Some of the more frequent incidents would be the following:
- Theft of private information: This is one of the main worries both for users and for companies.
- Fraud: There are huge numbers of examples of Internet frauds. Among them, the following are of particular note:
- Malware: This is another common incident. Some significant data would be:
- There are about 170 million known malware samples, of which nearly 70 million were first detected in 2013.
- Cyber-crime caused losses of 87,000 million euro in 2013.
- McAfee catalogues more than 100,000 examples every day.
- Unauthorized access: According to a study by ThreatTrack Security, unauthorized access to web-pages with a sexual content is one of the principal causes of infections in company computers.
- Inappropriate use of resources: Printing personal documents or downloading audio-visual materials like films or television series are some of the more common examples.
- Intellectual property: This involves a very large cost every year. According to the study on “Net Losses – Estimating the Global Cost of Cyber-Crime” undertaken by McAfee to find out the overall financial impact of cyber-crime, worldwide losses reach as much as 400,000 million dollars. One of the main reasons is the theft of intellectual property.
Hence, INCIBE is publishing a guide to evidence gathering in Windows environments. Its aim is to offer practical advice on the steps to be taken when an incident occurs. This should allow performing the evidence gathering process needed for later analysis that can lead to a solution for the incident in question. The document does not cover this later analysis stage.
The guide offers an overview of the process, explaining what it involves, what its purpose is, what stages it consists of, and the methods for carrying it out, among other subjects. It also gives a more detailed account as to getting specific evidence. It should be kept in mind that although the guide does give an initial account of the process of digital forensic analysis, it concentrates principally on the evidence gathering stage, as this is its chief aim.
The “Guide to Evidence Gathering in Windows Environments” may be downloaded from: