Index
Note: Page numbers followed by “f”, “t,” and “b” refers to figures, tables and boxes respectively.
A
Add to custom content image (ADI),
120
Advanced systems format (ASF),
308–309
Alexa traffic ranking,
445
American Standard Code for Information Interchange (ASCII),
60–61
Anonymization, criminals using,
226b
Apigee twitter search,
333f
Apple Macintosh computers,
121
Association of Chief Police Officers in the United Kingdom,
75–76
Australian Federal Police,
8–9
Autonomous system number (ASN),
61
B
Behavioral/psychological perspective,
22
social networking sites,
278b
Blocking questionable websites,
383–384
Block third-party cookies and site data,
161
Botnets,
Bots identification,
353b
Bringing your own device (BYOD),
390–391
Browser headers, explanation,
215f
Browser-investigative extensions,
160
Bulletin board connections,
362f
Bureau of Justice Assistance (BJA),
258–259
C
CamStudio
Canadian Police College (CPC),
394
Canonical Name (CNAME),
52
Checksum control portable,
118
Children online safety education,
388
Client/server applications,
356
Client server connections
between servers and users,
346f
Columbine-type scenario,
257
Common business social networking sites,
334–335
Common gateway interface (CGI),
110
Communication
Communication protocols
internet communications,
368b
online bulletin boards,
367
servers and users connections,
362f
social networking
law enforcement investigative use of,
430–431
USENET servers
Communications technology,
16
Computer Forensic Investigators Digest (CFID),
135
Computer Investigation & Technology Unit (CITU),
32–33
Computer Security Institute (CSI),
2–3,
266
Content-type explanation,
198t
The Craigslist Ripper,
25–26
Craigslist stolen property scenario,
404–405
Crime pattern analysis,
36
Criminal Justice Act 2003,
72–73
Cybercommunity coalitions,
392
profiling investigations,
36
Cybersex offender categories
Cyberspace, community policing,
257–258
Cyberterrorists motivation,
30
D
Data Protection Act 1998,
86
Debian Linux operating system,
224
Defense Advanced Research Projects Agency (DARPA),
42
Denial of service (DOS) attacks,
23
DHCP unique identifier (DUID),
55
address, Windows IP configuration,
58f
Digital forensic investigators,
306–307
basic investigative computer protection,
152–162
cloning/image, investigator’s computer,
162–163
computer protection process, online investigative,
150–162
computer secure encryption, investigation,
164–166
file sharing, disable,
161
internet investigations,
149
router setup checklist,
427
Windows operating systems,
161
District of Columbia,
31–32
Domain registration
and website-specific information,
445
Draper, John, aka “Captain Crunch”,
375
Dutch National High Tech Crime Unit,
8–9
Dynamic host configuration protocol (DHCP),
44
E
Electronically stored information (ESI),
70,
320–321
Electronic communications,
10–11
Electronic freedom foundation (EFF),
316–317
Electronic Securing and Targeting of Online Predators Act (e-STOP) law,
383
E-mail-related crimes,
101
Ethnonationalist separatist (ENS) groups,
31
European Police College (CEPOL),
340t,
394
European Union Privacy Directive,
86–88
Example source code,
305f
F
Fair Credit Reporting Act (FCRA),
82
FBI Regional Computer Forensic Labs,
394
Federal Information Security Management Act of 2002 (FISM),
150–151
Federal Rules of Evidence (FRE),
71
Federal Trade Commission’s (FTC’s) mission,
144,
380
File transfer protocol,
61
Foreign language websites,
448
Forte agent news reader,
366f
G
Gibson Research Corporation,
165–166
Gmail account accessing full headers,
182f
Graphical user interface (GUI),
21
H
Hashing differences,
113f
High tech crime consortium (HTCC),
90,
238–239
High Technology Crime Investigation Association (HTCIA),
2–3,
90,
238–239
Hong Kong Police College,
394
Hypertext transfer protocol (HTTP),
219,
293
I
Internal revenues service,
282
International Association of Chief of Police (IACP) conference,
254
International Consumer Protection and Enforcement Network (ICPEN),
381
International domain names (IDN),
