PDF Cybercrime Investigations A Comprehensive Resource For Everyone 1St Edition John Bandler Ebook Full Chapter

Cybercrime Investigations: A
Comprehensive Resource for Everyone

1st Edition John Bandler
Visit to download the full and correct content document:
https://textbookfull.com/product/cybercrime-investigations-a-comprehensive-resource-
for-everyone-1st-edition-john-bandler/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
Abstract Algebra A Comprehensive Introduction 1st

Edition John W. Lawrence
https://textbookfull.com/product/abstract-algebra-a-
comprehensive-introduction-1st-edition-john-w-lawrence/
The skilled facilitator a comprehensive resource for

consultants facilitators managers trainers and coaches
Third Edition Roger M. Schwarz
https://textbookfull.com/product/the-skilled-facilitator-a-
comprehensive-resource-for-consultants-facilitators-managers-
trainers-and-coaches-third-edition-roger-m-schwarz/
English for Everyone — Junior - 5 Words a Day 1st

Edition Collect.
https://textbookfull.com/product/english-for-everyone-
junior-5-words-a-day-1st-edition-collect/
Comprehensive Clinical Nephrology 6th Edition John

Feehally
https://textbookfull.com/product/comprehensive-clinical-
nephrology-6th-edition-john-feehally/
Practical Stress Management A Comprehensive Workbook
John A. Romas And Manoj Sharma (Auth.)
https://textbookfull.com/product/practical-stress-management-a-
comprehensive-workbook-john-a-romas-and-manoj-sharma-auth/
Bird’s Comprehensive Engineering Mathematics Second

Edition John Bird
https://textbookfull.com/product/birds-comprehensive-engineering-
mathematics-second-edition-john-bird/
The Academic Phrasebank an academic writing resource

for students and researchers 4e John Morley
https://textbookfull.com/product/the-academic-phrasebank-an-
academic-writing-resource-for-students-and-researchers-4e-john-
morley/
Comprehensive glossary of terms used in toxicology 1st

Edition John Duffus
https://textbookfull.com/product/comprehensive-glossary-of-terms-
used-in-toxicology-1st-edition-john-duffus/
Canine Assisted Interventions A Comprehensive Guide to

Credentialing Therapy Dog Teams 1st Edition John-Tyler
Binfet
https://textbookfull.com/product/canine-assisted-interventions-a-
comprehensive-guide-to-credentialing-therapy-dog-teams-1st-
edition-john-tyler-binfet/
Cybercrime Investigations
Cybercrime Investigations
A Comprehensive Resource for Everyone
John Bandler
Antonia Merzon
First edition published 2020
by CRC Press
6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742
and by CRC Press
2 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN
© 2020 Taylor & Francis Group, LLC
CRC Press is an imprint of Taylor & Francis Group, LLC
International Standard Book Number-13: 978-0-367-19623-3 (Hardback)
International Standard Book Number-13: 978-1-003-03352-3 (eBook)
Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot
assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers
have attempted to trace the copyright holders of all material reproduced in this publication and apologize to
copyright holders if permission to publish in this form has not been obtained. If any copyright material has not
been acknowledged please write and let us know so we may rectify in any future reprint.
Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted,
or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including
photocopying, microfilming, and recording, or in any information storage or retrieval system, without written
permission from the publishers.
For permission to photocopy or use material electronically from this work, access www.copyright.com or contact
the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works
that are not available on CCC please contact mpkbookspermissions@tandf.co.uk
Trademark notice: Product or corporate names may be trademarks or registered trademarks, and are used only for
identification and explanation without intent to infringe.
Library of Congress Cataloging-in-Publication Data
Library of Congress Cataloging-in-Publication Data
Names: Bandler, John, author. | Merzon, Antonia, author.

Title: Cybercrime investigations : the comprehensive resource for everyone / by John Bandler
and Antonia Merzon.
Description: First edition. | Boca Raton, FL : CRC Press/ Taylor & Francis Group, 2020. | Includes
bibliographical references and index. | Summary: “Cybercrime continues to skyrocket but we are not
combatting it effectively yet. We need more cybercrime investigators from all backgrounds and working in every
sector to conduct effective investigations. This book is a comprehensive resource for everyone who encounters and
investigates cybercrime, no matter their title, including those working on behalf of law enforcement, private
organizations, regulatory agencies, or individual victims. It provides helpful background material about
cybercrime's technological and legal underpinnings, plus in-depth detail about the legal and practical aspects of
conducting cybercrime investigations. Key features of this book include : Understanding cybercrime, computers,
forensics, and cybersecurity, law for the cybercrime investigator, including cybercrime offenses ; cyber evidence-
gathering ; criminal, private and regulatory law, and nation-state implications ; cybercrime investigation from three
key perspectives : law enforcement, private sector, and regulatory ; financial investigation ; identification
(attribution) of cyber-conduct ; apprehension ; litigation in the criminal and civil arenas. This far-reaching book is
an essential reference for prosecutors and law enforcement officers, agents and analysts ; as well as for private
sector lawyers, consultants, information security professionals, digital forensic examiners, and more. It also
functions as an excellent course book for educators and trainers. We need more investigators who know how to
fight cybercrime, and this book was written to achieve that goal. Authored by two former cybercrime prosecutors
with a diverse array of expertise in criminal justice and the private sector, this book is informative, practical, and
readable, with innovative methods and fascinating anecdotes throughout”— Provided by publisher.
Identifiers: LCCN 2020000272 | ISBN 9780367196233 (hardback) | ISBN 9781003033523 (ebook)
Subjects: LCSH: Computer crimes–Investigation.
Classification: LCC HV8079.C65 B36 2020 | DDC 363.25/968–dc23
LC record available at https://lccn.loc.gov/2020000272
Visit the Taylor & Francis Web site at

http://www.taylorandfrancis.com
and the CRC Press Web site at
http://www.crcpress.com
Dedication
To all cybercrime investigators, past, present, and future, whose

diligent and professional work keeps us safe.
J.B. and A.M.
To my wife, children, and parents.

J.B.
To my wonderful family.
A.M.
Contents
About the Authors................................................................................................................xxi
Acknowledgments...............................................................................................................xxiii
PART I Understanding Cybercrime, Computers, and

Cybersecurity 1
Chapter 1 Introduction: The Need for Good Cybercrime Investigators................................3

1.1 Why This Book............................................................................................ 3
1.2 Who Investigates Cybercrime? ..................................................................... 5
1.3 How This Book Is Organized ...................................................................... 6
1.4 Keeping It Fun: Anecdotes, Cases, Diagrams, and Cartoons....................... 7
1.5 Onward and Upward ................................................................................... 8
Chapter 2 What Is Cybercrime and Why Is It Committed? ..................................................9

2.1 Introduction ................................................................................................ 9
2.2 What Makes a “Cyber” Activity a Crime? A Quick Introduction to Cyber-
crime Offenses.............................................................................................. 9
2.2.1 Computer and Network Intrusions ..............................................10
2.2.2 Data Breaches, Theft of Data, and Data Trafficking....................11
2.2.3 Transmission and Use of Malware ...............................................11
2.2.4 Tampering with or Damaging a Network or System ....................11
2.2.5 Identity Theft and Impersonation ................................................12
2.2.6 Theft of Funds and Fraud Schemes .............................................12
2.2.7 Blackmail and Extortion..............................................................13
2.2.8 Money Laundering ......................................................................13
2.2.9 Harassment, Threats, Stalking, and Revenge Porn.......................14
2.2.10 Possessing, Selling, or Sharing Child Pornography ......................15
2.2.11 Trafficking of Physical Contraband..............................................15
2.2.12 Gambling .....................................................................................15
2.3 Cybercrime vs. Traditional Street Crime: The Differences ......................... 15
2.3.1 Technology, Internet and Networks ...............................................16
2.3.2 Distance: The National and International Nexus ..........................16
2.3.3 Investigation Rate and Solve Rate .................................................17
2.3.4 Connection to a Broad Criminal Ecosystem ..................................17
2.4 Motives and Actors ................................................................................... 18
2.4.1 Profit and Greed ............................................................................18
2.4.2 Personal Attack .............................................................................18
2.4.3 Thrill and Bragging Rights ............................................................18
2.4.4 Activism.........................................................................................19
vii
viii Contents
2.4.5 Corporate Espionage .....................................................................19

