Index

Note: Page numbers followed by “f”, “t,” and “b” refers to figures, tables and boxes respectively.

A

ACPO Guide, 91–92
Add to custom content image (ADI), 120
Advanced systems format (ASF), 308–309
Alexa traffic ranking, 445
American Standard Code for Information Interchange (ASCII), 60–61
Anonymization, criminals using, 226b
Apigee twitter search, 333f
Apple Macintosh computers, 121
Application program interface (API), 332, 332–334
ASCII chart, 47–48
Association of Chief Police Officers in the United Kingdom, 75–76
Australian Federal Police, 8–9
Authenticity, 71–72
Autonomous system number (ASN), 61

B

Behavioral/psychological perspective, 22
Bing, 110, 275–279
advanced keywords, 278t
cache feature, 300–301
news search engines, 286–287
page explanation, 277f
social networking sites, 278b
Bing Maps search, 174f
Bitcoin website, 12, 214, 242–244, 243b, 243f, 244
Black Lists, 303
Blocking questionable websites, 383–384
Block third-party cookies and site data, 161
Blog postings, 285
Boot process, 116–117
Boston Marathon Bombing, 317–318
Botnets, 6
Bots identification, 353b
Bringing your own device (BYOD), 390–391
Broken windows theory, 378–379
Browser headers, explanation, 215f
Browser-investigative extensions, 160
Bulletin board connections, 362f
Bureau of Justice Assistance (BJA), 258–259

C

California, 31–32, 32, 83, 227, 239, 392
CamStudio
portable, 107, 118
video capture tool, 108f
Camtasia, 105–106, 107
Canada, 4–5, 5–6, 27, 29–30, 71, 238, 381, 382
Canada Evidence Act, 71
Canadian Police College (CPC), 394
Canonical Name (CNAME), 52
“CC” line, 179–180
Cell phones, 41
4Chan main page, 368f
Chat acronyms, 352t
chatroom, 352t
Chat programs, 139–140
Chatroom, 351–353
Checksum control portable, 118
Children online safety education, 388
Chrome, 131–132, 159, 215
Civil litigation, 71
Client/server applications, 356
Client server connections
between servers and users, 346f
Client/server model, 347
Code warriors, 25
Columbine-type scenario, 257
Common business social networking sites, 334–335
Common gateway interface (CGI), 110
Communication
chat language, 351
chatroom, 351–353
client server model, 345–368
protocols, 345–368
tools, 345–368
instant messaging, 346–349
configuration, 347–348
server, 349b
web-based chat, 348–349
works as, 349b
on internet, 345
internet relay chat (IRC), 349–358
connecting, 350–351
hiding, 353–354
server, logging, 351
works, 350f
joining, channel, 351–353
Communication protocols
accessing a P2P network, 360–361
bulletin boards, 361–367, 362–363
craigslist, 367–368
google alerts, 368b
Google Groups, 364
internet communications, 368b
mIRC commands, 455–460
Netstat, 355–356, 358
IP address, 356–357
online bulletin boards, 367
peer to peer, 358–361
police department, 429
policy review, 429
policy training, 429
P2P connections, 359f
P2P networks, investigating, 360–361, 360b
protocols and tools, 358–361
servers and users connections, 362f
social networking
definition of, 429
law enforcement investigative use of, 430–431
targets identifications, 355–357
USENET servers
investigative tools, 363–364, 364–365
locating free, 364–365
newsgroups, 362–363
user’s IP address, 358b
Communications technology, 16
Computer criminals, 22
Computer Forensic Investigators Digest (CFID), 135
Computer Investigation & Technology Unit (CITU), 32–33
Computer Security Institute (CSI), 2–3, 266
Content-type explanation, 198t
Cookies, 160–161
Copy Link Address, 326, 326–327
Corporate investigators, 237–238
Craigslist, 41, 367, 367–368, 369f
The Craigslist Ripper, 25–26
Craigslist stolen property scenario, 404–405
Crime pattern analysis, 36
Crime types, 10f
Crime victim, See Online crime victim
Crimeware software, 12
Criminal Justice Act 2003, 72–73
Cyberbullying, 10–11
Cybercommunity coalitions, 392
Cybercrime, 16
profiling investigations, 36
Cybercrime victim, 100–101
Cyberharrassment scenario, 28, 406–407
Cyberhucksters, 24
Cyberpunks, 23
Cybersex offender categories
chatters, 27
collectors, 26
manufacturers, 27
travelers, 27
Cybersex offenders, 28
Cyberspace, community policing, 257–258
Cyberstalker, 24–25
collective, 30
composed, 29
intimate, 29–30
Cyberstalking, 3, 28
Cyber-terrorism, 16
Cyberterrorists motivation, 30
Cyber-thieves, 24

