Hacker Profiling Guide

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 17

DownloadHacker Profiling Guide
Open PDF In BrowserView PDF
The4960’s Hacker Profiling Guide
Authors:
Christian Aaron Murga
Editors/Contributors:
Albert Morales
Jaime Acosta
Tables of contents:
Types of Attacks

2

Types of Malware

4

Motivations

6

Cybercriminal Profiles

7

Motivational Typologies

8

Digital Forensics Workflow

9

Skills/Areas of Knowledge

9

File Extensions

10

Partition Formats

10

Windows Programs

12

Windows 7 Programs (Default)

13

Windows Registry Hives

14

Glossary

15

References

17

1

Type of Attacks
●

Man in the Middle Attack gaining unauthorized access to
network traffic such that the traffic
goes through the attacker before
reaching its end point. An attacker
can use this to simply listen in on
traffic, or can be used to modify
traffic with malicious intent.

●

Spoofing - falsifying or presenting
data in such a way that the attacker
appears to have a different identify.

●

Phishing Attack - when an attacker,
masquerading as a trusted entity,
dupes a victim into opening an
email, instant message, or text
message. The recipient is then
tricked into clicking a malicious link,
which can lead to a variety of
attacks.

●

Denial of Service - maliciously
consuming a system’s resources
such that it is unable to serve clients.

2

●

XXS Cross-Site Scripting - injecting
a malicious script to a vulnerable
website. When a normal client visits
the website, the client run the
malicious script.

●

SQL Injection - submitting malicious
input to a vulnerable server’s form
such that the server treats the input
as a command rather than data.

●

Brute Force/Dictionary Attack - a
form of password cracking where an
attacker incrementally guess what
they password might be from a large
set of inputs.

3

Types of Malware
●

Virus - Attached to a program.
Spreads when a user launches an
infected program – keeps a low
profile and usually infects new
programs or disks.

●

Ransomware - encrypts files and
demands payment to decrypt them.
This is a subset of scamware.

●

Backdoor - allow the attacker to
execute commands usually with little
or no authentication

●

Rootkit - designed to conceal
existence of other malware

●

Worm - Does not need to attach to
an existing program. Sends a copy
of itself to another computer and
then launches that copy.

4

●

Adware - “Software typically installed
that displays advertisements
browser pop-ups).”

●

Keylogger - collects keystroke
information and gives to attacker.

5

Motivations

6

Cybercriminal Profiles
From “Computer Incident Response and Forensics Team Management : Conducting a Successful Incident Response”

●
●

●

●

●

●

●

●

●

●

●

●

Script kiddie - not technologically sophisticated; uses existing scripts; ego driven; usually
have the intent to trespass or invade privacy.
Cyberpunks - technologically proficient; usually young; ego driven. Tend to engage in
trespassing, invasion, theft, sabotage. Often viruses and DOS against established
companies.
Old timers - most technologically proficient; motivation is ego driven and perfecting the
cyber-trespassing ‘art.’ Typically middle aged or older; have extensive technology
backgrounds. Sometimes deface websites; usually do not cause much harm due to skill.
Unhappy insider - very dangerous since they are inside an organization's defenses, any
and and employment level, motivation is revenge and/or monetary gain. Intend to steal
from or harm company. Engage in extortion or exposure of company secrets. Depend
on direct access - Internet is secondary (also to obtain tools, transfer, etc).
Ex-insider - separated from company unwillingly (e.g. layoff, bad performance/conduct);
motive is revenge and purpose to harm company; if termination is foreseen, they may
perform other destructive acts (e.g. logic bombs, delete data); benefit from private
company information
Cyber-thieves - any age, does not require vast technological experience. Motivation is
profit (e.g. stealing data, monetary theft). Adept at social engineering, but use network
tools as well. Often try to gain employment at targeted company; some work from the
outside.
Cyberhucksters - spammers and malware distributors. Focused on monetary gain.
Good at social engineering and spoofing. Use spyware. Sometimes infect systems so
they can sell the cure.
Con man - Motivated by monetary gain. “Theft is their trademark.” Often run scams and
perform phishing attacks to commit identity and credit card theft. Very good at social
engineering and spoofing. Harder to catch because they are usually antonymous.
Typically no specific victim; some will target high value targets by spear phishing.
Cyberstalker - driven by ego and deviance. Want to invade their victim’s privacy to
satisfy personal/psychological need (e.g. jealousy). Use keyloggers, Trojan horses,
sniffers; very resourceful and diverse.
Code warriors - skilled with long histories with technology (often times with degrees).
Initially focused on ego and revenge. Now more capitalistic, performing theft or
sabotage. Not an ‘art’, more of a profession. Code exploitation and trojan horse
creators. Any age, but typically 30-50. Usually socially inept and social deviants.
Mafia soldier - some characteristics from con-man and code warrior. Highly organized
with criminal purpose of making money. Typically engage in theft, extortion, and privacy
invasion with goal of blackmail.
Warfighter - Any age; very bright and skilled. Motivation is infowar (e.g. after strategic
advantages for their country and their allies). All types of cyber weapons (e.g. trojan
horses, DOS attacks, and use of disinformation.