2.4.6 Nation-State Objectives .................................................................19
2.4.7 Terrorism .......................................................................................20
2.5 The Cybercrime-For-Profit Economy ........................................................ 20
2.5.1 The Connection between Identity Theft and Cybercrime...............21
2.5.2 The Cybercrime Economy Earns Money and Requires Payments .....22
2.6 Digital Evidence: The Backbone of Any Cyber Investigation
(and Traditional Investigations, Too)......................................................... 23
2.7 Conclusion................................................................................................. 24
Chapter 3 Introduction to Computers, Networks, and Forensics........................................26

3.1 Introduction .............................................................................................. 26
3.2 How Computers Work............................................................................... 27
3.3 Basic Hardware Parts of Computers.......................................................... 29
3.3.1 Case .............................................................................................29
3.3.2 Power Source ...............................................................................30
3.3.3 Processors (CPUs)........................................................................30
3.3.4 Memory (Volatile Storage – RAM)..............................................31
3.3.5 Persistent Storage (HDD/SSD) ....................................................31
3.3.6 Communicating with the User: Interfaces for Input
and Output...................................................................................31
3.3.7 Communicating with Other Computers (NIC).............................32
3.3.8 Physical Ports...............................................................................32
3.3.9 Putting the Parts Together ...........................................................32
3.3.10 External Storage, Servers and More.............................................32
3.4 Basic Computer Software Categories......................................................... 34
3.4.1 BIOS/UEFI ...................................................................................34
3.4.2 Operating Systems .........................................................................34
3.4.3 Applications...................................................................................35
3.5 Basic Networking and Internet Usage ....................................................... 35
3.5.1 Networking Hardware ...................................................................35
3.5.1.1 NIC and MAC Addresses ............................................... 35
3.5.1.2 Cables, Wireless, and Network Switches ......................... 36
3.5.1.3 Modem ........................................................................... 36
3.5.1.4 Router ............................................................................. 36
3.5.2 Networking Communication and Internet Protocol (IP)
Addresses.......................................................................................37
3.5.3 TCP versus UDP ...........................................................................39
3.5.4 Domain Name System (DNS) .......................................................39
3.5.5 Website Hosting .............................................................................40
3.6 Proxies, VPNs, and Tor.............................................................................. 41
3.7 Encryption................................................................................................. 43
3.7.1 Encryption in Transit.....................................................................43
3.7.2 Encryption at Rest .........................................................................43
3.8 Digital Forensics and Evidence Gathering................................................. 44
3.8.1 Ensuring Integrity of Stored Data: Hashing ..................................45
Contents ix
3.8.2 Stored Data (Persistent Storage) in Devices: Forensically

Obtaining Evidence through Imaging and Analysis .......................46
3.8.2.1 Preview/Triage................................................................. 46
3.8.2.2 Imaging........................................................................... 46
3.8.2.3 Analysis .......................................................................... 47
3.8.3 Volatile Memory: Conducting Memory Forensics .........................48
3.8.4 Website Evidence: Viewing and Preserving ....................................48
3.8.5 Emails and Email Headers.............................................................48
3.8.6 Forensic Examination Tools...........................................................49
3.9 Conclusion................................................................................................. 49
Chapter 4 Introduction to Information Security and Cybersecurity ...................................50

4.1 Introduction .............................................................................................. 50
4.2 Basic Information Security and Cybersecurity Principles .......................... 50
4.2.1 CIA: The Three Information Security Objectives...........................51
4.2.2 Controls to Protect Information Systems.......................................52
4.2.3 Authentication to Guard Access ...................................................52
4.2.4 Principle of Least Privilege ............................................................54
4.2.5 Incident Response..........................................................................55
4.3 Information Security Frameworks ............................................................. 56
4.3.1 The Four Pillars: Knowledge, Devices, Data, and Networks .........57
4.3.2 CIS Critical Security Controls .......................................................57
4.3.3 NIST Cybersecurity Framework (CSF) .........................................59
4.3.4 NIST SP 800-53 .............................................................................59
4.3.5 ISO/IEC 27000 Series.....................................................................60
4.3.6 AICPA SSAE 18 ............................................................................61
4.3.7 Other Information Security Frameworks .......................................61
4.4 Conclusion................................................................................................. 62
PART II Law for the Cybercrime Investigator 63
Chapter 5 Fundamental Principles of Criminal and Civil Law ...........................................65

5.1 Introduction............................................................................................. 65
5.2 Criminal Law and Procedure ................................................................... 65
5.2.1 The Participants.............................................................................66
5.2.2 The Criminal Justice Process..........................................................66
5.2.3 Criminal Justice Protections...........................................................68
5.2.4 How Investigations and Prosecutions are Started ..........................69
5.2.5 Categories of Criminal Charges .....................................................70
5.2.6 Charging the Defendant and Judicial Review: Complaints, Indict-
ments, Grand Jury, Preliminary Hearings ......................................71
5.2.7 The Investigative Role of the Grand Jury.......................................72
5.3 Who Investigates and Prosecutes Crimes?................................................ 72
5.3.1 State/Local Enforcement and Federal Enforcement.......................72
x Contents
5.3.2 Jurisdiction and Venue ...................................................................73

5.3.3 Resources, Expertise, and Collaboration........................................74
5.4 What Constitutes a Crime and Its Elements ............................................ 74
5.4.1 Act or Omission (actus reus) ..........................................................75
5.4.2 Culpable Mental States (mens rea) .................................................75
5.4.3 Anticipatory Offenses (Such as Attempt and Conspiracy) .............76
5.5 Defenses (Such as Self-defense and Entrapment) ..................................... 77
5.6 The Fourth Amendment: Constitutional Rules for Search and Seizure.... 77
5.6.1 Expectation of Privacy...................................................................78
5.6.2 Consent..........................................................................................79
5.6.3 The Search Warrant Requirement..................................................80
5.6.4 Exceptions to the Search Warrant Requirement ............................80
5.6.5 Workplace Searches and Monitoring .............................................81
5.6.6 Private Searches versus Public Searches .........................................81
5.7 The Exclusionary Rule: Protections and Consequences
for Improper Investigative Action............................................................ 82
5.7.1 Physical Evidence...........................................................................82
5.7.2 Other Forms of Evidence: Unlawful Arrests, Statements, and Wit-
ness Identifications.........................................................................82
5.7.3 Fruit of the Poisonous Tree Doctrine.............................................83
5.8 Civil Law and Procedure.......................................................................... 84
5.8.1 The Civil Litigation Process ...........................................................84
5.8.2 Causes of Action............................................................................85
5.8.2.1 Intentional Torts ............................................................. 85
5.8.2.2 Negligence Torts ............................................................. 86
5.8.2.3 Breach of Contract.......................................................... 87
5.8.2.4 Cybercrime-Specific Causes of Action ............................ 87
5.8.2.5 Regulatory Actions ......................................................... 88
5.9 Licensing and Regulatory Law................................................................. 88
5.10 Conclusion............................................................................................... 89
Chapter 6 Cybercrime Defined: The Criminal Statutes Outlawing Criminal Conduct

Online ................................................................................................................90
6.1 Introduction .............................................................................................. 90
6.2 Federal and State Law ............................................................................... 90
6.3 Federal Cybercrime Law............................................................................ 91
6.3.1 The Computer Fraud and Abuse Act (CFAA)...............................91
6.3.2 The Wiretap Act ............................................................................92
6.3.3 Unlawful Access to Stored Communications .................................94
6.3.4 The Controlling the Assault of Non-Solicited Pornography and
Marketing Act (CAN-SPAM Act) .................................................94
6.3.5 Communication Interference .........................................................95
6.4 State Cybercrime Law................................................................................ 95
6.5 “Traditional” Federal and State Laws that Apply to Cybercrime .............. 96
6.5.1 Theft/Larceny...............................................................................97
Contents xi
6.5.2 Possession/Receiving of Stolen Property ......................................98

6.5.2.1 Property: A Changing Concept in the Cyber Age ........... 98
6.5.3 Identity Theft...............................................................................99
6.5.4 Impersonation............................................................................100
6.5.5 Credit/Debit Card Fraud ...........................................................101
6.5.6 Bank Fraud................................................................................102
6.5.7 Wire Fraud.................................................................................102
6.5.8 Forgery.......................................................................................102
6.5.9 Money Laundering ....................................................................103
6.5.10 Harassment, Stalking, and Sextortion........................................105
6.5.10.1 First Amendment Considerations................................105
6.5.11 Child Exploitation and Pornography .........................................106
6.5.12 Vandalism ..................................................................................106
6.5.13 Organized Crime ........................................................................107
6.5.14 Attempt and Conspiracy............................................................107
6.6 Conclusion................................................................................................108
Chapter 7 The Law Enforcement Legal Toolkit for Investigating Cybercrime:

