Hacker Profiling Guide
User Manual:
Open the PDF directly: View PDF .
Page Count: 17
Download | |
Open PDF In Browser | View PDF |
The4960’s Hacker Profiling Guide Authors: Christian Aaron Murga Editors/Contributors: Albert Morales Jaime Acosta Tables of contents: Types of Attacks 2 Types of Malware 4 Motivations 6 Cybercriminal Profiles 7 Motivational Typologies 8 Digital Forensics Workflow 9 Skills/Areas of Knowledge 9 File Extensions 10 Partition Formats 10 Windows Programs 12 Windows 7 Programs (Default) 13 Windows Registry Hives 14 Glossary 15 References 17 1 Type of Attacks ● Man in the Middle Attack gaining unauthorized access to network traffic such that the traffic goes through the attacker before reaching its end point. An attacker can use this to simply listen in on traffic, or can be used to modify traffic with malicious intent. ● Spoofing - falsifying or presenting data in such a way that the attacker appears to have a different identify. ● Phishing Attack - when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to a variety of attacks. ● Denial of Service - maliciously consuming a system’s resources such that it is unable to serve clients. 2 ● XXS Cross-Site Scripting - injecting a malicious script to a vulnerable website. When a normal client visits the website, the client run the malicious script. ● SQL Injection - submitting malicious input to a vulnerable server’s form such that the server treats the input as a command rather than data. ● Brute Force/Dictionary Attack - a form of password cracking where an attacker incrementally guess what they password might be from a large set of inputs. 3 Types of Malware ● Virus - Attached to a program. Spreads when a user launches an infected program – keeps a low profile and usually infects new programs or disks. ● Ransomware - encrypts files and demands payment to decrypt them. This is a subset of scamware. ● Backdoor - allow the attacker to execute commands usually with little or no authentication ● Rootkit - designed to conceal existence of other malware ● Worm - Does not need to attach to an existing program. Sends a copy of itself to another computer and then launches that copy. 4 ● Adware - “Software typically installed that displays advertisements browser pop-ups).” ● Keylogger - collects keystroke information and gives to attacker. 5 Motivations 6 Cybercriminal Profiles From “Computer Incident Response and Forensics Team Management : Conducting a Successful Incident Response” ● ● ● ● ● ● ● ● ● ● ● ● Script kiddie - not technologically sophisticated; uses existing scripts; ego driven; usually have the intent to trespass or invade privacy. Cyberpunks - technologically proficient; usually young; ego driven. Tend to engage in trespassing, invasion, theft, sabotage. Often viruses and DOS against established companies. Old timers - most technologically proficient; motivation is ego driven and perfecting the cyber-trespassing ‘art.’ Typically middle aged or older; have extensive technology backgrounds. Sometimes deface websites; usually do not cause much harm due to skill. Unhappy insider - very dangerous since they are inside an organization's defenses, any and and employment level, motivation is revenge and/or monetary gain. Intend to steal from or harm company. Engage in extortion or exposure of company secrets. Depend on direct access - Internet is secondary (also to obtain tools, transfer, etc). Ex-insider - separated from company unwillingly (e.g. layoff, bad performance/conduct); motive is revenge and purpose to harm company; if termination is foreseen, they may perform other destructive acts (e.g. logic bombs, delete data); benefit from private company information Cyber-thieves - any