7

Motivational Typologies
From “Profiling and Serial Crime : Theoretical and Practical Issues”

●

●

●

●

●

●

Power Reassurance
○ “This offender is driven by a relational fantasy and feels that the victim is special
because of it.”
○ “There is no intent to punish or degrade, and they are the least likely to physically
harm their victim since this would shatter the illusion that the relationship was
somehow wanted”
○ “The attack is intended to restore diminishing feelings of masculinity, and power
is achieved by taking power away from the victim.”
Power Assertive
○ Offender “feel inadequate and both seek affirmation about their masculinity and
worth.”
○ “offender tries to establish a relationship with the victim, and in this way hopes to
shore up their low self-worth.”
○ “offenders try to make themselves feel better by making others feel bad.”
○ “is not concerned about the victim’s welfare in any form. Moderate to excessive
force may be used in controlling the victim, and the attacks will occur at any time
and location that is convenient and safe.”
Anger Retaliatory
○ “does not want to include the victim or want their input. They will use excessive
levels of force, even beyond that needed to gain control over a victim, or that
required to get compliance.”
○ “Offenders hate the target (individual or group) against whom the offense is
committed and will hold them accountable for real wrongs, or misplace their
aggression as would happen in the case of a perceived wrong.”
○ “focus is an individual or a group that has either done something wrong or that
the offender believes has done something wrong.”
Pervasively Angry
○ “The offense is the manifestation of anger not directed at a specific target, group,
or institution, but results from cumulative life stresses in any or all aspects of
being.”
Gang and Opportunistic
○ Reassurance Oriented - seeking emotional support due to low self-esteem
○ Pervasively Angry - group used as a platform to legitimize behavior
○ The gang espouses a philosophy that is concordant with their own
○ Joins gang for monetary gain
Profit
○ Struggling to make ends meet
○ Does not have to be actual cash

8

Digital Forensics Workflow
From “Computer Incident Response and Forensics Team Management : Conducting a Successful Incident Response”

1. Prepare —Specific forensics training, overarching corporate policies and procedures, as
well as practice investigations and examinations will prepare you for an “event.”
Specialized forensics or incident handling certifications are considered of great value for
forensics investigators. Identify —When approaching an incident scene— review what is
occurring on the computer screen. If data is being deleted, pull the power plug from the
wall; otherwise perform real-time capture of system “volatile” data first.
2. Preserve —Once the system-specific “volatile” data is retrieved, then turn off machine,
remove it from scene, and power it up in an isolated environment. Perform a full system
bit-stream image capture of the data on the machine, remembering to “hash” the image
with the original data for verification purposes.
3. Select —Once you have a verified copy of the available data, start investigation of data
by selecting potential evidence files, datasets, and locations data could be stored.
Isolate event-specific data from normal system data for further examination.
4. Examine —Look for potential hidden storage locations of data such as slack space,
unallocated space, and in front of File Allocation Table (FAT) space on hard drives.
Remember to look in registry entries or root directories for additional potential indicators
of data storage activity. Classify —Evaluate data in potential locations for relevance to
current investigation. Is the data directly related to case, or does it support events of the
case, or is it unrelated to the case?
5. Analyze —Review data from relevant locations. Ensure data is readable, legible, and
relevant to investigation. Evaluate it for type of evidence: Is it direct evidence of alleged
issue or is it related to issue?
6. Present —Correlate all data reviewed to investigation papers (warrants, corporate
documents, etc.). Prepare data report for presentation— either in a court of law or to
corporate officers.