Laws for Gathering Criminal Cyber Evidence..................................................110
7.1 Introduction .............................................................................................110
7.2 Privacy and Consent: Applying These Principles to Communications ......111
7.2.1 Communications and Privacy ......................................................111
7.2.2 Communications and Consent .....................................................112
7.2.3 Reasonable Expectation of Privacy in the Workplace ..................113
7.3 The Nine Tools for Gathering Evidence ...................................................113
7.3.1 Open-Source Investigation...........................................................114
7.3.2 Obtaining Consent.......................................................................114
7.3.3 Subpoena Duces Tecum...............................................................114
7.3.4 Section 2703(d) Order ..................................................................115
7.3.5 Search Warrant ............................................................................116
7.3.6 Pen Register and Trap-and-Trace Device .....................................117
7.3.7 Wiretap ........................................................................................118
7.3.8 Letter of Preservation ..................................................................118
7.3.9 Non-Disclosure Request and Order .............................................119
7.4 The Electronic Communications Privacy Act (ECPA): Applying
the Tools to Online Communications .......................................................119
7.4.1 The Stored Communications Act: Records of Past
Communications..........................................................................120
7.4.1.1 The Role of Third-Party Providers .................................121
7.4.1.2 Services Covered by the SCA (ECS and RCS) ...............121
7.4.1.3 “Content” vs. “Non-Content” Information ...................123
7.4.1.4 Subscriber and Session Information...............................123
7.4.1.5 Sensitive Non-Content Information...............................123
7.4.1.6 Location Information ....................................................124
7.4.1.7 Content Information......................................................124
xii Contents
7.4.1.8 SCA Rules for Letters of Preservation,

Non-Disclosure,and Delayed Disclosure Orders ............126
7.4.2 The Pen/Trap Statute: Live Monitoring of Non-Content
Information .................................................................................127
7.4.3 The Wiretap Act: Live Monitoring of Content Information ........127
7.5 Obtaining Evidence Located in Another State..........................................128
7.5.1 Federal Investigations ..................................................................129
7.5.2 State and Local Investigations .....................................................129
7.5.3 Search Warrant Considerations for Out-of-State
Devices and Physical Premises .....................................................130
7.6 Obtaining Evidence Stored Overseas by U.S. Entities:
The CLOUD Act ......................................................................................131
7.7 Obtaining Evidence Located in Another Country ....................................132
7.7.1 Presence of Evidence or Its Custodian Corporation
in the United States......................................................................133
7.7.2 Mutual Legal Assistance Treaties (MLATs).................................133
7.7.3 Letters Rogatory ..........................................................................133
7.7.4 Informal Assistance .....................................................................134
7.7.5 Egmont Request ..........................................................................134
7.7.6 Suspects Located in Other States and Foreign Countries
(Preview) ......................................................................................134
7.8 Conclusion................................................................................................135
Chapter 8 Cyber Investigations Linked to Nation-States or Terrorists .............................136

8.1 Introduction .............................................................................................136
8.2 Laws and Measures Relating to Nation-State and Terrorist Activity ........137
8.2.1 Criminal Laws..............................................................................138
8.2.2 Civil Laws and the Foreign Sovereign Immunities Act (FSIA) ....138
8.2.3 International Treaties, Agreements, and Judicial Processes ..........139
8.2.4 Laws and Principles of Sovereignty and Waging War ..................140
8.2.5 Terrorism-Related Measures ........................................................141
8.2.6 Espionage, Clandestine and Covert Operations,
and Propaganda...........................................................................142
8.3 The Motives and Actions of Nation-States...............................................143
8.3.1 Generating Funds ........................................................................143
8.3.2 Nation-State Commercial Espionage ...........................................145
8.3.3 Attacks on Infrastructure ............................................................146
8.3.4 Attacks to Advance Strategic Interests ........................................147
8.4 Terrorist Funding, Recruiting, Vandalism, and Attacks ...........................150
8.4.1 Terrorist Funding.........................................................................150
8.4.2 Recruitment .................................................................................151
8.4.3 Cyber Vandalism and Hacktivism................................................151
8.4.4 Inciting Local Attacks .................................................................151
8.5 What to Do if the Investigation Leads to a Nation-State or Terrorist.......152
8.6 Conclusion................................................................................................152
Contents xiii
Chapter 9 Civil and Regulatory Implications of Cybercrime: Cyberlaw in the Civil and
Regulatory Sectors ...........................................................................................153
9.1 Introduction............................................................................................153
9.2 Attorney–Client Privilege........................................................................153
9.3 Civil Lawsuits against Cybercriminals: Actions for Intentional Torts .....154
9.4 “Hacking Back”: Intentional Acts by Cybercrime Victims that Could
Incur Liability .........................................................................................155
9.5 Cybercrime Statutory Causes of Action..................................................156
9.6 Negligent Cyber Torts: The Reasonable Person and the Standard of
Care ........................................................................................................157
9.6.1 Negligence that Directly Causes the Harm ..................................157
9.6.2 Negligence that Allows the Commission of a Crime by a Third
Party ............................................................................................158
9.6.2.1 Theft of Automobile ......................................................159
9.6.2.2 Premises Liability...........................................................159
9.6.2.3 Cybercrime Liability ......................................................159
9.7 Actions under Contract Law...................................................................160
9.7.1 Cyber Insurance Policies ..............................................................162
9.8 Civil Actions for Asset Forfeiture by the Government ............................162
9.8.1 Federal and State Laws ................................................................162
9.8.2 Temporary Restraining Orders (TROs)........................................163
9.8.3 Burden of Proof ...........................................................................163
9.9 General Civil Laws and Regulations Regarding Cybersecurity and
Privacy ....................................................................................................164
9.9.1 Data Disposal Laws and Rules ....................................................165
9.9.2 Information Security Laws...........................................................165
9.9.3 Data Breach Notification Laws....................................................166
9.9.4 Privacy Laws and Who Enforces Them .......................................166
9.9.4.1 FTC and State Attorneys General .................................167
9.9.4.2 GDPR............................................................................167
9.9.4.3 California Consumer Privacy Act ..................................168
9.9.4.4 Colorado Protections for Consumer Data Privacy Act
(PCDPA)........................................................................168
9.10 Civil Laws and Regulations for Specific Sectors......................................168
9.10.1 Financial Sector .........................................................................169
9.10.1.1 GLBA: Gramm-Leach-Bliley Act ................................169
9.10.1.2 FFIEC and SEC Requirements....................................169
9.10.1.3 New York Information Security Requirements for the
Financial Sector ...........................................................170
9.10.2 Health Sector Regulations: HIPAA and HITECH.....................170
9.11 Conclusion..............................................................................................170
xiv Contents
PART III The Cybercrime Investigation 171
Chapter 10 Embarking on a Cybercrime Investigation: The Three Perspectives and Key

Areas of Focus .................................................................................................173
10.1 Introduction............................................................................................173
10.2 Cybercrime Investigation from Three Perspectives: Private Sector, Law
Enforcement, and Regulatory .................................................................173
10.2.1 Private Sector.............................................................................174
10.2.2 Law Enforcement.......................................................................175
10.2.3 Regulatory .................................................................................175
10.3 Key Investigative Topics .........................................................................176
10.4 Ending the Investigation: Success or Exhaustion of Leads or Resources 176
10.4.1 The End of Law Enforcement’s Investigation.............................176
10.4.2 The End of the Private Sector Investigation ...............................177
10.4.3 The End of the Regulatory Investigation ...................................177
10.5 Conclusion..............................................................................................178
Chapter 11 General Investigation Methods: Organization, Open Source, Records, and

Email................................................................................................................179
11.1 Introduction..........................................................................................179
11.2 Cybercrime Investigation: The Cyclical Process of Building Evidence ..179
11.3 Managing Cybercrime Evidence: Readily Available vs. Proprietary
Investigation Tools ................................................................................181
11.3.1 Proprietary Tools .......................................................................181
11.3.2 Readily Available Tools ..............................................................182
11.4 Evidence Admissibility in Litigation .....................................................184
11.5 Writing for Cybercrime Investigations ..................................................184
11.5.1 The Dangers of Automatic Hyperlinking...................................185
11.6 Open Source Investigation ....................................................................187
11.6.1 Open Source Investigation Resources.........................................187
11.6.2 Viewing and Preserving Open Source Clues ...............................188
11.6.3 Practical Tips to Maximize the Admissibility of Open Source
Data ...........................................................................................190
11.7 Records Evidence..................................................................................191
11.7.1 The Workflow for Records Evidence..........................................192
11.7.2 Tracking Records Requests ........................................................193
11.7.3 Organizing the Records..............................................................194
11.7.4 Analyzing the Information in Records .......................................194
11.7.5 Admissibility of Records Evidence in Litigation ........................195
11.8 Email Evidence .....................................................................................196
11.8.1 Reading Email Headers..............................................................196
11.8.2 Analyzing Large Sets of Emails..................................................197
11.9 The Importance of Cybercrime Intelligence ..........................................198
11.10 Conclusion ............................................................................................199
Contents xv
Chapter 12 Private Entity’s Cybercrime Investigation.........................................................201