age, does not require vast technological experience. Motivation is profit (e.g. stealing data, monetary theft). Adept at social engineering, but use network tools as well. Often try to gain employment at targeted company; some work from the outside. Cyberhucksters - spammers and malware distributors. Focused on monetary gain. Good at social engineering and spoofing. Use spyware. Sometimes infect systems so they can sell the cure. Con man - Motivated by monetary gain. “Theft is their trademark.” Often run scams and perform phishing attacks to commit identity and credit card theft. Very good at social engineering and spoofing. Harder to catch because they are usually antonymous. Typically no specific victim; some will target high value targets by spear phishing. Cyberstalker - driven by ego and deviance. Want to invade their victim’s privacy to satisfy personal/psychological need (e.g. jealousy). Use keyloggers, Trojan horses, sniffers; very resourceful and diverse. Code warriors - skilled with long histories with technology (often times with degrees). Initially focused on ego and revenge. Now more capitalistic, performing theft or sabotage. Not an ‘art’, more of a profession. Code exploitation and trojan horse creators. Any age, but typically 30-50. Usually socially inept and social deviants. Mafia soldier - some characteristics from con-man and code warrior. Highly organized with criminal purpose of making money. Typically engage in theft, extortion, and privacy invasion with goal of blackmail. Warfighter - Any age; very bright and skilled. Motivation is infowar (e.g. after strategic advantages for their country and their allies). All types of cyber weapons (e.g. trojan horses, DOS attacks, and use of disinformation. 7 Motivational Typologies From “Profiling and Serial Crime : Theoretical and Practical Issues” ● ● ● ● ● ● Power Reassurance ○ “This offender is driven by a relational fantasy and feels that the victim is special because of it.” ○ “There is no intent to punish or degrade, and they are the least likely to physically harm their victim since this would shatter the illusion that the relationship was somehow wanted” ○ “The attack is intended to restore diminishing feelings of masculinity, and power is achieved by taking power away from the victim.” Power Assertive ○ Offender “feel inadequate and both seek affirmation about their masculinity and worth.” ○ “offender tries to establish a relationship with the victim, and in this way hopes to shore up their low self-worth.” ○ “offenders try to make themselves feel better by making others feel bad.” ○ “is not concerned about the victim’s welfare in any form. Moderate to excessive force may be used in controlling the victim, and the attacks will occur at any time and location that is convenient and safe.” Anger Retaliatory ○ “does not want to include the victim or want their input. They will use excessive levels of force, even beyond that needed to gain control over a victim, or that required to get compliance.” ○ “Offenders hate the target (individual or group) against whom the offense is committed and will hold them accountable for real wrongs, or misplace their aggression as would happen in the case of a perceived wrong.” ○ “focus is an individual or a group that has either done something wrong or that the offender believes has done something wrong.” Pervasively Angry ○ “The offense is the manifestation of anger not directed at a specific target, group, or institution, but results from cumulative life stresses in any or all aspects of being.” Gang and Opportunistic ○ Reassurance Oriented - seeking emotional support due to low self-esteem ○ Pervasively Angry - group used as a platform to legitimize behavior ○ The gang espouses a philosophy that is concordant with their own ○ Joins gang for monetary gain Profit ○ Struggling to make ends meet ○ Does not have to be actual cash 8 Digital Forensics Workflow From “Computer Incident Response and Forensics Team Management : Conducting a Successful Incident Response” 1. Prepare —Specific forensics training, overarching corporate policies and procedures, as well as practice investigations and examinations will prepare you for an “event.” Specialized forensics or incident handling certifications are considered of great value for forensics investigators. Identify —When approaching an incident scene— review what is occurring on the computer screen. If data is being deleted, pull the power plug from the wall; otherwise perform real-time capture of system “volatile” data first. 2. Preserve —Once the system-specific “volatile” data is retrieved, then turn off machine, remove it from scene, and power it up in an isolated environment. Perform a full system bit-stream image capture of the data on the machine, remembering to “hash” the image with the original data for verification purposes. 3. Select —Once you have a verified copy of the available data, start investigation of data by selecting potential evidence files, datasets, and locations data could be stored. Isolate event-specific data from normal system data for further examination. 4. Examine —Look for potential hidden storage locations of data such as slack space, unallocated space, and in front of File Allocation Table (FAT) space on hard drives. Remember to look in registry entries or root directories for additional potential indicators of data storage activity. Classify —Evaluate data in potential locations for relevance to current investigation. Is the data directly related to case, or does it support events of the case, or is it unrelated to the case? 5. Analyze —Review data from relevant locations. Ensure data is readable, legible, and relevant to investigation. Evaluate it for type of evidence: Is it direct evidence of alleged issue or is it related to issue? 6. Present —Correlate all data reviewed to investigation papers (warrants, corporate documents, etc.). Prepare data report for presentation— either in a court of law or to corporate officers. Skills/Areas of Knowledge ● ● ● ● ● ● Encryption Web development Malware writing Programming Computer vision Data mining ● ● ● ● ● Machine learning Reverse engineering Networking Penetration testing Social engineering 9 File Extensions ● ● ● ● ● ● ● elf - Linux executable exe - Windows executable lnk - Reference/link to another file txt - Text file php - Webpage html - Webpage bat - Windows shell script ● ● ● ● ● ● dll - Windows dynamically link library ps1 - Windows Powershell script dat - General information file py - Python script java - Java source code webm - Video file Partition Formats ● ● ● ● ● ● NTFS - robust and effective. Windows install format. Somewhat low compatibility with other systems. (1993) FAT32 (File Allocation Table 32) - all operating systems (universal); Max volume: depends, typically 2TB, but 32GB in Windows. Max file size 4GB. Not a journaling file system (more prone to corruption). Does not support file permissions. (1977) EXFAT - flash drive optimized. More compatible than NTFS, but less than FAT32. (2006) EXT4 - Max file size: 16TB. Max volume: 1EB (exabyte) = 1,024PB (petabyte) = 1,048,576 TB (terabyte). Linux install format. Optional journaling file system. (2008) EXT3 - Max file size: 2TB. Max volume: 32TB. Journaling file system. (2001) Linux-swap - used when RAM is full. 10 11 Windows Programs ● ● Programming/Development ○ XAMPP - used to develop and host websites. Website files stored