60–61
Internet
assigning addresses,
44–46
autonomous system number,
61
domain name registration,
59–61
dynamic DNS services,
45b
ethics during undercover operations,
238–240
finishing touches, to persona,
245–246
internationalized domain names,
60–61
internet protocol version 6,
53–57
IP addresses
IPv6 DHCP unique identifier (DUID),
55–57
Ipv4-mapped IPv6 addresses,
54–55
network news transfer protocol (NNTP),
63–64
online undercover accounts,
245
profiles
file transfer protocol,
61
internet message access protocol,
63
social networking site undercover challenges,
248–249
target hiding, catching tools,
226–229
terms of service (TOS),
248b
undercover cell phones,
248
computer equipment for,
250
suspect identification, online,
250b
undercover persona worksheet,
429
uniform resource locators,
58–59
WebCase undercover identity module,
246f
investigative continuum,
213f
Internet-based crime,
3–4
Internet connectivity,
Internet Corporation for Assigned Names and Numbers (ICANN),
59–60
assignment of domain names,
60f
Internet crime
CSI 2010/2011 computer crime,
2012 data breach investigations report,
8–9
HTCIA 2011 report, on cybercrime investigation,
5–6
investigation, needs,
14–15
investigative problems,
16
investigative responses,
12–14
McAfee® threats reports,
6–8
Nortont™ cybercrime report 2011,
4–5
security survey,
traditional crimes,
11–12
Internet Crime Complaint Center (IC3/ICCC), ,
31–32,
266,
377
anonymization methods,
32
Internet crimes
Internet Crimes Against Children (ICAC) Task Forces (TF),
13,
92,
236,
261,
378
Internet crimes, detection/prevention
basic parental online education,
388–390
child audiences, delivery tips,
388b
children online safety programs,
388
cybercommunity coalitions,
392
cyberspace, broken windows in,
378–379
employer security awareness programs,
390–391
Federal Trade Commission’s (FTC’s) mission,
380–381
international consumer protection,
381
internet investigation training,
394b
internet safety education sites,
385b
internet watch foundation (IWF),
383b
investigator cybercrime education,
392–394
law enforcement, perception of,
375–376
law enforcement’s response,
378–381
National Center for Missing and Exploited Children’s (NCMEC’s) mission,
380
prevention initiative, developing,
387–392
prevent online crime,
395
promoting security awareness
national security institute’s,
391b
responsible computing, computer learning foundation code of,
390b
Internet criminals
cybercrime profiling,
1–2
cybercriminal profiles,
deductive profiling,
12–14
graphical user interface (GUI),
Internet Crime Compliant Center (IC3),
8–9
New York Police cyberstalking study,
9–10
sex offenders online activities,
10–11
9/11 terrorist attacks,
Internet engineering task force (IETF) website,
42,
207–208
advanced privacy settings,
162f
Internet hiding tools,
222f
Internet investigations report,
125–127
Internet investigations report format,
423
Internet investigators toolbar,
132f
Internet investigators toolkit,
137f
Internet message access protocol (IMAP),
201,
201
Internet offense location investigators,
102–104
Internet protocol (IP)
dynamic Host Configuration Protocol (DHCP),
45f
Maxmind demo search,
173f
domain name system (DNS) records,
174–176
email tracing worksheet,
426
header information translation,
182–184
investigator’s email collection options,
202–207
Microsoft Outlook header translation,
194
MIME email analysis,
198f
multipurpose internet mail extensions,
194–197
Outlook header information translation,
195t
standard header information translation,
195t
X header explanations,
199t
translation, telephone number,
43f
of users, with mIRC,
355f
Internet service providers (ISPs),
79,
311
to company officer scenario,
405–406
Internet Watch Foundation,
383b
Investigative continuum,
213f
Investigator cybercrime education,
392–394
Investigator’s email collection options,
202–207
IPv6 representations,
53t
Irish Reporting and Information Security Service,
8–9
J
Jeffrey’s Exif Viewer,
307
K
Keene Police Department, New Hampshire,
26–28
