Cybercrime can be immensely damaging to the reputation and the finances of target organizations. Yet cybercriminals are rarely investigated and prosecuted, an anomaly that gives them the freedom to wreak havoc. Investigators need to improve their capacity for tracking down the perpetrators of cybercrime so costly losses can be recouped and attackers held to account for their actions. Investigating cybercrimes also sends a message to stakeholders that an organization is serious about security—a crucial step in times of wavering loyalty in the wake of an attack.
Until now, there has been no front-line guide to investigating cyber attacks at the crime scene. Starting with the assumption that a cybercrime investigator’s goal is to identify and locate the perpetrators, Cybercrime Investigators Handbook elaborates an investigative methodology that should become indispensable to field practitioners. Author Graeme Edwards draws on decades of experience as a financial and cybercrime investigator with law enforcement to provide guidance on responding at the time of attack discovery, all the way through to evidence identification, collection, management and presentation in court.
Tracking down cybercriminals requires an understanding of the attacker’s mind and motives, as well as the tools and techniques used to undertake a successful security breach. From there, professionals tasked with responding to attacks must be able to glean evidence from early alerts that something is amiss. This is fundamental background knowledge, and without it no investigation is likely to proceed smoothly. This book prepares investigators with the information they need to step into any crime scene with confidence, progress to identifying the source of the attack, and identify potential evidence leading to the identification of the attacker.
Cybercrime Investigators Handbook then delves into the many technical aspects of investigating cyber events. Readers will develop an understanding of how to manage crime scenes, access and read log files, understand criminals operating in online criminal markets via the dark web, and identifying and seizing cloud-based evidence. Although these topics are designed to facilitate in-depth investigation into cyber attacks, readers with non-technical backgrounds will appreciate the comprehensive glossary and concise lists designed to facilitate effective cyber security practices.
The investigator’s practical guide for cybercrime evidence identification and collection
Cyber attacks perpetrated against businesses, governments, organizations, and individuals have been occurring for decades. Many attacks are discovered only after the data has been exploited or sold on the criminal markets. Cyber attacks damage both the finances and reputations of businesses and cause damage to the ultimate victims of the crime. From the perspective of the criminal, the current state of inconsistent security policies and lax investigative procedures is a profitable and low-risk opportunity for cyber attacks. They can cause immense harm to individuals or businesses online and make large sums of money—safe in the knowledge that the victim will rarely report the matter to the police. For those tasked with probing such crimes in the field, information on investigative methodology is scarce. The Cybercrime Investigators Handbook is an innovative guide that approaches cybercrime investigation from the field-practitioner’s perspective.
While there are high-quality manuals for conducting digital examinations on a device or network that has been hacked, the Cybercrime Investigators Handbook is the first guide on how to commence an investigation from the location the offence occurred—the scene of the cybercrime—and collect the evidence necessary to locate and prosecute the offender. This valuable contribution to the field teaches readers to locate, lawfully seize, preserve, examine, interpret, and manage the technical evidence that is vital for effective cybercrime investigation.
Cybercrime Investigators Handbook is much-needed resource for law enforcement and cybercrime investigators, CFOs, IT auditors, fraud investigators, and other practitioners in related areas.