in C:\xampp\htdocs\ ○ Python - scripting programing language ○ PHP - web-focused programing language ○ Java JDK/JRE - object oriented programing language ○ Eclipse - Integrated development environment for programming ○ GitHub Desktop - version control software; usually used when programming ○ Blender - 3D modeling program ○ Unity Game Engine - crossplatform game engine for game development ○ Matlab - Programming language with mathematical focus ○ Visual Studio - Integrated development environment for programming ○ Sublime Text Editor typically for programming ○ Cygwin - GNU Linux tools for Windows Pen-testing ○ Metasploit - penetration testing software. Has a folder at ~/.msf4 containing logs, history, and other settings. ○ Wireshark - network analysis software ○ Nmap - network scanner ○ ● ● Tor Browser - proxy-based browser built on Firefox ○ Burp Suite - web application testing tool ○ Cain & Able - penetration testing and password recovery tool ○ Mimikatz - penetration testing tool targeting Windows ○ IDA pro - reverse engineering tool Defensive ○ Snort - intrusion detection/prevention system ○ AVG AntiVirus ○ Malwarebytes - antivirus ○ TrueCrypt - used to encrypt harddrives ○ Autopsy - forensics analysis software ○ FKTImager - forensics software for data previews and imaging ○ RegRipper - forensics software for extracting registry data Utils ○ Putty - SSH and telnet client. RegRipper has a plugin to detect SSH keys ○ Icecream Screen Recorder used to record/takes pictures of screen ○ Win32 Disk Imager - tool for imaging USB flash drives ○ Rufus - tool for creating bootable USB flash drives ○ CCleaner - a utility program used to clean Windows Registry entries from a computer. ○ Filezilla - FTP client 12 ○ ○ ● ● ● 7zip - archive utility BitTorrent - Torrenting software Virtualization ○ Virtualbox ○ VMware ○ XenCenter - capable to nested virtualization ○ Bluestacks - Android virtual machines Communication ○ Pidgin - universal chat client (cross-platform) ○ Thunderbird - email client (cross-platform) ○ Microsoft Outlook - email client Gaming ○ Minecraft - popular crossplatform game ○ ● League of Legends - popular competitive PC game ○ Steam - video game distribution platform ○ DaedalusX64 R747 - game emulation software General ○ Chrome - best web browser ○ Firefox - decent web browser ○ Teamviewer - remote desktop software ○ Skype - text and video communication software ○ VLC Media Player ○ GIMP - raster graphics editor ○ Inkscape - vector graphics editor ○ Microsoft Office - document editor Windows 7 Programs (Default) In “C:\Program Files” ● Common Files ● DVD Maker ● Internet Explorer ● Microsoft Games ● MSBuild ● Reference Assemblies ● Windows Defender In “C:\Program Files (x86)” ● Common Files ● Internet Explorer ● MSBuild ● Reference Assemblies ● Windows Defender ● Windows Journal In “C:\Windows\System32” ● ● ● ● ● ● ● Windows Journal Windows Mail Windows Media Player WIndows NT Windows Photo Viewer Windows Portable Devices Windows Sidebar ● ● ● ● ● ● Windows Mail Windows Media Player WIndows NT Windows Photo Viewer Windows Portable Devices Windows Sidebar AdapterTroubleshooter.exe,aitagent.exe,alg.exe,appidcertstorecheck.exe,appidpolicyconverter.exe,ARP.EXE,at.exe,AtBroker.exe,attrib.ex e,audiodg.exe,auditpol.exe,autochk.exe,autoconv.exe,autofmt.exe,AxInstUI.exe,baaupdate.exe,bcdboot.exe,bcdedit.exe,BdeHdCfg.exe,Bd eUISrv.exe,BdeUnlockWizard.exe,BitLockerWizard.exe,BitLockerWizardElev.exe,bitsadmin.exe,bootcfg.exe,bridgeunattend.exe,bthudtask. exe,cacls.exe,calc.exe,CertEnrollCtrl.exe,certreq.exe,certutil.exe,change.exe,charmap.exe,chglogon.exe,chgport.exe,chgusr.exe,chkdsk.ex e,chkntfs.exe,choice.exe,cipher.exe,cleanmgr.exe,cliconfg.exe,clip.exe,cmd.exe,cmdkey.exe,cmdl32.exe,cmmon32.exe,cmstp.exe,cofire.e xe,colorcpl.exe,comp.exe,compact.exe,CompMgmtLauncher.exe,ComputerDefaults.exe,conhost.exe,consent.exe,control.exe,convert.exe,c redwiz.exe,cscript.exe,csrss.exe,ctfmon.exe,cttune.exe,cttunesvr.exe,dccw.exe,dcomcnfg.exe,ddodiag.exe,Defrag.exe,DeviceDisplayObjec tProvider.exe,DeviceEject.exe,DevicePairingWizard.exe,DeviceProperties.exe,DFDWiz.exe,dfrgui.exe,dialer.exe,diantz.exe,dinotify.exe,dis 13 kpart.exe,diskperf.exe,diskraid.exe,Dism.exe,dispdiag.exe,DisplaySwitch.exe,djoin.exe,dllhost.exe,dllhst3g.exe,dnscacheugc.exe,doskey.e xe,dpapimig.exe,DpiScaling.exe,dpnsvr.exe,driverquery.exe,drvinst.exe,dvdplay.exe,dvdupgrd.exe,dwm.exe,DWWIN.EXE,dxdiag.exe,Dxp server.exe,Eap3Host.exe,efsui.exe,EhStorAuthn.exe,esentutl.exe,eudcedit.exe,eventcreate.exe,eventvwr.exe,expand.exe,extrac32.exe,fc. exe,find.exe,findstr.exe,finger.exe,fixmapi.exe,fltMC.exe,fontview.exe,forfiles.exe,fsutil.exe,ftp.exe,fvenotify.exe,fveprompt.exe,FXSCOVER .exe,FXSSVC.exe,FXSUNATD.exe,getmac.exe,GettingStarted.exe,gpresult.exe,gpscript.exe,gpupdate.exe,grpconv.exe,hdwwiz.exe,help.e xe,HOSTNAME.EXE,hwrcomp.exe,hwrreg.exe,icacls.exe,icardagt.exe,icsunattend.exe,ie4uinit.exe,ieUnatt.exe,iexpress.exe,InfDefaultInsta ll.exe,ipconfig.exe,irftp.exe,iscsicli.exe,iscsicpl.exe,isoburn.exe,klist.exe,ksetup.exe,ktmutil.exe,label.exe,LocationNotifications.exe,Locator. exe,lodctr.exe,logagent.exe,logman.exe,logoff.exe,LogonUI.exe,lpksetup.exe,lpremove.exe,lsass.exe,lsm.exe,Magnify.exe,makecab.exe,m anagebde.exe,mblctr.exe,mcbuilder.exe,mctadmin.exe,MdRes.exe,MdSched.exe,mfpmp.exe,MigAutoPlay.exe,mmc.exe,mobsync.exe,mountvol. exe,mpnotify.exe,MpSigStub.exe,MRINFO.EXE,msconfig.exe,msdt.exe,msdtc.exe,msfeedssync.exe,msg.exe,mshta.exe,msiexec.exe,msin fo32.exe,mspaint.exe,msra.exe,mstsc.exe,mtstocom.exe,MuiUnattend.exe,MultiDigiMon.exe,NAPSTAT.EXE,Narrator.exe,nbtstat.exe,ndad min.exe,net.exe,net1.exe,netbtugc.exe,netcfg.exe,netiougc.exe,Netplwiz.exe,NetProj.exe,netsh.exe,NETSTAT.EXE,newdev.exe,nltest.exe, notepad.exe,nslookup.exe,ntoskrnl.exe,ntprint.exe,ocsetup.exe,odbcad32.exe,odbcconf.exe,openfiles.exe,OptionalFeatures.exe,osk.exe,p 2phost.exe,PATHPING.EXE,pcalua.exe,pcaui.exe,pcawrk.exe,pcwrun.exe,perfmon.exe,PING.EXE,PkgMgr.exe,plasrv.exe,PnPUnattend.e xe,PnPutil.exe,poqexec.exe,powercfg.exe,PresentationHost.exe,PresentationSettings.exe,prevhost.exe,print.exe,PrintBrmUi.exe,printfilterp ipelinesvc.exe,PrintIsolationHost.exe,printui.exe,proquota.exe,psr.exe,PushPrinterConnections.exe,qappsrv.exe,qprocess.exe,query.exe,q user.exe,qwinsta.exe,rasautou.exe,rasdial.exe,raserver.exe,rasphone.exe,rdpclip.exe,rdpinit.exe,rdpshell.exe,rdpsign.exe,rdrleakdiag.exe, RDVGHelper.exe,ReAgentc.exe,recdisc.exe,recover.exe,reg.exe,regedt32.exe,regini.exe,RegisterIEPKEYs.exe,regsvr32.exe,rekeywiz.exe ,relog.exe,RelPost.exe,repairbde.exe,replace.exe,reset.exe,resmon.exe,RMActivate.exe,RMActivate_isv.exe,RMActivate_ssp.exe,RMActivate_ssp_isv.exe,RmClient.ex e,Robocopy.exe,ROUTE.EXE,RpcPing.exe,rrinstaller.exe,rstrui.exe,runas.exe,rundll32.exe,RunLegacyCPLElevated.exe,runonce.exe,rwin sta.exe,sbunattend.exe,sc.exe,schtasks.exe,sdbinst.exe,sdchange.exe,sdclt.exe,sdiagnhost.exe,SearchFilterHost.exe,SearchIndexer.exe, SearchProtocolHost.exe,SecEdit.exe,secinit.exe,services.exe,sethc.exe,SetIEInstalledDate.exe,setspn.exe,setupcl.exe,setupugc.exe,setx. exe,sfc.exe,shadow.exe,shrpubw.exe,shutdown.exe,sigverif.exe,slui.exe,smss.exe,SndVol.exe,SnippingTool.exe,snmptrap.exe,sort.exe,So undRecorder.exe,spinstall.exe,spoolsv.exe,sppsvc.exe,spreview.exe,srdelayed.exe,StikyNot.exe,subst.exe,svchost.exe,sxstrace.exe,Sync Host.exe,syskey.exe,systeminfo.exe,SystemPropertiesAdvanced.exe,SystemPropertiesComputerName.exe,SystemPropertiesDataExecuti onPrevention.exe,SystemPropertiesHardware.exe,SystemPropertiesPerformance.exe,SystemPropertiesProtection.exe,SystemPropertiesR emote.exe,systray.exe,tabcal.exe,takeown.exe,TapiUnattend.exe,taskeng.exe,taskhost.exe,taskkill.exe,tasklist.exe,taskmgr.exe,tcmsetup. exe,TCPSVCS.EXE,timeout.exe,TpmInit.exe,tracerpt.exe,TRACERT.EXE,tscon.exe,tsdiscon.exe,tskill.exe,TSTheme.exe,TsUsbRedirectio nGroupPolicyControl.exe,TSWbPrxy.exe,TsWpfWrp.exe,typeperf.exe,tzutil.exe,ucsvc.exe,UI0Detect.exe,unlodctr.exe,unregmp2.exe,upnpc ont.exe,UserAccountControlSettings.exe,userinit.exe,Utilman.exe,VaultCmd.exe,VaultSysUi.exe,vds.exe,vdsldr.exe,verclsid.exe,verifier.ex e,vmicsvc.exe,vssadmin.exe,VSSVC.exe,w32tm.exe,waitfor.exe,wbadmin.exe,wbengine.exe,wecutil.exe,WerFault.exe,WerFaultSecure.ex e,wermgr.exe,wevtutil.exe,wextract.exe,WFS.exe,where.exe,whoami.exe,wiaacmgr.exe,wiawow64.exe,wimserv.exe,WindowsAnytimeUpgr adeResults.exe,wininit.exe,winload.exe,winlogon.exe,winresume.exe,winrs.exe,winrshost.exe,WinSAT.exe,winver.exe,wisptis.exe,wksprt.e xe,wlanext.exe,wlrmdr.exe,wowreg32.exe,WPDShextAutoplay.exe,wpnpinst.exe,write.exe,wscript.exe,WSManHTTPConfig.exe,wsmprovh ost.exe,wsqmcons.exe,wuapp.exe,wuauclt.exe,WUDFHost.exe,wusa.exe,xcopy.exe,xpsrchvw.exe,xwizard.exe Windows Registry Hives ● ● ● C:\Windows\System32\config\ ○ SAM - user account information ○ SYSTEM ○ SOFTWARE ○ SECURITY C:\Users\\ ○ NTUSER.DAT C:\Users\ \AppData\Local\Microsoft\Windows\ ○ USRCLASS.DAT 14 Glossary From “Computer Incident Response and Forensics Team Management : Conducting a Successful Incident Response” ● ● ● ● ● ● ● ● ● Attacker : “Person or entity performing any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.” Botnet : Shorted term for Robot Network, this is a network of compromised computers and servers that are remotely controlled by unauthorized personnel where the compromised devices are performing activities not under the Computer Forensics : “The practice of gathering, retaining, and analyzing computerrelated data for investigative purposes in a manner that maintains the integrity of the data.” Digital Signature : “A digital signature is a mathematical encryption mechanism for proving the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and nonrepudiation) and that the message was not altered in transit (integrity). Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.” Cybercrime profiling : “the investigation, analysis, assessment and reconstruction of data from a behavioral/psychological perspective extracted from computer systems, networks and the humans committing the crimes” ○ “The inductive approach assumes that individuals who committed the same crimes in the past share characteristics with individuals who are committing the same crime now. Examples of such profiles are those created for serial killers and rapists. The deductive approach uses evidence collected at the crime scene to develop a specific profile that can be used for offender identification. Understanding inductive profiles helps as the deductive approach frequently looks to them for clues in developing a more specific offender profile” Intent : The intent to commit a crime: malice, as evidenced by a criminal act; intent to deprive or defraud the true owner of his property. A person intends a consequence they foresee that it will happen if the given series of acts or omissions continue, and desires it to happen. Intrusion : The unauthorized act of bypassing the security mechanisms of a system for the purposes of causing an incident. Logic Bomb : A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. Malware : Malicious software which is designed to damage or disable computers with the intent to steal information or gain control of the device. Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Examples include virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code. 15 ● ● ● ● ● ● ● ● ● Nonrepudiation : “Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information. This protection against an individual falsely denying having performed a particular action provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.” Penetration Test : A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system. Piracy : Illegally reproducing copyrighted work. Music, photographs, movies, and software are all potentially copyrighted and can be pirated. Privacy : The act of guaranteeing that the interests of persons and organizations are protected and secluded from outside disclosure. Spam : Electronic junk mail or the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. Spear phishing : A targeted phishing attack on a select group of victims, usually executives. Spoofing : There are two meanings to spoofing in our context: ○ Either faking the sending address of a transmission to gain illegal entry into a secure system or ○ the deliberate inducement of a user or resource to take incorrect action. ○ Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. Spyware : Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code. Zombie : An infected computer that floods another computer with packets in an attempt to infect or crash it without the consent or knowledge of the infected computer’s owner. 16 References ● ● ● ● ● ● ● ● ● ● https://www.diffen.com/difference/FAT32_vs_NTFS https://www.howtogeek.com/235596/whats-the-difference-between-fat32-exfat-and-ntfs/ http://www.pointsoftware.ch/en/4-ext4-vs-ext3-filesystem-and-why-delayed-allocation-isbad/ http://www.ntfs.com/ntfs_vs_fat.htm Petherick, Wayne. Profiling and Serial Crime : Theoretical and Practical Issues, Elsevier Science & Technology, 2012. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/fbial-ebooks/detail.action?docID=1111846. Created from fbial-ebooks on 2018-06-30 20:38:56. Johnson, Leighton. Computer Incident Response and Forensics Team Management : Conducting a Successful Incident Response, William Andrew, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/fbial-ebooks/detail.action?docID=1115165. Created from fbial-ebooks on 2018-06-30 20:03:59. Shipley, Todd G., and Art Bowker. Investigating Internet Crimes : An Introduction to Solving Crimes in Cyberspace, William Andrew, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/fbial-ebooks/detail.action?docID=1115158. Created from fbial-ebooks on 2018-06-30 16:11:30. Cyber Crime and Cyber Terrorism Investigator's Handbook, edited by Babak Akhgar, et al., William Andrew, 2014. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/fbial-ebooks/detail.action?docID=1744499. Created from fbial-ebooks on 2018-06-30 15:40:55. Johnson, Leighton. Computer Incident Response and Forensics Team Management : Conducting a Successful Incident Response, William Andrew, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/fbial-ebooks/detail.action?docID=1115165. Created from fbial-ebooks on 2018-06-30 14:41:06. 17
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.7 Linearized : No Page Count : 17 Language : en-US Tagged PDF : Yes XMP Toolkit : 3.1-701 Producer : Microsoft® Word for Office 365 Creator Tool : Microsoft® Word for Office 365 Create Date : 2018:09:26 20:36:35+00:00 Modify Date : 2018:09:26 20:36:35+00:00 Document ID : uuid:2553B402-2A3E-4A07-BBBC-B9592A620249 Instance ID : uuid:2553B402-2A3E-4A07-BBBC-B9592A620249 Creator : Microsoft® Word for Office 365EXIF Metadata provided by EXIF.tools