The Experts below are selected from a list of 30 Experts worldwide ranked by ideXlab platform
Thomas Nash - One of the best experts on this subject based on the ideXlab platform.
-
Book Review: Placing the Suspect behind the Keyboard: Using Digital Forensics and Investigative Techniques to Identify Cybercrime Suspects
Journal of Digital Forensics Security and Law, 2013Co-Authors: Thomas NashAbstract:Shavers, B. (2013). Placing the Suspect behind the Keyboard: Using Digital Forensics and Investigative Techniques to Identify Cybercrime Suspects. Waltham, MA: Elsevier, 290 pages, ISBN-978-1-59749-985-9, US$51.56. Includes bibliographical references and index. Reviewed by Detective Corporal Thomas Nash ( tnash@bpdvt.org ), Burlington Vermont Police Department, Internet Crime against Children Task Force. Adjunct Instructor, Champlain College, Burlington VT. In this must read for any aspiring novice Cybercrime Investigator as well as the seasoned professional computer guru alike, Brett Shaver takes the reader into the ever changing and dynamic world of Cybercrime investigation. Shaver, an experienced criminal Investigator, lays out the details and intricacies of a computer related crime investigation in a clear and concise manner in his new easy to read publication, Placing the Suspect behind the Keyboard. Using Digital Forensics and Investigative techniques to Identify Cybercrime Suspect s . Shaver takes the reader from start to finish through each step of the investigative process in well organized and easy to follow sections, with real case file examples to reach the ultimate goal of any investigation: identifying the suspect and proving their guilt in the crime. Do not be fooled by the title. This excellent, easily accessible reference is beneficial to both criminal as well as civil investigations and should be in every Investigator’s library regardless of their respective criminal or civil investigative responsibilities. (see PDF for full review)
Nash Thomas - One of the best experts on this subject based on the ideXlab platform.
-
Book Review: Placing the Suspect behind the Keyboard: Using Digital Forensics and Investigative Techniques to Identify Cybercrime Suspects
(Print) 1558-7215, 2013Co-Authors: Nash ThomasAbstract:In this must read for any aspiring novice Cybercrime Investigator as well as the seasoned professional computer guru alike, Brett Shaver takes the reader into the ever changing and dynamic world of Cybercrime investigation. Shaver, an experienced criminal Investigator, lays out the details and intricacies of a computer related crime investigation in a clear and concise manner in his new easy to read publication, Placing the Suspect behind the Keyboard. Using Digital Forensics and Investigative techniques to Identify Cybercrime Suspects. Shaver takes the reader from start to finish through each step of the investigative process in well organized and easy to follow sections, with real case file examples to reach the ultimate goal of any investigation: identifying the suspect and proving their guilt in the crime. Do not be fooled by the title. This excellent, easily accessible reference is beneficial to both criminal as well as civil investigations and should be in every Investigator’s library regardless of their respective criminal or civil investigative responsibilities
Michael Cross - One of the best experts on this subject based on the ideXlab platform.
-
Building the Cybercrime Case
Scene of the Cybercrime, 2008Co-Authors: Littlejohn Shinder, Michael CrossAbstract:Building a Cybercrime case is a complicated process, so it is true for some other types of criminal cases. This is because special factors that present obstacles to prosecution must be considered and dealt with if the Investigator is to successfully put together a winning case. Understanding the complex system of laws which govern lives and how they interact with one another is essential to building a criminal case. Investigators and those who work with them should be aware of the function of various bodies of law, understand the differences between different types of law, be aware of the existence of different levels of law, and learn the legal terminology necessary to communicate intelligently within the system. Jurisdictional issues are one of the biggest challenges to the Cybercrime Investigator and to prosecutors who attempt to bring cybercriminals to justice. Law enforcement officers and IT personnel must work together as a team to prosecute Cybercrimes effectively, because each plays an essential role in building the case. IT professionals understand the hacker mindset, know where to look for digital evidence, and understand what can and cannot be done with the technology. Law enforcement personnel know the law and investigative procedures that must be followed to preserve the integrity of evidence. Together, the two can fight Cybercrime effectively, but they must overcome the natural distrust and adversarial relationship that often hamper the cooperative process.
-
Understanding the Technology
Scene of the Cybercrime, 2008Co-Authors: Littlejohn Shinder, Michael CrossAbstract:This chapter provides an overview of how computers process and store information. It also discusses some basic issues of networks, and introduces some of the other devices that may be a source of evidence in an investigation. Computers today run a variety of operating systems and file systems, and the Investigator's job of locating evidence is performed differently depending on the system being used. A good Cybercrime Investigator is familiar with the most common operating systems and how their file systems organize the data on disk. Regardless of operating system or hardware platform, the majority of networks today run on the TCP/IP protocols. TCP/IP is the most routable protocol stack and thus the most appropriate for large routed networks; it is required for connecting to the Internet. Cybercrime Investigators need to be as intimately familiar with the internal workings of computers and the software that runs on them as homicide Investigators must be with basic human pathology. That includes understanding the function of all the hardware components that go together to make up a computer and how these components interact with one another. Also a Cybercrime Investigator must have a basic understanding of the “language” used by the machines to process data and communicate with each another. Even though a Cybercrime Investigator is not expected to be able to program in binary, it helps to recognize the significance of data that is in binary or hexadecimal format and when it can or cannot be valuable as evidence.