12.1 Introduction..........................................................................................201
12.2 Incident Response (and Prevention)......................................................201
12.3 Discovery of Cybercrime Incidents by Private Parties ...........................202
12.3.1 Is This a Crime the Private Entity Can and
Should Investigate? ....................................................................203
12.4 Determining Investigation Goals and Scope .........................................205
12.5 Activating Necessary Personnel: In-House and External ......................207
12.5.1 External Services to Consider ....................................................208
12.6 Reporting and Notifications to Law Enforcement, Regulatory
Agencies, and Other Parties ..................................................................209
12.6.1 Reporting to Law Enforcement..................................................209
12.6.2 Reporting to Regulators and Agencies Enforcing
Similar Laws ..............................................................................211
12.7 Identifying Potential Witnesses and Evidence: Internal and External ...212
12.8 Collecting Evidence Available Internally...............................................212
12.8.1 Interviewing Internal Personnel .................................................213
12.8.2 Internal Records and Data.........................................................213
12.8.3 Forensics on Internal Devices and Networks .............................214
12.9 Collecting Evidence from External Sources ..........................................215
12.9.1 Open-Source Research Revisited................................................215
12.9.2 Requesting Data and Information from Third Parties ...............215
12.9.3 Civil Legal Process to Compel External Parties to Produce
Evidence: John Doe Lawsuits and Subpoenas............................216
12.9.4 Respecting the Rights of Third Parties.......................................218
12.10 Conclusion ............................................................................................219
Chapter 13 Law Enforcement’s Cybercrime Investigation ..................................................220

13.1 Introduction..........................................................................................220
13.2 How Cybercrime Comes to Law Enforcement’s Attention....................220
13.3 Was There a Crime? ..............................................................................221
13.4 Is This a Crime that Law Enforcement Can and Should Investigate?....222
13.4.1 Nature and Extent of the Harm .................................................222
13.4.2 Nature of Initially Available Evidence........................................222
13.4.3 Jurisdictional Analysis ...............................................................223
13.4.4 Resources and Personnel Needed...............................................223
13.4.5 Likelihood of Apprehending Suspects........................................223
13.4.6 Related Civil Implications ..........................................................224
13.4.7 Impact on Society and Deterrence .............................................224
13.4.8 Advising the Victim....................................................................224
13.5 Opening a Case .....................................................................................225
13.6 Assessment of Initial Evidence: What Do We Have, What
Do We Need? ........................................................................................226
xvi Contents
13.7 Getting Ready to Investigate: A Recap of the Tools..............................226

13.7.1 Open-Source Investigation .........................................................227
13.7.2 Consent......................................................................................227
13.7.3 Letter of Preservation (If Additional Process Is Contemplated) .....228
13.7.4 Non-Disclosure Order and Request ...........................................228
13.7.5 Subpoena ...................................................................................228
13.7.6 2703(d) Order.............................................................................229
13.7.7 Search Warrant ..........................................................................230
13.7.8 Pen Register and Trap/Trace Device (Including with
Location Data)...........................................................................230
13.7.9 Wiretap ......................................................................................231
13.8 SIMPLE: The Six-Step Initial Mini-Plan for Law Enforcement............232
13.9 The Records Phase: Digging for Clues and Connections ......................233
13.10 The Data Search Phase: Zeroing in on Internet Accounts and
the Criminals Using Them ....................................................................235
13.11 The Physical World Phase: Searching Spaces and Devices ....................237
13.12 The Wiretap Phase: Special Cases Using Live Monitoring of Targets’
Communications ...................................................................................240
13.13 Traditional Shoe Leather Techniques....................................................241
13.14 Writing for Law Enforcement Investigations.........................................241
13.15 Working with the Private Sector............................................................242
13.16 Cybercrime Intelligence and Law Enforcement Investigations ..............243
13.17 Conclusion ............................................................................................243
Chapter 14 The Regulator’s Investigation...........................................................................245

14.1 Introduction............................................................................................245
14.2 Regulatory Recap: Regulated Industries and Regulatory-Type Laws......245
14.3 A Cybercrime Occurs: Reviewing the Report of the Affected Business ...247
14.4 Investigating the Cybercrime: Sufficiency of Cybersecurity Measures
and Accuracy of the Report ....................................................................247
14.5 Balancing the Roles of Compliance and Enforcement ............................249
14.6 Confidentiality and Information Sharing................................................250
14.7 Conclusion..............................................................................................251
Chapter 15 Financial Investigation: Following the Cybercrime Money ..............................252

15.1 Introduction............................................................................................252
15.2 Money Laundering 101...........................................................................252
15.3 Traditional Currency and Value..............................................................255
15.4 Virtual Currency and Cryptocurrency ....................................................255
15.4.1 History of Virtual Currency and Its Evolving Terminology .......256
15.5 Getting Started on the Money Trail: How Financial Details Can Prove
Crimes and the Criminal’s Identity .........................................................259
15.6 Finding and Following the Money..........................................................260
Contents xvii
15.6.1 Where to Find Evidence of Financial Activity ...........................261

15.6.2 Investigating Virtual Currency Transactions: Specific Tools and
Resources ...................................................................................262
15.6.3 Cryptocurrency Transaction Records.........................................263
15.7 Conclusion..............................................................................................264
Chapter 16 Identification of the Suspect: Attributing Cyber Conduct to a Person .............265

16.1 Introduction............................................................................................265
16.2 Doing Illicit Business Online: Cyber Nicknames and Pseudonyms .........265
16.3 The Attribution Process and Developing a Suspect: Mapping Criminal
Conduct to Cyber Pedigree and Physical Pedigree Information ..............266
16.3.1 Two Kinds of Pedigree Information: Physical and Cyber...........267
16.3.2 The ID-PLUS Attribution Process: Six Steps to Link Criminal
Conduct to Cyber Pedigree and Physical Pedigree .....................268
16.3.3 Example: Using ID-PLUS to Build an Identification.................275
16.3.4 Example: A Sample Attribution Summary (Working from the
Crime to a Suspect)....................................................................277
16.3.5 The Attribution Process from Another Lens: Types of Evidence
that Can Identify Cybercriminals...............................................279
16.4 Writing and Articulation Revisited: Clear and Effective Cyber
Identification...........................................................................................281
16.5 Examining Issues of Proof ......................................................................282
16.6 Apprehension: Confirming Pedigree through Statements and Forensics .282
16.7 Conclusion..............................................................................................284
Chapter 17 Apprehending the Suspect and the Investigation that Follows .........................285
17.1 Introduction............................................................................................285
17.2 Charging Decisions .................................................................................285
17.2.1 Methods for Charging a Suspect ................................................286
17.2.2 “Sealing” Charges versus Publicizing Them...............................287
17.3 Interstate Procedures for Arresting and Extraditing Defendants ............287
17.4 International Procedures for Arresting and Extraditing Defendants.......289
17.5 Arrest Strategies and the Hunt for Evidence...........................................290
17.6 A Successful Arrest Does Not Mean “Case Closed”...............................291
17.7 Conclusion..............................................................................................292
PART IV Litigation 293
Chapter 18 Criminal Litigation ..........................................................................................295

18.1 Introduction ...........................................................................................295
18.2 Goals of the Litigation ...........................................................................295
18.3 Litigation Begins: Filing of an Accusatory Instrument...........................296
xviii Contents
18.4 The Defendant Enters the Litigation: Apprehension, Extradition, and

Arraignment ...........................................................................................297
18.5 Guilty Pleas: Plea Position and Negotiation ...........................................298
18.6 Discovery: Sharing the Investigation with the Defense ...........................299
18.7 Motion Practice, Hearings, and Pre-Trial Decisions: Testing the
Investigation and Prosecution.................................................................301
18.8 Trial: The Investigation Laid Bare ..........................................................302
18.8.1 Picking a Jury ............................................................................303
18.8.2 Opening Statements ...................................................................303
18.8.3 Presenting the Evidence: Legal Admissibility and Jury
Comprehension..........................................................................304
18.8.4 The “Baby Step Exhibit” Technique ..........................................305
18.8.4.1 The “Baby Step” Technique and the
Laptop Computer ........................................................305
18.8.4.2 The “Baby Step” Technique and Financial Records.....308
18.8.5 The Defense: Cross-Examination and Counterattacking with
Evidence.....................................................................................310
18.8.6 Closing Arguments ....................................................................312
18.8.7 Jury Instructions ........................................................................312
18.8.8 Jury Deliberations and Verdict...................................................313
18.8.9 Sentencing..................................................................................313
18.9 Appeals and Post-Conviction Litigation.................................................314
18.10 Conclusion .............................................................................................314
Chapter 19 Civil Litigation .................................................................................................315

