Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Learn Computer Forensics

You're reading from  Learn Computer Forensics

Product type Book
Published in Apr 2020
Publisher Packt
ISBN-13 9781838648176
Pages 368 pages
Edition 1st Edition
Languages
Concepts
Author (1):
William Oettinger William Oettinger
Profile icon William Oettinger
LinkedIn
William Oettinger is a veteran technical trainer and investigator. He is a retired police officer with the Las Vegas Metropolitan Police Department and a retired CID agent with the United States Marine Corps. He is a professional with over 20 years of experience in academic, local, military, federal, and international law enforcement organizations, where he acquired his multifaceted experience in IT, digital forensics, security operations, law enforcement, criminal investigations, policy, and procedure development. He has earned an MSc from Tiffin University, Ohio. When not working, he likes to spend time with his wife and his three miniature schnauzers.
See other products by William Oettinger

Table of Contents (17) Chapters

Preface 1. Section 1: Acquiring Evidence
2. Chapter 1: Types of Computer-Based Investigations 3. Chapter 2: The Forensic Analysis Process 4. Chapter 3: Acquisition of Evidence 5. Chapter 4: Computer Systems 6. Section 2: Investigation
7. Chapter 5: Computer Investigation Process 8. Chapter 6: Windows Artifact Analysis 9. Chapter 7: RAM Memory Forensic Analysis 10. Chapter 8: Email Forensics – Investigation Techniques 11. Chapter 9: Internet Artifacts 12. Section 3: Reporting
13. Chapter 10: Report Writing 14. Chapter 11: Expert Witness Ethics 15. Assessments 16. Other Books You May Enjoy

Criminal investigations

As a law enforcement professional, your first consideration will be officer safety. Is the scene secure to process and secure evidence? When the investigation starts, you may take part in one or more roles. The most basic positions are as follows:

  • The first responder
  • The investigator
  • Crime scene technician

Depending on the size of your agency, you may fill one position or all three, and you may report to one or more supervisors. Now, in the matter of digital evidence, it is preferable that the person in charge of the crime scene has some knowledge of the fragility of digital evidence. That allows personnel to enact the proper procedures to ensure that the evidence is not corrupted.

Let's talk about what each role does.

First responders

The first responders are the first ones on the scene. They secure what may be a chaotic scene. They will identify the following:

  • Potential victims
  • Witnesses
  • Potential suspects
  • How best to maintain control

They will do this until the investigator arrives. The first responder's primary mission is to make the scene safe and secure and ensure that no one can contaminate the evidence. As you can imagine, crime scenes can vary from a dynamic crime scene to the relatively static crime scene, depending on the nature of the crime. In both scenarios, the first responder must have basic knowledge of what items could contain digital evidence when they secure the scene. We would not want to have subjects grabbing cell phones or laptops and using them for any activity.

So, how does a first responder protect the crime scene? Just like you see in TV shows and movies, yellow crime scene tape is the most common method. It is the most straightforward visible sign of a crime scene barrier, and in our culture, people recognize the barrier being presented by that thin piece of yellow plastic. One or more personnel will have to monitor the crime scene to regulate who can cross that line and enter the scene.

Investigators

The investigator will respond to the scene after being requested by the first responder. Upon arriving at the scene, the first responder and the investigator will coordinate, and information sharing will now start. The first responder will provide the basic information, which typically involves the five Ws and one H, specifically the who, what, when, where, why, and how, about the incident.

The first responder will also provide information about any actions they or anyone else had taken before the arrival of the investigator. For example, the investigator will want to know whether the first responder(s) touched anything, moved anything, or changed anything within the crime scene. This could be a physical action such as applying first aid to a victim or turning a computer on or off. I remember an examination I did where the first responders did not reveal that they had accessed the victim's computer. While conducting my examination, I did a timeline analysis and saw an abnormality in the activity after the victim had died. The abnormality was caused by the unreported actions of the first responders. What's important to understand here is that the first responders' actions were not wrong. What created complications is that they did not report the actions, which led to additional work and explanations.

The investigator takes charge of the scene and directs all activity. They will direct the other team members' investigative efforts to ensure the proper documentation is completed regarding the seizure of evidence. Sometimes, the first responder will seize evidence and turn it over to the investigator. A chain of custody document must be completed and maintained showing who found the item and who maintained control until the completion of the judicial or administrative proceeding.

Crime scene technician

Finally, we come to the crime scene technician. This can be a sworn or unsworn position within the law enforcement agency. They have specialized training in the collection of evidence. This could be physical evidence, such as fingerprints, tool comparison, the collection of biological fluids, and crime scene photography, all of which require specialized training and equipment. The collection of digital evidence requires the same level of expertise that the collection of physical evidence does.

Note

We can put law enforcement jobs into two basic groups: Sworn: May take an oath to support the laws in their jurisdiction; they have the power to make arrests and carry firearms. Non-sworn: May take an oath but do not have powers to arrest. These positions are typically crime scene analyst or law enforcement support technicians.

The crime scene technician is responsible for the preservation of evidence and starting the chain of custody. Some actions they could carry out include the acquisition of volatile memory of a computer system, creating forensic images of the storage devices, or creating the logical forensic image of logical files from a server. The evidence will be bagged and tagged and transported to a secure location. What do I mean by bagged and tagged? They will place all the evidence or the containers holding the digital evidence in the appropriate storage container. A tag will then be filled out with the identifiers to specify which investigation the evidence belongs to, who collected it, and what evidence is contained within the container.

As we go through the rest of this book, we will cover the duties of the crime scene technician in greater detail.

A law enforcement officer may be a first responder, investigator, or crime scene technician and, in all roles, is an agent of the government. Depending on your jurisdiction, the government may restrict how and when the property can be seized and searched. I will discuss the judicial process in the United States; your locality may have different laws and procedures.

In the United States, a citizen's rights to privacy are protected by the fourth amendment of the US Constitution, which states the following:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

At a basic level, this means that before the government can seize any evidence, there must be (a) a search warrant based upon probable cause or (b) the consent of the owner. The consent given by the owner must be willingly given and must be able to be revoked, which can create an issue in some jurisdictions where the processing of digital evidence can take months, and in some jurisdictions, years. If the owner revokes their consent or refuses to give it, what options does law enforcement have? A search warrant.

How does a member of law enforcement get a warrant? As we learned from the preceding passage, it must be based on probable cause. The definition of probable cause is a reasonable standard that the applicant must reasonably believe that the items being searched for are at that location. Who determines what is reasonable? This would be the judicial official, such as a judge, Justice of the Peace, and so on.

The law enforcement officer makes the written request, while the judge reviews it and will either approve/disapprove it. If approved, then the law enforcement officer can then seize and search the property within the guidelines specified by the judicial official. The law requires only agents of the government to get a search warrant to seize and search property. If you work in the corporate world, this process will not pertain to you.

Now, let's talk about some potential crimes someone might call you to investigate. This will be a high-level overview of the crime itself, and later on in this book, we will address the specific artifacts we should analyze to determine whether criminal actions occurred.

Illicit images

Nearly everyone is connected to the many different forms of digital networks via our mobile devices, tablets, laptops, and computers–we are always connected in one manner or another. Depending on who you ask, it is either the best thing in the world or the worst. There are some excellent aspects; social media allows people/family members to stay in contact, no matter where they are in the world. The totality of the world's knowledge is just a few clicks away. You can read news reports from portions of the world that you previously did not know existed. It is an adventure waiting to happen. Now, it is not all unicorns and rainbows out there. Like any society, there are dark and dangerous portions of the internet where you should be hesitant to travel. That includes the sourcing and sharing of illicit images. For our purposes, an illicit image is an image whose subject matter is offensive or illegal, depending on your cultural or legal landscape.

Before the advent and widespread use of the internet, trafficking in illicit images was almost eradicated, so what changed? The consumer of illicit images no longer had to be physically present to pick up the physical images. The internet allows the user to be relatively anonymous and to access the illicit images with minimal exposure. I have read reports that state that the high-speed data network that most of us enjoy is because of the consumer wanting faster throughput speeds to download illicit images.

Consumers of illicit images have free access to terabytes of data with simple clicks of the mouse. If the consumer wants higher quality or a specific subject matter, then it is not a complicated process to find a vendor to meet the needs of the consumer for a price.

Your jurisdiction will determine what is or is not an illicit image and the level of criminality associated with the possession and/or distribution of the contraband images. I will not differentiate or specify a subject to define illicit images. I will discuss them using the generic title of illicit images or contraband images. You can use either phrase depending on what may be legal/illegal in your jurisdiction.

How do people share contraband images? At a basic level, a file is a file. A JPEG image of a sunset does not differ from a JPEG image of a contraband subject. Anyone can use any aspect of the internet to share files–the content of the files is irrelevant. If the system allows the user to share data, then the contents of those shared files can be legal or illegal content. Let's look at some media through which illicit images could be exchanged.

Email-based communications

Email is one of the easiest ways to share information through files between two or more people. An email address does not automatically point to a specific user. There are service providers who actively advertise anonymity for users of their email accounts. The service provider states that they do not save users' transactional information, such as source IP, dates and times of connection, or billing information. The service provider may be located outside of the jurisdiction investigating the contraband, which will allow the service provider to ignore the judicial paperwork requesting the subscriber information.

Newsgroups/USENET

This is one of the first components of the internet, and one that has fallen off the radar for the everyday user. Initially, the internet comprised the World Wide Web, with components such as web browsing, email, and USENET. Web browsing and email are known by nearly every user of the internet, while USENET has faded out of public perception. This does not mean it is not being used. USENET is like the old bulletin board system, where you had specific groups, and users could post messages, attach files, and other users could download the files and comments. The user can post just a text message or attach a file to the message. This file is known as a binary.

A binary is a file type–digital images, video, audio software, or any other file type. The user has to use a newsreader to access USENET. There are free and paid versions of newsreaders available in which the user can subscribe to a USENET service. Just like the email service providers that we discussed earlier, one selling point for USENET service providers is anonymity, where they explicitly state that they maintain no user transactional data or billing records or they are in jurisdictions whose laws may not adequately address the contraband contained on the server:

Figure 1.1 – Unison application

The preceding screenshot shows you the Unison program running on macOS and accessing the service provider Astraweb.

Looking from left to right, you can see the hierarchical system used by USENET. At the far-left column, I have selected alt, which then populates the next column with many named folders. The folders' naming convention shows the subject of the group. I have selected binaries, which means I am looking for attached files to the postings. In the third column, we can see folder icons and a brown folder icon with papers coming out the top. The folder icon shows that there are additional groups contained within, while the brown folder icon shows that this is a newsgroup.

As you can see from the preceding screenshot, there are a variety of subjects for the user to explore; some groups may or may not contain contraband images/files. Your jurisdiction will determine what is legal or not as you conduct your investigation.

Peer-to-Peer file sharing  

Peer-to-Peer (P2P) file sharing is a decentralized method of file sharing. In traditional file sharing, a server hosts the file and the client accesses the server to download the file. In the early days of Napster and music sharing, this became a liability for copyright violations. The service provider was served with judicial processes and was found to be liable for hosting a directory of copyrighted files.

In response, the P2P method was changed; no longer was a centralized database created, but rather users were able to directly search for other users' shared folders on the network. Users connected to a shared network and acted as both a server and a client. In P2P file sharing, when a user identifies a file they want to download, the software reaches out to the other users who possess the desired file. Each user then provides a piece of the file to the recipient. When all the pieces are collected, the software puts them back to the original configuration. The user could then participate as a node and start sharing the file they just downloaded:

Figure 1.2 – Transmission application

The preceding screenshot shows the Transmission program running on macOS. I am downloading a movie from the public domain (archive.org), and in the bottom portion of the preceding screenshot, you can see that the file has been broken into much smaller bits. The highlighted bits show which parts of the file I have downloaded. Later, we will go into much greater detail about P2P file sharing and the artifacts that will be left in the filesystem.

The crime of stalking

For all of the good that the internet provides, it also provides a conduit for people to exploit, harass, and bully other people. The victim could be known to the subject or could have interacted with the victim's online persona in some manner and felt the victim had wronged them. A lot of the bad behavior we see with online activities is because of the anonymity that the internet provides the attacker/subject. When eyes are watching or when we know the true identity of the attacker, they change their behavior to conform to societal norms. Unfortunately, it takes time for society to recognize the criminality of specific actions via the digital medium.

Cyberstalking or cyberbullying is now being regulated and is now considered an actual crime. Depending on your jurisdiction, the definition will vary, and what resources the government will spend in the prosecution of these crimes will vary too. Remember, the identity of the user at the other end of the digital world can be challenging to prove to the high standard required by a court of law.

According to the National Center for Victims of Crime, https://members.victimsofcrime.org/our-programs/past-programs/stalking-resource-center/stalking-information, historically, in the United States, almost 1,500,000 people, the majority of them women, have been victimized, harassed, and bullied via the digital medium, with the attacks lasting in excess of 2 years. The attacks increased in length if the participants had been intimate partners.

The impact of this criminal behavior is immense; the victim will lose time from work, have to move residences (several times, sometimes), and suffer from the physical and mental effects such as the anxiety and depression that comes from being targeted. The ability to stalk a former intimate partner in the digital world opens the door to the ability to inflict significant violence on a former partner and, in some cases, bring about their death.

What behaviors make up cyberstalking? There have been documented incidents where a terminated employee has sent manipulated, compromising images of their supervisor to members of the organization and to the general public. This activity continued for months before it was stopped. Despite the harassment ending and the perpetrator being identified, the supervisor still felt the need to leave their job, change their name, and move to another community.

So, where do we begin in our attempts to investigate this crime? The interview will be the best starting place. Asking the victim if they know or suspect who may be behind the harassment is the first question asked. In my experience and most of the time, the victim will have a general idea of who the harasser is, especially if it is a former intimate partner. Now, there will be some victims who may suffer from mental health issues that could complicate the assessment. As an investigator, you have to listen to the whole story to understand the totality of events. Just because someone is paranoid does not mean someone is not out to get them. As an investigator, you have to have an open mind and not allow your preconceptions to make you miss evidence or indicators that may be visible.

If the victim has an idea of who the harasser may be, make sure you record all the pertinent information they can provide you with. Names, addresses, usernames, email addresses, screen names, and social media locations will all give you valuable information so that you can start your investigation.

Establish the method of the harassment and when it started. Was it a Facebook group? Snapchat? Text messages? Chat rooms? Is a mobile device involved in terms of text messages, missed calls, and more? Has the harassment gone old-school with the use of the post office with physical letters?

Threats of violence may increase the severity of the crime and should not be discounted.

The investigator will need to ensure they get forensically sound copies of the digital evidence to start the investigation. This starts the chain of custody of the digital evidence and is the beginning of the investigation.

We will go into much greater detail about the specific artifacts found in digital evidence, but once you have account usernames and IP addresses that the attacker is using to facilitate their attacks, you have a starting point to identify them.

In the United States, a subpoena is required to obtain subscriber information. This information includes the user's first and last names, physical address, how often they access the account, and the IP address that was used to access the account. It varies between service providers as to how long this information is maintained. Sometimes, it could be as little as weeks and as much as years, depending on the provider. You can also submit legal paperwork asking them to "freeze" the account so that the user cannot disable it or delete any incriminating information.

To gain access to the information contained within the account, such as email content, contents of messages, or anything having to do with content, a search warrant signed by a judge will have to be served on the service provider. If the service provider is within the same jurisdiction of the judicial authority, there are typically no issues. When the service provider is in another jurisdiction within the United States or a jurisdiction outside the borders of the United States, this is when the process becomes much more difficult and sometimes impossible to proceed with.

Some subscriber information you get may or may not be accurate. It is not unusual for a user to complete the registration forms with false information. But what you can do, for example, if you have an email address, is you can do an open source search and see whether the email address was used anywhere else. For example, some online forums will use the email address as a username, and if so, the user may post identifying information in their communications with the other users. That forum now becomes a source of information for which you can issue a subpoena to get the subscriber information.

As you can see, following breadcrumbs of information may lead you to sources you never even considered. It can be quite complicated and time-consuming.

Criminal conspiracy 

Criminal conspiracy and digital forensics: how do these aspects intersect in the world of the digital forensic investigator? First, let's define what a conspiracy is: a conspiracy occurs when two or more people agreed to commit an illegal act. However, just deciding to commit the illegal act is not enough; there also have to be actions taken in furtherance of the conspiracy. What does all that mean? For the physical crime of robbery, criminal A contacts criminal B to discuss robbing victim C. The conversation between criminals A and B does not meet the statutory definition of a conspiracy. If criminal A paid criminal B and agreed on the number of funds in exchange for the service of the robbing of victim C, then we have an act in furtherance of the conspiracy to commit robbery. So, what crimes can the digital forensic investigator find within the digital realm? Almost any crime imaginable. Let's take a look at an example of such a crime:

"Michelle Theer was convicted of a crime against a person. She conspired with John Diamond to commit the crime against her husband, Marty. Investigators had no direct evidence, no physical evidence, and no eyewitness evidence, but they had digital evidence showing the conspiracy to commit the crime. Investigators recovered over 80,000 emails and instant messages between Diamond and Michelle that showed a personal relationship between the two and the messages showing the conspiracy between them to commit the crime."

