In Chapter 6, you learned about technical intrusions and attacks on networks and how hackers (and hacker wannabes) can exploit the protocols, operating systems, and applications to commit the criminal acts of unauthorized access, interrupting network communications, and destroying or damaging computer data. It is important for investigators to have at least a basic understanding of how these attacks are carried out. It is also important for investigators to be aware of how networks can be defended from further attacks, for several reasons:

• In the course of investigating an intrusion or attack, knowing what security measures were in place at the time of the incident might help narrow down the exact nature of the attack and even who could have perpetrated it.

• Understanding how various security measures work can lead investigators to log files and other sources of information useful in the investigation.

• Knowledge of security measures and concepts allows investigators to make suggestions to victims as to how they might prevent further incidents.

• Some of the measures used by the good guys to protect their networks and data (such as encryption) can also be used by the bad guys to cover their criminal activities.

Knowledge is power. That s a famous hacker motto, (along with such other gems as Information wants to be free and the simplistic but optimistically ambitious Hack the world! ). However, it is a truism that applies not only to people attempting to gain access to data they aren t supposed to see, but...