19.1 Introduction............................................................................................315
19.2 Potential Litigation Scenarios Following a Cybercrime Investigation .....315
19.2.1 Civil Action to Further the Investigation or Stop Cybercrime
Activity ......................................................................................316
19.2.2 Civil Action against Cybercriminal for Intentional Tort ............316
19.2.3 Civil Action against Cybercriminal under a Cybercrime Statutory
Cause of Action .........................................................................316
19.2.4 Civil Action against Another Victim for Negligent
Cybersecurity .............................................................................317
19.2.5 Civil Action for Breach of Contract ...........................................317
19.2.6 Civil or Regulatory Action by Government for Inadequate
Cybersecurity .............................................................................318
19.2.7 Civil Action by Criminal Prosecutor to Freeze and Seize Assets 318
19.3 Goals and Expectations ..........................................................................318
19.3.1 Government Agencies ................................................................319
19.3.2 Private Litigants.........................................................................319
19.4 Experts....................................................................................................319
19.5 Settlement Negotiations..........................................................................320
Contents xix
19.6 The Civil Lawsuit and the Role of the Investigation ...............................320
19.7 Arbitration..............................................................................................322
19.8 Conclusion..............................................................................................323
Chapter 20 Conclusion .......................................................................................................324
Index....................................................................................................................................326
About the Authors
John Bandler and Antonia Merzon served together as Assistant District Attorneys at the
New York County District Attorney’s Office (DANY), hired by the legendary Robert Mor-
genthau. They investigated and prosecuted a wide variety of criminal offenses, ranging from those
that garnered headlines to the many that received little attention but were equally essential for the
administration of justice and protection of the public. Antonia founded and led the Identity Theft
Unit (since renamed the Cybercrime and Identity Theft Bureau), recruiting John as an early
member. The unit’s work quickly revealed the close connection between identity theft and cyber-
crime, and brought amazing cases, including the Western Express case, which you will read about.
As Unit Chief, Antonia supervised the work of hundreds of prosecutors and thousands of investi-
gations, guiding and developing both people and cases. This fledgling unit with scarce resources
did terrific work in a new and evolving area of crime. Eventually, their service at DANY came to
an end, and they share their expertise now as lawyers and consultants in a variety of areas.
Their experiences during and after DANY are what convinced them to write this book
together.
John Bandler runs a law firm and a consulting practice that helps organizations and individuals
with cybersecurity, cybercrime investigations, and anti-money laundering efforts among other
areas. Before becoming a prosecutor, he served as a State Trooper in the New York State Police
for eight years, assigned to one of the state’s busiest stations that provided full police services to
the local community. While serving in the State Police he attended law school at night at Pace
University School of Law, and upon graduating he went to work for Mr. Morgenthau. Since
leaving government service he has represented a range of clients, from individuals to banks, on
many issues ranging from cybersecurity, privacy, anti-fraud, and threats. John is admitted to
the bars of New York, Connecticut, and Washington D.C., holds a number of certifications,
and writes, lectures, and teaches on law, cybersecurity, cybercrime, and more.
Antonia Merzon provides legal and consulting expertise related to security, investigations,
and law enforcement, especially as they intersect with the worlds of law, technology, privacy,
and fraud. She graduated from Fordham University School of Law and then was hired by
Mr. Morgenthau. During her time at DANY, she built the new Identity Theft Unit that
investigated and prosecuted cybercrime and virtual currency money laundering – before
these areas were in the public awareness – and developed the unit’s digital forensic and
investigative capacity. Cybercrime and traditional investigations are among her specialties,
including developing best practices. She also is an expert on a diverse array of investigation
and litigation best practices for law enforcement, including the use of body-worn cameras,
eyewitness identification, and the electronic recording of custodial interrogations.
John and Antonia can be contacted through their book website:

CybercrimeInvestigationsBook.com
Mail can be directed to:
John Bandler
Antonia Merzon
c/o Bandler Law Firm PLLC
Bandler Group LLC
48 Wall Street, 11th Floor
New York, NY, 10005
Acknowledgments
There are many people who made this book possible and contributed to it.
Tracy Suhr provided invaluable and detailed assistance in all the areas of the book,
including cybercrime, law, investigations, and editing and grammar. This book is vastly
improved thanks to her. We had the privilege to work with her at DANY, where she rose to
become Deputy Bureau Chief of the Cybercrime and Identity Theft Bureau.
Rob Bandler, John’s cousin, former Deputy Director of IT Security at Cornell University
and career IT professional, made the book better from start to finish, providing valuable
assistance throughout on both subject matter and editing.
Christopher Jones gave extensive help throughout as well.
Many others also helped with this book, reading chapters, providing valuable feedback,
and bringing diverse expertise in areas that included cybersecurity, cybercrime, law, business,
and editing. They include: William Darrow, Robert Barnsby, Preston Miller, J-Michael Rob-
erts, Bret Rubin, Stephen Hines, Joshua Larocca, Elizabeth Roper, Nicolette Endara-
Popovitch, and Stephen Moccia.
We have worked a lot of great investigations and cybercrime cases, including one you will
read about in this book, and we learned a lot along the way. None of that – and none of
this book – could have been possible without the many dedicated professionals with whom
we worked. Thank you to the paralegals, analysts, police officers, detectives, investigators,
special agents, prosecutors, victims, private sector investigators, and corporations who
helped us become better investigators.
Special thanks to Charles D. Tansey whose magnificent cartoon characters grace our dia-
grams. Art is but one of his many talents, and we are grateful for the chance to use his
work in this book.
Finally, none of this would be possible or worthwhile without the support of our families,
and our deepest thanks go to them.
John Bandler
New York, NY
Antonia Merzon,
Boulder, Colorado
April, 2020
Part I
Understanding Cybercrime,
Computers, and Cybersecurity
1 The Need for Good
Introduction
Cybercrime Investigators
This chapter (and book) is for:
• You
• Law enforcement of all types: police, investigators, agents, prosecutors, analysts
• Those in the private sector investigating or dealing with cybercrime
• Regulators
• The technically skilled and those who are not
• Beginning cyber investigators, intermediate, and even experienced looking for
a comprehensive view
• Lawyers and non-lawyers.
At the start of each chapter, we will identify the type of cybercrime investigator for
whom that chapter is primarily intended. Cybercrime investigators do not just have the
title of “investigator”. They come from many jobs and backgrounds – lawyers and non-
lawyers; technical experts and technical beginners; experienced traditional investigators
who are learning about cybercrime, and investigators whose only experience is with
cybercrime; law enforcement agents, industry regulators, and members of the private
sector; and students and trainees just starting out. Given this diversity of backgrounds,
we recognize that some readers might read the book straight through, and some might
skip chapters because they are working on a time-sensitive matter, or because existing
skill sets make certain chapters less critical. That said, we think you will get something
out of every chapter.
1.1 WHY THIS BOOK

Let us start with three fundamental truths about investigating cybercrime:
1. We all can investigate cybercrime. Cybercriminals are running amok online partly
because of the misconception that only specialized investigators with vast techno-
logical resources can work these cases. Tech skills and gadgets are great to have,
but they are, by no means, a requirement for handling a cyber investigation.
3
4 Cybercrime Investigations
2. Cybercrime can be solved. Just because it is a cybercrime, doesn’t mean it is hard to

solve. Cybercriminals – like every type of criminal – run the gamut, from low-level
scammers to highly sophisticated organizations. They are not all tech-wizards.
They are not all hard to find.
3. Even the most sophisticated cybercriminals can be caught.
Bottom line: the common preconception that cybercrime is too difficult to investigate is
wrong. Every case can and should be investigated. Every investigator can take positive steps
to solve a case. Instead of looking at a cyber incident and assuming there is not much that
can be done, we can use these core truths about cybercrime to frame a plan of action.
Cybercrime is a relatively new phenomenon. Malicious actors no longer need to be in
the immediate vicinity of their victims, but can attack and steal remotely, even from abroad.
The reach of the Internet means cybercrime is a safety and security problem for every com-
munity, industry, business, and law enforcement agency – large or small.
Investigating cybercrime is an even newer endeavor than cybercrime itself, and because it
involves technology, it can seem daunting to many investigators and victims. How do you
start investigating when one of these incidents happens? How do you figure out who did it
when the perpetrator is hiding online? What do you do with a crime that seems to lead
across the country, let alone around the world?
When we first started working on cybercrime cases as prosecutors, we had the same
questions. We did not come to this work from a tech background, and we often had min-
imal resources available. But through time, effort, and creativity we learned how to find the
answers. We learned that cybercrime can be investigated, offenders can be found, and cases
can be successfully prosecuted.
We wrote this book to share this knowledge with you, and to inspire more people to
become cybercrime investigators – especially those who might think cybercrime is too chal-
lenging to take on.
We understand that, in some places, law enforcement and private security lack experi-
ence, training, and resources when it comes to cybercrime. That is another reason we wrote
this book. We want to give any interested investigator the knowledge and tools to handle
these cases. As cybercrime continues to grow, we need more investigators on the frontlines
ready, willing and able to take it on. There are concrete steps that every investigator can
take to tackle cybercrime. This book is designed to make these steps understandable and
doable for investigators everywhere.
Why is it so important to bolster the investigative response to cybercrime? Let’s look at
some of the major repercussions of cybercrime in today’s world.
• Profit and Losses. Cybercrime is immensely profitable for cybercriminals, but

immensely costly to the rest of us. Each year, U.S. businesses and consumers lose
billions of dollars through cybercrime while the criminal and private investigation
of these events remains completely inadequate. It is astonishing to consider that bil-
lions of dollars can be stolen annually without proper investigation or redress.
• Terrorism and Espionage. The profitable and disruptive nature of cybercrime means
it is an activity of interest for terrorists and nation-states seeking income, intelli-
gence, or simply a new way to inflict harm. The Internet provides a gateway and
a network for all manner of nefarious activity at the local, national, and inter-
national levels. Our will to investigate this activity must measure up to the threat it
presents.
• New Ways to Move Money. Cybercriminals have developed innovative money laun-
dering techniques to pay each other and disguise their illicit income. Virtual curren-
cies and cryptocurrencies, international wire transfer schemes, money held and
Another random document with
no related content on Scribd:
The Project Gutenberg eBook of Lectures on
English poets
This ebook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this ebook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.
Title: Lectures on English poets
Author: James Russell Lowell
Release date: December 5, 2023 [eBook #72324]
Language: English
Original publication: Cleveland: The Rowfant Club, 1897
Credits: Charlene Taylor and the Online Distributed

Proofreading Team at https://www.pgdp.net (This file
was produced from images generously made available
by The Internet Archive/American Libraries.)
*** START OF THE PROJECT GUTENBERG EBOOK LECTURES

ON ENGLISH POETS ***
Two hundred and twenty-four copies printed in the month of March,
1897.
This is No.
LECTURES
ON
ENGLISH POETS
BY
JAMES RUSSELL LOWELL
“—CALL UP HIM WHO LEFT HALF-TOLD

THE STORY OF CAMBUSCAN BOLD.”
CLEVELAND
THE ROWFANT CLUB
MDCCCXCVII
Copyright, 1897,
By The Rowfant Club.
CONTENTS
PAGE
Introduction, vii
Lecture I, Definitions, 3
Lecture II, Piers Ploughman’s Vision, 23
Lecture III, The Metrical Romances, 39
Lecture IV, The Ballads, 59
Lecture V, Chaucer, 79
Lecture VI, Spenser, 97
Lecture VII, Milton, 117
Lecture VIII, Butler, 135
Lecture IX, Pope, 149
Lecture X, Poetic Diction, 167
Lecture XI, Wordsworth, 183
Lecture XII, The Function of the Poet, 199
INTRODUCTION
WHILST midway in his thirty-fifth year Lowell was appointed to
deliver a course of lectures before the Institute founded by a relative,
and bearing the family name. He was then known as the author of
two volumes of poems besides the biting “Fable for Critics” and the
tender “Vision of Sir Launfal,” and the nimbus was still brightly
shining around the head of him who had created the tuneful “Hosea
Biglow” and the erudite “Parson Wilbur.” It was not the accident of
relationship that procured this appointment; he had fairly earned the
honor by his scholarly acquirements and poetly achievements.
When the twelfth and last lecture had been delivered, the
correspondent of the “New York Evening Post” wrote:
“Mr. Lowell has completed his course of lectures on English

Poetry, which have been attended throughout by crowded
audiences of the highest intelligence. The verdict of his
hearers has been a unanimous one of approval and delight.
Certainly no course of literary lectures has ever been
delivered here so overflowing with vigorous, serious thought,
with sound criticism, noble, manly sentiments, and genuine
poetry. Mr. Lowell is a poet, and how could a true poet speak
otherwise?
“His appointment to the Professorship of Belles Lettres in

Harvard College, made vacant by the resignation of
Longfellow, is the very best that could have been made, and
gives high satisfaction. It is such names that are a tower of
strength and a crown of glory to our Alma Mater. Everett,
Sparks, Ticknor, Longfellow, Agassiz, Peirce, are known in
their respective departments wherever science and polite
letters have a foothold, and the nomination of James Russell
Lowell as the associate and successor of such men is the
most ‘fit to be made.’”
A quarter of a century after their delivery, one who heard them bore
this testimony: “The lectures made a deep impression upon
cultivated auditors, and full reports of them were printed in the
Boston ‘Advertiser.’ Their success was due to their intrinsic merits.
The popular lecturer is often led to imitate the vehement action of the
stump-speaker and the drollery of the comedian by turns. Mr.
Lowell’s pronunciation is clear and precise, and the modulations of
his voice unstudied and agreeable, but he seldom if ever raised a
hand for gesticulation, and his voice was kept in its natural compass.
He read like one who had something of importance to utter, and the
just emphasis was felt in the penetrating tone. There were no
oratorical climaxes, and no pitfalls set for applause. But the weighty
thoughts, the earnest feeling, and the brilliant poetical images gave
to every discourse an indescribable charm. The younger portion of
the audience, especially, enjoyed a feast for which all the study of
their lives had been a preparation.”
The same auditor, writing after Lowell’s death, mentions them again:
“In 1854 [it was really 1855] Lowell delivered a course of twelve
lectures on the British Poets at the Lowell Institute. They were not
printed at the time, except, partially, in newspaper reports, but
doubtless many of their ideas were absorbed in the published
essays. In these lectures the qualities of his prose style began to be
manifested. It was felt by every hearer to be the prose of a poet, as it
teemed with original images, fortunate epithets, and artistically
wrought allusions, and had a movement and music all its own. A few
friends from Cambridge attended these lectures, walking into the
city, and more than once through deep snow. The lecturer
humorously acknowledged his indebtedness to them, saying that
when he saw their faces he was in the presence of his literary
conscience. These lectures have not been published as yet, and
may not be.”
Even while they were yet ringing in the ears of those delighted
audiences, Ticknor and Fields were eager to publish them, but
Lowell withheld consent. The lectures had been rapidly written, and
needed the labor of the file, and this the unexpected duties of the
equally unexpected professorship precluded. There were five
applicants for the chair vacated by Longfellow, but Lowell was not
one of them; both his nomination and his appointment were made
without his knowledge. He accepted the chair with the understanding
that he should be allowed to spend one year abroad for some
necessary study in Germany and Spain. Then his professorial duties
engaged him and the “Lectures on English Poets” were left as a waif
stranded on the forgotten columns of a newspaper. When at length
the opportunity of leisure came Lowell found himself capable of
better things, and he was satisfied with absorbing into later essays
some fragments of the early lectures. There ended his concern for
them; but an enthusiastic hearer had preserved the Boston
“Advertiser’s” reports of them in a special scrap-book, which
ultimately became the property of the University of Michigan and
thus fell into the editor’s hands, who felt the charm thereof, and was
desirous of sharing his pleasure with the Rowfant Club.
There is little doubt that Lowell had been too fastidious when he
wrote to James T. Fields, in May, 1855: “It has just got through my
skull, and made a dint into my sensorium, that you wrote me a note,
ever so long ago, about my lectures and the publication of them. I
don’t mean to print them yet—nor ever till they are better—but, at
any rate, I consider myself one of your flock, though not, perhaps, as
lanigerous as some of them.” And when Lowell’s literary executor
wrote: “His powers of critical appreciation and reflection were
displayed to advantage in these lectures. No such discourses had
been heard in America. They added greatly to his reputation as critic,
scholar, and poet,”—there could be no hesitation in setting aside
Lowell’s modest self-depreciation. After the delivery of his first
lecture, he had written to his friend Stillman: “So far as the public are
concerned, I have succeeded.” And his words are as true in 1896 as
they were in 1855; and although his literary art was not so
consummate as it became in his ultimate development, these early
lectures will aid and encourage the student by showing his growth:
we see the rivulet become the flowing river.
We share, too, in the delight of his first audience on reading:
“The lines of Dante seem to answer his every mood:

