Index

Note: Page numbers in italic and bold refer to figures and tables, respectively.

acceptable activity 1412

acceptable use policy (AUP) 229, 252

access logs 27

action plan, data source 989

active data 274

actuation module, IoT 269, 270

ADAM (Advanced Data Acquisition Model) 380, 381

ad hoc phase 910

administrative controls 1245

administrative governance foundations 1356; assurance controls 138; evidence handling 137; evidence storage 137; incident and investigative response 137; personnel 136

adolescence, digital crime 7

Advanced Data Acquisition Model (ADAM) 380, 381

advanced persistent threats (APT) 7

adverse event 160

agile model 1078

airplane mode 257

ALE (annualized loss expectancy) 3234

American Academy of Forensic Sciences (AAFS) 7

analytical skills 18990

analytical techniques: anomaly detection 1512; deductive forensics 1546, 155; extractive forensics 1534; inductive forensics 154; machine learning 1523; misuse detection 1501; specification-based detection 152

annualized loss expectancy (ALE) 3234

annual rate of occurrence (ARO) 323

anomaly detection technique 1512

application programming interface (API) 235, 247, 274

application services, security controls 231

application software 97

application whitelisting 149

application zone, IoT 276

APT (advanced persistent threats) 7

arbitrary regulations 94

architectural models, EDW: basic architecture 347, 347; data marts 348, 349; with staging 348, 349; staging and data marts 349, 34950

ARO (annual rate of occurrence) 323

asset management and discovery 277, 279

assurance controls 138

audit information 25

audit logs 27

AUP (acceptable use policy) 229, 252

Australian Crimes Act 6

Australian (AU) Cybercrime Act 2056

Australian Signal Directorate (ASD) 14950

authentication records 25, 97

authentication threats 425

authenticity, digital evidence 1314

authorization threats 425

availability threats 424

background evidence 25, 235

backup strategy 13840

baseline-future scenario gap analysis 311

basic knowledge 17980

basic training (continuing education) 239, 265, 285

benefits analysis, forensics readiness program: control expansion 834; crime deterrent 84; disclosure costs 845; governance and compliance 84; law enforcement 84; legal preparations 84; minimizing costs 83

best evidence rule 112

best-of-breed 3534

binding precedent 207

Blackberry 244

black box 294

bottom-up view, EDW 350

Brady rule 2078

bring your own device (BYOD) model 251, 255, 258

British Computer Abuse Act (1990) 6

budget management 191

“burner” phones 2478

business case 413; advantages/disadvantages 415; alternative analysis 419; alternatives 416; assumptions 416; business analysis 41415; contact persons 419; executive summary 414; financial analysis 41819; funding 418; governance structure 417; key success metrics 417; recommendation 412; risks 416; roles & responsibilities 419; sensitivity analysis 419; timing/schedules 416

business-centric focus 21314

business code of conduct policy 556

business ethics 556

business operations 11011

business process systems 97

business query view, EDW 350

business records 1212

business risks 634, 878, 3389

business scenarios 646; cloud forensic 2256; IoT forensic 273; mobile device forensics 2489

BYOD (bring your own device) model 251, 255, 258

CBA see cost-benefit analysis (CBA)

CBK see common body of knowledge (CBK)

certifications: and accreditations 61; and professional organizations 5660

Certified Advanced Windows Forensics Examiner (CAWFE) 58

Certified Computer Examiner (CCE) 589

Certified Forensics Computer Examiner (CFCE) 58

chain of custody 1415, 4057

chain-of-evidence model 116, 116

childhood, digital crime 67

chip-off analysis 247

choose your own device (CYOD) model 255

CIA triad (confidentiality, integrity, and availability) 105

click-wrap agreement 242

cloud computing 301, 188, 218, 220; challenges 2234; characteristics 220; containerization 224; delivery models 2212; enterprise strategies 228; evidence gathering and processing 224; first responders 224; governance 2289; history of 21819; hyper-scaling 2234, 234; isolation models 222; mobility 223; model dimensions 222; RA 22932; security and configuration standards 229; security control 230, 2302; service models 221; trust, layers of 2324, 233

cloud forensics 15, 181, 225; business risk scenarios 2256; continuing education 23840; data sources 2267; evidence-based presentations 240; evidence, collection of 22732; investigative workflows 225, 2368; legal admissibility 2324; legal review 2402; secure storage and handling 2345; targeted monitoring 2356

cloud service providers (CSP) 31, 97, 104, 224, 229, 234, 241

cluster 154

COBO (corporate-owned, business only) model 255, 258

code of conduct 229

commercial-off-the-shelf (COTS): solutions 353; technologies 42, 44

common body of knowledge (CBK) 2, 6, 8, 11, 18, 57

communication: module, IoT 269, 270; plans 163; skills 190

communication, risk management: analyze 329, 330; identify 327, 328; manage 32932, 332; monitor 3323, 333

community cloud model 221

computer ethics 545

computer forensics 56, 15; field triage process model 372, 373; investigative process 364, 364; process model 364, 365

computer law 2056

computer systems 289

confidentiality threats 423

conflict resolution 191

content awareness 1012

content filtering 147

context awareness 102, 1023

continuing education: cloud forensic 23840; digital forensics experts 192, 194; educational roadmap 18592, 193; hierarchy 178; IoT forensic 2845; mobile device forensics 2656; organizational roles and responsibilities 1825; and training 17781

continuity threats 424

contractual agreements 2412

corporate-owned, business only (COBO) model 255, 258

corporate-owned, personally enabled (COPE) model 255

cost assessment, forensics readiness program 823

cost-benefit analysis (CBA) 109, 3012; comparative assessment 306; estimated costs and benefits 307; identifying costs 303; intangible benefits 3056; intangible costs 304; problem statement 3023; projecting benefits 304; quantitative assessment 303; tangible benefits 304; workflow 302

COTS see commercial-off-the-shelf (COTS)

crime deterrent 84

crime prevention through environmental design (CPTED) 129

critical thinking 190

cryptographic hash algorithm 235, 277

cryptography 1267, 187

CSP see cloud service providers (CSP)

cyber and security investigations 188

cybercrime 181; indirect business loss 912; overhead time and effort 91; recovery and continuity expenses 92; risk mitigation controls 901; security properties 89, 90; threat modeling 8990, 90

cybercriminals 5, 78

cyber espionage 7

cyber forensics training and operations, process flows for 374, 374

cyberlaw 2045

cyclic redundancy checks (CRC) 127

CYOD (choose your own device) model 255

data: breach 176; exposure concerns 105; integrity 126; management solutions 25, 97; replication 139; restoration strategy 13840; in transit 128, 1323

data-at-rest 125, 1323

data-in-use 133

data loss prevention (DLP) 25, 147, 254

data security 83; requirements 11920

data sources: action plan 989; background evidence 97; cloud forensic 2267; document deficiencies 1014; foreground evidence 97; identification 99101; inventory matrix 426; IoT forensic 2734; mobile device forensics 24951; personal computing systems 96; view, EDW 350

data warehouse 344; architectural models 34650, 347; data lake vs. 351; design methodologies 3502; development concepts 345; implementation factors 3524; project planning 354

Daubert standard 2089, 287

dedicated isolation models 222

deductive forensics 1546, 155

defense-in-depth strategy 1445, 145

delivery models, cloud computing 2212

denial of service 90, 338

detective controls 129

deterrent security controls 1289

device zone, IoT 275

DFRWS see Digital Forensics Research Workshop (DFRWS)

digital and multimedia sciences (DMS) 7

digital artifacts 28

digital crimes: adolescence 7; childhood 67; future 89; infancy 56; prologue 45

digital evidence 80; background 25; business operations 11011; cost elements 109; evidence storage networks 512; foreground 256; FRE 324; investigative process methodology 3451; legal actions 111; legal/regulatory requirements 111; legal system 24; sources of 2632; technology-generated data 25; technology-stored data 25

digital forensic investigations framework 372, 372, 376, 376

digital forensic procedures, abstract model 366, 367

digital forensic readiness: business-centric focus 21314; costs and benefits 21415; process model 223, 23; systematic and proactive approach 214

Digital Forensics Certification Board (DFCB) 57

Digital Forensics Research Workshop (DFRWS) 6; investigative model 365, 365

digital forensics resources 17

digital forensics team: roles 1834; titles 1845

digital forensics tool testing process model 292

disclosure costs 845

DLP (data loss prevention) 25, 147, 254

document deficiencies: insufficient data availability 1013; unidentified data sources 104

dual data analysis process 375, 376

dynamic analysis 294

dynamic data 274

economic regulations 93

e-discovery see electronic discovery (e-discovery)

educational roadmap 71, 1856, 193; non-technical knowledge 18992; technical knowledge 1869

education and professional certifications 383; formal education programs 38593; industry-neutral certifications 3834; vendor-specific trainings/certifications 384

education and training program: awareness 823, 1789; basic knowledge 17980; functional knowledge 180; specialized knowledge 1801

EDW see enterprise data warehouse (EDW)

eggs-in-one-basket 3534

electronically stored information (ESI) 13, 25, 1423, 240, 277, 285, 351; cloud computing 30, 223, 226; contractual and commercial agreements 95; disclosure costs 845; e-discovery 188; hyper-scaling 2234; information security and cyber security 144; mobile devices 249; SAN 52; text mining 1534

electronic communication channels 26, 97

electronic crime scene investigation 364

electronic discovery (e-discovery) 15, 76, 845, 181, 188

elevation of privilege 90

elevator speech 197

email abuse 176

encrypted file system (EFS) 125, 133

end-to-end cryptography 1323

end-to-end digital investigation 368, 368

energy module, IoT 269, 270

enhanced integrated digital investigation process 369, 369

enterprise data warehouse (EDW) 52, 112, 118, 131, 344

enterprise management strategies: cloud forensics 228; mobile device forensics 2516

enterprises: business risks 634; governance framework 67, 67; law enforcement agencies 62; outline business scenarios 646; phase 11; service catalog 70; technical execution 69

enterprise security 1424; defense-in-depth strategy 1445, 145; information security vs. cyber security 144; modern security monitoring 1467; traditional security monitoring 1456, 146

entity-relationship (ER) model 346

error logs 27

escalation management: functional 165, 1656; hierarchical 164, 164

ESI see electronically stored information (ESI)

ethics: business 556; certifications and accreditations 61; certifications and professional organizations 5660; computer 545; confidentiality and trust 60; due diligence and duty of care 60; impartiality and objectivity 60; importance 53; openness and disclosure 60; personal 54; professional 54

EU Directive 95/46/EC 241

EU ePrivacy Act 205

evaluation period 73

event-based digital forensic investigation framework 371, 371

event vs. incident 160

evidence: authenticity 134; exchange 1112, 12; handling 137; management 186

evidence-based presentation: cloud forensic 240; IoT forensic 2856; mobile device forensics 266

evidence-based reporting: exculpatory evidence 199200; factual reports 1956; inculpatory evidence 199200; types of 1967; understandable reports 1978; written reports, arrangement 1989

evidence collection factors: best evidence rule 112; cause and effect 11415; correlation and association 11516; corroboration and redundancy 117; metadata 11314; storage duration 11718; storage infrastructure 11819; time 11213

evidence, collection of: cloud forensic 22732; IoT forensic 2745; mobile device forensics 2516