You can read about this case in more detail at https://caselaw.findlaw.com/nc-court-of-appeals/1201672.html.

Now more than ever, people are connected to their devices for their everyday activities. It is not a stretch of the imagination that criminals also use their devices to help organize their criminal activities. The digital forensic investigator has to know of all potential sources of digital evidence and recognize that the Internet of Things (IoT) is an untapped bonanza of digital evidence. What is the Internet of Things?

Home assistance programs such as Siri and Alexa, smartwatches, home security systems, and GPS devices – anything that has an app – might contain evidence and show the intent on the criminals' part to commit the crime. Failure to recognize the digital devices can result in significant damage to your investigation. There have been instances where the subject of an investigation was placed in the interrogation room, and the investigator did not recognize the suspect was wearing a smartwatch. While they left the subject unattended in the interrogation room, the subject was able to communicate with their co-conspirators and direct their efforts in the destruction of evidence and interfere with the investigation. Once the investigators caught on to the subject's actions, they then used the smartwatch to show the criminal conspiracy and used the evidence to generate additional charges for the suspect in custody and their co-conspirators.

Social media is also a source of digital evidence for showing a conspiracy. For example, take the case of Larry Jo Thomas. The government convicted Thomas of committing a crime against Rito Llamas-Juarez. Initially, investigators only knew that Llamas-Juarez was harmed by a specific type of item. As investigators processed the crime scene, a bracelet that was "distinctive" was found and collected as evidence. The investigators examined Thomas's Facebook page and found a photo of Thomas posing with an item similar to what was used at the crime scene. In a different photo, they found the "distinctive" bracelet being worn by Thomas. While the digital evidence did not have a direct impact on the criminality being investigated, it showed how the subject had the means and had been at the crime scene.

Vehicles are also a source of evidence to prove the conspiracy. Newer vehicles are connected to the network and have their own Wi-Fi connection and sync data between mobile devices, GPS data, and the vehicle's black box. Potentially, the investigator can show the subjects performing reconnaissance on their targets, meetings between the conspirators at a shared location, or where they have traveled to and returned using toll passes.

Technology is rapidly changing and advancing as the general population uses technology, and so do the criminals. The general population plans out their day by utilizing technology; criminals also plan out their day of criminal activity using the same technology. I am always amazed when criminals use their mobile devices to plan and execute criminal activity and then take pictures to memorialize their illegal business.

Now that we have learned about criminal investigations, its roles, and the means by which information is being shared, let's move on to the next type of investigation, which is corporate investigations.

arrow left Previous Chapter
Chapter 1 of 17
Next Chapter arrow right
You have been reading a chapter from
Learn Computer Forensics
Published in: Apr 2020 Publisher: Packt ISBN-13: 9781838648176
© 2020 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime}

Authors (1)

Profile icon William Oettinger
LinkedIn
William Oettinger is a veteran technical trainer and investigator. He is a retired police officer with the Las Vegas Metropolitan Police Department and a retired CID agent with the United States Marine Corps. He is a professional with over 20 years of experience in academic, local, military, federal, and international law enforcement organizations, where he acquired his multifaceted experience in IT, digital forensics, security operations, law enforcement, criminal investigations, policy, and procedure development. He has earned an MSc from Tiffin University, Ohio. When not working, he likes to spend time with his wife and his three miniature schnauzers.
Read more
See other products by William Oettinger