L
LAN setting tab, proxy settings,
220f
Law enforcement
and private sectors working together,
262b
LexisNexis Risk Solutions,
257
Locating evidence, internet resources
Bing advanced keywords,
278t
Bing’s connection
to social networking sites,
278b
business search sites,
283
charity/nonprofit resource sites,
283
finding business information,
281–283
finding information, on person,
279–281
finding telephone numbers,
284
Google results page explanation,
273f
internet search TIP,
287b
investigation/documentation,
442
National Security Agency (NSA),
271
non-government sources,
283
online checklist, documenting,
444
online information, sources of,
269–279
Pandia’s recommendations for internet searches,
271b
social networking presence,
442
US government sources,
282
Long Island Serial Killer,
25–26
Lorraine v. Markel Am. Ins. Com.,
72
M
Windows IP configuration,
58f
Mail transfer agents (MTAs),
184–189
Malicious code, checking for,
302–303
Malware,
2–3,
4–5,
6–7, ,
7–8,
8–9,
16,
149,
150,
151–152,
157–158,
158,
158–159,
216–217
Maryland State Police (MSP),
76–77
McAfee Threats Reports,
2–3
McLaughlin, James F.,
26–28
Media Access Control (MAC),
155
MediaInfo video metadata,
310f
Message-Digest Algorithm (MD5),
112
Outlook header translation,
194
MIME email analysis,
198f
mIRC, with IP address,
355f
Mitnick, Kevin, a.k.a. Condor,
Money Over Bitches (M.O.B.),
11–12
Mutual legal assistance (MLA),
89–90
MWSnap screen capture tool,
108f
MX record lookup, internet investigators toolkit,
140f
MX record return explanation,
140t
N
Nardone v. United States,
69
National Center for Missing and Exploited Children’s (NCMEC’s) mission,
380
National Computer Forensics Institute,
394
National conference of state legislatures (NCSL),
83
National Cybersecurity Alliance,
392
National Institute of Justice (NIJ),
90–91
Technical Working Group on Digital Evidence (TWGDE),
93–94
National security agency,
271b
National Security Institute,
391
National White Collar Crime Center’s (NWCCC), ,
266
Network News Transfer Protocol (NNTP),
63,
361
Newsgroup-related crimes,
101
New York Police Department’s the Computer Investigation & Technology Unit (CITU),
32–33
Non-EU businesses operating,
87–88
Norton’s Cybercrime Study,
266
O
The Onion Router (Tor) network
Online bulletin boards,
367
Online crime victim interview question aid,
421
Online digital officer safety computer checklist,
456
Online ESI collection steps,
108f
Online evidence, documenting
Apple Macintosh, collection,
121–123
collection tools, validation of,
113–114
internet ESI, process
cybercrime victim, interviewing,
100–101
location identification,
104
protocol/application determination,
101–102
online ESI
tools/techniques for internet,
105–108
USB device
Online evidence field collection USB device,
116–119
Online evidence, legally defensible
digital
vs. online evidence,
73–74
Electronic Communications Privacy Act (ECPA),
83–86
EU Privacy Directive,
86–88
Fair Credit Reporting Act,
88–89
Stored Communications Act,
84–85
evidence, definition,
70–94
foundation, building,
75–82
investigative components,
77–78
investigative planning,
75–82
mutual legal assistance,
89–90
Online investigative computer protection process,
153f
Online investigative tools
internet investigators toolkit,
137–144
Vere Software Investigative Toolbar,
132–136
additional toolbar functions,
136
internet service provider,
135
Online social
vs. professional networking,
334–335
Online undercover accounts,
245
Online undercover facilities,
229b,
229b
Online undercover operations, types of,
433–434
Open-source investigations,
75–76
Operational planning,
264
Organizational unique identifier (OUI),
47–48
Outlook header information translation,
195t
P
Pandia’s recommendations, for internet searches,
271b
connections
Post office protocol (POP),
63,
201
Proactive internet investigations,
256
Professional networking sites,
334
Project Safe Childhood (PSC),
238
Proxying websites work,
216f
Q
R
Random Access Memory,
157
Reactive law enforcement,
255f