Skills/Areas of Knowledge
●
●
●
●
●
●

Encryption
Web development
Malware writing
Programming
Computer vision
Data mining

●
●
●
●
●

Machine learning
Reverse engineering
Networking
Penetration testing
Social engineering

9

File Extensions
●
●
●
●
●
●
●

elf - Linux executable
exe - Windows executable
lnk - Reference/link to another file
txt - Text file
php - Webpage
html - Webpage
bat - Windows shell script

●
●
●
●
●
●

dll - Windows dynamically link library
ps1 - Windows Powershell script
dat - General information file
py - Python script
java - Java source code
webm - Video file

Partition Formats
●
●

●
●
●
●

NTFS - robust and effective. Windows install format. Somewhat low compatibility with
other systems. (1993)
FAT32 (File Allocation Table 32) - all operating systems (universal); Max volume:
depends, typically 2TB, but 32GB in Windows. Max file size 4GB. Not a journaling file
system (more prone to corruption). Does not support file permissions. (1977)
EXFAT - flash drive optimized. More compatible than NTFS, but less than FAT32.
(2006)
EXT4 - Max file size: 16TB. Max volume: 1EB (exabyte) = 1,024PB (petabyte) =
1,048,576 TB (terabyte). Linux install format. Optional journaling file system. (2008)
EXT3 - Max file size: 2TB. Max volume: 32TB. Journaling file system. (2001)
Linux-swap - used when RAM is full.

10

11

Windows Programs
●

●

Programming/Development
○ XAMPP - used to develop
and host websites. Website
files stored in
C:\xampp\htdocs\
○ Python - scripting programing
language
○ PHP - web-focused
programing language
○ Java JDK/JRE - object
oriented programing
language
○ Eclipse - Integrated
development environment for
programming
○ GitHub Desktop - version
control software; usually
used when programming
○ Blender - 3D modeling
program
○ Unity Game Engine - crossplatform game engine for
game development
○ Matlab - Programming
language with mathematical
focus
○ Visual Studio - Integrated
development environment for
programming
○ Sublime Text Editor typically for programming
○ Cygwin - GNU Linux tools for
Windows
Pen-testing
○ Metasploit - penetration
testing software. Has a
folder at ~/.msf4 containing
logs, history, and other
settings.
○ Wireshark - network analysis
software
○ Nmap - network scanner

○

●

●

Tor Browser - proxy-based
browser built on Firefox
○ Burp Suite - web application
testing tool
○ Cain & Able - penetration
testing and password
recovery tool
○ Mimikatz - penetration testing
tool targeting Windows
○ IDA pro - reverse
engineering tool
Defensive
○ Snort - intrusion
detection/prevention system
○ AVG AntiVirus
○ Malwarebytes - antivirus
○ TrueCrypt - used to encrypt
harddrives
○ Autopsy - forensics analysis
software
○ FKTImager - forensics
software for data previews
and imaging
○ RegRipper - forensics
software for extracting
registry data
Utils
○ Putty - SSH and telnet client.
RegRipper has a plugin to
detect SSH keys
○ Icecream Screen Recorder used to record/takes pictures
of screen
○ Win32 Disk Imager - tool for
imaging USB flash drives
○ Rufus - tool for creating
bootable USB flash drives
○ CCleaner - a utility program
used to clean Windows
Registry entries from a
computer.
○ Filezilla - FTP client

12

○
○

●

●

●

7zip - archive utility
BitTorrent - Torrenting
software
Virtualization
○ Virtualbox
○ VMware
○ XenCenter - capable to
nested virtualization
○ Bluestacks - Android virtual
machines
Communication
○ Pidgin - universal chat client
(cross-platform)
○ Thunderbird - email client
(cross-platform)
○ Microsoft Outlook - email
client
Gaming
○ Minecraft - popular crossplatform game

○

●

League of Legends - popular
competitive PC game
○ Steam - video game
distribution platform
○ DaedalusX64 R747 - game
emulation software
General
○ Chrome - best web browser
○ Firefox - decent web browser
○ Teamviewer - remote
desktop software
○ Skype - text and video
communication software
○ VLC Media Player
○ GIMP - raster graphics editor
○ Inkscape - vector graphics
editor
○ Microsoft Office - document
editor

