The chapter begins with some references to previous chapters, and the idea that an identity thief might begin with a few simple searches and build a crime on them. The author makes it clear that his intent is to teach you what you may not know so you can expect it and potentially defend against it.
His discussion begins with some general search advice, some of which is dated. Most of us would not start a search on Yahoo, although it always recommended to run searches through different engines to get the most variety in your results. Of the search sites listed, I might recommend whowhere.com and yellowpages.com, although the information you are looking for could be found on Facebook or LinkedIn if the target is likely to have used either. Of course, some people don't like public scrutiny. Others do.
The text briefly mentions online court records. As I have had the need to do so, I have found several useful sites associated with local court systems which have been helpful in finding my own records. Finding the records of others can be useful, but make sure you have permission to go looking before you consider doing so.
The text is correct, that there are both federal and state web sites where one might look up registered or convicted sex offenders, but we are cautioned that data is not always correct. I have had the need to edit databases of such information in the past when requested by official sources who determined that errors had been stored in the data. Correcting errors, and logging such corrections, are necessary parts of being a database administrator. I felt mixed relief and loss when my job changed and I no longer had the responsibility or ability to make changes in such data.
The text provides links to run searches for current and released prison inmates, as well as for court records. These can be useful, but once again, we are reminded to confirm any data that we gather from such searches.
The chapter's information about Usenet newsgroups is less current
and less useful than the rest of the chapter. It is unlikely to be
of as much use as the other sources that the author discusses.
Chapter 14, Introduction to Forensics
Chapter 14 has a good bit more to say about cyber forensic work. Objectives important to this lesson:
This chapter does not introduce cyber forensics, but it would provide a good introduction to it if you had not read the previous chapters. The word "forensic" has several definitions, but the one the chapter concerns itself with is the one from CERT on page 386: using scientific procedures to collect, preserve, analyze, and present valid legal evidence in court cases.
Forensic concerns can be
contrary to IT operating principles. Our first instinct should be
to repair a device or restore it to proper operating
status. In a situation in which there may be something to prove in
a courtroom, we are
required to isolate, contain, and otherwise NOT change the state of a
device whose condition points to a crime. This is not something
that every technical person is trained for. As such, it may be
necessary to immediately consult with senior staff or specialists
who may advise us, or may begin a forensic investigation
The following is a list of concerns that apply to collection or seizure of devices, data, or other items that may be submitted as evidence in a court. It assumes that you are an IT employee of the corporate entity whose equipment will be searched. The rules are a bit different if police are searching for evidence of a crime.
A plan for a forensic investigation (looking for evidence, and presumably looking for the truth) should include three aspects that will affect the costs:
The chapter continues with general advice about keeping a hands off policy regarding equipment that is being examined. You should never make any changes to devices in evidence. The accepted process is to make an exact copy of storage media, and to conduct your examination on the copy. This preserves the state of the seized equipment, and keeps it available to make another copy should that become necessary due to any accident in the investigation. The text covers some methods of making a forensic image of equipment by several means.
The text addresses the less desirable situation of having to examine a device and being unable to make a forensic copy of it. The author points out that equipment that has been take during the arrest of a subject may still be running, which may require not just copying data, but examining the device's RAM, running applications and processes, and data that may be in the process of being moved from one location to another.
Any organization that conducts forensic examinations should have established rules about documentation, such as documenting who collected anything, where it came from, how it was stored and protected, and who looked at it while it was in custody. Rules about the care of such evidence are often referred to as rules about Chain of Custody or Chain of Evidence.
The text presents guidelines from several investigative agencies that are all compatible, but that vary a bit from one set of rules to another. The agencies discussed are:
The chapter continues with a discussion of some common tools used in forensic examination. Follow this link to an article that provides the names, descriptions, and links to more information about twenty three forensic tools. In this section, the chapter discusses what you might look for and what tools you might use if the only things you have at hand are the accessible utilities in a given operating system. For instance, all browsers download data and save files. All operating systems keep logs of significant events. Files can be deleted, but they are not really gone until the operating system reuses the storage space the deleted files were in. If the seized device has not been used since the deletion, the files may still be in place.
The chapter goes on for several more pages which will be mainly interesting to professional in this part of cyber security and to students who have a interest in exploring that profession.
Chapter 15, Cybersecurity Engineering
Chapter 15 is pretty short, but the author tries to introduce another related specialty to the reader. Objectives important to this lesson:
The introduction discusses two approaches to cybersecurity. The first is about management skills. This is nonsense. You will never defend a system from cyber attack by only being a good manager. The chapter deals mostly with the other approach, the one that is more about technology.
The author fiddles about for another page or two, then begins the discussion of computer systems engineering. A system engineer should be a purposeful investigator, a serious designer, a seeker of practical solutions, and a valiant defender of company assets. The text discusses conducting ongoing research on attacks that have been detected in similar installations, on using appropriate planning and design documents, and being conversant with the laws and regulations that apply to the company paying for the designer's knowledge, expertise, and creativity.
If you are having any problems with the author's take on this version of the profession you have been considering, try the video below to get some more absorbable ideas.
As this is the last chapter you are assigned to read in the text, it is likely that you have already stopped reading the book since this chapter appears to contain a good deal of fluff. That being the case, at least take a look at the diagrams and charts in the text to get an idea of how to read one when it shows up in an interview