evidence storage 137; networks 512

evolutionary cycle 9; ad hoc phase 910; enterprise phase 11; structured phase 10

examiner and analyst role 183

exculpatory evidence 199200, 207

experts 185, 192, 194

extended model of cyber crime investigation 36970, 370

external information sharing 164

external logs 27

external sources 312

external zone, IoT 276

extraction, transformation, and loading (ETL) function 347

extractive forensics 1534

fact tables 3501

factual reports 1956

FAIoT (forensics-aware IoT) model 281, 282

Federal Information Security Management Act (FISMA) 126

Federal Rules of Civil Procedure (FRCP) 84

Federal Rules of Evidence (FRE) 112, 122, 256; authenticity 32; legal systems 33; requirements, business record 33; Rule 902(11) 33; Rule 902(12) 34

file integrity monitoring (FIM) 25, 126, 155

file systems 187

financial risk 64, 88

financial services 65

FISMA (Federal Information Security Management Act) 126

Florida Computer Crimes Act 5

foreground evidence 256

forensic: architectures 1056; computer analysis 5; computing 5; investigations 15

forensically sound 1213

forensics-aware IoT (FAIoT) model 281, 282

forensics readiness methodology: cloud forensics 22542; IoT 27287; mobile device forensics 24867

forensics readiness program: benefits analysis 835; business requirement, stakeholders 81; cost assessment 823; digital evidence 80; implementation 856; objectives 81

forensics readiness scenarios: assessment 95; compliance, regulatory/legal requirements 934; contractual and commercial agreements 945; court-ordered data, release of 94; cybercrime, impact of 8992; disciplinary actions 923

forensics soundness: authenticity and integrity 1314; chain of custody 1415; ESI 1213; scientific principles 13

forensics toolkit: concept of 69; maintenance 712

forensics workstations 445

formal education programs 23940, 266, 285; Australia 3856; Canada 386; England 3868; India 388; Ireland 388; Italy 388; Netherlands 388; Scotland 389; South Africa 389; Sweden 389; United Kingdom 389; United State of America 38993; Wales 393

form factor 271

FORZA 3734, 374

four-step forensic process 372, 372

fraud monitoring 25, 97

FRCP (Federal Rules of Civil Procedure) 84

FRE see Federal Rules of Evidence (FRE)

fruits of crime 3

Frye standard 208

full-disk encryption (FDE) 125

full-time equivalents (FTEs) 73

functional escalation 165, 1656

functional impact prioritization 168, 168

functional knowledge 180

functional requirements 358

gap analysis 311

gathering phase: cloud forensic 2378; IoT forensic 27981; mobile device forensics 2613

general acceptance test 2089

general awareness (continuing education) 1789, 239, 265, 284

General Data Protection Regulation (GDPR) 203

generic computer forensic investigation model 3789, 379

Global Positioning System (GPS) 113

good conflict regulations 94

good faith regulations 94

governance document maintenance 82

governance framework: digital forensics capabilities 689; documentation hierarchy 68, 68; enterprise 667, 67; information security (IS) 67; information technology (IT) 67

grid computing 220

guide metadata 114

hash collisions 14, 49

Health Insurance Portability and Accountability Act (HIPAA) 126, 203

hearsay evidence 24, 26, 33

heuristical analysis 151

hierarchical escalations 164, 164

high-level digital forensics process model 212, 22; cloud forensic 225; IoT forensic 272; mobile device forensics 248

HIPAA (Health Insurance Portability and Accountability Act) 126, 203

hybrid cloud model 222

hyper-scale environments 2234, 234

IaaS see infrastructure as a service (IaaS)

implementation factors, EDW: best-of-breed 3534; business-driven 352; buy/build 353; eggs-in-one-basket 3534; risk assessment 353; value/expectation 352

incident: and computer forensics, process model 375, 375; response 15, 188; vs. event 160

incident management lifecycle 83, 157, 158, 181; forensic readiness integration 158, 1589; learn 1712; preparation 15966; respond 1669; restore 16971

incident response team (IRT) 1724; digital forensics 1745; team structure and models 1613

incidents prioritization: functional 168, 168; informational 168, 168; recoverability 169, 169

inculpatory evidence 199200, 207

indicator incidents 166

inductive forensics 154, 155

industry regulation 76

infancy, digital crime 56

information: assurance 181; disclosure 90, 338; services, security controls 231

informational data 345

informational impact prioritization 168, 168

information security (IS) management: cyber security vs. 144; framework 136; governance 67; guidelines 367, 37; hierarchy of 35, 35; policies 356, 36; procedures 379; standards 37, 38

information technology (IT) 4; governance 67; law 2034; service catalog 297

infrastructure as a service (IaaS) 221; security controls 229

infrastructure devices 29

infrastructure logs 27

infrastructure services, security controls 2312

intangible costs 304

integrated digital investigation process 367, 367

integrity 1314; checking 1334; monitoring 126; threats 4234

interactive IoT devices 2734

internal memory data objects, mobile devices 24950

internal rate of return (IRR) 309

International Association of Computer Investigative Specialists (IACIS) 58

International Society of Forensics Computer Examiners (ISFCE) 589

internet abuse 176

internet law 2045

Internet of Things (IoT): challenges with 2702; characteristics 270; evidence gathering and processing 2712; forensics toolkits 272; form factor 271; goal of 270; history 2689; module 269, 270; privacy 271, 287; security 271, 287; trust zones 2756, 276

internet protocol security (IPsec) 128

internet service providers (ISP) 97

interpersonal skills 190

interrogation 190

intrusion attempts 176

intrusion detection systems (IDS) 278

intrusion prevention systems (IPS) 117, 278

investigation principles 186

investigative final report 40810

investigative process methodology 363; digital forensics readiness model 223, 23; existing process models 1822; hardware and software 435; information security management 359; lab environment 3943; operating procedures 459; presentation 501; processing 50

investigative time (IT) 73

investigative workflows 1756, 394; broad audit process 398; cloud forensic 225, 2368; incident management lifecycle 15772, 158; IoT forensic 272, 27884; IRT 1725; mobile device forensics 2605; process initiation 395; targeted forensics process 397; volatile data process 396

investigator role 1834

IoT see Internet of Things (IoT)

IoT devices: data types from 274; identifying approaches 27980; types 2734

IoT forensic 272; business risk scenarios 273; continuing education 2845; data sources 2734; evidence-based presentation 2856; evidence, collection of 2745; investigative workflows 272, 27884; legal admissibility 2756; legal review 2867; report 2846; secure storage and handling 2767; targeted monitoring 2778

iPhone device 244

IPsec (internet protocol security) 128

IRT see incident response team (IRT)

IS management see information security (IS) management

isolation models, cloud computing 222

Joint Test Action Group (JTAG) analysis 247

jurisdiction 1617

key performance indicators (KPIs) 334; guidelines 72; parameters 73; RC ratio 735

lab environment: construction 423; designing 402; planning 3940

laid-back approach 298

landmark decision 207

law enforcement agencies 62, 84

laws and regulations: computer law 2056; internet law/cyberlaw 2045; IT law 2034

leadership 1901

learning phase, incidents 1712

least privilege access 132, 132

legal admissibility: business records 1212; cloud forensic 2324; IoT forensic 2756; mobile device forensics 256; preservation challenges 123; preservation strategies 12430; technology-generated data 122; technology-stored data 122

legal advice: communication 21112; constraints 210; disputes 21011; employees 211; law enforcement agencies 212; liabilities 211; prosecution 211

legal aspects, technology crimes 1617

legal counsel 83

legal precedence: Brady rule 2078; Frye vs. Daubert standard 2089; jurisdiction 209

legal review: cloud forensic 2402; IoT forensic 2867; laws and regulations 2036; legal advice 21012; legal precedence 2079; mobile device forensics 267; technology counselling 20910; technology in crime 2013