D

Data Protection Act 1998, 86
DDoS attacks, 8–9
Debian Linux operating system, 224
Deconfliction, 436
Defense Advanced Research Projects Agency (DARPA), 42
Denial of service (DOS) attacks, 23
Denmark, 4–5, 70–71, 381, 382
Denning, Dorthy, 21–22
DHCP unique identifier (DUID), 55
address, Windows IP configuration, 58f
Windows O/S, 56b
Digital ESI, 80
Digital forensic investigators, 306–307
Digital officer safety, 149–150
application changes, 161
basic investigative computer protection, 152–162
firewall installation, 153–154
hardware firewalls, 154–156
router log, 155f
cloning/image, investigator’s computer, 162–163
computer checklist, 426
computer protection process, online investigative, 150–162
computer secure encryption, investigation, 164–166
cookies, blocking, 160–161
default passwords, 156b
file sharing, disable, 161
infected computer, 149f
installing, 159–160
internet investigations, 149
malware protection, 157–158
router setup checklist, 427
Sandboxes, 163
security, testing, 165–166
software firewalls, 156–157
spyware protection, 158–159
system clean, keeping, 164–165
updating browsers, 159–160
virtual machines, 163
Windows operating systems, 161
Windows updates, 161–162
District of Columbia, 31–32
Domain name system (DNS), 49, 174–176
attacks, 376
IP address lookup, 50f
name servers (NS), 52
records search, 175t
record types, 51t
using DNSDataView, 51f
services, 45b
Domain registration
explanation, 139t
and website-specific information, 445
Draper, John, aka “Captain Crunch”, 375
Dugu, 7–8
Dutch National High Tech Crime Unit, 8–9
Dynamic host configuration protocol (DHCP), 44
of IP addresses, 45f

E

eBay, 41
fraud scenario, 404
Electronically stored information (ESI), 70, 320–321
content ownership, 79
Electronic communications, 10–11
Electronic freedom foundation (EFF), 316–317
Electronic Securing and Targeting of Online Predators Act (e-STOP) law, 383
Email, 61–63
addresses, 284
evidence, 178f
faking, 200–201
header explanation, 185t, 190t
threat scenario, 408
tracing worksheet, 458
transmission, 178–179
working, 177f
E-mail-related crimes, 101
England, 71, 283
Ethnonationalist separatist (ENS) groups, 31
European Police College (CEPOL), 340t, 394
European Union or EU, 82, 387–388
European Union Privacy Directive, 86–88
Example source code, 305f
Explorer, 131–132

F

user’s account, 323–324
Fair Credit Reporting Act (FCRA), 82
Faking, email, 200–201
FBI Regional Computer Forensic Labs, 394
Federal Bureau of Investigation (FBI), 3, 10, 76–77, 254–255, 259–260, 316–317, 317, 317–318, 378
Federal Information Security Management Act of 2002 (FISM), 150–151
Federal Rules of Evidence (FRE), 71
Federal Trade Commission’s (FTC’s) mission, 144, 380
checking, 381
File formats, 308–311
Gspot, 309
MediaInfo, 310
video inspector, 310–311
File transfer protocol, 61
client and server, 62f
Finland, 70–71, 244, 349, 381, 381, 382
Firefox, 131–132, 159, 215
Firewalls, 153
installation, 153–154
Flash mobs, 11–12, 16
Florida, 12, 31–32, 32, 83, 84
Foreign language websites, 448
Forensic imager, 118
Forte agent news reader, 366f
France, 4–5, 70–71, 381, 382
Free passes, 375–376
FreeSMUG, 121–122
“From” line, 179–180
FTC v. Corzine, 380
FTK Imager Lite, 120, 120

