Chapter 13
Computer Intrusions
On completion of this chapter the student will:
– Recognize that the value of digital data has made it the target.
– Be aware of the reasons that criminals break into computers.
– Be aware of how computer intruders operate.
– Be aware of the tactics used in computer intrusions:
– Recognize that the first step in an intrusion investigation is to confirm that there actually
was one.
– Be aware of the need to de
– Recognize that an intrusion investigation requires a wide range of forensic skills.
–
– Recognize that the scientific method can be applied to intrusion investigations.
– Be aware of conflicting goals of the investigators and network administrators.
– Recognize that the majority of compromised systems in an intrusion will contain
malicious programs.
– Be aware that malware must be analyzed as part of the intrusion investigation.
– Recognize that intrusion investigations frequently cross jurisdictional lines.
– Recognize that the intrusion must ultimately be linked to a person.
–