Windows 7 Programs (Default)
In “C:\Program Files”
● Common Files
● DVD Maker
● Internet Explorer
● Microsoft Games
● MSBuild
● Reference Assemblies
● Windows Defender
In “C:\Program Files (x86)”
● Common Files
● Internet Explorer
● MSBuild
● Reference Assemblies
● Windows Defender
● Windows Journal
In “C:\Windows\System32”

●
●
●
●
●
●
●

Windows Journal
Windows Mail
Windows Media Player
WIndows NT
Windows Photo Viewer
Windows Portable Devices
Windows Sidebar

●
●
●
●
●
●

Windows Mail
Windows Media Player
WIndows NT
Windows Photo Viewer
Windows Portable Devices
Windows Sidebar

AdapterTroubleshooter.exe,aitagent.exe,alg.exe,appidcertstorecheck.exe,appidpolicyconverter.exe,ARP.EXE,at.exe,AtBroker.exe,attrib.ex
e,audiodg.exe,auditpol.exe,autochk.exe,autoconv.exe,autofmt.exe,AxInstUI.exe,baaupdate.exe,bcdboot.exe,bcdedit.exe,BdeHdCfg.exe,Bd
eUISrv.exe,BdeUnlockWizard.exe,BitLockerWizard.exe,BitLockerWizardElev.exe,bitsadmin.exe,bootcfg.exe,bridgeunattend.exe,bthudtask.
exe,cacls.exe,calc.exe,CertEnrollCtrl.exe,certreq.exe,certutil.exe,change.exe,charmap.exe,chglogon.exe,chgport.exe,chgusr.exe,chkdsk.ex
e,chkntfs.exe,choice.exe,cipher.exe,cleanmgr.exe,cliconfg.exe,clip.exe,cmd.exe,cmdkey.exe,cmdl32.exe,cmmon32.exe,cmstp.exe,cofire.e
xe,colorcpl.exe,comp.exe,compact.exe,CompMgmtLauncher.exe,ComputerDefaults.exe,conhost.exe,consent.exe,control.exe,convert.exe,c
redwiz.exe,cscript.exe,csrss.exe,ctfmon.exe,cttune.exe,cttunesvr.exe,dccw.exe,dcomcnfg.exe,ddodiag.exe,Defrag.exe,DeviceDisplayObjec
tProvider.exe,DeviceEject.exe,DevicePairingWizard.exe,DeviceProperties.exe,DFDWiz.exe,dfrgui.exe,dialer.exe,diantz.exe,dinotify.exe,dis