G

Gibson Research Corporation, 165–166
GlobalWebIndex, 315
Gmail account accessing full headers, 182f
Google, 110
Google alerts, 261, 312
Google analytics, 228
Google Groups, 364, 365f
Google’s advanced operators, 274–275, 275t
Google’s Chrome, 159
Google search, 272–275, 280f
Google’s Gmail, 213–214
Google takeout, 331f
Google URL shortener, 302–303
Google voicemail, 330b
Graphical user interface (GUI), 21
Greenshot, 107
Griffin v. State, 81
GSpot, 309
video metadata, 309f
Guerrilla Mail, 214

H

Hardware firewalls, 154
Hashing differences, 113f
Hewlett-Packard lesson, 227b, 227b
Hidden services, 224f
High tech crime consortium (HTCC), 90, 238–239
High Technology Crime Investigation Association (HTCIA), 2–3, 90, 238–239
Hong Kong Police College, 394
Hoover, J. Edgar, 239
HoverSnap, 107
HTCIA core values, 238b
HTML code, 326
HTML tags, 294–296, 297t
HTTrack, 110–111
Hyperlink, 127
Hypertexting, 58
Hypertext transfer protocol (HTTP), 219, 293

I

Infected computer, 149f
Infragard, 392
Instant messaging works, 346–349, 348f
Internal revenues service, 282
International Association of Chief of Police (IACP) conference, 254
International Consumer Protection and Enforcement Network (ICPEN), 381
International domain names (IDN), 60–61
Internet
assigning addresses, 44–46
autonomous system number, 61
communication, 345
countermeasures, 247
cover operations, 233–235
credit cards, 248
DHCP, 44–46
DNS records, 49–52
domain name registration, 59–61
domain name service, 52b
domain name system, 49
dynamic DNS services, 45b
ethics during undercover operations, 238–240
finishing touches, to persona, 245–246
history of, 42
human trafficking, 411–412
illegal activity, 248b
internationalized domain names, 60–61
internet operations, 235–240
internet protocol version 6, 53–57
IP addresses
importance of, 42–49
tracing, 46b
IPv6, definition, 53
IPv6 DHCP unique identifier (DUID), 55–57
Windows O/S, 56b
World Wide Web, 58
Ipv4-mapped IPv6 addresses, 54–55
IRC, chatting, 64
MAC address, 46
money laundering, 411–412
network news transfer protocol (NNTP), 63–64
online identity, 242b
online undercover accounts, 245
Paypal/Bitcoin website, 242–244, 243b, 243f
persona, developing, 241–244
policy considerations, 235–240
proactive methods, 227–229
profiles
images, use of, 247b
reactive investigations, 253–256
vs. proactive, 253–262, 256–262
relevant RFCs, 64–65
services on, 61–64
email, 61–63
file transfer protocol, 61
internet message access protocol, 63
post office protocol, 63
SMTP, 61–63, 62b
social networking site undercover challenges, 248–249
target hiding, catching tools, 226–229
terms of service (TOS), 248b
translating IPv6, 53–54
undercover cell phones, 248
undercover operations, 234–235, 235–250, 240–250, 244–245
computer equipment for, 250
suspect identification, online, 250b
undercover persona worksheet, 429
uniform resource locators, 58–59
WebCase undercover identity module, 246f
Internet anonymity, 211–219
investigative continuum, 213f
responsible use, 212–213
Internet-based crime, 3–4
Internet connectivity, 1
Internet Corporation for Assigned Names and Numbers (ICANN), 59–60
assignment of domain names, 60f
Internet crime
analysis, 266
case studies, 403–408
compliant center, 9–10
CSI 2010/2011 computer crime, 4
2012 data breach investigations report, 8–9
definition of, 1–2
harassment, 10–11
HTCIA 2011 report, on cybercrime investigation, 5–6
investigation, needs, 14–15
investigative problems, 16
investigative responses, 12–14
McAfee® threats reports, 6–8
Nortont™ cybercrime report 2011, 4–5
prevalence, 2–4
respond, needs, 15–16
security survey, 4
traditional crimes, 11–12
Internet Crime Complaint Center (IC3/ICCC), 9, 31–32, 266, 377
anonymization methods, 32
crime categories, 10
overpayment fraud, 10
Internet crimes
learning, 411
Internet Crimes Against Children (ICAC) Task Forces (TF), 13, 92, 236, 261, 378
Internet crimes, detection/prevention
basic parental online education, 388–390
child audiences, delivery tips, 388b
children online safety programs, 388
complaint center, 379–380
contributing factors, 376–378
cybercommunity coalitions, 392
cyberspace, broken windows in, 378–379
detection methods, 379–381
e-consumer, 381
employer security awareness programs, 390–391
enforcement network, 381
Federal Trade Commission’s (FTC’s) mission, 380–381
international consumer protection, 381
internet investigation training, 394b
internet safety education sites, 385b
internet watch foundation (IWF), 383b
investigator cybercrime education, 392–394
law enforcement, perception of, 375–376
law enforcement’s response, 378–381
National Center for Missing and Exploited Children’s (NCMEC’s) mission, 380
online presence, 391–392
presentations, 387–391
prevention initiative, developing, 387–392
prevention methods, 382–392
prevent online crime, 395
promoting security awareness
national security institute’s, 391b
responsible computing, computer learning foundation code of, 390b
soft prevention, 384–392
education, 384–392
existing programs, 384–386
using technology to stop, 382–383
Internet criminals
cybercrime profiling, 1–2
cybercriminal profiles, 4
cybersex offenders, 4–5
cyberterrorism, 6–8
cyberwarfare, 6–8
deductive profiling, 12–14
graphical user interface (GUI), 1
harassment, 5–6
inductive profiles, 2–4
Internet Crime Compliant Center (IC3), 8–9
New York Police cyberstalking study, 9–10
sex offenders online activities, 10–11
capability, 11–12
9/11 terrorist attacks, 2
Internet engineering task force (IETF) website, 42, 207–208
Internet ESI, 99
preservation of, 104–105
Internet explorer, 159, 215, 220f
advanced privacy settings, 162f
Internet harassment, 376
Internet hazards, 384
Internet hiding tools, 222f
Internet investigation policy, 263–265, 264
Internet investigations report, 125–127
Internet investigations report format, 423
Internet investigative steps, 401–403, 402t
Internet investigators toolbar, 132f
secure drop down, 136f
Internet investigators toolkit, 137f
Internet message access protocol (IMAP), 201, 201
Internet murder scenario, 407–408
Internet offense location investigators, 102–104
Internet protocol (IP)
configuration, 47–48
language, 293
tracing, 132
version 6, 53–57
Internet protocol (IP) addresses, 42, 44, 46b, 86, 171, 284–285, 347, 445
assignment, 47f
dynamic Host Configuration Protocol (DHCP), 45f
example ping of, 141f
Maxmind demo search, 173f
netstat capture of, 141f
static IP address, 45–46
domain name system (DNS) records, 174–176
email, collecting, 201–207
email, faking, 200–201
email header, 179–181, 184–194, 185t, 190t
emails, 176–200, 187t, 200
email tracing worksheet, 426
evidence, 178–179
header information translation, 182–184
investigative tips, 203b, 207
mail protocols, 201–207
investigator’s email collection options, 202–207
Message-ID, 181
Microsoft exchange, 194t
Microsoft Outlook header translation, 194
MIME email analysis, 198f
multipurpose internet mail extensions, 194–197
online tools, 171–173
freeware tools, 172–173
geolocation of, 173–174
IANA, 171–172
internet commercial, 172–173
RIR system, 171–172
Outlook header information translation, 195t
RFCs, relevant, 207–208
sender, hiding, 200–201
SMTP servers, 187t, 193t
standard header information translation, 195t
time differences, 181–182
web mail services, 179–180
Windows 7, 193f
X header explanations, 199t
X lines, 197–200
translation, telephone number, 43f
of users, with mIRC, 355f
Internet relay chat (IRC), 42, 64, 345, 350f, 433
client, 219
commands, 353
communication, 349–358
connecting, 350–351
hiding, 353–354
server, logging, 351
works, 350f
resources, 354–355
tracking criminals, 354
web browser access, 354
Internet service providers (ISPs), 79, 311
drop down, 136f
networks, 382
Internet threat, 405–406
to company officer scenario, 405–406
Internet users, 211
Internet Watch Foundation, 383b
INTERPOL, 394
Inverse DNS, 52
Investigative continuum, 213f
Investigator cybercrime education, 392–394
Investigator’s email collection options, 202–207
I2P networks, 200
IP trace drop down, 133f
IPv4 address, 42–43, 43
IPv6 addresses, 55, 142
DHCP system, 57t
ipconfig command, 55f
mapped to IPv6, 57f
space assignment, 56t
types, 53–54
IPv6 representations, 53t
Irish Reporting and Information Security Service, 8–9
Italy, 4–5, 70–71, 381, 381, 382

J

Jeffrey’s Exif Viewer, 307

K

Keene Police Department, New Hampshire, 26–28
key loggers, 24–25, 28–29
Kiddie, 23

L

LAN setting tab, proxy settings, 220f
Law enforcement
and private sectors working together, 262b
Legally defensible online evidence, See Online evidence, legally defensible
LexisNexis Risk Solutions, 257
LightScreen, 107
LinkedIn, 323–324
public profile, 286f
Locating evidence, internet resources
Bing advanced keywords, 278t
Bing’s connection
to social networking sites, 278b
business search sites, 283
charity/nonprofit resource sites, 283
email addresses, 284
finder, 443
finding business information, 281–283
finding information, on person, 279–281
finding telephone numbers, 284
Google basics, 272–274
Google results page explanation, 273f
Google’s advanced operators, 274–275, 275t
internet search TIP, 287b
investigation/documentation, 442
National Security Agency (NSA), 271
news searches, 286–287
non-government sources, 283
non-US government sources, 282–283
online checklist, documenting, 444
online information, sources of, 269–279
Pandia’s recommendations for internet searches, 271b
professional communities, 285–286
searching blogs, 284–285
searching with Bing, 275–279
searching with Google, 272–275
search services, 270–279
social networking presence, 442
text-only version, 274b
TouchGraph, 275
search results, 276f
US government sources, 282
Long Island Serial Killer, 25–26
Lorraine v. Markel Am. Ins. Com., 72

M

MAC address, 46, 47–48
physical address, 47–48
on target machine, 48f
Windows IP configuration, 58f
Mafia soldier, 25
Mailboxes, 245
Mail servers (MX), 52
Mail transfer agents (MTAs), 184–189
Malicious code, checking for, 302–303
Markup languages, 294–296
work as, 294–296
Maryland State Police (MSP), 76–77
McAfee®, 2–3, 6–8
McAfee Threats Reports, 2–3
McLaughlin, James F., 26–28
Media Access Control (MAC), 155
MediaInfo video metadata, 310f
MEECES approach, 30
Message-Digest Algorithm (MD5), 112
Metaproducts, 110–111
Microsoft, 105–106
exchange server, 194t
operating systems, 307
Outlook header translation, 194
search engine, 270
Microsoft’s live.com, 213–214
Microsoft Windows, 356
MIME email analysis, 198f
mIRC, with IP address, 355f
Mitnick, Kevin, a.k.a. Condor, 2
Money Over Bitches (M.O.B.), 11–12
Mutual legal assistance (MLA), 89–90
MWSnap, 107
MWSnap screen capture tool, 108f
MX record lookup, internet investigators toolkit, 140f
MX record return explanation, 140t
MySpace, 324–325, 332
profile, 81

N

Nakamoto, Satoshi, 243
Nardone v. United States, 69
National Center for Missing and Exploited Children’s (NCMEC’s) mission, 380
National Computer Forensics Institute, 394
National conference of state legislatures (NCSL), 83
National Cybersecurity Alliance, 392
National Institute of Justice (NIJ), 90–91
Technical Working Group on Digital Evidence (TWGDE), 93–94
National security agency, 271b
National Security Institute, 391
National White Collar Crime Center’s (NWCCC), 9, 266
Netflix, 41
Netherlands, 381, 381, 382
Netvibes, 312
Network News Transfer Protocol (NNTP), 63, 361
Network solutions, 59–60
Newsbin Pro, 365–367
Newsgroup-related crimes, 101
New York, 31–32, 32, 32–33, 383
New York Police Department’s the Computer Investigation & Technology Unit (CITU), 32–33
New Zealand, 4–5, 29–30, 381
Nigeria, 24, 31–32, 381
NNTP server, 363
NodeXL, 328
excel template, 328–329
Noncyber offenses, 253–254
Non-EU businesses operating, 87–88
Norton, 4–5, 5, 266
Norton’s Cybercrime Study, 266
Norway, 27, 381, 381, 382
NotePad2 portable, 118

O

O’Brien v. O’Brien, 84
The Onion Router (Tor) network
hidden web services, 222–224
web anonymity, 219–222, 221f, 224–225
Online bulletin boards, 367
Online crime victim interview question aid, 421
Online digital officer safety, See Digital officer safety
Online digital officer safety computer checklist, 456
Online ESI collection steps, 108f
Online evidence, documenting
Apple Macintosh, collection, 121–123
collection tools, validation of, 113–114
evidence, authenticating, 112–113
FTK imager, 120
internet ESI, process
collection, 99–104
identification, 100–101
investigative report, 125–127
investigative TIP, 100b, 113b
basic internet searches, 103–104
collection methodology, 102–104
cybercrime victim, interviewing, 100–101
location identification, 104
presentation, 105
preservation, 104–105
protocol/application determination, 101–102
using Wget, 111, 111b
Windows, 123
online ESI
field collection of, 116–120
organizing, 124–125
tools/techniques for internet, 105–108
hashing evidence, 107–108
pictures and video, 107
Save As, 106
USB device
field process, 120–121
using tools, 116–119
WebCase®, 114–121
websites, collection, 109–111
Online evidence field collection USB device, 116–119
Online evidence, legally defensible
digital vs. online evidence, 73–74
Electronic Communications Privacy Act (ECPA), 83–86
EU Privacy Directive, 86–88
Fair Credit Reporting Act, 88–89
Pen/Trap Statute, 85–86
Stored Communications Act, 84–85
Wiretap Act, 83–84
evidence, definition, 70–94
foundation, building, 75–82
authentication, 78–82
investigative components, 77–78
investigative planning, 75–82
privacy, 82–89
general guidance, 90–94
mutual legal assistance, 89–90
Online Investigations Working Group, 212–213, 229
Online investigative computer protection process, 153f
Online investigative tools
developments in, 131–132
internet investigators toolkit, 137–144
buttons, 144
MX serves, 138
Netstat serves, 139–140
ping, 140
resolve serves, 140–141
stats function, 143
TCP/IP function, 142
traceroute, 141–142
Whois, 137–138
Lexis-Nexis, 145
paid online services, 144–146
TLO®, 145–146
Vere Software Investigative Toolbar, 132–136
additional toolbar functions, 136
internet service provider, 135
IP Trace, 132–133
secure drop, 136
Web Find, 133–134
Website Info, 135
Online offenses, 376
Online presence, 391–392
Online social vs. professional networking, 334–335
Online undercover accounts, 245
Online undercover facilities, 229b, 229b
Online undercover operations, types of, 433–434
Open-source investigations, 75–76
Operational planning, 264
Operation Fairplay, 265b
Organizational unique identifier (OUI), 47–48
Outlook header information translation, 195t

P

Page explanation, 273f
Pandia’s recommendations, for internet searches, 271b
Peer-to-peer (P2P), 216
connections
servers and users, 359f
site accessing, 360–361
protocol, 358–361
Pen/Trap Statute, 85–86
Phishing, 4–5
Photostudio, 307
Pipl, 134, 280–281
Plaxo, 334–335
Police seized cell phones, 318–319
PortableApps, 117–119
Post office protocol (POP), 63, 201
Proactive internet investigations, 256
Professional networking sites, 334
Project Safe Childhood (PSC), 238
Protocol addresses, 324
Proxies, 218
Proxying websites work, 216f
Proxy servers, 218

Q

Quick Hash, 107–108, 109f

R

Radio Shack, 248
Rand Corporation Study, 255–256
Random Access Memory, 157
Reactive law enforcement, 255f
ReadNotify email tracking history, 228f
Received-SPF header explanation, 187t
Regional Internet Registries (RIR) system, 172
Request for comments (RFCs), 42, 207–208
Resolve function, 142f
Resource interchange file format (RIFF), 308
Robinson, John Edward, 25–26
Rootkit, 7
Router details, of connected device, 47f
Router log, 155f
Router setup checklist, 427
Royal Canadian Mounted Police, 238

