Computer Crime Investigation Framework (CCIF) - Open Information Systems Security Group

Member Login

Poll

How relevant is ISSAF for your requirements?

	will be used as a part of our IS strategy
	will take inputs from ISSAF
	somewhat useful
	not useful

Does your organization have a vulnerability management strategy?

	Effective (Vulnerabilitiy Management Products deployed)
	Good (We use VA scanners & track results to closure)
	Limited (Only Essential Patches deployed based on advisories)
	No (No such activies performed)

Home

ISSAF

Sister Projects

Computer Crime Investigation Framework (CCIF)

We are developing a structured approach for Computer Crime Investigation to assist law enforcement agencies that lack the time, resource and money. The first draft of this methodology is expected to release in the start of 2005. Brief overview of this framework is given below.

Target Audience

Penetration Tester, Security Auditor and Security testers
Security engineers and consultants
System/network/Web administrators
Security testing project managers
Technical and Functional Managers
IT Staff responsible for information security

TABLE OF CONTENTS

Chapter 1: Nuts and Bolts of Computer Forensics and Incident Response

Introduction to Cyber Crime
Type of Cyber Crime
Understanding Cyber Crime World
Understanding Cyber Victims
Understanding Cyber Criminal
Understanding Cyber Investigator
Challenges of Cyber Crime
New technologies and new vulnerabilities
Choices of Cyber Criminals
Broadband
E-Commerce and Online Banking
Instant Messaging
Mobile Computing
New Operating Systems and Applications
Standardization
Web and Mail Technologies
Wireless
Thwarting the Cyber Criminal
Evidence gathering process
Understanding Volatility of Evidence
Creating a Forensic Boot Disk

Chapter 2: Recovering and Preserving Evidence

Protecting Evidence (Disk Imaging)
Auditing and Logging Procedure
Examining log files and their size
Centralized Logging
Collecting Evidence using sniffers
Time Synchronization and Stamping
Searching Keywords
Recovering evidence
Deleted files
Locating web cache and browser history data
From temporary files
From print spooler files
From swap and page files
From Backups
Finding and decrypting encrypted files
Recovering data from hidden files
    Hidden files
    Steganography files
    Password protected compressed files
Cracking password protection
Collecting data from Memory
From Registry
Viewing and Editing the Registry
Collecting the Registry Data
Analyzing the Registry Data
Collecting Deleted files through the Recycle Bin
Collecting E-mails
Router Log, Reports, Alarms and Alerts
Firewall Log, Reports, Alarms and Alerts
Hacking tools Forensics

Chapter 3: Back Tracing

Email Header Analysis
Tracing a domain name or IP Address

Chapter 4: Miscellaneous Cyber Crime Detection Techniques

IP address spoofing
Anti Detection techniques
Decoy techniques ( HoneyNet, HonePot and Other Cyber Stings)
Intrusion Detection System

If you are interested to contribute and/or want latest and greatest document, contact us at This e-mail address is being protected from spam bots, you need JavaScript enabled to view it