ebook img

Investigative Computer Forensics: The Practical Guide for Lawyers, Accountants, Investigators, and Business Executives PDF

231 Pages·2013·2.398 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Investigative Computer Forensics: The Practical Guide for Lawyers, Accountants, Investigators, and Business Executives

Investigative Computer Forensics The Practical Guide for Lawyers, Accountants, Investigators, and Business Executives ERIK LAYKIN, CHFI, CEDS Cover image: © Grzegorz Wolczyk/iStockphoto Cover design: John Wiley & Sons, Inc. Copyright © 2013 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on- demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com. Library of Congress Cataloging-in-Publication Data: Laykin, Erik. Investigative computer forensics : the practical guide for lawyers, accountants, investigators, and business executives / Erik Laykin, CHFI, CEDS. pages cm Includes index. ISBN 978-0-470-93240-7 (hbk.) — ISBN 978-1-118-22141-9 (ePDF) (print) — ISBN 978-1-118-25988-7 (Mobi) (print) — ISBN 978-1-118-23522-5 (ePub) (print) — ISBN 978-1-118-57211-5 (o-Book) (print) 1. Computer crimes—Investigation. 2. Computer security. 3. Fraud investigation. 4. Corporations—Corrupt practices. I. Title. HV8079.C65L395 2013 363.25’968—dc23 2012038779 Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 In memory of Melinda Laykin Brun Esq. (1942–2005), senior trial counsel for the State of California Department of Corporations, and known in the courtroom as “The Battleship.” A fierce fighter for the underdog, an advocate for victims, and an electronic data visionary who gave me the gift of inspiration to enter the field of computer forensics during its nascent days. Contents Foreword ix Preface xi Acknowledgments xv Author’s Note xvii INTRODUCTION Investigative Computer Forensics 1 Changes in Technology 1 Changes in the Role of the Investigator 2 What Is Computer Forensics? 4 CHAPTER 1 The Glue 7 The Relevancy of Truth 8 Foundations of Digital Evidence 9 Investigative Objectives 11 The Investigative Process 11 Trust 13 Privacy 14 CHAPTER 2 A Primer on Computers and Networks 17 The Mechanics of Electronically Stored Information 19 Optical Drives 25 The Server 27 The Router 30 Application Data 32 v vi Contents Metadata 35 Databases 37 E-mail Mechanics 41 The IP Address 43 Computer Time Artifacts 45 Social Media 45 Tablets 48 Cellular Telephones and Smartphones 50 Audio and Video 52 The Global Nervous System: Worldwide Data 54 Fundamentals of Network Traffic 58 The Firewall 59 Data- and Traffic-Gathering Applications 61 Dynamic Data Capture 63 The Cloud 65 International Data Security and Privacy Issues 67 CHAPTER 3 Computer Forensic Fundamentals 69 The Establishment of the Computer Forensic Laboratory 69 Evidence and Access Controls 73 The Forensic Workstation 79 Current Tools and Services 86 Building a Team and a Process 94 Computer Forensic Certifications 98 The Human Quotient 98 The Devil Is in the Details 124 CHAPTER 4 Investigative Fundamentals 127 The Investigative Mind-Set 127 Case Management 128 Fraud and Investigative Analysis 129 Information Sources and Records 130 Investigative Techniques 130 Surveillance and Interviewing 132 Trade Secret Theft and IP Investigations 133 Contents vii Human Resources and Interpersonal Investigations 134 Reporting and Testifying 136 CHAPTER 5 The Underpinnings of Investigative Computer Forensics 139 Seizure and Examination of Digital Evidence 140 Data Classification and Records Management 140 Deleted Data 143 Backups and Systems Preservation 145 Computer Crime Analysis and Reconstruction 147 The Who, What, Where, How of Data 149 Contracts Agreements, Third Parties, and Other Headaches 154 Ethics and Management 155 CHAPTER 6 Tactical Objectives and Challenges in Investigative Computer Forensics 157 Preparing for the Attack 158 Early Case Assessment 159 Investigative Pacing, Timing, and Setting Expectations 160 Working with Multinational Teams 161 Collections of Electronic Data in the Cloud and in Social Media 162 Investigating Internet Service Provider Records 164 Bridging the Actual World with the Cyberworld 165 Packaging the Findings 165 CHAPTER 7 The Cyber-Firefighters 167 Incident Response Fundamentals 167 Data Breaches 170 Theft and Fraud 172 Systems Failures 172 Internal Investigations 173 The Real-Time Predicament 175 Building a Global Resource Network 175 viii Contents Honeypots and Other Attractive Intel-Gathering Targets 176 Databases and Structured Data 178 Organized Crime in the Cyber-Underworld 178 The Cyber-Underworld in Various Regions 179 State-Sponsored Cybercrime 181 Identity Theft 182 Intellectual Property and Trade Secret Theft 183 Botnets, Malware, Trojans, and Phishing 184 Data Breach Vulnerabilities 185 Hackers and Their Environment 186 CHAPTER 8 E-Discovery Responsibilities 189 Data Identification 189 Electronic Discovery Reference Model 190 E-Discovery Stages 192 Common E-Discovery and Foreign Data Challenges 196 Tools, Services, and Technologies 199 Emerging E-Discovery Realities 202 European and Asian Observations 205 Digital Evidence in the Courtroom 207 CHAPTER 9 The Future 209 Privacy and the Data Ecosystem 209 Access Controls and the Evolution of Trust 211 Global Communications Systems in the Cloud 211 Nanotechnology and Cognitive Computing 212 Digital Demographics and the Emerging Global Citizen 212 Extra-National Investigative Networks and the Information Union 214 Zero Day Forensics 214 Concluding Thoughts 215 About the Author 217 Index 219 Foreword Over the course of a 25‐year career in corporate investigations that have required my expertise in places as