S

Sandboxes, 157–158, 163
Script kiddie, 23, 36
Search engine optimization (SEO) sites, 300
Search engine research, 445
Search engines, 270
SEARCH’s toolbar, 132
SecondLife, 34
Secure drop down, 136
Secure Hash Algorithm (SHA), 112
Secure sockets layer (SSL), 217–218
Self-identification, 441–442
Sender policy framework (SPF), 52
Sex offenders, 12
Sexual assault, 319
Shamoon, 7–8
Silk Road, 222–223
SIM card, 248
Simple mail transfer protocol (SMTP), 42, 176–177
commands, 63t
communications, 64f
protocol, use of, 62b
servers, path email, 187t, 193t
Simplified perpetrator categories, 35f
Skype, 105–106, 106f
Small Office/Home Office (SOHO) network, 154
SMILE (Social Media In Law Enforcement), 339
Smishing, 4–5
SnagIt, 105–106
Sniffers, 24–25, 28–29
Social media content, 332–334
Social media evidence collection, 336–337
Social Media Intelligence (SOCMINT), 320
Social media investigations policy, 338
Social media monitoring tools, 259–261, 260, 261b
Social media policy, 258–259
Social media services, 249
Social media sites
finding individuals, 335–336
Social Media the Internet and Law Enforcement (SMILE) Conference, 261
Social media training sources, 340t
Social networking
definition of, 431, 439
Flickr, 337
general search sites, 338b
impact, 317
investigations, 430
investigative operations, 430, 431
investigative reports, 434
law enforcement investigative, model policy, 430–439
law enforcement off-duty employee, model policy for, 438–443
Photobucket, 338
policy review, 429, 439
policy training, 429, 439
preparing for, 432–433
professional conduct online, 430
through photographs, 337–338
training, on investigating, 339
undercover social networking investigations, 434
Social networking sites, investigating
commonalities, 323–324
common sense, using, 325b
definition, 316b
Facebook, 326–327, 327
finding tweets, 331
Google+, 329–330
google information, downloading, 330b
google voicemail, documenting, 330b
investigation websites, 321–324
planning, 321–323
law enforcement, 316–320
on legal systems, 315–321
network overview/discovery/exploration in excel, 328
news, 316–320
NodeXL import tools, 329f
NodeXL template, 328
social media, 316–320
social media evidence, in courts, 320–321
social media, in small town USA, 318–319
social media, in world, 319–320
Twitter, 330–331
user authentication, 324
user data, 329–330
Social networking websites, 11–12
Spam, 7
Spamcop website, 179
Spider simulator tool (SEO) chat, 300
Spyware, 158–159
Standard header information, 195t
Start Menu/Accessories/System Tools, 164
Stats function, 143f
Stats tool documents, 143
Stored Communications Act (SCA), 178–179
Stuxnet, 7–8
Sweden, 4–5, 70–71, 381, 382
Switzerland, 4–5, 381, 382
Symantec, 2–3, 4–5
Symantec provides information security solutions, 4–5
System information for Windows (SIW) portable, 118

T

Tablet, 293
Tafoya, William, 22
Tails, screenshot of, 225f
TCP/IP data collection, 143f
TCP/IP function identifies, 142
TechSono Engineering, 345
Teddy St. Clair v. Johnny’s Oyster & Shrimp, Inc., 71–72
Terms of Service (ToS), 110
Texas, 31–32, 32
Time resources, 234
Tips for Online Presence, 391–392
Todd Shipley+ Art Bowker, 279–280
Top level domain (TLD), 59, 59t, 298–299
Tor Browser Bundle, 221–222
TorDir hidden services site, 214
TouchGraph search results, 276f
TouchGraph SEO Browser, 275
Traceroute tool records, 141–142, 142f
Tracfone, 248
Translating IPv6, 53–54
Trojan Horses, 24–25, 25, 28–29, 28
Trojan programs, 29
Twitter, 11–12, 245, 315, 330, 388–390

