DR. GRAEME EDWARDS, CFE, has been a cybercrime investigator with the Queensland Police Service Financial and Cyber Crime Group and has worked on numerous successful criminal investigations involving local and international jurisdictions. He facilitated the creation of the Victims of Financial Crimes Support Group to support those suffering losses associated with financial or cybercrime. Graeme is an experienced conference speaker and cybercrime investigation educator, provider of training in a corporate environment and conducts post investigation analysis. He has a Doctorate of Information Technology focusing on computer security, computer networking, and cloud computing investigation strategies.
List of Figures xi
About the Author xiii
Foreword xv
Acknowledgments xvii
Chapter 1: Introduction 1
Chapter 2: Cybercrime Offenses 9
Potential Cybercrime Offenses 11
Cybercrime Case Study 26
Notes 26
Chapter 3: Motivations of the Attacker 29
Common Motivators 30
Cybercrime Case Study I 33
Cybercrime Case Study II 34
Note 35
Chapter 4: Determining That a Cybercrime is Being Committed 37
Cyber Incident Alerts 38
Attack Methodologies 41
Cybercrime Case Study I 44
Cybercrime Case Study II 44
Notes 45
Chapter 5: Commencing a Cybercrime Investigation 47
Why Investigate a Cybercrime? 47
The Cyber Investigator 48
Management Support 48
Is There a Responsibility to Try to Get the Data Back? 50
Cybercrime Case Study 51
Notes 52
Chapter 6: Legal Considerations When Planning an Investigation 53
Role of the Law in a Digital Crimes Investigation 54
Protecting Digital Evidence 55
Preservation of the Chain of Custody 56
Protection of Evidence 59
Legal Implications of Digital Evidence Collection 60
Cybercrime Case Study 63
Note 63
Chapter 7: Initial Meeting with the Complainant 65
Initial Discussion 65
Complainant Details 68
Event Details 68
Cyber Security History 69
Scene Details 70
Identifying Offenses 71
Identifying Witnesses 71
Identifying Suspects 71
Identifying the Modus Operandi of Attack 72
Evidence: Technical 73
Evidence: Other 74
Cybercrime Case Study 74
Chapter 8: Containing and Remediating the Cyber Security Incident 77
Containing the Cyber Security Incident 77
Eradicating the Cyber Security Incident 80
Note 82
Chapter 9: Challenges in Cyber Security Incident Investigations 83
Unique Challenges 84
Cybercrime Case Study 91
Chapter 10: Investigating the Cybercrime Scene 93
The Investigation Team 96
Resources Required 101
Availability and Management of Evidence 104
Technical Items 105
Scene Investigation 123
What Could Possibly Go Wrong? 152
Cybercrime Case Study I 155
Cybercrime Case Study II 156
Notes 158
Chapter 11: Log File Identification, Preservation, Collection, and Acquisition 159
Log Challenges 160
Logs as Evidence 161
Types of Logs 162
Cybercrime Case Study 164
Notes 165
Chapter 12: Identifying, Seizing, and Preserving Evidence from Cloud-Computing Platforms 167
What is Cloud Computing? 167
What is the Relevance to the Investigator? 172
The Attraction of Cloud Computing for the Cybercriminal 173
Where is Your Digital Evidence Located? 174
Lawful Seizure of Cloud Digital Evidence 175
Preservation of Cloud Digital Evidence 177
Forensic Investigations of Cloud-Computing Servers 178
Remote Forensic Examinations 182
Cloud Barriers to a Successful Investigation 196
Suggested Tips to Assist Your Cloud-Based Investigation 203
Cloud-Computing Investigation Framework 206
Cybercrime Case Study 219
Notes 221
Chapter 13: Identifying, Seizing, and Preserving Evidence from Internet of Things Devices 225
What is the Internet of Things? 225
&n
