Cyber Crime and Cyber Terrorism



Download 5,67 Mb.
Pdf ko'rish
bet81/283
Sana19.05.2022
Hajmi5,67 Mb.
#604880
1   ...   77   78   79   80   81   82   83   84   ...   283
Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

74
CHAPTER 7
Seizing, imaging, and analyzing digital evidence
an IRC channel just once without using an anonymizing service. It is reported that 
the FBI then requested records from the ISP responsible for that IP address, which 
revealed his home address (
Olson, 2012
).
INTRUSION DETECTION SYSTEMS, NETWORK TRAFFIC AND 
FIREWALL LOGS
Intrusion Detection Systems (IDS) are employed to monitor network traffic and 
detect malicious activity. This is usually achieved by matching the contents of the 
network traffic to already known malicious activity (the signature), if a match is 
discovered an alert is generated. It is common to perform network traffic capture in 
parallel with the network intrusion detection; this allows for subsequent investigation 
of the traffic which caused the alert, with the view to discovering more detail con-
cerning the attack, including the IP addresses involved. Firewall and system logs too 
capture IP addresses and can hold information regarding malicious activity. Thus the 
information supplied by these systems can offer incriminating evidence relating to 
both the source of the breach and the severity of the crime, which could be sufficient 
to issue a warrant for search or arrest.
INTERVIEWS WITH SUSPECTS
Interviews of suspects following arrest can also be used to gain sufficient grounds for 
a search warrant where other involved parties are identified. For example, it is widely 
documented that subsequent to his arrest Sabu turned informer for the FBI, supplying 
information which subsequently led to the arrest and seizure of equipment from other 
members of LulzSec (
Olson, 2012
).
ANALYSIS OF SUSPECTS MEDIA
Evidence that incriminates a suspects allies in cybercrime can sometimes be found 
through the process of forensic investigation of their media storage, or via access to 
Virtual Private Servers (VPS) being used. Again this evidence may be sufficient to lead 
to a warrant for seizing the equipment of collaborating parties (see Chapters 6 and 8).
DOXING
To allow for group collaboration certain black hat hacking fraternities organize their 
attacks publically via online communication channels such as IRC and Twitter. This 
information is often deeply self-incriminating; however, as long as the true identi-
fication of the author is hidden behind an alias, they remain anonymous and thus 


Download 5,67 Mb.

Do'stlaringiz bilan baham:
1   ...   77   78   79   80   81   82   83   84   ...   283



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish