cybercrime lesson15

avatar
Created by
Kyla Jamolin

Cards (17)

  • Digital forensics
    The collection, preservation, and analysis of digital evidence
  • Digital forensics tools
    • EnCase
    • FTK
    • Autopsy
  • Cybercrime investigation methods
    1. Assess the situation
    2. Conduct the initial investigation
    3. Identify possible evidence
    4. Secure devices and obtain court orders
    5. Analyze results with prosecutor
  • Assessing the situation
    • Determine the specific elements of the crime
    Determine if the laws in the jurisdiction support prosecution
    Consult with the prosecutor to gain additional insight
  • Conducting the initial investigation
    • Ask who, what, where, when, why and how questions
    Identify potential suspects
    Determine what crimes were committed
    Determine if crimes were limited to certain jurisdiction
    Identify what evidence needs to be collected and where it might be located
  • Identifying possible evidence
    • Digital evidence can come in many file types and sizes
    Evidence may be encrypted, protected, or hidden
    Consider partnering with other agencies if necessary resources/expertise are lacking
  • Securing devices and obtaining court orders
    • Seize electronic devices without a warrant, but obtain a warrant to conduct a search
    Multiple warrants may be needed if a device is connected to multiple crimes
    Use subpoenas to obtain digital evidence from internet/communication companies
    Use non-disclosure agreements when requesting information from electronic service providers
  • Analyzing results with prosecutor
    • Identify appropriate charges based on existing laws
    Determine what additional information or evidence is needed prior to filing charges
  • Cyberattack
    Any form of malicious activity targeting IT systems and/or the people using them to gain unauthorized access to systems and data
  • Types of cyberattacks
    • Malware
    • Phishing
    • SQL injection
    • Cross-site scripting (XSS)
    • Denial-of-service (DoS)
    • Session hijacking
    • Credential reuse
  • Preventing cyberattacks
    • Phishing awareness training
    Compromised credentials detection
    Ransomware prevention
    XSS attack prevention
    Threat intelligence program
  • Phishing awareness training includes email simulated phishing campaigns, monitoring results, reinforcing training, and improving on simulation results
  • Compromised credentials detection involves using user behavior analytics to create a baseline for normal activity and monitor for inappropriate credential usage
  • Ransomware prevention includes minimizing attack surface, mitigating potential impact, and debriefing to improve the plan
  • XSS attack prevention involves instituting a filtering policy and creating a content security policy with a list of trusted sources
  • A threat intelligence program creates a central hub that feeds all security functions with knowledge and data on the highest-priority threats, using automation to scale
  • Cybercrime 13-17