Other recommended products

Related to this chapter
Left arrow icon
Windows Forensics Cookbook
Windows Forensics Cookbook
Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. Whether talking about digital forensics conducted by law enforcement or a corporate security department, the simple fact is that forensics is difficult and there are always challenges to be faced.
Aug 2017 9 hours 8 minutes
Digital Forensics with Kali Linux
Digital Forensics with Kali Linux
Kali Linux is used mainly for penetration testing and digital forensics. This book will help you explore and unleash the tools available in Kali Linux for effective digital forensics investigations. Using practical examples, you will be able to make the most of forensics process such as investigation, evidence acquisition, and analysis.
Dec 2017 9 hours 8 minutes
Digital Forensics with Kali Linux
Digital Forensics with Kali Linux
Kali Linux is considered as a reliable source for penetration testing and digital forensics. This book will give readers hands-on experience in utilizing Kali Linux tools to implement all the pillars of digital forensics such as acquisition, extraction, analysis, and presentation.
Apr 2020 11 hours 8 minutes
Digital Forensics and Incident Response
Digital Forensics and Incident Response
The staggeringly high number of security breaches reported in the last several years stresses the importance of an organization's ability to respond to attacks promptly. With this book, you'll learn forensic techniques and incident response fundamentals to investigate such incidents in your organization.
Jul 2017 10 hours 48 minutes
Digital Forensics and Incident Response
Digital Forensics and Incident Response
An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is a must for all organizations. This book offers concrete and detailed guidance on how to conduct the full spectrum of incident response and digital forensic activities.
Jan 2020 14 hours 56 minutes
Practical Mobile Forensics
Practical Mobile Forensics
Covering up-to-date mobile platforms, this book focuses on teaching you the most recent tools and techniques for investigating mobile devices. Readers will delve into a variety of mobile forensics techniques for iOS 11-13, Android 8-10 devices, and Windows 10.
Apr 2020 13 hours 20 minutes
Python Digital Forensics Cookbook
Python Digital Forensics Cookbook
Technology plays an increasingly large role in our daily life and shows no signs of stopping. Now, more than ever, it is paramount that an investigator develops programming expertise to deal with increasingly large datasets. By leveraging the Python recipes explored throughout this book, we make the complex simple, quickly extracting relevant information from large datasets. You will explore, develop, and deploy Python code and libraries to provide meaningful results that can be immediately applied to your investigations.
Sep 2017 13 hours 44 minutes
Learning Android Forensics
Learning Android Forensics
This book will introduce you to Android forensics helping you to set up a forensic environment, handle mobile evidence, analyze how and where common applications store their data. You will also learn to identify malware on a device, and how to analyze it.
Dec 2018 10 hours 56 minutes
Practical Mobile Forensics
Practical Mobile Forensics
Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This book is an update to Practical Mobile Forensics, Second Edition and it delves into the concepts of mobile forensics and its importance in today’s world.
Jan 2018 13 hours 24 minutes
Cisco Certified CyberOps Associate 200-201 Certification Guide
Cisco Certified CyberOps Associate 200-201 Certification Guide
The Cisco Certified CyberOps Associate 200-201 certification exam helps you gain the skills and knowledge needed to prevent, detect, analyze, and respond to cybersecurity incidents. This book offers complete up-to-date coverage of the 200-201 exam so you can confidently pass first time while getting hands-on cybersecurity experience.
Jun 2021 22 hours 0 minutes
CCNA Cyber Ops : SECOPS - Certification Guide 210-255
CCNA Cyber Ops : SECOPS - Certification Guide 210-255
Cyber-attacks, in their various forms, are increasing in frequency and complexity, causing potential losses to organizations. This book equips readers with the skills required to succeed at 210-255 SECOPS exam, and for those re-sitting, to understand their score report and quickly identify the appropriate sections to concentrate on.
Jul 2019 11 hours 44 minutes
Incident Response in the Age of Cloud
Incident Response in the Age of Cloud
This book is a comprehensive guide for organizations on how to prepare for cyber-attacks and control cyber threats and network security breaches in a way that decreases damage, recovery time, and costs, facilitating the adaptation of existing strategies to cloud-based environments.
Feb 2021 20 hours 44 minutes
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Attacking and Exploiting Modern Web Applications
Attacking and Exploiting Modern Web Applications
Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.
Aug 2023 11 hours 16 minutes
Automotive Cybersecurity Engineering Handbook
Automotive Cybersecurity Engineering Handbook
This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.
Oct 2023 13 hours 4 minutes
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide
This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.
Aug 2023 16 hours 32 minutes
Cloud Penetration Testing for Red Teamers
Cloud Penetration Testing for Red Teamers
The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.
Nov 2023 9 hours 56 minutes
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.
Sep 2023 10 hours 32 minutes
Burp Suite Cookbook
Burp Suite Cookbook
Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.
Oct 2023 15 hours 0 minutes
Building and Automating Penetration Testing Labs in the Cloud
Building and Automating Penetration Testing Labs in the Cloud
This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.
Oct 2023 18 hours 44 minutes
Ethical Hacking Workshop
Ethical Hacking Workshop
As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.
Oct 2023 7 hours 20 minutes
Windows Forensics Analyst Field Guide
Windows Forensics Analyst Field Guide
This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.
Oct 2023 10 hours 36 minutes
Implementing DevSecOps Practices
Implementing DevSecOps Practices
This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.
Dec 2023 8 hours 36 minutes
Right arrow icon