This fascinating and highly topical subject has a history dating back to the secret world of 1970s Cold War espionage, when the US military and Central intelligence agencies, aided by the latest mainframe systems, were the first to use computer forensics techniques in counterintelligence. In the decades since, cybercrime has emerged from the obscurity of low-level prosecution evidence to become a serious cross-border crime issue, while cyberforensic investigators have moved on from drug, murder, and child pornography crimes that were facilitated by computers, and are now tackling headline-grabbing cyber bank robbery, identity theft, and corporate spying.

With little consensus as yet on the qualifications required to become a cyberforensic investigator, Cyberforensics: Understanding Information Security Investigations assembles the varying perspectives of pioneers and key figures in the field. All the authors have more than 10 years' experience in successfully investigating cybercrime, and some more than 20. Through real-life case studies the chapters introduce the reader to the field of cybersecurity, starting with corporate investigation, and progressing to analyze the issues in more detail. Taking us from accounting cyberforensics to unraveling the complexities of malware, the contributors explain the tools and techniques they use in a manner that allows us to map their methodology into a more generic understanding of what a cybersecurity investigation really is. Above all, Cyberforensics shows that there is a cohesive set of concepts that binds cybersecurity investigators to a shared vision. These core ideas are now gaining importance as a body of knowledge that cyberforensics professionals agree should be a prerequisite to the professional practice of information security.

---

Cyberforensics is a fairly new word in the technology our industry, but one that n- ertheless has immediately recognizable meaning. Although the word forensics may have its origins in formal debates using evidence, it is now most closely associated with investigation into evidence of crime. As the word cyber has become synonymous with the use of electronic technology, the word cyberforensics bears no mystery. It immediately conveys a serious and concentrated endeavor to identify the evidence of crimes or other attacks committed in cyberspace. Nevertheless, the full implications of the word are less well understood. Cyberforensic activities remain a mystery to most people, even those fully immersed in the design and operation of cyber te- nology. This book sheds light on those activities in a way that is comprehensible not only to technology professionals but also to the technology hobbyist and those simply curious about the ?eld. When I started contributing to the ?eld of cybersecurity, it was an obscure ?eld, rarely mentioned in the mainstream media. According to the FBI, by 2009 organized crime syndicates were making more money via cybercrime than in drug traf?- ing. In spite of the rise in cybercrime and the advance of sophisticated threat actors online, the cyber security profession continues to lag behind in its ability to inves- gate cybercrime and understand the root causes of cyber attacks. In the late 1990s I worked to respond to sophisticated attacks as part of the U. S.