DOCSLIB.ORG

Computer Forensics

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Computer Forensics COMPUTER FORENSICS COMPUTER FORENSICS AN ESSENTIAL GUIDE FOR ACCOUNTANTS,LAWYERS, AND MANAGERS MICHAEL SHEETZ JOHN WILEY &SONS,INC. This book is printed on acid-free paper. Copyright 2007 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-646-8600, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print, however, may not be available in electronic format. For more information about Wiley products, visit our Web site at http://www.wiley.com. Library of Congress Cataloging-in-Publication Data: Sheetz, Michael. Computer forensics : an essential guide for accountants, lawyers, and managers / Michael Sheetz. p. cm. Includes index. ISBN: 978-0-471-78932-1 (cloth) 1. Computer crimes–Investigation. I. Title. HV8079.C65S44 2007 363.25–dc22 2006030331 Printed in the United States of America. 10987654321 This book is dedicated to my mother and father, whose love and encouragement have given me the confidence to dare to dream, and to the memory of my grandfather, Benjamin Franklin Sheetz. His love of the written word lives on in me. CONTENTS Introduction xi Acknowledgments xvii 1 A Definition of Computer Forensics 1 Introduction 1 Forensic Science 2 History of Computer Forensics 2 World Wide Web 5 Hacker Community 6 Conclusion 10 Notes 11 Suggested Reading 12 2 Basics of Computer Forensic Concepts 13 Introduction 13 Understanding Digital Evidence 14 Input 15 Storage 15 Processing 16 What Computer Data Is 17 Output 23 Conclusion 24 Notes 24 Suggested Reading 24 3 Preservation and Collection of Digital Evidence 25 Introduction 25 Rules of Evidence 26 Preservation 27 Collection 30 Conclusion 36 Note 37 Suggested Reading 37 vii viii CONTENTS 4 Analysis of Digital Evidence 38 Introduction 38 Forensic Analysis 39 Conclusion 50 Notes 50 Suggested Reading 51 5 Reporting and Rendering the Opinion 52 Introduction 52 Preparing the Report 53 Presentation 57 Trial Process 57 Conclusion 64 Suggested Reading 65 6 Computer Attacks 66 Hackers and Phreakz Oh My 66 Hackers: Unauthorized Use and Trespassing 66 Wireless Hacking 71 Malware 75 Attacks from the Inside 79 Conclusion 85 Notes 86 Suggested Reading 87 7 Computers as Tools for Evil 88 Introduction 88 Computers and Crime 88 Identity Theft 89 Concealment 96 Auction Fraud and Retail Cons 97 Counterfeiting and Forgery 100 Prostitution 100 Securities Fraud 101 Conclusion 105 Notes 105 CONTENTS ix 8 Computer Tools and the Forensic Examination 108 Introduction 108 Assuming Control of the Case 109 Understanding the Case 109 Evaluating the Evidence 110 Examining the ‘‘Live’’ System 110 Collecting Data from a Dead System 116 Imaging the Drive 118 Data Extraction 120 Data Analysis 122 Conclusion 125 Notes 126 9 Presenting Digital Evidence in Court 127 Introduction 127 Evidence 128 Types of Evidence 129 Expert Witnesses 131 Legal Requirements of Evidence 132 Search and Seizure 137 Conclusion 142 Notes 143 Index 145 INTRODUCTION In today’s world, few areas of our lives remain untouched by high-tech gad- gets and computers. From our automobiles to the ubiquity of e-mail, the world of bits and bytes has overtaken every phase of our lives. While this ceaseless march of the tide of technology has brought wonderful benefits, as with all gains humankind has experienced, it also has brought some side effects. Although our efficiency has increased, so have the demands for our time. Not only must we learn to multitask, but we must be available 24 hours a day. Tethered to our cell phones, personal digital assistants, and palm-top computers with twenty-first-century umbilical cords, loved ones and cowork- ers alike experience withdrawal symptoms and panic attacks if their calls and e-mails remain unanswered for more than 10 minutes. Arguably nowhere has this technological onslaught had a greater impact than in the business world. E-mail, the World Wide Web, and corporate intranets have insinuated themselves into nearly every business. From the mom-and-pop market, which has a digital storefront to augment its brick-and- mortar operation, to the Fortune 500 multinational whose communications hub depends on the infrastructure of the network we call the Internet, digital traffic directs our lives—occasionally into unsightly rush-hour snarls. For the average person, the pervasiveness of computers and digital technol- ogy is little more than either a convenience or an inconvenience, depending on which side of the digital fence you sit. For others, such as managers, accountants, and lawyers, digital technology signifies much more than that; it signifies a change in the way we look at information. The “paperless office” and “electronic discovery” are only two of the many phrases that have arisen with the growth of computers, and both bring with them some very serious managerial problems. For the manager seeking to streamline and reduce costs, the paperless office might, at first glance, seem like the ideal solution to growing storage problems. Likewise, electronic discovery and the instantaneous exchange of digital