legal risk 64, 88

legal studies 187

link analysis 153

local network zone, IoT 275

Locard’s exchange principle 1112, 12

logbook 404

log files 278; types 91

MAC (mandatory access control) 120

machine learning 1523

Malaysian investigation process 377, 377

malware infections 176

malware reverse engineering 188

MAM (mobile application management) 254, 259

managers role 184

mandatory access control (MAC) 120

master service agreement (MSA) 2412

MCM (mobile content management) 259

MDM (mobile device management) 147, 254, 2589

memory forensics 15, 181

Message Digest Algorithm family (MD5) 14, 48, 120, 127, 235, 277

metadata 11314

MFA (multi-factor authentication) 254

Microsoft threat modeling 340

mind maps, risk management 326

misuse detection technique 1501

mitigation strategies 14950

mobile application management (MAM) 254, 259

mobile content management (MCM) 259

mobile device forensics 248; business risk scenarios 2489; continuing education 2656; data sources 24951; evidence-based presentation 266; evidence, collection of 2516; investigative workflows 2605; legal admissibility 256; legal review 267; secure storage and handling 2578; targeted monitoring 25860

mobile device management (MDM) 147, 254, 2589

mobile devices 31, 1878, 243; “burner” phones 2478; challenges with 2458; cloud storage 246; encryption 2467; governance 2523; history of 2434; local storage 246; loss of 245; management methodologies 253, 2556; replacement 246; safeguards and controls 254; security and configuration standards 253; theft of 2456

mobile forensics 6

mobile security management (MSM) 2589

modern security monitoring 1467

MSA (master service agreement) 2412

MSM (mobile security management) 2589

multi-factor authentication (MFA) 254

multi-tenant isolation models 222

NAND flash memory 250

natural access controls 129

natural surveillance 129

natural territorial reinforcements 129

NDA (non-disclosure agreement) 293

near real-time data replication 139

net present value (NPV) 301, 309, 420

network: communications 128; devices 25, 97; monitoring systems 97

network access control (NAC) 254

network area storage (NAS) 52

network forensics 6, 15, 188; and analysis 181; generic framework for 3778, 378

networking protocols 187

network time protocol (NTP) 113

next-best-thing (NBT) triage approach 2823

next-gen security control layers 147

NIST Cloud Computing Security Reference Architecture 232

non-disclosure agreement (NDA) 293

non-repudiation threats 425

non-technical knowledge: advanced 1912; intermediate 1901; introductory 18990

NOR flash memory 250

NPV see net present value (NPV)

object of crime 2

1-2-3 zones approach 2812

one-way cryptographic hash algorithm 235, 277

online analytical processing (OLAP) 345; features 346; operational databases and data warehouses 345

online transaction processing (OLTP) 345; features 346; operational databases and data warehouses 345

on-site triage decision tree 2612, 262

open-source technologies 42

open systems interconnection (OSI) model 102

operating procedures, investigative workflow: authenticity 48; collection and preservation 489; scene documentation 467; search and seizure 478; securing scene 46

operating systems (OS) 1867

operational data 345

operational requirements 358

operational risk 64, 88

operational service catalog hierarchy 299

organizational roles and responsibilities 182; digital forensics team 1835

overhead time (OT) 73

PaaS see platform as a service (PaaS)

