【文件属性】:
文件名称:Incident Response and Computer Forensics 2nd ed.7z
文件大小:9.34MB
文件格式:7Z
更新时间:2022-09-10 16:15:43
Incident Response Computer Forensics
INTRODUCTION
A
ccording to the Internet research firm comScore, goods and services
worthmorethan$17billionweresoldviatheInternetinthefirstquar-
ter of 2002. It has been our experience that wherever money goes,
crime follows. We have spent the last few years responding to incidents
where the number one goal of a computer crime was money. Nearly every
computer intrusion we have responded to was followed by credit card
fraud, extortion, or fraudulent purchases of merchandise by thieves who
had obtained valid customer credentials on e-commerce sites. It is highly
probable that these intrusions also led to identity theft. With enough infor-
mation about an individual, evildoers can manufacture false credentials
andattempttowithdrawmoneyfromanunwittingperson’sbankaccounts.
Today’s attackers are much more efficient and aggressive at seeking eco-
nomic gain than they have been in the past.
New regulations and standards are indirectly and directly influencing
an organization’s capability to respond to computer security incidents.
Therefore, we wrote this book to illustrate a professional approach to inves-
tigating computer security incidents in an effort to help organizations com-
ply with the new standards and regulatory requirements, as well as to
minimize losses.
xxv
Copyright 2003 by The McGraw-Hill Companies, Inc. Click Here for Terms of Use.
Duringaninvestigationofacomputersecurityincident,theuntrainedsystemadmin-
istrator, law enforcement officer, or computer security expert may accidentally destroy
valuable evidence or fail to discover critical clues of unlawful or unauthorized activity.
We have witnessed lack of education curtail too many efforts to apprehend external and
internal attackers.
We have also witnessed computer forensics evolve from an esoteric skill to a propri-
etary esoteric skill, with nearly every company that performs forensic analysis develop-
ing many of its own tools and not sharing them. Also, much of the forensic training is
availabletolawenforcementpersonnelonly,eventhoughmostoftheinitialresponsesto
securityincidentsarehandledbyyoureveryday,ordinary,overworkedsystemadminis-
trators. Therefore, this book provides detailed technical examples to demonstrate how to
conduct computer forensics and analysis. We also find that there are numerous online
publications and books that offer some structure and guidance to incident response, but
they are often scattered, outdated, or not quite applicable to our current challenges.
WHO SHOULD READ THIS BOOK
If you get a phone call at two in the morning because someone hacked your web page,
then this book is for you. If management asks you to find out whether or not another em-
ployee is sending proprietary secrets to a competitor, then this book is for you. If you re-
ceiveamessagefromapanickeduserthathermachinekeepscrashing,thisbookmightbe
for you. If you receive an email from a criminal extorting your organization, then this
bookisdefinitelyforyou.Thisbookwillprovideyouwithdetailed,legallysoundtechni-
cal responses if you need to:
M Investigate the theft of source code or proprietary information
I Investigate the theft of passsword files or credit information
I Investigate spam or email harassment and threats
I Investigate unauthorized or unlawful intrusions into computer systems
I Investigate denial-of-service attacks
I Provide forensic support of criminal, fraud, intelligence, and security
investigations
I Act as the focal point for your organization’s computer incident and computer
forensic matters
I Provide on-site assistance for computer search and seizures
L Adhere to new regulations, standards, and statutes that promote an incident
response capability
xxvi
Incident Response & Computer Forensics
EASY TO NAVIGATE WITH UNIQUE DESIGN ELEMENTS
Icons
The following icons represent headings you’ll see throughout the book:
What Can Happen
We briefly describe an incident that could happen. After each incident we show you how
to respond or where to look for the evidence, which also has its own special icon:
Where to Look for Evidence
Get right to finding the evidence if you want!
Law Enforcement Tip
This icon represents inside tips that law enforcement folks need to do that could benefit
corporate America.
Legal Issues
This icon alerts you to legal issues to consider when responding to an incident.
【文件预览】:
Incident Response and Computer Forensics 2nd ed. - C. Prosise, K. Mandia (2003) WW.pdf