evidence sound like every lawyers’ dream—at least at first blush. In reality, hidden difficulties in both areas can blindside professionals and result in tremendously higher costs. These hidden costs, the land mines of the information age, while mere speed bumps to some, are career-ending hurdles for others. What separates xi xii INTRODUCTION the two is the knowledge of the abilities and limitations of the medium. As an example, let us examine the manager who is weighing the decision to go paperless. On the plus side, there are the obvious benefits of reduced storage space, decreased access time, and, depending on implementation method- ology, reduced clerical staff. However, the digitally uninitiated may have overlooked the risks involved. One very serious risk is security. While access to paper documents such as credit memos and invoices in the traditional office is most often restricted by walls, doors, and metal filing cabinets, the cyberworld lacks those con- ventional security devices. Instead, things such as firewalls, passwords, and encryption technology stand in the way of unauthorized access. Both meth- ods can be equally secure, and both are vulnerable in their own particular ways. However, most managers understand the weaknesses and vulnerabili- ties of their physical security assets. Many do not have the same fundamental understanding of the limitations of the digital equivalent. For the attorney, the situation is similar. In a traditional plaintiff’s per- sonal injury firm, many cases follow similar schedules and proceed along the same path. One of the steps in this path is the discovery phase. Discovery is essentially where both sides learn as much about the opponent’s case as possible. While at first a counterintuitive concept in an adversarial legal sys- tem, the underlying rationale of truth seeking ultimately is supported by the put-your-cards-on-the-table process. At its heart, the discovery process involves the exchange of information by both sides. In the early days of electronic discovery (e-discovery), electronic communications wrought havoc on some firms—in part due to both the lawyer’s and the client’s lack of an understanding of the technology. Some of these difficulties centered on the interoffice memo. In the traditional office, memos circulate, get filed, and may ultimately get shredded. This is not necessarily the case in a paperless environment. Misunderstanding the permanence of e-mail memos, many firms over- looked the persistent existence of such communications on corporate servers, company Web sites, and even employee desktops. More than one case was doomed by the existence of the “smoking gun” memo in electronic form somewhere on the client’s computer infrastructure. As e-discovery became more common, a second issue emerged: informa- tion overload. Depending on the case, demands for production can constitute a sizable portion of the discovery process. In a demand for production, one side, usually the plaintiff’s, will demand the other side produce evidence, usually documents, that tend to support its theory of the case. In traditional practice, things such as memos, correspondence, personnel evaluations, and INTRODUCTION xiii the like were photocopied and turned over the demanding party.
Load more

Recommended publications
  • Paradise Lost , Book III, Line 18
    _Paradise Lost_, book III, line 18 %%%%%%%%%%%%%%%%%%%%%%%% ++++++++++Hacker's Encyclopedia++++++++ ===========by Logik Bomb (FOA)======== <http://www.xmission.com/~ryder/hack.html> ---------------(1997- Revised Second Edition)-------- ##################V2.5################## %%%%%%%%%%%%%%%%%%%%%%%% "[W]atch where you go once you have entered here, and to whom you turn! Do not be misled by that wide and easy passage!" And my Guide [said] to him: "That is not your concern; it is his fate to enter every door. This has been willed where what is willed must be, and is not yours to question. Say no more." -Dante Alighieri _The Inferno_, 1321 Translated by John Ciardi Acknowledgments ---------------------------- Dedicated to all those who disseminate information, forbidden or otherwise. Also, I should note that a few of these entries are taken from "A Complete List of Hacker Slang and Other Things," Version 1C, by Casual, Bloodwing and Crusader; this doc started out as an unofficial update. However, I've updated, altered, expanded, re-written and otherwise torn apart the original document, so I'd be surprised if you could find any vestiges of the original file left. I think the list is very informative; it came out in 1990, though, which makes it somewhat outdated. I also got a lot of information from the works listed in my bibliography, (it's at the end, after all the quotes) as well as many miscellaneous back issues of such e-zines as _Cheap Truth _, _40Hex_, the _LOD/H Technical Journals_ and _Phrack Magazine_; and print magazines such as _Internet Underground_, _Macworld_, _Mondo 2000_, _Newsweek_, _2600: The Hacker Quarterly_, _U.S. News & World Report_, _Time_, and _Wired_; in addition to various people I've consulted.
