The Official CHFI Study Guide (Exam 312-49): for Computer Hacking Forensic Investigator

Overview

This is the official CHFI (Computer Hacking Forensics Investigator) study guide for professionals studying for the forensics exams and for professionals needing the skills to identify an intruder's footprints and properly gather the necessary evidence to prosecute.

The EC-Council offers certification for ethical hacking and computer forensics. Their ethical hacker exam has become very popular as an industry gauge and we expect the forensics ...

See more details below
Paperback (Study Guid)
$57.62
BN.com price
(Save 13%)$66.95 List Price

Pick Up In Store

Reserve and pick up in 60 minutes at your local store

Other sellers (Paperback)
  • All (17) from $30.68   
  • New (10) from $48.85   
  • Used (7) from $30.61   
The Official CHFI Study Guide (Exam 312-49): for Computer Hacking Forensic Investigator

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$62.95
BN.com price

Overview

This is the official CHFI (Computer Hacking Forensics Investigator) study guide for professionals studying for the forensics exams and for professionals needing the skills to identify an intruder's footprints and properly gather the necessary evidence to prosecute.

The EC-Council offers certification for ethical hacking and computer forensics. Their ethical hacker exam has become very popular as an industry gauge and we expect the forensics exam to follow suit.

Material is presented in a logical learning sequence: a section builds upon previous sections and a chapter on previous chapters. All concepts, simple and complex, are defined and explained when they appear for the first time. This book includes: Exam objectives covered in a chapter are clearly explained in the beginning of the chapter, Notes and Alerts highlight crucial points, Exam’s Eye View emphasizes the important points from the exam’s perspective, Key Terms present definitions of key terms used in the chapter, Review Questions contains the questions modeled after real exam questions based on the material covered in the chapter. Answers to the questions are presented with explanations. Also included is a full practice exam modeled after the real exam.

* The only study guide for CHFI, provides 100% coverage of all exam objectives.
* Full web-based exam with explanations of correct and incorrect answers
* CHFI Training runs hundreds of dollars for self tests to thousands of dollars for classroom training.

Read More Show Less

Product Details

  • ISBN-13: 9781597491976
  • Publisher: Elsevier Science
  • Publication date: 11/21/2007
  • Edition description: Study Guid
  • Pages: 960
  • Sales rank: 800,725
  • Product dimensions: 7.50 (w) x 9.25 (h) x 1.90 (d)

Meet the Author

Dave Kleiman (CAS, CCE, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE) has worked in the Information Technology Security sector since 1990. Currently, he is the owner of SecurityBreachResponse.com, and is the Chief Information Security Officer for Securit-e-Doc, Inc. Before starting this position, he was Vice President of Technical Operations at Intelliswitch, Inc., where he supervised an international telecommunications and Internet service provider network. Dave is a recognized security expert. A former Florida Certified Law Enforcement Officer, he specializes in computer forensic investigations, incident response, intrusion analysis, security audits, and secure network infrastructures. He has written several secure installation and configuration guides about Microsoft technologies that are used by network professionals. He has developed a Windows Operating System lockdown tool, S-Lok (www.s-doc.com/products/slok.asp ), which surpasses NSA, NIST, and Microsoft Common Criteria Guidelines. Dave was a contributing author to Microsoft Log Parser Toolkit (Syngress Publishing, ISBN: 1-932266-52-6). He is frequently a speaker at many national security conferences and is a regular contributor to many security-related newsletters, Web sites, and Internet forums. Dave is a member of several organizations, including the International Association of Counter Terrorism and Security Professionals (IACSP), International Society of Forensic Computer Examiners® (ISFCE), Information Systems Audit and Control Association® (ISACA), High Technology Crime Investigation Association (HTCIA), Network and Systems Professionals Association (NaSPA), Association of Certified Fraud Examiners (ACFE), Anti Terrorism Accreditation Board (ATAB), and ASIS International®. He is also a Secure Member and Sector Chief for Information Technology at The FBI’s InfraGard® and a Member and Director of Education at the International Information Systems Forensics Association (IISFA).
Read More Show Less

Read an Excerpt

The Official CHFI Study Guide (Exam 312-49)


By Dave Kleiman

Elsevier Science

Copyright © 2007 Elsevier Inc.
All rights reserved.
ISBN: 978-0-08-055571-3


Excerpt

CHAPTER 1

CHFI

Computer Forensics in Today's World


Exam objectives in this chapter:

* The History of Forensics

* The Objectives of Computer Forensics

* Computer-Facilitated Crimes

* Reasons for Cyber Attacks

* Computer Forensic Flaws and Risks

* Computer Forensics: Rules, Procedures, and Legal Issues

* The Computer Forensic Lab

* Laboratory Strategic Planning for Business

* Elements of Facilities Build-out

* Electrical and Power Plant Considerations

* Essential Laboratory Tools


Introduction

As is often the case with security compromises, it's not a matter of if your company will be compromised, but when.