13

kpart.exe,diskperf.exe,diskraid.exe,Dism.exe,dispdiag.exe,DisplaySwitch.exe,djoin.exe,dllhost.exe,dllhst3g.exe,dnscacheugc.exe,doskey.e
xe,dpapimig.exe,DpiScaling.exe,dpnsvr.exe,driverquery.exe,drvinst.exe,dvdplay.exe,dvdupgrd.exe,dwm.exe,DWWIN.EXE,dxdiag.exe,Dxp
server.exe,Eap3Host.exe,efsui.exe,EhStorAuthn.exe,esentutl.exe,eudcedit.exe,eventcreate.exe,eventvwr.exe,expand.exe,extrac32.exe,fc.
exe,find.exe,findstr.exe,finger.exe,fixmapi.exe,fltMC.exe,fontview.exe,forfiles.exe,fsutil.exe,ftp.exe,fvenotify.exe,fveprompt.exe,FXSCOVER
.exe,FXSSVC.exe,FXSUNATD.exe,getmac.exe,GettingStarted.exe,gpresult.exe,gpscript.exe,gpupdate.exe,grpconv.exe,hdwwiz.exe,help.e
xe,HOSTNAME.EXE,hwrcomp.exe,hwrreg.exe,icacls.exe,icardagt.exe,icsunattend.exe,ie4uinit.exe,ieUnatt.exe,iexpress.exe,InfDefaultInsta
ll.exe,ipconfig.exe,irftp.exe,iscsicli.exe,iscsicpl.exe,isoburn.exe,klist.exe,ksetup.exe,ktmutil.exe,label.exe,LocationNotifications.exe,Locator.
exe,lodctr.exe,logagent.exe,logman.exe,logoff.exe,LogonUI.exe,lpksetup.exe,lpremove.exe,lsass.exe,lsm.exe,Magnify.exe,makecab.exe,m
anagebde.exe,mblctr.exe,mcbuilder.exe,mctadmin.exe,MdRes.exe,MdSched.exe,mfpmp.exe,MigAutoPlay.exe,mmc.exe,mobsync.exe,mountvol.
exe,mpnotify.exe,MpSigStub.exe,MRINFO.EXE,msconfig.exe,msdt.exe,msdtc.exe,msfeedssync.exe,msg.exe,mshta.exe,msiexec.exe,msin
fo32.exe,mspaint.exe,msra.exe,mstsc.exe,mtstocom.exe,MuiUnattend.exe,MultiDigiMon.exe,NAPSTAT.EXE,Narrator.exe,nbtstat.exe,ndad
min.exe,net.exe,net1.exe,netbtugc.exe,netcfg.exe,netiougc.exe,Netplwiz.exe,NetProj.exe,netsh.exe,NETSTAT.EXE,newdev.exe,nltest.exe,
notepad.exe,nslookup.exe,ntoskrnl.exe,ntprint.exe,ocsetup.exe,odbcad32.exe,odbcconf.exe,openfiles.exe,OptionalFeatures.exe,osk.exe,p
2phost.exe,PATHPING.EXE,pcalua.exe,pcaui.exe,pcawrk.exe,pcwrun.exe,perfmon.exe,PING.EXE,PkgMgr.exe,plasrv.exe,PnPUnattend.e
xe,PnPutil.exe,poqexec.exe,powercfg.exe,PresentationHost.exe,PresentationSettings.exe,prevhost.exe,print.exe,PrintBrmUi.exe,printfilterp
ipelinesvc.exe,PrintIsolationHost.exe,printui.exe,proquota.exe,psr.exe,PushPrinterConnections.exe,qappsrv.exe,qprocess.exe,query.exe,q
user.exe,qwinsta.exe,rasautou.exe,rasdial.exe,raserver.exe,rasphone.exe,rdpclip.exe,rdpinit.exe,rdpshell.exe,rdpsign.exe,rdrleakdiag.exe,
RDVGHelper.exe,ReAgentc.exe,recdisc.exe,recover.exe,reg.exe,regedt32.exe,regini.exe,RegisterIEPKEYs.exe,regsvr32.exe,rekeywiz.exe
,relog.exe,RelPost.exe,repairbde.exe,replace.exe,reset.exe,resmon.exe,RMActivate.exe,RMActivate_isv.exe,RMActivate_ssp.exe,RMActivate_ssp_isv.exe,RmClient.ex
e,Robocopy.exe,ROUTE.EXE,RpcPing.exe,rrinstaller.exe,rstrui.exe,runas.exe,rundll32.exe,RunLegacyCPLElevated.exe,runonce.exe,rwin
sta.exe,sbunattend.exe,sc.exe,schtasks.exe,sdbinst.exe,sdchange.exe,sdclt.exe,sdiagnhost.exe,SearchFilterHost.exe,SearchIndexer.exe,
SearchProtocolHost.exe,SecEdit.exe,secinit.exe,services.exe,sethc.exe,SetIEInstalledDate.exe,setspn.exe,setupcl.exe,setupugc.exe,setx.
exe,sfc.exe,shadow.exe,shrpubw.exe,shutdown.exe,sigverif.exe,slui.exe,smss.exe,SndVol.exe,SnippingTool.exe,snmptrap.exe,sort.exe,So
undRecorder.exe,spinstall.exe,spoolsv.exe,sppsvc.exe,spreview.exe,srdelayed.exe,StikyNot.exe,subst.exe,svchost.exe,sxstrace.exe,Sync
Host.exe,syskey.exe,systeminfo.exe,SystemPropertiesAdvanced.exe,SystemPropertiesComputerName.exe,SystemPropertiesDataExecuti
onPrevention.exe,SystemPropertiesHardware.exe,SystemPropertiesPerformance.exe,SystemPropertiesProtection.exe,SystemPropertiesR
emote.exe,systray.exe,tabcal.exe,takeown.exe,TapiUnattend.exe,taskeng.exe,taskhost.exe,taskkill.exe,tasklist.exe,taskmgr.exe,tcmsetup.
exe,TCPSVCS.EXE,timeout.exe,TpmInit.exe,tracerpt.exe,TRACERT.EXE,tscon.exe,tsdiscon.exe,tskill.exe,TSTheme.exe,TsUsbRedirectio
nGroupPolicyControl.exe,TSWbPrxy.exe,TsWpfWrp.exe,typeperf.exe,tzutil.exe,ucsvc.exe,UI0Detect.exe,unlodctr.exe,unregmp2.exe,upnpc
ont.exe,UserAccountControlSettings.exe,userinit.exe,Utilman.exe,VaultCmd.exe,VaultSysUi.exe,vds.exe,vdsldr.exe,verclsid.exe,verifier.ex
e,vmicsvc.exe,vssadmin.exe,VSSVC.exe,w32tm.exe,waitfor.exe,wbadmin.exe,wbengine.exe,wecutil.exe,WerFault.exe,WerFaultSecure.ex
e,wermgr.exe,wevtutil.exe,wextract.exe,WFS.exe,where.exe,whoami.exe,wiaacmgr.exe,wiawow64.exe,wimserv.exe,WindowsAnytimeUpgr
adeResults.exe,wininit.exe,winload.exe,winlogon.exe,winresume.exe,winrs.exe,winrshost.exe,WinSAT.exe,winver.exe,wisptis.exe,wksprt.e
xe,wlanext.exe,wlrmdr.exe,wowreg32.exe,WPDShextAutoplay.exe,wpnpinst.exe,write.exe,wscript.exe,WSManHTTPConfig.exe,wsmprovh
ost.exe,wsqmcons.exe,wuapp.exe,wuauclt.exe,WUDFHost.exe,wusa.exe,xcopy.exe,xpsrchvw.exe,xwizard.exe

