Introduction

p. xv

Computer Forensics

p. 1

What is computer forensics?

p. 1

Why is computer forensics of vital interest to you?

p. 1

As an employee

p. 1

As an employer or corporate executive

p. 2

As a law enforcement official

p. 3

As an individual

p. 4

As a lawyer for the defense

p. 5

As an insurance company

p. 6

As a user of others' computers

p. 6

If you have done nothing illegal, you have nothing to fear: not true anywhere!

p. 6

Computer forensics

p. 8

User rights to privacy?

p. 8

The forensics investigator must know up front

p. 9

Forensics is deceptively simple but requires vast expertise

p. 9

Computer forensics top-level procedure

p. 11

Forensics specifics

p. 13

Digital evidence is often evidence of nothing

p. 16

Selected bibliography

p. 22

Locating Your Sensitive Data in Your Computer

p. 23

Deleting does not delete--what does?

p. 23

General

p. 23

Disk wiping

p. 26

File- and disk-wiping software

p. 28

Magnetic microscopy forensic examination of disks

p. 31

Where is the sensitive data hiding?

p. 32

Cluster tips or slack

p. 32

Free space

p. 33

The swap file

p. 34

Spool and temporary files

p. 34

Forensics on nonmagnetic disks

p. 35

History files

p. 35

Data in the registry files

p. 35

Data from sloppy use of personal encryption software

p. 36

Nonvolatile memory

p. 36

The swap file as a source of forensic data

p. 36

General

p. 36

Securely wiping the swap file

p. 38

The Registry as a source of forensic data

p. 39

Why is the Registry a major source of forensic evidence?

p. 39

Where is all this private information hiding in the Registry?

p. 41

Backing up the Registry and restoring a corrupted one

p. 42

Cleaning up sensitive data in the Registry

p. 42

Reference

p. 44

Specialized Forensics Applications

p. 45

Digital watermarking

p. 45

The British RIP Act and the US Carnivore (DCS1000)

p. 49

Selected bibliography

p. 51

How Can Sensitive Data Be Stolen from One's Computer?

p. 53

Physical possession of one's computer

p. 53

Temporary physical access to one's computer

p. 53

Commercial hardware keystroke loggers

p. 54

Commercial software keystroke loggers

p. 57

Going online

p. 58

By one's ISP or by anyone having compromised the ISP's security

p. 58

By a legal or an illegal telephone tap

p. 59

By remote Web sites that one accesses

p. 59

Spyware in your computer

p. 60

By commercial spyware and adware

p. 60

van Eck radiation using commercially available systems

p. 64

General

p. 64

Protective measures

p. 65

Optical emanations and their interception

p. 69

Being on a network, cable modem, or xDSL modem

p. 69

Other means

p. 70

Insertion of incriminating data in your computer by others

p. 70

Security protection steps that don't work well enough

p. 71

The fallacy of CMOS password protection

p. 71

The fallacy of password protection offered by popular commercial software

p. 71

The fallacy of protection by hiding files from view

p. 72

The fallacy of protection by hiding data in the slack

p. 72

The fallacy of protection by placing data in normally unused locations of a disk

p. 72

The fallacy of protecting data by repartitioning a disk for a smaller capacity than the disk really has

p. 72

The fallacy of protection through password-protected disk access

p. 73

The fallacy of protection through the use of booby-trap software

p. 73

The fallacy that overwriting a file removes all traces of its existence

p. 73

The fallacy of encryption protection

p. 74

Other protection fallacies that don't deliver

p. 74

Selected bibliography

p. 75

References

p. 76

Why Computer Privacy and Anonymity?

p. 77

Anonymity

p. 79

Practical anonymity

p. 81

Privacy

p. 82

You cannot trust TRUSTe?

p. 82

Is privacy a right?

p. 83

The impact of technology on privacy

p. 86

Selected bibliography

p. 88

Practical Measures For Protecting Sensitive Information

p. 91

Installing secure Windows

p. 91

Recommended best practices

p. 91

If using Windows NT

p. 96

If using Windows 2000

p. 98

If using Windows XP

p. 102

Heroic protective measures regardless of the version of Windows

p. 104

Last but not least

p. 105

Additional privacy threats and countermeasures

p. 106

Individually serial-numbered documents

p. 106

Online activation and online snooping by software

p. 106

Microsoft documents that call home

p. 108

The NetBIOS and other threats from unneeded network services

p. 109

TCPA/Palladium

p. 109

The vulnerability of backups

p. 110

Protecting sensitive data on hard disks

p. 111

Full disk encryption

p. 112

Encrypting disk partitions

p. 114

Reference

p. 114

Basic Protection from Computer Data Theft Online

p. 115

Protection from which of many online threats?

p. 117

Installation of Windows for secure online operation

p. 117

Online security threats and issues

p. 118

Web browser hijacking

p. 118

The romantic e-card and related con schemes

p. 121

E-mail bombs

p. 121

Software to enhance online security

p. 122

Junkbuster

p. 122

SurfSecret

p. 122

Assorted cleaners of browsers

p. 122

Basic do's and don'ts

p. 124

Don't's

p. 124

Do's

p. 125

Practical Measures for Online Computer Activities

p. 127

Netscape Navigator/Communicator

p. 128

Microsoft Internet Explorer

p. 133

Desirable e-mail software configuration and modifications

p. 138

Free Web-based e-mail offers that require JavaScript: don't!

p. 138

Outlook and Outlook Express

p. 139

Eudora e-mail software

p. 139

Secure e-mail conduct online

p. 141

Self-protecting e-mail

p. 144

Accessing e-mail from anywhere on Earth

p. 148

E-mail forensics and traces: the anonymity that isn't

p. 149

Tracking suspect e-mail

p. 152

Sending anonymous e-mail: anonymous remailers

p. 154

General network tracing tools

p. 158

Advanced Protection from Computer Data Theft Online

p. 159

Virus/Trojan/worm protection

p. 159

Protection from keyloggers

p. 160

Protection from keystroke-capturing software

p. 160

Protection from keystroke-capturing hardware

p. 161

Protection from commercial adware/spyware

p. 161

Protection from Web bugs: an insidious and far-reaching threat

p. 163

Using encrypted connections for content protection

p. 164

Using proxy servers for anonymity

p. 167

Using encrypted connections to ISPs for content protection

p. 169

SSL

p. 170

SSH

p. 171

The failed promise of peer-to-peer clouds

p. 172

Caller ID traps to avoid

p. 173

Traps when connecting online from a cellular phone

p. 174

Traps when using FTP

p. 174

Using instant messaging schemes

p. 175

Pitfalls of online banking

p. 175

Secure Usenet usage

p. 176

Anonymity from other Usenet readers

p. 178

Anonymity from one's in-country ISP

p. 179

Usenet privacy in oppressive regimes

p. 180

Ports to protect from

p. 181

Sniffers

p. 184

Firewalls

p. 185

Personal software-based firewalls

p. 187

Software that calls home

p. 188

Reference

p. 189

Encryption

p. 191

Introduction

p. 191

Availability and use of encryption

p. 193

Old-fashioned encryption

p. 195

Conventional (symmetric) encryption

p. 195

Public-key encryption

p. 197

Elliptic-curve encryption

p. 200

Voice encryption online

p. 200

Attempts to control against encryption

p. 201

Legal issues

p. 202

Crypto laws around the world

p. 203

Can encryption bans work?

p. 204

Societal issues

p. 208

Technical issues

p. 209

Countermeasures

p. 210

State support for encryption

p. 211

The future of encryption

p. 212

Quantum cryptography

p. 213

Quantum computing

p. 214

DNA-based encryption

p. 215

Comments

p. 215

Selected bibliography

p. 216

References

p. 218

Practical Encryption

p. 219

Introduction

p. 219

Entire-disk encryption

p. 220

Encrypting for e-mail: PGP

p. 221

How PGP works

p. 224

Do's and don'ts of PGP installation and use

p. 226

The need for long public keys

p. 233

The man-in-the-middle problem

p. 234

DH or RSA?

p. 235

DSS?

p. 235

Selecting the Symmetric Encryption Algorithm

p. 236

A minor flaw in PGP

p. 236

PGP weaknesses

p. 238

Other uses of PGP

p. 239

Encrypting one's own files: encrypted disk partitions

p. 239

Steganography

p. 243

Practical considerations in steganography

p. 246

Detecting steganography: steganalysis

p. 246

Other ways that steganography can be detected

p. 247

Recommendations for maintaining privacy through steganography

p. 248

Password cracking

p. 249

File integrity authenticity: digital digests

p. 252

Emergencies

p. 253

Protecting sensitive data from a repressive regime

p. 253

A word of caution

p. 254

Getting discovered as a desirable persona

p. 254

Selected bibliography

p. 255

References

p. 256

Link Encryption: VPNs

p. 259

Split tunneling

p. 261

IPsec

p. 262

Summary

p. 263

Selected bibliography

p. 264

Security of Wireless Connectivity: Wi-Fi and Bluetooth

p. 265

Background

p. 265

The 802.11 technologies

p. 266

WEP insecurity

p. 268

War driving and war chalking

p. 270

Using Wi-Fi while traveling

p. 271

WPA

p. 272

Securing 802.11

p. 273

Bluetooth wireless link security issues

p. 274

Bluetooth security threats

p. 275

Recommended steps for enhancing security of Bluetooth devices

p. 277

Selected bibliography

p. 278

Other Computer-Related Threats to Privacy

p. 279

Commercial GPS devices

p. 279

RF ID devices

p. 281

Modern vehicles' black boxes

p. 283

Cell phones

p. 285

Prepaid calling cards

p. 286

Credit cards

p. 287

Intelligent mail

p. 288

Fax machines and telephone answering machines

p. 288

Office and home copiers

p. 289

Frequent-anything clubs

p. 289

Consumer electronics

p. 290

References

p. 290

Biometrics: Privacy Versus Nonrepudiation

p. 291

Are they effective? It depends

p. 291

Biometrics can be easily spoofed

p. 293

Identification is not synonymous with security

p. 298

Societal issues

p. 299

References

p. 300

Legal Issues

p. 301

Software agreements that shift the legal liability to the user

p. 301

Cyber-SLAPP suits

p. 303

E-mail

p. 303

Copyright

p. 305

U.S. Digital Millennium Copyright Act of 1998

p. 305

TheáUniform Computer Information Transactions Act

p. 308

Can one be forced to reveal a decryption key?

p. 309

Why is electronic evidence better than paper evidence?

p. 312

Civil legal discovery issues

p. 315

International policy on computer-related crime

p. 318

What is computer crime?

p. 319

What can a business do to protect itself?

p. 320

Criminal evidence collection issues

p. 320

Collection

p. 320

Handling

p. 321

Federal guidelines for searching and seizing computers

p. 321

Destruction of electronic evidence

p. 326

U.S.-European data-privacy disputes

p. 327

New international computer crime treaty

p. 327

The post-September 11 reality

p. 328

The sky is the limit--or is it the courts?

p. 331

References

p. 332

About the Author

p. 333

Index

p. 335

Table of Contents provided by Blackwell's Book Services and R.R. Bowker. Used with permission.