sometimes they have the compressed implacability of his lips,
sometimes they ring like an angry gauntlet thrown down in
defiance, and sometimes they soften or tremble as if that
stern nature would let its depth of pity show itself only in a
quiver of the voice.”
“So in ‘Paradise Lost’ not only is there the pomp of long

passages that move with the stately glitter of Milton’s own
angelic squadrons, but if you meet anywhere a single verse,
that, too, is obstinately epic, and you recognize it by its march
as certainly as you know a friend by his walk.”
“Who can doubt the innate charm of rhyme whose eye has
ever been delighted by the visible consonance of a tree
growing at once toward an upward and a downward heaven,
on the edge of the unrippled river; or as the kingfisher flits
from shore to shore, his silent echo flies under him and
completes the vanishing couplet in the visionary world below.”
“Every desire of the heart finds its gratification in the poet

because he always speaks imaginatively and satisfies ideal
hungers.”
And see, too, how the “powers of critical appreciation” that Professor
Norton has mentioned were bursting into blossom and giving
promise of the golden harvest to come:
“Sir Thomas Browne, * * * a man who gives proof of more

imagination than any other Englishman except Shakspeare.”
For subtlety and depth of insight Lowell has never excelled this early
example, nor has he ever outdone the critical estimate, so true and
so terse, of his final pronouncement upon Pope:
“Measured by any high standard of imagination, he will be
found wanting; tried by any test of wit, he is unrivaled.”
And what of such a shining felicity as where he meets Sir Thomas

Browne on common ground and the author of “Religio Medici”
gravely smiles and acknowledges kinship:
“If a naturalist showed us a toad we should feel indifferent, but

if he told us that it had been found in a block of granite we
should instantly look with profound interest on a creature that
perhaps ate moths in Abel’s garden or hopped out of the path
of Lamech.”
Most truly “No such lectures had been heard in America,” and as
truly they deserve to be made more than a delightful memory for the
early hearers alone.
Lowell wrote to a friend that at his first lecture he had held his
audience for an hour and a quarter, but the reporter’s notes of that
lecture fall far short of that fullness; nevertheless, compared with
Anstey’s shorthand notes of Carlyle’s lectures on the “History of
Literature,” we come much nearer to the living voice in the Boston
“Advertiser’s” reports of these Lowell lectures. Carlyle spoke without
a written text, nor had he any notes save a few bits of paper which in
his hyper-nervousness he twisted out of all hope of reportorial
decipherment—and without once looking at them; Lowell had his
manuscripts (written currente calamo, for the new wine of life was in
full ferment and it was no small feat to bottle any of it successfully),
and we are assured from internal evidence that the “Advertiser’s”
reporter was allowed access to them. His text has a tang as
characteristic as Thoreau’s wild apples, and we do not feel the
dubiety of the blind patriarch, “The voice is Jacob’s, but the hands
are Esau’s.” No; it is James Russell Lowell, his voice, his inimitable
mark, and these are his words sounding in our ears after half a
century.
The only attempt at “editing” has been as far as possible to

reproduce the reporter’s “copy.” To that end Lowell’s profusion of
capitals is retained (and the reader will bear in mind that the
Transcendental spirit was then in both the air and the alphabet), and
even his italics, suggested, as Mr. Underwood says, by the speaker’s
emphasis, find their respective places. Here and there a
compositor’s error has been corrected and a proof-reader’s oversight
adjusted; sometimes this has been conjectural, and again the
needful change was obvious. In all else, save the applause, this
Rowfant Book may be called a faint echo of the Lowell Institute
Lectures.
It is “printed, but not published” in loving fealty to Lowell’s memory,

and every Rowfanter has at heart the assurance that his Shade will
look upon this literary flotsam without a frown, or with one that will
soon fade into forgiveness.
S. A. J.
Ann Arbor, November 10th, 1896.

LECTURE I
DEFINITIONS
(Tuesday Evening, January 9, 1855)
I
Mr. Lowell began by expressing his sense of the responsibility he
had assumed in undertaking a course of lectures on English Poets.
Few men, he said, had in them twelve hours of talk that would be
worth hearing on any subject; but on a subject like poetry no person
could hope to combine in himself the qualities that would enable him
to do justice to his theme. A lecturer on science has only to show
how much he knows—the lecturer on Poetry can only be sure how
much he feels.
Almost everybody has a fixed opinion about the merits of certain

poets which he does not like to have disturbed. There are no
fanaticisms so ardent as those of Taste, especially in this country,
where we are so accustomed to settle everything by vote that if a
majority should decide to put a stop to the precession of the
Equinoxes we should expect to hear no more of that interesting
ceremony.
A distinguished woman [Mrs. Stowe] who has lately published a

volume of travels, affirms that it is as easy to judge of painting as of
poetry by instinct. It is as easy. But without reverent study of their
works no instinct is competent to judge of the masters of either art.
Yet every one has a right to his private opinion, and the critic should
deal tenderly with illusions which give men innocent pleasure. You
may sometime see japonicas carved out of turnips, and if a near-
sighted friend should exclaim, “What a pretty japonica!” do not growl
“Turnip!” unless, on discovering his mistake, he endeavors to prove
that the imitation is as good as the real flower.
In whatever I shall say, continued Mr. Lowell, I shall, at least, have

done my best to think before I speak, making no attempt to say
anything new, for it is only strange things and not new ones that
come by effort. In looking up among the starry poets I have no hope
of discovering a new Kepler’s law—one must leave such things to
great mathematicians like Peirce. I shall be content with resolving a
nebula or so, and bringing to notice some rarer shade of color in a
double star. In our day a lecturer can hardly hope to instruct. The
press has so diffused intelligence that everybody has just
misinformation enough on every subject to make him thoroughly
uncomfortable at the misinformation of everybody else.
Mr. Lowell then gave a brief outline of his course, stating that this
first lecture would indicate his point of view, and treat in part of the
imaginative faculty.
After some remarks upon Dr. Johnson’s “Lives of the Poets,” the
lecturer proceeded: Any true criticism of poetry must start from the
axiom that what distinguishes that which we call the poetical in
anything, and makes it so, is that it transcends the understanding, by
however little or much, and is interpreted by the intuitive operation of
some quite other faculty of the mind. It is precisely the something-
more of feeling, of insight, of thought, of expression which for the
moment lulls that hunger for the superfluous which is the strongest
appetite we have, and which always gives the lie to the proverb that
enough is as good as a feast. The boys in the street express it justly
when they define the indefinable merit of something which pleases
them, by saying it is a touch beyond—or it is first-rate and a half. The
poetry of a thing is this touch beyond, this third half on the farther
side of first-rate.
Dr. Johnson said that that only was good poetry out of which good
prose could be made. But poetry cannot be translated into prose at
all. Its condensed meaning may be paraphrased, and you get the
sense of it, but lose the condensation which is a part of its essence.
If on Christmas day you should give your son a half-eagle, and
should presently take it back, and give him the excellent prose
version of five hundred copper cents, the boy would doubtless feel
that the translation had precisely the same meaning in tops, balls,
and gibraltars; but the feeling of infinite riches in a little room, of
being able to carry in his waistcoat pocket what Dr. Johnson would
have called the potentiality of tops and balls and gibraltars beyond
the dreams of avarice—this would have evaporated. By good prose
the Doctor meant prose that was sensible and had a meaning. But
he forgot his own theory sometimes when he thought he was writing
poetry. How would he contrive to make any kind of sense of what he
says of Shakspeare? that
Panting Time toiled after him in vain.
The difference between prose and poetry is one of essence and not
one of accident. What may be called the negatively poetical exists
everywhere. The life of almost every man, however prosaic to
himself, is full of these dumb melodies to his neighbor. The farmer
looks from the hillside and sees the tall ship lean forward with its
desire for the ocean, every full-hearted sail yearning seaward, and
takes passage with her from his drudgery to the beautiful
conjectured land. Meanwhile he himself has Pegasus yoked to his
plough without knowing it, and the sailor, looking back, sees him
sowing his field with the graceful idyl of summer and harvest. Little
did the needle-woman dream that she was stitching passion and
pathos into her weary seam, till Hood came and found them there.
The poetical element may find expression either in prose or verse.

