Cybercrime is exploding, we all know that. But if you ever wondered about how online crimes are investigated by law enforcement, wonder no more: this guide book goes through the steps of such an investigation and provides information about collecting and interpreting electronic evidence that will be used to prosecute the criminals.
About the authors
Todd Shipley is a retired Detective Sergeant with over 30 years of law enforcement and civilian experience performing and teaching Internet and digital forensic investigations. He has authored books and articles in the field and holds the Patent for Online Evidence Collection.
Art Bowker, an award winning author, has over 27 years experience in law enforcement/corrections and is recognized as an expert in managing cyber-risk in offender populations.
Inside the book
As first impressions go, this book makes a poor one: the first chapter is an introduction to what cybercrime is, but it constantly refers to surveys and reports from way back in 2010 and 2011.
I get that phishing is still phishing, and malware is still malware, but I would expect more up-to-date information. Makes me wonder if the conclusions drawn from that information are still correct, and whether the rest of the information in the book is.
If I'm going by this chapter alone, I would say that this book is not aimed at security professionals, and the footnotes - explanations about what malware, malicious URLs, botnets, spam, etc., are - seem to confirm it.
The next chapter explains the various types of cyber criminals and those who use the Internet to help them effect crimes in "meat space" (hackers, insiders, sexual predators, con men, harassers and stalkers, cyber terrorists, etc.), their motivations and typical methods they use. Again, the chapter is a little behind the times, and goes back into what on the Internet is considered ancient history.
By now I'm beginning to realize this book might be primarily geared towards technically unsavvy law enforcement officers looking for a primer on cybercrime investigation.
The next chapters on how the Internet works, what is online evidence, what US and Europan laws define how it can be collected, and how it is actually collected definitely cement this impression.
But, if readers need to be explained what malware is, how can they be expected to understand how digital forensic data collecting, data set hashing, and other similar technical things work? Nevertheless, in the next chapters they will be instructed on how to use simple screen capturing tools, tools for saving entire websites (and here it gets more complicated - enter the command prompt), online investigative tools and toolkits.
This book also teaches law enforcement officers how to prepare and protect themselves and their investigative computers while performing evidence collection, and how to lower their online presence to not to end up the subject of investigations by cyber criminals they might feel threatened.
They will also be taught how to trace IP addresses; work unseen on the Internet (Tor, tails, Tor hidden services); mount covert operations; use sources of online information (private and business info) such as social networks, professional communities, blogs; understand and use Internet communication methods, protocols and tools (IRC, IM, Skype, P2P, bulletin boards, even Usenet).
Finally, the reader will learn about detection methods, places on the Internet where individuals and organizations are encouraged to report crimes they have fallen victim to, prevention methods (from education to prevention initiatives and awareness programs), and are given a few case studies - lists of steps they have to do in order to investigate an eBay fraud scenario, cyber harassment scenario, etc.
The book also includes a dozen or so appendixes containing worksheets, lists of abbreviations, policies, a victim interview question aid, and so on.
It is hard for me to put myself in the place of someone who must be taught some of the things described in this book, and I simply can't tell if the target audience will understand it all.
I must also say that I was a bit disappointed with the feeling of "oudatedness" of the content, but I suppose that, yes, the fact that MySpace and Usenet haven't been that relevant for some years does not preclude criminals from using them.
But all this is probably the consequence of the book concentrating on hunting down regular criminals using the Internet to perform their real-world crimes, and not sophisticated cyber crooks. If that knowledge is what you are after, you might find this book helpful.