Windows Registry Hives
●

●
●

C:\Windows\System32\config\
○ SAM - user account information
○ SYSTEM ○ SOFTWARE ○ SECURITY C:\Users\\
○ NTUSER.DAT
C:\Users\\AppData\Local\Microsoft\Windows\
○ USRCLASS.DAT

14

Glossary
From “Computer Incident Response and Forensics Team Management : Conducting a Successful Incident Response”

●

●

●

●

●

●

●
●
●

Attacker : “Person or entity performing any kind of malicious activity that attempts to
collect, disrupt, deny, degrade, or destroy information system resources or the
information itself.”
Botnet : Shorted term for Robot Network, this is a network of compromised computers
and servers that are remotely controlled by unauthorized personnel where the
compromised devices are performing activities not under the
Computer Forensics : “The practice of gathering, retaining, and analyzing computerrelated data for investigative purposes in a manner that maintains the integrity of the
data.”
Digital Signature : “A digital signature is a mathematical encryption mechanism for
proving the authenticity of a digital message or document. A valid digital signature gives
a recipient reason to believe that the message was created by a known sender, such
that the sender cannot deny having sent the message (authentication and
nonrepudiation) and that the message was not altered in transit (integrity). Digital
signatures are commonly used for software distribution, financial transactions, and in
other cases where it is important to detect forgery or tampering.”
Cybercrime profiling : “the investigation, analysis, assessment and reconstruction of data
from a behavioral/psychological perspective extracted from computer systems, networks
and the humans committing the crimes”
○ “The inductive approach assumes that individuals who committed the same
crimes in the past share characteristics with individuals who are committing the
same crime now. Examples of such profiles are those created for serial killers
and rapists. The deductive approach uses evidence collected at the crime scene
to develop a specific profile that can be used for offender identification.
Understanding inductive profiles helps as the deductive approach frequently
looks to them for clues in developing a more specific offender profile”
Intent : The intent to commit a crime: malice, as evidenced by a criminal act; intent to
deprive or defraud the true owner of his property. A person intends a consequence they
foresee that it will happen if the given series of acts or omissions continue, and desires it
to happen.
Intrusion : The unauthorized act of bypassing the security mechanisms of a system for
the purposes of causing an incident.
Logic Bomb : A piece of code intentionally inserted into a software system that will set off
a malicious function when specified conditions are met.
Malware : Malicious software which is designed to damage or disable computers with
the intent to steal information or gain control of the device. Software or firmware
intended to perform an unauthorized process that will have adverse impact on the
confidentiality, integrity, or availability of an information system. Examples include virus,
worm, Trojan horse, or other code-based entity that infects a host. Spyware and some
forms of adware are also examples of malicious code.