U

UK Safer Internet Centre, 385
Undercover Internet investigations, 262
management of, 262–263
Undercover internet operations, 240–241
Undercover investigations, 235
Undercover operations, policy considerations for, 261–262
Undercover social networking investigations, 431, 436
Uniform Crime Reports (UCR), 3
Uniform resource locators (URLs), 6, 43, 174–175, 326
starts, 59f
United Kingdom Council for Child Internet Safety, 385
United States Secret Service, 254–255, 388–389
URLSnopper grabs streaming video, 307
USB device, 117
investigators, 119f
U.S. Department of Homeland Security, 150–151, 212–213, 259–260
US Department of Justice (USDOJ), 212–213, 227–228
U.S. v. Drew, 248
U.S. v. Poehlman, 239
Usenet, 361–362
Usenet hierarchy, 65t
Usenet messages, 63
USENET postings, 363–364
USENET servers, 364–365
User-agent, 110–111
US-EU Safe Harbor program, 87–88

V

Vendor ID, 47–48
Vere Software, 227–228
Victimology, 36
Victims, 254
Video inspector, video metadata, 311f
Video instant messaging, 346–347
Video metadata, types, 307–308
Virtual machines, 157–158, 163
VMWare, 201

W

Wales, 71
Warfighter, 25
Washington, 31–32, 83, 339
Washtenaw county cybercitizenship coalition, 393f
Wayback Machine, 301
Wayback machine example search, 301f
Web anonymity
common methods, 213–214
good/bad of, 217b
hidden services, sites found on, 224f
http requests, 215
The Onion Router (Tor) network, 219–222, 221f, 224–225
hidden web services, 222–224
proxy servers, 218–219, 218–219
tool like the Amnesic Incognito Live ystem (Tails), 224–225
screenshot of, 225f
TorDir hidden services site, 223f
tracking criminals
anonymous methods to hide, 225–229
VPN services, 217
web-based methods to anonymize, 216–217
Web anonymizers, 216–217
Web-based chat program, 348–349
WebCase collection interface, 115f
WebCase undercover identity module, 246f
Webfetch, 271–272
Web find drop down, internet investigators toolbar, 134f
Web Find resources, 134–135
Webpages, 293–294
examination, 304–306
live, 293
securing, 393f
simplified browser request for, 294f
text-only version, 274b
tracking bugs, 305–306
work as, 293
WebServer Information, 135
Website Info drop down, internet investigators toolbar, 135f
WebSite ranking, 445
Websites, 293–294
background information, 445
basic HTML tags, 297t
basic investigation and documentation, 447
basic structures, 295f
capturing videos, 307–311
domain registration, 299–300
foreign language, 304, 448
generic structures, 295f
history research, 300–302, 446, 446
HTML tags, 294–296
identifying, legal process of, 311, 447
investigation/documentation, 445
investigative checklist, 448
legal process of identifying, 447
malicious code, checking for, 302–303
over time monitoring, 312
ranking, 300
ranking/traffic, 445
reconnaissance, 296–303
registration information, 447
reviewing source code, 305–306
search engine optimization (SEO) sites, 300
search engine research, 447
structure, 293–294
URL traits, 298–299
Website’s multimedia, documenting, 306–311
Website-specific information, 445
Wget, 110–111
Wide Area Network (WAN) Management, 155
WiFi network, 21–22
Wi-Fi Protected Access (WPA), 154
Wikipedia, 71, 330, 332–334
Wilson, James Q., 14
Windows-based computer, 120–121
Windows-based systems, 151–152
Windows 7, computer name, 193f
Windows firewall, 156–157
Windows XP SP2, 156–157
Worldwide internet, usage, 1
Worldwide social networking, 320–321
World Wide Web (WWW), 293

X

X header explanations, 199t

Y

Yahoo email account, 182
YouTube, 21–22, 286–287, 307
anti-Islam video, 7–8
page, 317–318

Z

ZabaSearch, 134
Zimbra, 201
adding new account, 204f
desktop email collections, 203–205
desktop installation, 203, 204f
desktop saving email, 205f
Zulu URL risk analyzer, 303
URL inspection, 303f
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
52.14.134.130