Pareto principle 114

passcode 41, 247, 257

passive data 274

PASTA (Process for Attack Simulation and Threat Analysis) 3401

patch applications 149

patch operating system 149

payback period 309, 310

Payment Card Industry Data Security Standards (PCI DSS) 63, 76, 126, 203

PCI Forensics Investigator (PFI) certification 76

personal ethics 54

Personal Information Protection and Electronic Documents Act (PIPEDA) 241

personally identifiable information (PII) 99, 212, 287

persuasive precedent 207

PFI (PCI Forensics Investigator) certification 76

Philippine (PH) Cybercrime Prevention Act 205

phishing campaigns 7

phreaking 5

physical security controls 1345; delay 130; deny 12930; detect 129; deter 1289

PII see personally identifiable information (PII)

plans, incident management 161

platform as a service (PaaS) 221; security controls 229

policies, incident management 160

political influences 77

positive security approach 1478

practitioner 1845

precursor incidents 166

preparation phase: cloud forensic 2367; IoT forensic 2789; mobile device forensics 2601

presentation phase: cloud forensic 238; IoT forensic 2834; mobile device forensics 2645

presentation services, security controls 231

present value (PV) assessment 30710

preservation challenges 123

priority triad 357

private cloud model 221

privilege elevation 338

proactive approach 333

Process for Attack Simulation and Threat Analysis (PASTA) 3401

processing module, IoT 269, 270

processing phase: cloud forensic 238; IoT forensic 2813; mobile device forensics 2634

process models: higher-level grouping 212, 22; law enforcement 19; methodologies 19, 20; phase frequencies 18, 21, 382

process regulations 94

professional 185; certifications 180; ethics 54

project charter 42736

project control officer (PCO) 43

project management 191

project planning, EDW 354

proof of concept (POC) 42

protocol analysis 151

public cloud model 222

qualitative assessments 3212

quantitative assessments 303, 322

random access memory (RAM) 13, 28, 30, 250

RBAC (role-based access control) 120

real-time monitoring systems 25

recoverability impact prioritization 169, 169

recovery time objective (RTO) 139

remote logging 1278

repudiation 90, 338

requirements analysis: assessments 357; defining 356; finalize 359; gathering 358; importance 3556; interpret 3589; report 43743; scope definition 3567; specification documents 360

resource capacity (RC) 735

resources: cloud computing environments 459; digital forensic publications 456; integrity monitoring compliance objectives 4578; laws and regulations 4589; management 191; mobile devices 460; risk management methodologies 458; tools and equipment 457

respond phase, incidents: analysis 1667; detection 166; prioritization 1689

restore phase, incident: containment 16970; eradication 170; order of volatility 171; recovery 170

restrict administrative privileges 149

restrictive security controls 129

return on investment (ROI) 64, 297

risk assessment 321; ALE 3234; ARO 323; methodologies and techniques 325; qualitative assessments 3212; quantitative assessments 322; SLE 323; tools 3245

risk likelihood-severity heat map 322

risk management lifecycle workflow 181, 320; communication 326, 32733; responses 331; review 3345, 335; variables 321; visualizing 326

risk mitigation controls 901

role-based access control (RBAC) 120

RTO (recovery time objective) 139

runbooks 41, 144

SaaS (software as a service) 2201, 229

Sarbanes–Oxley Act (SOX) 63, 76, 126, 203

scientific crime scene investigation model 366, 366

scripting 187

SDLC see system development life cycle (SDLC)

secure boot 50

Secure Hashing Algorithm (SHA) family 14, 120, 127, 235, 277

secure storage and handling: Administrative Governance Foundations 1358; attributes 1315; backup strategy 13840; cloud forensic 2345; IoT forensic 2767; mobile device forensics 2578; restoration strategy 13840

secure storage attributes 131; end-to-end cryptography 1323; integrity checking 1334; least privilege access 132, 132; physical security 1345

security: architectures 1056, 189; investigations, types of 1756; logs 27; monitoring 181; properties 89, 90; requirements 11920

sensitivity analysis 31011

sensor module, IoT 269, 270

service catalog 70, 110, 411; business benefits 2978; design considerations 298300

service level agreements (SLA) 224

service level objectives (SLO) 104, 165, 300

service models, cloud computing 221

service zone, IoT 276

SHA see Secure Hashing Algorithm (SHA) family

shadow price 306

SIM data objects, mobile devices 249

simple pattern matching 151

single loss expectancy (SLE) 323

SLA (service level agreements) 224

SLO see service level objectives (SLO)

small and medium-sized business (SMB) 76

snowflake model 346

social regulations 93

software as a service (SaaS) 2201, 229

software testing 294

SOP (standard operating procedures) 110, 125, 161

SOX see Sarbanes–Oxley Act (SOX)

specialist 185

specialized knowledge 1801

special-purpose IoT devices 2734

specification-based detection technique 152

spoofing 90, 338

stakeholder validation 312

standard operating procedures (SOP) 110, 125, 161

star model 346

stateful pattern matching 151

statement of work (SOW) 293, 360

static analysis 295

STIX (structured threat information expression) 336, 337

storage area networks (SAN) 52

storage capacity 118

storage security 125

strategic mindset 191

strategic risk 64, 88

STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege) scheme 338

structural metadata 114

structured phase 10

structured threat information expression (STIX) 336, 337

subject of crime 2

subject-oriented data 344

symbol of crime 3

systematic digital forensic investigation model 37980, 380

system development life cycle (SDLC) 189, 294, 324, 355

systems development 189

systems lifecycle: agile model 1078; waterfall model 1067

system zone, IoT 276

tactics, techniques, and procedures (TTP) 167, 337

tampering 90, 338

tangible costs 303

targeted monitoring: acceptable activity 1412; analytical techniques 1506; ASD 14950; cloud forensic 2356; enterprise security 1427; implementation concerns 156; IoT forensic 2778; mobile device forensics 25860; positive security approach 1478; unacceptable activity 141

taxonomy development methodology 313, 314; assess existing data 316; business requirements and value proposition 31516; classification scheme 31819; conduct surveys/interviews 31617; create inventories 31718; finalize 319; governance structure 319; organization role 31415; team selection 314

team lead role 184

team placement 756

technical controls: cryptography 1267; integrity monitoring 126; remote logging 1278; secure delivery 128; storage security 125

technical execution 69

technical knowledge: advanced 1889; intermediate 1878; introductory 1867

technical requirements 358

technical writing 190

technician role 183

technology counselling 20910

technology-generated data 25, 122, 1278

technology role in crime 23, 2013

technology-stored data 25, 122, 273

test cases 4003

text mining technique 1534

The Pirate Bay (TPB) 205

threat: actors 167, 3378; assessment matrix 423; modeling 8990, 90, 181, 322, 3368, 33942, 343; risk matrix 3423; tree workflow 339

threat risk assessment (TRA) 342, 4215

time management 189

time synchronization 11213

time value of money (TVM) 306

tool and equipment validation program: building program 291; gathering 2924; preparation 292; presentation 296; processing 294; standards/baselines 2878; validation 2956; verification 2945

tool of crime 3

top-down view, EDW 350

total cost of ownership (TCO) 353

TRA (threat risk assessment) 342, 4215

traditional security monitoring 1456, 146

transactional logs 27

transitional requirements 358

TRIKE threat model 3412

Trusted Cloud Initiative (TRI) SRI 232

trust zones, IoT 2756; investigative zones vs. 283

TTP (tactics, techniques, and procedures) 167, 337

unacceptable activity 141

unauthorized access 176

United Kingdom (UK) Computer Misuse Act 205

U.S. Department of Justice (USDOJ) 3, 202

U.S. Electronic Communications Privacy Act 204

user acknowledgment and agreement 2523

user and entity behavior analytics (UEBA) 155

U.S. Federal Computer Fraud and Abuse Act (1984) 6

utility computing 220

verbal formal reports 1967

verbal informal reports 197

virtualization 2930, 30, 2267, 227

virtual machines (VM) 219

virtual private networking (VPN) 254

waterfall model 1067

white box 294

wide area network zone, IoT 275

work hours (WH) 73

written reports: arrangement 1989; formal 197; informal 197

zones of trust, IoT 2756; vs. investigative zones 283

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.128.170.92