M15 METHODS AND TECHNIQUES OF CYBERCRIME INVESTIGATION

avatar
Created by
Tadeo

Cards (23)

  • CRIME INVESTIGATION METHODS
    1. Assess the situation
    2. Conduct the initial investigation
    3. Identify possible evidence
    4. Secure devices and obtain court orders
    5. Analyze result with prosecutor
  • CRIME INVESTIGATION TECHNIQUES
    • Background check
    • Information gathering
    • Tracking and identifying the authors
    • Digital forensics
  • Background check - creating and defining the background of the crime with known facts will help investigator set a starting point to establish what they are facing, and how much information they have when handling the initial cybercrime report
  • Information gathering - one of the most important things any cyber security researcher must do is grab as much information as possible about the incident
  • Tracking and identifying the authors - this next step is sometimes performed during the information gathering process, depending on how much information is already is already in hand. In order to identify the criminals behind the cyber attack.
  • Digital forensics - once researches have connected enough data about cybercrime it's time to examine the digital system that were affected, are those supposed to be involved in the origin of the attack.
  • Digital forensics - this process involves analyzing network connection raw data, hard drives, file systems, caching devices,RAM memory and more.
  • Cyberattack - also known as cyber security attack - is any form of malicious activity targeting IT systems and/or the people using them to gain unauthorized access to systems and data they contain
  • Phishing - an attacker may send you an email that appears to be from someone you trust, like your boss or a company you do business with. The email will seem legitimate
  • Structured query language (sql) attack - an sql injection attack specifically target server storing critical website and service data using malicious code to get the server to divulge information it normally wouldn't
  • SQL - is a programming language used to communicate with databases, and can be used to store private customer information such as credit card numbers, usernames and passwords 
  • Cross-site scripting - also involved in checking malicious code into a website, what in this case the website itself is not being attacked. The malicious code only runs in the users browser when they visit the attack website, where it directly targets the visitor
  • Denial of service - flood a website with more traffic than it's build to handle, thereby overloading the site server and making it near impossible to serve content to visitors
  • Session hijacking - occurs when an attacker hijacks a session by capturing the unique and private session ID and possess as the computer making a request. Allowing them to login as an unsuspecting user and gain access to an authorized information on the web server
  • HOW TO PREVENT CYBER ATTACKS
    • Phishing awareness training
    • Compromise credential detection
    • Ransomware prevention
    • attack prevention
    • Threat intelligence program
  • Phishing awareness training - educate employees on why phishing is harmful and empower them to detect and report phishing ttempts. This type of training includes image stimulated phishing campaigns to employees, monitoring results, reinforcing training and improving on stimulation results 
  • Compromise credential detection - leverage user behavior analytics (UBA) to create a baseline for normal activity on your network. Then monitor how administrator and service accounts are being used.
  • Ransomware prevention - create a three point plan to prevent ransomware attacks. This includes minimizing an attack surface, mitigating potential impact once exposure has been detected, and debriefing open point existing plan gaps
  • attack prevention - institute a filtering policy through which external data will pass. This will help to catch malicious scripts before they can come a problem. This leads into creating a wider content security policy that can leverage a list of trusted sources that are able to access your web application
  • Threat intelligence program - create a central hub that feeds all security organization functions with knowledge and data on the highest priority threats. Organizations rely heavily on automation to help skill a threat intelligence program by continuously feeding data in two security device and processes, without the need for human intervention
  • MODES OF CYBERCRIME ATTACKS
    • Malware
    • Phishing
    • Structured query language attack
    • Cross -site scripting
    • Denial of service
    • Session hijacking
    • Credential reuse
  • Malware - refers to various forms of her harmful software, such as viruses and ramsomware. Once it is in your computer, it can wreck all sorts of havoc
  • Credential reuse - occurs when someone uses the same credentials on multiple websites. It can make life easier in the moment, what can come back to haunt that user later on.