You are previewing Investigating Internet Crimes.
O'Reilly logo
Investigating Internet Crimes

Book Description

Written by experts on the frontlines, Investigating Internet Crimes provides seasoned and new investigators with the background and tools they need to investigate crime occurring in the online world. This invaluable guide provides step-by-step instructions for investigating Internet crimes, including locating, interpreting, understanding, collecting, and documenting online electronic evidence to benefit investigations.

Cybercrime is the fastest growing area of crime as more criminals seek to exploit the speed, convenience and anonymity that the Internet provides to commit a diverse range of criminal activities. Today's online crime includes attacks against computer data and systems, identity theft, distribution of child pornography, penetration of online financial services, using social networks to commit crimes, and the deployment of viruses, botnets, and email scams such as phishing. Symantec's 2012 Norton Cybercrime Report stated that the world spent an estimated $110 billion to combat cybercrime, an average of nearly $200 per victim.

Law enforcement agencies and corporate security officers around the world with the responsibility for enforcing, investigating and prosecuting cybercrime are overwhelmed, not only by the sheer number of crimes being committed but by a lack of adequate training material. This book provides that fundamental knowledge, including how to properly collect and document online evidence, trace IP addresses, and work undercover.



  • Provides step-by-step instructions on how to investigate crimes online
  • Covers how new software tools can assist in online investigations
  • Discusses how to track down, interpret, and understand online electronic evidence to benefit investigations
  • Details guidelines for collecting and documenting online evidence that can be presented in court

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Foreword
  7. Preface
    1. The target audience
  8. About the Authors
  9. About the Technical Editor
  10. Acknowledgments
  11. Chapter 1. Introduction to Internet Crime
    1. Defining Internet crime
    2. Internet crime’s prevalence
    3. CSI 2010/2011 Computer Crime and Security Survey
    4. Norton™ Cybercrime Report 2011
    5. HTCIA 2011 Report on Cybercrime Investigation
    6. McAfee® Threats Reports
    7. 2012 Data Breach Investigations Report
    8. Internet Crime Compliant Center
    9. Internet harassment
    10. Traditional crimes and the Internet
    11. Investigative responses to Internet crime
    12. Why investigate Internet crime?
    13. What is needed to respond to Internet crime?
    14. Continuing investigative problems
    15. Conclusion
    16. Further reading
  12. Chapter 2. Internet Criminals
    1. Cybercrime profiling
    2. Conclusion
    3. Further reading
  13. Chapter 3. How the Internet Works
    1. A short history of the Internet
    2. The importance of IP addresses
    3. DNS records
    4. Internet Protocol Version 6
    5. The World Wide Web
    6. Uniform resource locators
    7. Domain name registration
    8. Other services on the Internet
    9. Relevant RFCs
    10. Conclusion
    11. Further reading
  14. Chapter 4. Collecting Legally Defensible Online Evidence
    1. Defining evidence
    2. Conclusion
    3. Appendix
    4. Further reading
  15. Chapter 5. Documenting Online Evidence
    1. Process for documenting online ESI
    2. Tools/techniques for documenting Internet evidence
    3. Collecting entire websites
    4. Authenticating the collected evidence
    5. Validation of online evidence collection tools
    6. Webcase®
    7. Collection from Apple Macintosh
    8. Organizing your online ESI
    9. The investigative report
    10. Conclusion
    11. Further reading
  16. Chapter 6. Using Online Investigative Tools
    1. Investigative toolbars
    2. The Internet Investigators Toolkit
    3. Paid online services
    4. Conclusion
    5. Further reading
  17. Chapter 7. Online Digital Officer Safety
    1. Digital officer safety
    2. Online investigative computer protection process
    3. Cloning or image the investigator’s computer
    4. Keeping your investigative computer secure
    5. Conclusion
    6. Further reading
  18. Chapter 8. Tracing IP Addresses Through the Internet
    1. Tracing IP addresses
    2. Digging deeper into IP tracing—what the DNS tells us
    3. Tracing emails
    4. Faking an email and hiding its sender
    5. Collecting email from a web-based system
    6. Relevant RFCs related to IP tracing
    7. Conclusions
    8. Further reading
  19. Chapter 9. Working Unseen on the Internet
    1. Internet anonymity
    2. To Tor or not to Tor
    3. Tor’s hidden web services
    4. Tor and tails
    5. Tracking criminals who use anonymous methods to hide
    6. Conclusion
    7. Further reading
  20. Chapter 10. Covert Operations on the Internet
    1. Covert operations on the Internet
    2. “On the Internet no one knows you are a dog” (Fleishman, 2000)
    3. Conclusions
    4. Further reading
  21. Chapter 11. Conducting Reactive and Proactive Internet Investigations
    1. Reactive versus proactive investigations
    2. Managing undercover Internet investigations
    3. Internet investigation policy
    4. Internet crime analysis
    5. Conclusion
    6. References
  22. Chapter 12. Internet Resources for Locating Evidence
    1. Sources of online information
    2. Finding information on a person
    3. Finding business information
    4. Finding telephone numbers and email addresses
    5. Searching blogs
    6. Professional communities
    7. News searches
    8. Conclusions
    9. Further reading
  23. Chapter 13. Investigating Websites and Webpages
    1. Webpages and websites
    2. How markup languages work
    3. Website reconnaissance
    4. Webpage examination
    5. Documenting a website’s multimedia and images
    6. The legal process of identifying a website
    7. Monitoring websites over time
    8. Conclusion
    9. Further reading
  24. Chapter 14. Investigating Social Networking Sites
    1. Social networking’s impact on legal systems
    2. Starting a social networking site investigation
    3. The top social networking sites
    4. Examining social networking sites
    5. Application program interface and social media content
    6. Online social versus professional networking
    7. Finding individuals on social media sites
    8. Social media evidence collection
    9. Social networking through photographs
    10. Social media investigations policy
    11. Training on investigating social networks
    12. Conclusion
    13. Further reading
  25. Chapter 15. Investigating Methods of Communication
    1. Communicating on the Internet
    2. Client server: protocols and tools
    3. Conclusion
    4. Further reading
  26. Chapter 16. Detection and Prevention of Internet Crimes
    1. Perception of law enforcement on the Internet
    2. Contributing factors to the problem
    3. Law enforcement’s response to internet crime
    4. Methods of prevention
    5. Investigator cybercrime education
    6. What can you do to detect and prevent online crime?
    7. Conclusions
    8. Further reading
  27. Chapter 17. Putting It All Together
    1. Concepts in action
    2. Basic Internet investigative steps
    3. Case studies
    4. Conclusion
    5. Further reading
  28. Chapter 18. Epilogue
  29. Appendices
    1. Appendix A: HEX to ASCII Conversion Chart
    2. Appendix B: Stored Communications Act Quick Reference Guide: USDOJ Search and Seizure
    3. Appendix C: Online Crime Victim Interview
    4. Appendix D: Internet Investigations Report Format
    5. Appendix E: Digital Officer Safety Computer
    6. Appendix F: Router Setup Checklist
    7. Appendix G: Tracing Email Worksheet
    8. Appendix H: Undercover Persona Worksheet
    9. Appendix I: Model Policy For LE Investigative
    10. Appendix J: Model Policy For Off-Duty LE
    11. Appendix K: Investigating A Person Online
    12. Appendix L: Investigating A Website Worksheet
    13. Appendix M: Chat and Text Messaging Abbr List
    14. Appendix N: mIRC-commands
  30. Index