    [Show full text]
  • Epub Books Masters of Deception: the Gang That Ruled Cyberspace
    Epub Books Masters Of Deception: The Gang That Ruled Cyberspace From the bedroom terminals of teenagers isolated from their peers by their hyperactive intellects, to the nerve center of a nationwide long-distance phone company infiltrated by a hacker's hand, Masters of Deception offers an unprecedented tour of the murkiest reaches of the electronic frontier and a trenchant, blow-by-blow chronicle of the most notorious gang war in cyberspace. In 1989, Paul Stira and Eli Ladopoulos, two teenage hackers from Queens, New York, made some exploratory forays into local phone-company computers and discovered a domain far more mysterious and appealing than any they had ever seen. To unravel the mysteries, they contacted Phiber Optik (aka Mark Abene) - a member of an infamous gang of crack hackers called the Legion of Doom. Phiber Optik was legendary throughout cyberspace for his wealth of hard-won knowledge about the phone system. When he was satisfied that Stira and Ladopoulos weren't a couple of lamers, the three kids arranged a meeting of the minds in Ladopoulos's bedroom.When Phiber Optik got kicked out of LOD after a tiff with its leader, Erik Bloodaxe (aka Chris Goggans), the New York kids formed a rival gang called Masters of Deception. MOD soon matched LOD's notoriety, gaining a reputation for downloading confidential credit histories (including Geraldo Rivera's, David Duke's, and a rival hacker's mom's), breaking into private computer files, and rewiring phone lines. All the while, federal agents were secretly monitoring this highly illegal battle royal and closing in for the kill.Slatalla and Quittner, who have followed this case for five years, lead us down the darkest alleys of cyberspace and up to the front lines of the raging battle over just who will control the web that already connects everyone to everybody else.
    [Show full text]
  • Intitle: Search for the Text in the Title of the Websites
    Ketabton.com (c)Hacking ketabton.com: For The Beginners Digital Library – Manthan Desai 2010 Legal Disclaimer Any proceedings and or activities related to the material contained within this book are exclusively your liability. The misuse and mistreat of the information in this book can consequence in unlawful charges brought against the persons in question. The authors and review analyzers will not be held responsible in the event any unlawful charges brought against any individuals by misusing the information in this book to break the law. This book contains material and resources that can be potentially destructive or dangerous. If you do not fully comprehend something on this book, don‘t study this book. Please refer to the laws and acts of your state/region/ province/zone/territory or country before accessing, using, or in any other way utilizing these resources. These materials and resources are for educational and research purposes only. Do not attempt to violate the law with anything enclosed here within. If this is your intention, then leave now. While using this book and reading various hacking tutorials, you agree to follow the below mentioned terms and conditions: 1. All the information provided in this book is for educational purposes only. The book author is no way responsible for any misuse of the information. 2. "Hacking for Beginners” is just a term that represents the name of the book and is not a book that provides any illegal information. “Hacking for Beginners” is a book related to Computer Security and not a book that promotes hacking/cracking/software piracy.
    [Show full text]
  • A Brief History of Computer Crime: an Introduction for Students M
    A Brief History of Computer Crime: An Introduction for Students M. E. Kabay, PhD, CISSP-ISSMP Program Director, MSIA School of Graduate Studies Norwich University Contents 2.1 WHY STUDY HISTORICAL RECORDS? .............................................................................. 3 2.2 OVERVIEW ........................................................................................................................ 4 2.3 1960s & 1970s: SABOTAGE ................................................................................................ 5 2.3.1 Direct Damage to Computer Centers ............................................................................. 5 2.3.2 1970-1972: Albert the Saboteur ..................................................................................... 7 2.4 IMPERSONATION .............................................................................................................. 9 2.4.1 1970: Jerry Neal Schneider ........................................................................................... 9 2.4.2 1980-2003: Kevin Mitnick .............................................................................................. 9 2.4.3 Credit Card Fraud ...................................................................................................... 11 2.4.4 Identity Theft Rises .................................................................................................... 13 2.5 PHONE PHREAKING .......................................................................................................
    [Show full text]