If I had known the employee I hired was going to resign, break into my office, and damage my computers in the span of three days, hindsight being 20/20, I would have sent notification to the security guards at the front door placing them on high alert and made sure he was not granted access to the building after he resigned. Of course, I in hindsight, I should have done a better job of hiring critical personnel. He was hired as a computer security analyst and security hacker instructor; and was (or should have been) the best example of ethical conduct.

Clearly, we see only what we want to see when hiring staff and you won't know whether an employee is ethical until a compromise occurs. Even if my blinders had been off, I would have never seen this compromise coming. It boggles the mind to think that anyone would ruin or jeopardize his career in computer security for so little. But he did break into the building, and he did damage our computers; therefore, he will be held accountable for his actions, as detailed in the following forensic information. Pay attention when the legal issues are reviewed. You will learn bits and pieces regarding how to make your life easier by knowing what you really need to know "when" your computer security compromise occurs.

Computer forensics is the preservation, identification, extraction, interpretation, and documentation of computer evidence. In Chapter 9 of Cyber Crime Investigations, digital forensics is referred to as "the scientific acquisition, analysis, and preservation of data contained in electronic media whose information can be used as evidence in a court of law."

In the case involving the Hewlett-Packard board of directors, seasoned investigators within HP and the primary subcontracting company sought clarity on an investigative method they were implementing for an investigation. The investigators asked legal counsel to determine whether the technique being used was legal or illegal. Legal counsel determined that the technique fell within a gray area, and did not constitute an illegal act. As a result, the investigators used it and were later arrested. This situation could befall any cyber crimes investigator.

In the Hewlett-Packard case, legal counsel did not fully understand the laws relating to such methodologies and technological issues. The lesson for investigators here is not to assume that an action you've taken is legal just because corporate counsel told you it was. This is especially true within the corporate arena. In the HP case, several investigators were arrested, including legal counsel, for their actions.

In this CHFI study guide, you will learn the concepts of computer forensics and how to prepare for the EC-Council's Computer Hacker Forensic Investigator exam. This chapter will review the objectives of computer forensics. It will also discuss computer-facilitated crimes, the reasons for cyber crime, the computer forensics flaws and risks, modes of attack, digital forensics, and the stages of forensic investigation in tracking cyber criminals. The chapter also covers various stages of building a computer forensics laboratory.


The History of Forensics

Forensics has been around since the dawn of justice. Cavemen had justice in rules set to protect home and hearth. Francis Galton (1822–1911) made the first recorded study of fingerprints, Leone Lattes (1887–1954) discovered blood groupings (A, B, AB, and 0), Calvin Goddard (1891–1955) allowed firearms and bullet comparison for solving many pending court cases, Albert Osborn (1858–1946) developed essential features of document examination, Hans Gross (1847–1915) made use of scientific study to head criminal investigations. And in 1932, the FBI set up a lab to provide forensic services to all field agents and other law authorities across the country. When you look back at these historic forensic events, you see patterns of confidence in the forensic information recovered and analyzed. You will see in this study guide, today's computer forensics is clearly a new pattern of confidence, acceptance, and analysis.


The Objectives of Computer Forensics

Cyber activity has become an important part of the everyday lives of the general public. According to the EC-Council, eighty-five percent of businesses and government agencies have detected a security breach. The examination of digital evidence (media) has provided a medium for forensic investigators to focus on after an incident has occurred. The ultimate goal of a computer forensic investigator is to determine the nature and events concerning a crime and to locate the perpetrator by following a structured investigative procedure.

Investigators must apply two tests for evidence for both computer forensics and physical forensics to survive in a court of law:

* Authenticity Where does the evidence come from?

* Reliability Is the evidence reliable and free of flaws?

* Theft of intellectual property This pertains to any act that allows access to patent, trade secrets, customer data, sales trends, and any confidential information.

* Damage of company service networks This can occur if someone plants a Trojan horse, conducts a denial of service attack, installs an unauthorized modem, or installs a back door to allow others to gain access to the network or system.

* Financial fraud This pertains to anything that uses fraudulent solicitation to prospective victims to conduct fraudulent transactions.

* Hacker system penetrations These occur via the use of sniffers, rootkits, and other tools that take advantage of vulnerabilities of systems or software.

* Distribution and execution of viruses and worms These are some of the most common forms of cyber crime.


Cyber crime comprises three things: tools to commit the crime, targets of the crime (victim), and material that is tangential to the crime.

Cyber crime is motivated by many different things. Often it's the thrill of the chase, and a desire for script kiddies to learn. Sometimes cyber crime is committed by psychologically motivated criminals who need to leave a mark. Other times such crimes are committed by a person or group that is out for revenge; perhaps it's a disgruntled employee or friend who wants to embarrass the target. Most likely, a cyber criminal is being paid to gain information; hackers involved in corporate espionage are the hardest to uncover and often are never seen.


Computer-Facilitated Crimes

Our dependency on the computer has given way to new criminal opportunities. Computers are increasingly being used as a tool for committing crimes, and they are posing new challenges for investigators, for the following reasons:

* The proliferation of PCs and Internet access has made the exchange of information quick and inexpensive.

* The use of easily available hacking tools and the proliferation of underground hacking groups have made it easier to commit cyber crimes.

* The Internet allows anyone to hide his identity while committing crimes.

* E-mail spoofing, creating fake profiles, and committing identity theft are common occurrences, and there is nothing to stop it, making investigation difficult.

* With cyber crimes, there is no collateral or forensic evidence, such as eye witnesses, fingerprints, or DNA, making these crimes much harder to prosecute.


Reasons for Cyber Attacks

Today, cyber attacks are committed by individuals who are more organized. Cyber crime has different connotations depending on the situation. Most of us equate cyber crime with what we see on TV and in the news: porn, hackers gaining access to sensitive government information, identity theft, stolen passwords, and so on. In reality, these types of computer crimes include more often than not, theft of intellectual property, damage of company service networks, embezzlement, copyright piracy (software, movie, sound recording), child pornography, planting of viruses and worms, password trafficking, e-mail bombing, and spam.

Cyber criminals are taught to be more technically advanced than the agencies that plan to thwart them. And today's criminals are more persistent than ever. According to the EC-Council, computer crime is any illegal act involving a computer, its system, or its applications. A computer crime is intentional, not accidental (we discuss this in more detail in the "Legal Issues" section, later in this chapter).


Computer Forensic Flaws and Risks

Computer forensics is in its developmental stage. It differs from other forensic sciences as digital evidence is examined. There is a little theoretical knowledge to base assumptions for analysis and standard empirical hypothesis testing when carried out lacks proper training or standardization of tools, and lastly it is still more 'art" than "science.


Modes of Attack

There are two categories of cyber crime, differentiated in terms of how the attack takes place:

* Insider attacks These involve a breach of trust from employees within an organization.

* External attacks These involve hackers hired by either an insider or an external entity whose aim is to destroy a competitor's reputation.


Stages of Forensic Investigation in Tracking Computer Crime

A computer forensic investigator follows certain stages and procedures when working on a case. First he identifies the crime, along with the computer and other tools used to commit the crime. Then he gathers evidence and builds a suitable chain of custody. The investigator must follow these procedures as thoroughly as possible. Once he recovers data, he must image, duplicate, and replicate it, and then analyze the duplicated evidence. After the evidence has been analyzed, the investigator must act as an expert witness and present the evidence in court. The investigator becomes the tool which law enforcement uses to track and prosecute cyber criminals.

For a better understanding of the steps a forensic investigator typically follows, consider the following, which would occur after an incident in which a server is compromised:

1. Company personnel call the corporate lawyer for legal advice.

2. The forensic investigator prepares a First Response of Procedures (FRP).

3. The forensic investigator seizes the evidence at the crime scene and transports it to the forensic lab.

4. The forensic investigator prepares bit-stream images of the files and creates an MD5 # of the files.

5. The forensic investigator examines the evidence for proof of a crime, and prepares an investigative report before concluding the investigation.

6. The forensic investigator hands the sensitive report information to the client, who reviews it to see whether they want to press charges.

7. The FI destroys any sensitive client data.


It is very important that a forensic investigator follows all of these steps and that the process contains no misinformation that could ruin his reputation or the reputation of an organization.


Computer Forensics: Rules, Procedures, and Legal Issues

A good forensic investigator should always follow these rules:

* Examine original evidence as little as possible. Instead, examine the duplicate evidence.

* Follow the rules of evidence and do not tamper with the evidence.

* Always prepare a chain of custody, and handle evidence with care.

* Never exceed the knowledge base of the FI.

* Make sure to document any changes in evidence.

* If you stay within these parameters your case should be valuable and defensible.


Digital Forensics

Digital forensics includes preserving, collecting, confirming, identifying, analyzing, recording, and presenting crime scene information.
(Continues...)


Excerpted from The Official CHFI Study Guide (Exam 312-49) by Dave Kleiman. Copyright © 2007 by Elsevier Inc.. Excerpted by permission of Elsevier Science.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Computer Forensics in Today’s World
Law And Computer Forensics
Computer Investigation Process
Computer Security Incident Response Team
Computer Forensic Laboratory Requirements
Understanding File systems and Hard disks
Windows Forensics
Linux and Macintosh Boot processes
Linux Forensics
Data Acquisition and Duplication
Recovering Deleted Files
Image Files Forensics
Steganography
Computer Forensic Tools
Application password crackers
Investigating Logs
Investigating network traffic
Router Forensics
Investigating Web Attacks
Tracking E-mails and Investigating E-mail crimes
Mobile and PDA Forensics
Investigating Trademark and Copyright Infringement
Investigative Reports
Becoming an Expert Witness
Forensics in action
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)