reported a breach by a group of hackers that jeopardized the accounts of all 3 billion users. Everything from names to passwords and security question answers were compromised. Yahoo failed to report this breach until 2016 and was fined $35 million by the SEC for failure to disclose the breach in a timely manner. |
2015 | Unknown | The US Office of Personne... |
Table of contents
- Cover
- Half Title
- Title Page
- Copyright Page
- Dedication
- Contents
- Preface
- Acknowledgements
- Editor
- Contributors
- Chapter 1 Cyber forensics: Compliance and auditing
- Chapter 2 IoT and the role of cyber forensics
- Chapter 3 Cyber forensics: Examining commercial Unmanned Aircraft Systems (UASs) and Unmanned Aerial Vehicles (UAVs)
- Chapter 4 Cloud forensics
- Chapter 5 Forensics of the digital social triangle with an emphasis on Deepfakes
- Chapter 6 Operational technology, industrial control systems, and cyber forensics
- Chapter 7 Cyber forensics and risk management
- Chapter 8 Mobile device forensics: An introduction
- Chapter 9 Forensic accounting and the use of E-discovery and cyber forensics
- Chapter 10 Cyber forensic tools and utilities
- Index