-
Understanding Cybercrime Prevention
Scene of the Cybercrime, 2008Co-Authors: Littlejohn Shinder, Michael CrossAbstract:This chapter deals with reasons that solid security policies can be developed and put in place, creating a foundation for the implementation of all the security measures. An understanding of basic security concepts gives a Cybercrime Investigator a distinct advantage in communicating intelligently with IT personnel and a better idea of exactly how a Cybercrime was committed, based on the security measures in place at the time. Although the Investigator probably cannot and will not be expected to provide in-depth advice about the technical implementation of security systems, one should be able to discuss options in a general way and point crime victims in the right direction with some general suggestions. A good Investigator, like a good network security specialist or a good crime prevention officer, realizes that any security plan must be multilayered for it to be effective. It is important that all major security areas be addressed. These include physical security, perimeter security, security of data stored on disks, security of data traveling across the network, and a means of verifying the identities of users, computers, and other entities that have access to network resources. Many security technologies are based on or use cryptographic techniques. An Investigator might encounter encrypted data or even suspect that the existence of additional data is being concealed using steganography. An understanding of how cryptography developed and how it works in the computerized environment can be invaluable in investigating many types of Cybercrime. Knowing a little about different encryption types and the algorithms they use allows the Investigator to assess just how secure a particular system is—whether it belongs to a Cybercrime victim or to a Cybercrime suspect.
Richard Macfarlane - One of the best experts on this subject based on the ideXlab platform.
-
Engaging All - The Cybercrime Investigator
2011Co-Authors: Prof Bill Buchanan, Richard MacfarlaneAbstract:Over the past three years a range of engaging material has been created to engage School kids into Computing: The Cybercrime Investigator. It uses a rich and engaging, and ever changing, environment to stimulate the next generation of computing students. Overall it is an immersive environment based on who, why, when and where puzzles, which provides a unique crime scene for every user, and uses techniques such as deep zoom to integrate a wide range of academically challenging puzzles to solve. Overall it integrates a wide range of digital forensics and security techniques, including finding hidden messages, and crack codes (including hashing and encrypted content). It focuses on a Cybercrime investigation, using enhanced graphical techniques such as deep zoom-technology, which is used by the user to zoom into and out-of graphics with hidden clues and covert messages. Each challenge is randomly generated, matched to their level, and is different for every user. It thus covers some key principles within digital forensics and Cybercrime, in order to solve a crime, including ASCII coding; Caesar Codes; Shifted Alphabet codes; Pigpen Coding; Differing Encoding Methods (Base64, Hex and Binary); Hidden Content within Files; Directory Searching Hash Codes; Dictionary Searching Cipertext; and in finding Covert Messages. The objective of environment given to the user is to solve a series of challenges in order to find: Who did it? Where it was? Why they did it? When did they do it? and so on. Each time it is run the environment creates a new set of the investigation parameters, and all of the challenges are based around these. For example, if the user were to run the environment, and the crime was done by Fred Smith, the shifted alphabet code might be: UGTS HBXIW (which is a 15 letter shift), and they must then use a shifted alphabet calculator to find the number of shifts required, and thus the message. There is thus randomisation within the solving of a challenge, which cannot be solved easily by running the challenge over consecutive time intervals, or from the answers from other users.
Tahar Kechadi - One of the best experts on this subject based on the ideXlab platform.
-
Peer-to-Peer Botnet Investigation: A Review
Lecture Notes in Electrical Engineering, 2012Co-Authors: Mark Scanlon, Tahar KechadiAbstract:Botnets have become the tool of choice to conduct a number of online attacks, e.g., distributed denial of service (DDoS), malware distribution, email spamming, phishing, advertisement click fraud, brute-force password attacks, etc. Criminals involved in conducting their craft online all share one common goal; not to get caught. Botnet design, as a result, has moved away from the traditional, more traceable and easily blocked client/server paradigm towards a decentralized Peer-to-Peer (P2P) based communication system. P2P Internet communication technologies lend themselves well to be used in the world of botnet propagation and control due to the level of anonymity they award to the botmaster. For the Cybercrime Investigator, identifying the perpetrator of these P2P controlled crimes has become significantly more difficult. This paper outlines the state-of-the-art in P2P botnet investigation.