ReadNotify email tracking history,
228f
Received-SPF header explanation,
187t
Regional Internet Registries (RIR) system,
172
Resource interchange file format (RIFF),
308
Robinson, John Edward,
25–26
Rootkit,
Router details, of connected device,
47f
Router setup checklist,
427
Royal Canadian Mounted Police,
238
S
Search engine optimization (SEO) sites,
300
Search engine research,
445
Secure Hash Algorithm (SHA),
112
Secure sockets layer (SSL),
217–218
Sender policy framework (SPF),
52
Simple mail transfer protocol (SMTP),
42,
176–177
Simplified perpetrator categories,
35f
Small Office/Home Office (SOHO) network,
154
SMILE (Social Media In Law Enforcement),
339
Social media evidence collection,
336–337
Social Media Intelligence (SOCMINT),
320
Social media investigations policy,
338
Social media services,
249
Social media sites
Social Media the Internet and Law Enforcement (SMILE) Conference,
261
Social media training sources,
340t
Social networking
general search sites,
338b
investigative operations,
430,
431
investigative reports,
434
law enforcement investigative, model policy,
430–439
law enforcement off-duty employee, model policy for,
438–443
professional conduct online,
430
training, on investigating,
339
undercover social networking investigations,
434
Social networking sites, investigating
common sense, using,
325b
google information, downloading,
330b
google voicemail, documenting,
330b
network overview/discovery/exploration in excel,
328
NodeXL import tools,
329f
social media evidence, in courts,
320–321
social media, in small town USA,
318–319
Social networking websites,
11–12
Spam,
Spider simulator tool (SEO) chat,
300
Standard header information,
195t
Start Menu/Accessories/System Tools,
164
Stats tool documents,
143
Stored Communications Act (SCA),
178–179
Symantec provides information security solutions,
4–5
System information for Windows (SIW) portable,
118
T
Tails, screenshot of,
225f
TCP/IP data collection,
143f
TCP/IP function identifies,
142
TechSono Engineering,
345
Teddy St. Clair v. Johnny’s Oyster & Shrimp, Inc.,
71–72
Terms of Service (ToS),
110
TorDir hidden services site,
214
TouchGraph search results,
276f
TouchGraph SEO Browser,
275
U
UK Safer Internet Centre,
385
Undercover Internet investigations,
262
Undercover internet operations,
240–241
Undercover investigations,
235
Undercover operations, policy considerations for,
261–262
Undercover social networking investigations,
431,
436
Uniform Crime Reports (UCR),
United Kingdom,
4–5,
11–12,
29–30,
31–32,
72–73,
75–76,
259–260,
381,
381,
382,
383–384
United Kingdom Council for Child Internet Safety,
385
URLSnopper grabs streaming video,
307
US-EU Safe Harbor program,
87–88
V
Video inspector, video metadata,
311f
W
Washtenaw county cybercitizenship coalition,
393f
Wayback machine example search,
301f
Web anonymity
hidden services, sites found on,
224f
tool like the Amnesic Incognito Live ystem (Tails),
224–225
TorDir hidden services site,
223f
tracking criminals
web-based methods to anonymize,
216–217
WebCase collection interface,
115f
WebCase undercover identity module,
246f
Web find drop down, internet investigators toolbar,
134f
simplified browser request for,
294f
WebServer Information,
135
Website Info drop down, internet investigators toolbar,
135f
background information,
445
basic investigation and documentation,
447
identifying, legal process of,
311,
447
investigation/documentation,
445
investigative checklist,
448
legal process of identifying,
447
malicious code, checking for,
302–303
over time monitoring,
312
registration information,
447
search engine optimization (SEO) sites,
300
search engine research,
447
Website’s multimedia, documenting,
306–311
Website-specific information,
445
Wide Area Network (WAN) Management,
155
Wi-Fi Protected Access (WPA),
154
Windows 7, computer name,
193f
Worldwide internet, usage,
Worldwide social networking,
320–321
World Wide Web (WWW),
293
X
X header explanations,
199t
Y
Z
desktop saving email,
205f
Zulu URL risk analyzer,
303