Table of Contents for
System Forensics, Investigation, and Response, 3rd Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition System Forensics, Investigation, and Response, 3rd Edition by Easttom Published by Jones & Bartlett Learning, 2017
  1. Cover Page
  2. Contents
  3. System Forensics, Investigation, and Response
  4. Title Page
  5. Copyright Page
  6. Content
  7. Preface
  8. About the Author
  9. PART I Introduction to Forensics
  10. CHAPTER 1 Introduction to Forensics
  11. What Is Computer Forensics?
  12. Understanding the Field of Digital Forensics
  13. Knowledge Needed for Computer Forensics Analysis
  14. The Daubert Standard
  15. U.S. Laws Affecting Digital Forensics
  16. Federal Guidelines
  17. CHAPTER SUMMARY
  18. KEY CONCEPTS AND TERMS
  19. CHAPTER 1 ASSESSMENT
  20. CHAPTER 2 Overview of Computer Crime
  21. How Computer Crime Affects Forensics
  22. Identity Theft
  23. Hacking
  24. Cyberstalking and Harassment
  25. Fraud
  26. Non-Access Computer Crimes
  27. Cyberterrorism
  28. CHAPTER SUMMARY
  29. KEY CONCEPTS AND TERMS
  30. CHAPTER 2 ASSESSMENT
  31. CHAPTER 3 Forensic Methods and Labs
  32. Forensic Methodologies
  33. Formal Forensic Approaches
  34. Documentation of Methodologies and Findings
  35. Evidence-Handling Tasks
  36. How to Set Up a Forensic Lab
  37. Common Forensic Software Programs
  38. Forensic Certifications
  39. CHAPTER SUMMARY
  40. KEY CONCEPTS AND TERMS
  41. CHAPTER 3 ASSESSMENT
  42. PART II Technical Overview: SystemForensics Tools, Techniques, and Methods
  43. CHAPTER 4 Collecting, Seizing, and Protecting Evidence
  44. Proper Procedure
  45. Handling Evidence
  46. Storage Formats
  47. Forensic Imaging
  48. RAID Acquisitions
  49. CHAPTER SUMMARY
  50. KEY CONCEPTS AND TERMS
  51. CHAPTER 4 ASSESSMENT
  52. CHAPTER LAB
  53. CHAPTER 5 Understanding Techniques for Hiding and Scrambling Information
  54. Steganography
  55. Encryption
  56. CHAPTER SUMMARY
  57. KEY CONCEPTS AND TERMS
  58. CHAPTER 5 ASSESSMENT
  59. CHAPTER 6 Recovering Data
  60. Undeleting Data
  61. Recovering Information from Damaged Media
  62. File Carving
  63. CHAPTER SUMMARY
  64. KEY CONCEPTS AND TERMS
  65. CHAPTER 6 ASSESSMENT
  66. CHAPTER 7 Email Forensics
  67. How Email Works
  68. Email Protocols
  69. Email Headers
  70. Tracing Email
  71. Email Server Forensics
  72. Email and the Law
  73. CHAPTER SUMMARY
  74. KEY CONCEPTS AND TERMS
  75. CHAPTER 7 ASSESSMENT
  76. CHAPTER 8 Windows Forensics
  77. Windows Details
  78. Volatile Data
  79. Windows Swap File
  80. Windows Logs
  81. Windows Directories
  82. Index.dat
  83. Windows Files and Permissions
  84. The Registry
  85. Volume Shadow Copy
  86. Memory Forensics
  87. CHAPTER SUMMARY
  88. KEY CONCEPTS AND TERMS
  89. CHAPTER 8 ASSESSMENT
  90. CHAPTER 9 Linux Forensics
  91. Linux and Forensics
  92. Linux Basics
  93. Linux File Systems
  94. Linux Logs
  95. Linux Directories
  96. Shell Commands for Forensics
  97. Kali Linux Forensics
  98. Forensics Tools for Linux
  99. CHAPTER SUMMARY
  100. KEY CONCEPTS AND TERMS
  101. CHAPTER 9 ASSESSMENT
  102. CHAPTER 10 Macintosh Forensics
  103. Mac Basics
  104. Macintosh Logs
  105. Directories
  106. Macintosh Forensic Techniques
  107. How to Examine a Mac
  108. Can You Undelete in Mac?
  109. CHAPTER SUMMARY
  110. KEY CONCEPTS AND TERMS
  111. CHAPTER 10 ASSESSMENT
  112. CHAPTER 11 Mobile Forensics
  113. Cellular Device Concepts
  114. What Evidence You Can Get from a Cell Phone
  115. Seizing Evidence from a Mobile Device
  116. JTAG
  117. CHAPTER SUMMARY
  118. KEY CONCEPTS AND TERMS
  119. CHAPTER 11 ASSESSMENT
  120. CHAPTER 12 Performing Network Analysis
  121. Network Packet Analysis
  122. Network Traffic Analysis
  123. Router Forensics
  124. Firewall Forensics
  125. CHAPTER SUMMARY
  126. KEY CONCEPTS AND TERMS
  127. CHAPTER 12 ASSESSMENT
  128. PART III Incident Response and Resources
  129. CHAPTER 13 Incident and Intrusion Response
  130. Disaster Recovery
  131. Preserving Evidence
  132. Adding Forensics to Incident Response
  133. CHAPTER SUMMARY
  134. KEY CONCEPTS AND TERMS
  135. CHAPTER 13 ASSESSMENT
  136. CHAPTER 14 Trends and Future Directions
  137. Technical Trends
  138. Legal and Procedural Trends
  139. CHAPTER SUMMARY
  140. KEY CONCEPTS AND TERMS
  141. CHAPTER 14 ASSESSMENT
  142. CHAPTER 15 System Forensics Resources
  143. Tools to Use
  144. Resources
  145. Laws
  146. CHAPTER SUMMARY
  147. KEY CONCEPTS AND TERMS
  148. CHAPTER 15 ASSESSMENT
  149. APPENDIX A Answer Key
  150. APPENDIX B Standard Acronyms
  151. Glossary of Key Terms
  152. References
  153. Index

Cyberstalking and Harassment

Cyberstalking, cyberbullying, and online harassment are getting increasing attention in the media. As society becomes ever more wired, conduct online becomes more important. With many people using social media to interact with others, dating sites to find that special someone, and online discussion boards to talk, inappropriate behavior online becomes more noticeable. Some would say that bad behavior is becoming more common online. People feel more comfortable ranting at a faceless name on a screen than at a real person. But where does rudeness cross the line into stalking or harassment? Surely not every rude word on the Internet constitutes a crime.

Cyberstalking or harassment is using electronic communications to harass or threaten another person. The U.S. Department of Justice puts it this way:

Although there is no universally accepted definition of cyber stalking, the term is used in this report to refer to the use of the Internet, email, or other electronic communications devices to stalk another person. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person’s home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person’s property. Most stalking laws require that the perpetrator make a credible threat of violence against the victim; others include threats against the victim’s immediate family; and still others require only that the alleged stalker’s course of conduct constitute an implied threat. While some conduct involving annoying or menacing behavior might fall short of illegal stalking, such behavior may be a prelude to stalking and violence and should be treated seriously.

Now even after reading this description, you may still not know where the line between bad behavior and criminal behavior lies. Here are three criteria for law enforcement officers to bear in mind when considering cyberstalking and harassment cases. All three aren’t necessarily essential to create a case of cyberstalking or harassment, but all three must be considered:

  • Is it possible? If a person makes a threat, is that threat credible? To illustrate this question, consider two extremes. In the first scenario, you are playing a game online and another player, who lives in a different country, tells you he is so mad at you he is going to punch you in the nose. Given that you are probably not even using your real name, and this person is thousands of miles away, this is not a credible threat. On the other extreme, consider a scenario in which you receive an email threatening to kill you, and attached to the email is a recent photo of you leaving the front door of your home. That is clearly alarming and indicates the sender has the means and intent to commit harm.

  • How frequent? Notice that the U.S. Department of Justice uses the term “repeatedly.” People get angry and say things they later regret. Someone saying something rude and even violent, one time, is not necessarily stalking. Reasonable people calm down and regret the harsh words they said, and then they don’t repeat them. Repeated behavior is a pattern, not a mistake.

  • How serious? Again, reasonable people can lose their temper and say things they don’t mean. Many people have at some point uttered the words “I could kill …”, but they don’t act on them. Specific and serious threats are more disconcerting. Someone saying, “I could just kill him” may be cause for concern, or that person may just be blowing off steam. Someone who makes such a statement and then goes on to detail just how he would go about killing the person, indicates he has put thought into this, and should be taken seriously as a threat.

Again, not all of these need to be present in order to constitute cyberstalking or harassment. However, all three need to be considered. Clearly, some people do make false reports to the police. Other people overreact to benign comments. On the other hand, cyberstalking can lead to real-world violent crimes.

Real Cyberstalking Cases

The following six cases should give you a good overview of cyberstalking. Examining the facts in these cases might help you to get an idea of what legally constitutes cyberstalking.

  1. Seventy-year-old Joseph Medico met a 16-year-old girl at church. The girl was at the church volunteering, helping to prepare donations for homeless shelters. Mr. Medico followed the girl to her car and tried to talk her into going to dinner with him, and then back to his home. When she spurned his advances, he began calling and texting her several times a day. When she realized he was not going to stop, she called the police. Mr. Medico was arrested and charged with stalking. This case illustrates how easy it is for an unstable person to become obsessed with someone. It also demonstrates the proper way to handle this sort of situation. This is definitely a case to report to the police. An adult who is making overtures like this to a minor is a matter of grave concern.

  2. In the first successful prosecution under California’s cyberstalking law, prosecutors in the Los Angeles District Attorney’s Office prosecuted a 50-year-old former security guard who used the Internet to solicit the rape of a woman who rejected his advances. The defendant terrorized his 28-year-old victim by impersonating her in various Internet chat rooms and on online bulletin boards, where he posted, along with her telephone number and address, messages that she fantasized about being raped. On at least six occasions, sometimes in the middle of the night, men knocked on the woman’s door saying they wanted to rape her. The former security guard pled guilty in April 1999 to one count of stalking and three counts of solicitation of sexual assault.

  3. A local prosecutor’s office in Massachusetts charged a man who, using anonymous remailers, allegedly engaged in a systematic pattern of harassment of a coworker, which culminated in an attempt to extort sexual favors from the victim under threat of disclosing past sexual activities to the victim’s new husband. (A remailer is an anonymous server that resends emails so they cannot be traced back to the original sender.)

  4. An honors graduate from the University of San Diego terrorized five female university students over the Internet for more than a year. The victims received hundreds of violent and threatening emails, sometimes receiving four or five messages a day. The graduate student, who entered a guilty plea and faced up to six years in prison, told police he committed the crimes because he thought the women were laughing at him and causing others to ridicule him. In fact, the victims had never met him.

  5. In England, Jason Smith continually harassed college student Alexandra Scarlett. He sent her as many as 30 messages a day threatening to slash her face, sexually assault her mother, or shoot her father. He was convicted and given a 12-month suspended sentence and a restraining order. However, within a week of this conviction, he used social networking sites to track down Ms. Scarlett and continue the campaign of harassment. Media in Britain have dubbed Mr. Smith “England’s Most Obsessive Stalker.” This case is also an example of stalking in response to unrequited romantic feelings. Mr. Smith had met Ms. Scarlett at a nightclub. She had given him her phone number. He then became convinced that they were in love and that they must be together. This led him to extreme jealousy, and eventually to the obsessive stalking.

  6. Robert James Murphy was the first person charged under U.S. federal law for cyberstalking. He was accused of violating Title 47 of U.S. Code 223, which prohibits the use of telecommunications to annoy, abuse, threaten, or harass anyone. Mr. Murphy was accused of sending sexually explicit messages and photographs to his ex-girlfriend. This activity continued for a period of years. Mr. Murphy was charged and eventually pled guilty to two counts of cyberstalking.

How Does This Crime Affect Forensics?

Cyberstalking and harassment is an interesting computer crime in that the computer is simply incidental. The intent of the crime is to target the human victim; the computer is just a vehicle. Fortunately, stalkers are often not the most technically savvy computer criminals. In stalking cases, you should begin with tracing emails and text messages. In many cases, they come directly from the perpetrator with little or no attempt to obfuscate the crime. Of course, if a suspect is arrested, any electronic devices in his or her possession should be examined for evidence. Stalking, by definition, indicates repeated, obsessive behavior. This means there is likely to be some evidence retained by the criminal.