Handbook of Information Security Management:Law, Investigation, and Ethics

Previous Table of Contents Next


One other method of computer surveillance that is used is “sting operations.” These operations are established so as to continue to track the attacker, online. By baiting a trap or setting up “Honey Pots,” the victim organization lures the attacker to a secured area of the system. The system attackers were enticed into accessing selected files. Once these files or their contents are downloaded to another system, their mere presence can be used as evidence against the suspect. This enticement is not the same as entrapment because the intruder is already predisposed to commit the crime. Entrapment only occurs when a law enforcement officer induces a person to commit a crime that the person had not previously contemplated.

It is very difficult to track and identify a hacker or remote intruder unless there is a way to trace the call (e.g., caller ID or wire tap). Even with these resources, many hackers meander through communication networks, hopping from one site to the next, through a multitude of telecommunications gateways and hubs, such as the Internet. In addition, the organization cannot take the chance of allowing the hacker to have continued access to its system, potentially causing additional harm.

Telephone taps require the equivalent of a search warrant. Moreover, the victim will be required to file a criminal report with law enforcement and must show probable cause. If sufficient probable cause is shown, a warrant will be issued and all incoming calls can be traced. Once a trace is made, a pen register is normally placed on the suspect’s phone to log all calls placed by the suspect. These entries can be tied to the system intrusions based on the time of the call and the time that the system was accessed.

Investigative and Forensic Tools

Exhibit 2, although not exhaustive, identifies some of the investigative and forensic tools that are commercially available. Exhibit 2 identifies the hardware and software tools that should be part of the investigators toolkit, and Exhibit 3 identifies forensic software and utilities.

Exhibit 2. Investigative and Forensic Tools Currently Available
Investigative Tools
Investigation and Forensic Toolkit Carrying Case Static Charge Meter
Cellular Phone EMF/ELF Meter (Magnetometer)
Laptop Computer Gender Changer (9 Pin and 25 Pin)
Camcorder w/NTSC adapter Line Monitor
35mm Camera (2) RS232 Smart Cable
Polaroid Camera Nitrile Antistatic Gloves
Tape Recorder (VOX) Alcohol Cleaning Kit
Scientific Calculator CMOS Battery
Label Maker Extension Cords
Magnifying Glass 3 1/4" Power Strip
Crime Scene/Security Barrier Tape Keyboard Key Puller
PC Keys Cable Tester
IC Removal Kit Breakout Box
Compass Transparent Static Shielding Bags (100 Bags)
Felt Tip Pens Antistatic Sealing Tape
Diamond Tip Engraving Pen
Extra Diamond Tips Serial Port Adapters (9 Pin - 25 Pin & 25 Pin - 9 Pin)
Inspection Mirror Foam-Filled Carrying Case
Evidence Seals (250 Seals/Roll) Static-Dissipative Grounding Kit w/Wrist Strap
Plastic Evidence Bags (100 Bags) Foam-Filled Disk Transport Box
Evidence Labels (100 Labels) Printer and Ribbon Cables
Evidence Tape — 2" × 165' 9 Pin Serial Cable
Tool Kit containing: 25 Pin Serial Cable
Screwdriver Set (inc. Precision Set) Null Modem Cable
Torx Screwdriver Set Centronics Parallel Cable
25' Tape Measure 50 Pin Ribbon Cable
Razor Knife LapLink Parallel Cable
Nut Driver Telephone Cable for Modem
Pliers Set
LAN Template
Probe Set
Neodymium Telescoping Magnetic Pickup
Allen Key Set
Alligator Clips
Wire Cutters
Small Pry Bar
Hammer
Tongs and/or Tweezers
Cordless Driver w/Rechargeable Batteries (2) Batteries for Camcorder, Camera, Tape Recorder, etc. (AAA, AA, 9-volt)
Pen Light Flashlight
Computer Dusting System (Air Spray)
Small Computer Vacuum

Exhibit 3. Forensic Software and Utilities Currently Available
Computer Supplies Software Tools
Diskettes: Sterile O/S Diskettes
3 1/2" Diskettes (Double and High-Density Format)
5 1/4" Diskettes (Double and High-Density Format)
Diskette Labels Virus Detection Software
5 1/2" Floppy Diskette Sleeves SPA Audit Software
3 1/2" Floppy Diskette Container Little-Big Endian Type Application
CD-ROM Container Password Cracking Utilities
Write Protect labels for 5 1/4" Floppies Disk Imaging Software
Tape Media Auditing Tools
1/4" Cartridges Test Data Method
4 mm DAT Integrated Test Facility (ITF)
8 mm DAT Parallel Simulation
Travan Snapshot
9-Track/1600/6250 Mapping
QIC Code Comparison
Checksum
Hard Disks File Utilities (DOS, Windows, 95, NT, UNIX)
IDE
SCSI
Paper Zip/Unzip Utilities
8 1/2 × 11 Laser Paper
80 Column Formfeed
132 Column Formfeed
Miscellaneous Supplies Miscellaneous Supplies
Paper Clips MC60 Microcassette Tapes
Scissors Camcorder Tapes
Rubber Bands 35 mm Film (Various Speeds)
Stapler and Staples Polaroid Film
Masking Tape Graph Paper
Duct Tape Sketch Pad
Investigative Folders Evidence Checklist
Cable Ties/Labels Blank Forms — Schematics
Numbered and Colored Stick-on Labels Label Maker Labels


Previous Table of Contents Next



The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.