Computer Crime Investigation Framework (CCIF)

We are developing a structured approach for Computer Crime Investigation to assist law enforcement agencies that lack the time, resource and money.  The first draft of this methodology is expected to release in the start of 2005. Brief overview of this framework is given below.

Target Audience

  • Penetration Tester, Security Auditor and Security testers

  • Security engineers and consultants

  • System/network/Web administrators

  • Security testing project managers

  • Technical and Functional Managers

  • IT Staff responsible for information security


Chapter 1: Nuts and Bolts of Computer Forensics and Incident Response

  1. Introduction to Cyber Crime

  2. Type of Cyber Crime

  3. Understanding Cyber Crime World
    Understanding Cyber Victims
    Understanding Cyber Criminal
    Understanding Cyber Investigator

  4. Challenges of Cyber Crime
    New technologies and new vulnerabilities
    Choices of Cyber Criminals
    E-Commerce and Online Banking
    Instant Messaging
    Mobile Computing
    New Operating Systems and Applications
    Web and Mail Technologies
    Thwarting the Cyber Criminal

  5. Evidence gathering process

  6. Understanding Volatility of Evidence

  7. Creating a Forensic Boot Disk

Chapter 2: Recovering and Preserving Evidence

  1. Protecting Evidence (Disk Imaging)

  2. Auditing and Logging Procedure

  3. Examining log files and their size

  4. Centralized Logging

  5. Collecting Evidence using sniffers

  6. Time Synchronization and Stamping

  7. Searching Keywords

  8. Recovering evidence
    Deleted files
    Locating web cache and browser history data
    From temporary files
    From print spooler files
    From swap and page files
    From Backups
    Finding and decrypting encrypted files
    Recovering data from hidden files
        Hidden files
        Steganography files
        Password protected compressed files
    Cracking password protection
    Collecting data from Memory
    From Registry
    Viewing and Editing the Registry
    Collecting the Registry Data
    Analyzing the Registry Data
    Collecting Deleted files through the Recycle Bin
    Collecting E-mails

  9. Router Log, Reports, Alarms and Alerts

  10. Firewall Log, Reports, Alarms and Alerts

  11. Hacking tools Forensics

Chapter 3: Back Tracing

  1. Email Header Analysis

  2. Tracing a domain name or IP Address

Chapter 4: Miscellaneous Cyber Crime Detection Techniques

  1. IP address spoofing

  2. Anti Detection techniques

  3. Decoy techniques ( HoneyNet, HonePot and Other Cyber Stings)

  4. Intrusion Detection System

If you are interested to contribute and/or want latest and greatest document, contact us at This email address is being protected from spambots. You need JavaScript enabled to view it.