diverse as San Diego to Shanghai and New York to New Delhi, I have witnessed a dramatic shift in the methodologies, technologies, and type of personnel deployed on fact‐finding exercises. From traditional gumshoe‐style inves- tigations of larceny, fraud, and crime to sophisticated corporate electronic discovery boondoggles that require the analysis of mind‐boggling volumes of electronic data, the world of investigations now requires a level of technical sophistication that was unimaginable a generation ago. The acronyms are daunting, the risks of taking mis- steps are found at every turn, and the ramifications of mismanaging data have been felt by plaintiffs, defendants, and corporations far and wide in recent years in the form of adverse inferences, sanctions, and default judgments. One of my early major cases was the subject of a New York Times best‐seller and film starring John Travolta and Robert Duvall titled A Civil Action, in which William H. Macy played my role, and he hit it out of the park. But what is interest- ing to me today these short 17 years later is that during that entire epic investiga- tion and courtroom battle in which we were pitched against two of the nation’s most fearsome litigation firms, the words electronic discovery were never uttered. Our world was of paper documents and the physical handling of evidence acquired the old‐fashioned way. A few years later I learned firsthand while working on the watershed Zubulake v. UBS Warburg matter under the watchful eye of Federal Judge Shira Scheindlin just how much things had changed, and scarier yet, just how out of touch so many of the players were with the complex terms, issues, and risks associated with this newly emerging world of managing electronic data in investigations and discovery. Erik Laykin’s book Investigative Computer Forensics zeros in on a real need felt by lawyers, jurists, accountants, administrators, management, and business executives around the globe. This need is to explain the investigative computer forensic process in layman’s terms that the users of these services can understand so that they may be more well‐informed while engaging the capabilities of a computer forensics profes- sional. It is rare to meet a lawyer or business professional who has taken it on them- selves to understand this landscape prior to their having an immediate and dire need for the services, so I believe there will be readers of this book who will find themselves ix x Foreword far more empowered to make the tough decisions during an internal investigation or an electronic discovery exercise that they find themselves embroiled in involuntarily. Having worked with Erik on some of the most challenging computer forensic investigations during the early years of this industry’s formation as well as having competed with him earnestly in the marketplace, I am honored to provide this fore- word. I can truly say that Erik is one of the unique pioneers of computer forensic investigations. He not only can distill complex technical information into easily un- derstandable concepts, but he always retained a long‐term global perspective on the relevancy of our work and on the impact of the information revolution on the social and business structures of tomorrow. James Gordon Managing Director Navigant Consulting, Inc. Preface This book is different from other books on the topic of computer forensics insofar as the intended audience is not computer forensic professionals and technicians but instead the users of computer forensic services. Much has been written on the topic of computer forensics from a highly tech- nical perspective, but little exists to help guide an attorney, a judge, a regulator, an executive, or an accountant along important decision points and requirements for the deployment of computer forensic services for the purposes of investigation. This volume seeks to demystify many of the computer forensic techniques and various technical terms and procedures used during the capture and analysis and presentation of electronic data within the context of investigation or litigation. It also provides a viewpoint as to where the world of digital data is taking us. At times you may agree or disagree with some of the positions taken here and that is exactly the point. We are operating in a new world where the nuances of electronic data and its impact on our daily lives can no longer be adjudicated to one linear line of thought or reason. The reality is that the relationship that data has for each of us is often highly subjective and the investigative techniques that support fact‐finding in this digital age are still developing their focus. This book has nine chapters, each of which deals with various aspects of the world of investigative computer forensics. Many of the topics that are touched on could be the focus of an entire volume in their own right, and in fact there are excellent books written on each of the subjects covered, such as those that tackle broad‐based topics ranging from The Foundations of Digital Evidence by George L. Paul to older classics like the Road Ahead by Bill Gates to highly specific volumes such as Building and Managing the Meta Data Repository by David Marco. This book provides the reader with a cross section of information gleaned from an expertise that covers vast and di- verse realms of knowledge and experience. Computer forensic investigators are often confronted with diversity and challenge, which varies widely from case to case and forces the best of them to maintain an inquisitive and nimble mind. xi

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.