15

●

●

●
●
●
●
●

●

●

Nonrepudiation : “Assurance that the sender of information is provided with proof of
delivery and the recipient is provided with proof of the sender’s identity, so neither can
later deny having processed the information. This protection against an individual falsely
denying having performed a particular action provides the capability to determine
whether a given individual took a particular action such as creating information, sending
a message, approving information, and receiving a message.”
Penetration Test : A test methodology in which assessors, typically working under
specific constraints, attempt to circumvent or defeat the security features of an
information system.
Piracy : Illegally reproducing copyrighted work. Music, photographs, movies, and
software are all potentially copyrighted and can be pirated.
Privacy : The act of guaranteeing that the interests of persons and organizations are
protected and secluded from outside disclosure.
Spam : Electronic junk mail or the abuse of electronic messaging systems to
indiscriminately send unsolicited bulk messages.
Spear phishing : A targeted phishing attack on a select group of victims, usually
executives.
Spoofing : There are two meanings to spoofing in our context:
○ Either faking the sending address of a transmission to gain illegal entry into a
secure system or
○ the deliberate inducement of a user or resource to take incorrect action.
○ Note: Impersonating, masquerading, piggybacking, and mimicking are forms of
spoofing.
Spyware : Software that is secretly or surreptitiously installed into an information system
to gather information on individuals or organizations without their knowledge; a type of
malicious code.
Zombie : An infected computer that floods another computer with packets in an attempt
to infect or crash it without the consent or knowledge of the infected computer’s owner.

16

References
●
●
●
●
●
●

●

●

●

●

https://www.diffen.com/difference/FAT32_vs_NTFS
https://www.howtogeek.com/235596/whats-the-difference-between-fat32-exfat-and-ntfs/
http://www.pointsoftware.ch/en/4-ext4-vs-ext3-filesystem-and-why-delayed-allocation-isbad/
http://www.ntfs.com/ntfs_vs_fat.htm
Petherick, Wayne. Profiling and Serial Crime : Theoretical and Practical Issues, Elsevier
Science & Technology, 2012. ProQuest Ebook Central,
http://ebookcentral.proquest.com/lib/fbial-ebooks/detail.action?docID=1111846.
Created from fbial-ebooks on 2018-06-30 20:38:56.
Johnson, Leighton. Computer Incident Response and Forensics Team Management :
Conducting a Successful Incident Response, William Andrew, 2013. ProQuest Ebook
Central, http://ebookcentral.proquest.com/lib/fbial-ebooks/detail.action?docID=1115165.
Created from fbial-ebooks on 2018-06-30 20:03:59.
Shipley, Todd G., and Art Bowker. Investigating Internet Crimes : An Introduction to
Solving Crimes in Cyberspace, William Andrew, 2013. ProQuest Ebook Central,
http://ebookcentral.proquest.com/lib/fbial-ebooks/detail.action?docID=1115158.
Created from fbial-ebooks on 2018-06-30 16:11:30.
Cyber Crime and Cyber Terrorism Investigator's Handbook, edited by Babak Akhgar, et
al., William Andrew, 2014. ProQuest Ebook Central,
http://ebookcentral.proquest.com/lib/fbial-ebooks/detail.action?docID=1744499.
Created from fbial-ebooks on 2018-06-30 15:40:55.
Johnson, Leighton. Computer Incident Response and Forensics Team Management :
Conducting a Successful Incident Response, William Andrew, 2013. ProQuest Ebook
Central, http://ebookcentral.proquest.com/lib/fbial-ebooks/detail.action?docID=1115165.
Created from fbial-ebooks on 2018-06-30 14:41:06.

17
Source Exif Data: 
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.7
Linearized                      : No
Page Count                      : 17
Language                        : en-US
Tagged PDF                      : Yes
XMP Toolkit                     : 3.1-701
Producer                        : Microsoft® Word for Office 365
Creator Tool                    : Microsoft® Word for Office 365
Create Date                     : 2018:09:26 20:36:35+00:00
Modify Date                     : 2018:09:26 20:36:35+00:00
Document ID                     : uuid:2553B402-2A3E-4A07-BBBC-B9592A620249
Instance ID                     : uuid:2553B402-2A3E-4A07-BBBC-B9592A620249
Creator                         : Microsoft® Word for Office 365
EXIF Metadata provided by EXIF.tools

Navigation menu