The “Undine” of Fouqué is poetical, but it is not poetry. A prose writer
may have imagination and fancy in abundance and yet not be a
poet. What is it, then, that peculiarly distinguishes the poet? It is not
merely a sense of the beautiful, but so much keener joy in the sense
of it (arising from a greater fineness of organization) that the emotion
must sing, instead of only speaking itself.
The first great distinction of poetry is form or arrangement. This is
not confined to poems alone, but is found involved with the
expression of the poetical in all the Arts. It is here that the statue bids
good-bye to anatomy and passes beyond it into the region of beauty;
that the painter passes out of the copyist and becomes the Artist.
Mr. Lowell here quoted Spenser’s statement of Plato’s doctrine:
For of the soul the body form doth take,

For soul is form and doth the body make.
This coördination of the spirit and form of a poem is especially

remarkable in the “Divina Commedia” of Dante and the “Paradise
Lost” of Milton, and that not only in the general structure, but in
particular parts. The lines of Dante seem to answer his every mood:
sometimes they have the compressed implacability of his lips,
sometimes they ring like an angry gauntlet thrown down in defiance,
and sometimes they soften or tremble as if that stern nature would
let its depth of pity show itself only in a quiver of the voice; but
always and everywhere there is subordination, and the pulse of the
measure seems to keep time to the footfall of the poet along his
fated path, as if a fate were on the verses too. And so in the
“Paradise Lost” not only is there the pomp of long passages that
move with the stately glitter of Milton’s own angelic squadrons, but if
you meet anywhere a single verse, that, too, is obstinately epic, and
you recognize it by its march as certainly as you know a friend by his
walk.
The instinctive sensitiveness to order and proportion, this natural

incapability of the formless and vague, seems not only natural to the
highest poetic genius, but to be essential to the universality and
permanence of its influence over the minds of men. The presence of
it makes the charm of Pope’s “Rape of the Lock” perennial; its
absence will always prevent such poems as the “Faëry Queene,”
“Hudibras,” and the “Excursion” (however full of beauty, vivacity, and
depth of thought) from being popular.
Voltaire has said that epic poems were discourses which at first were
written in verse only because it was not yet the custom to narrate in
prose. But instead of believing that verse is an imperfect and
undeveloped prose, it seems much more reasonable to conclude it
the very consummation and fortunate blossom of speech, as the
flower is the perfection towards which the leaf yearns and climbs,
and in which it at last attains to fullness of beauty, of honey, of
perfume, and the power of reproduction.
There is some organic law of expression which, as it must have

dictated the first formation of language, must also to a certain extent
govern and modulate its use. That there is such a law a common
drum-head will teach us, for if you cover it with fine sand and strike it,
the particles will arrange themselves in a certain regular order in
sympathy with its vibrations. So it is well known that the wood of a
violin shows an equal sensibility, and an old instrument is better than
a new one because all resistance has been overcome. I have
observed, too, as something that distinguishes singing birds from
birds of prey, that their flight is made up of a series of parabolic
curves, with rests at regular intervals, produced by a momentary
folding of the wings; as if the law of their being were in some sort
metrical and they flew musically.
Who can doubt the innate charm of rhyme whose eye has ever been
delighted by the visible consonance of the tree growing at once
toward an upward and a downward heaven on the edge of an
unrippled river; or, as the kingfisher flits from shore to shore, his
silent echo flies under him and completes the vanishing couplet in
the visionary world below? Who can question the divine validity of
number, proportion, and harmony, who has studied the various
rhythms of the forest? Look for example at the pine, how its
branches, balancing each other, ray out from the tapering stem in
stanza after stanza, how spray answers to spray, and leaf to leaf in
ordered strophe and antistrophe, till the perfect tree stands an
embodied ode, through which the unthinking wind cannot wander
without finding the melody that is in it and passing away in music.
Language, as the poets use it, is something more than an expedient
for conveying thought. If mere meaning were all, then would the
Dictionary be always the most valuable work in any tongue, for in it
exist potentially all eloquence, all wisdom, all pathos, and all wit. It is
a great wild continent of words ready to be tamed and subjugated, to
have its meanings and uses applied. The prose writer finds there his
quarry and his timber; but the poet enters it like Orpheus, and makes
its wild inmates sing and dance and keep joyous time to every
wavering fancy of his lyre.
All language is dead invention, and our conversational currency is

one of shells like that of some African tribes—shells in which poetic
thoughts once housed themselves, and colored with the tints of
morning. But the poet can give back to them their energy and
freshness; can conjure symbolic powers out of the carnal and the
trite. For it is only an enchanted sleep, a simulated death, that
benumbs language; and see how, when the true prince-poet comes,
the arrested blood and life are set free again by the touch of his fiery
lips, and as Beauty awakens through all her many-chambered
palace runs a thrill as of creation, giving voice and motion and
intelligence to what but now were dumb and stiffened images.
The true reception of whatever is poetical or imaginative

presupposes a more exalted, or, at least, excited, condition of mind
both in the poet and the reader. To take an example from daily life,
look at the wholly diverse emotions with which a partizan and an
indifferent person read the same political newspaper. The one thinks
the editor a very sound and moderate person whose opinion is worth
having on a practical question; the other wonders to see one very
respectable citizen drawn as a Jupiter Tonans, with as near an
approach to real thunderbolts as printer’s ink and paper will
concede, and another, equally respectable and a member of the
same church, painted entirely black, with horns, hoofs, and tail. The
partizan is in the receptive condition just spoken of; the indifferent
occupies the solid ground of the common sense.
To illustrate the superiority of the poetic imagination over the prosaic

understanding, Mr. Lowell quoted a story told by Le Grand in a note

PDF Cybercrime Investigations A Comprehensive Resource For Everyone 1St Edition John Bandler Ebook Full Chapter

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PDF Cybercrime Investigations A Comprehensive Resource For Everyone 1St Edition John Bandler Ebook Full Chapter

Uploaded by

Copyright:

Available Formats

Cybercrime Investigations: A

Comprehensive Resource for Everyone

Abstract Algebra A Comprehensive Introduction 1st

The skilled facilitator a comprehensive resource for

English for Everyone — Junior - 5 Words a Day 1st

Comprehensive Clinical Nephrology 6th Edition John

Bird’s Comprehensive Engineering Mathematics Second

The Academic Phrasebank an academic writing resource

Comprehensive glossary of terms used in toxicology 1st

Canine Assisted Interventions A Comprehensive Guide to

Library of Congress Cataloging-in-Publication Data

Names: Bandler, John, author. | Merzon, Antonia, author.

Visit the Taylor & Francis Web site at

To all cybercrime investigators, past, present, and future, whose

To my wife, children, and parents.

PART I Understanding Cybercrime, Computers, and

Chapter 1 Introduction: The Need for Good Cybercrime Investigators................................3

Chapter 2 What Is Cybercrime and Why Is It Committed? ..................................................9

2.4.5 Corporate Espionage .....................................................................19

Chapter 3 Introduction to Computers, Networks, and Forensics........................................26

3.8.2 Stored Data (Persistent Storage) in Devices: Forensically

Chapter 4 Introduction to Information Security and Cybersecurity ...................................50

PART II Law for the Cybercrime Investigator 63

Chapter 5 Fundamental Principles of Criminal and Civil Law ...........................................65

5.3.2 Jurisdiction and Venue ...................................................................73

Chapter 6 Cybercrime Deﬁned: The Criminal Statutes Outlawing Criminal Conduct

6.5.2 Possession/Receiving of Stolen Property ......................................98

Chapter 7 The Law Enforcement Legal Toolkit for Investigating Cybercrime:

7.4.1.8 SCA Rules for Letters of Preservation,

Chapter 8 Cyber Investigations Linked to Nation-States or Terrorists .............................136

PART III The Cybercrime Investigation 171

Chapter 10 Embarking on a Cybercrime Investigation: The Three Perspectives and Key

Chapter 11 General Investigation Methods: Organization, Open Source, Records, and

Chapter 12 Private Entity’s Cybercrime Investigation.........................................................201

Chapter 13 Law Enforcement’s Cybercrime Investigation ..................................................220

13.7 Getting Ready to Investigate: A Recap of the Tools..............................226

Chapter 14 The Regulator’s Investigation...........................................................................245

Chapter 15 Financial Investigation: Following the Cybercrime Money ..............................252

15.6.1 Where to Find Evidence of Financial Activity ...........................261

Chapter 16 Identiﬁcation of the Suspect: Attributing Cyber Conduct to a Person .............265

PART IV Litigation 293

Chapter 18 Criminal Litigation ..........................................................................................295

18.4 The Defendant Enters the Litigation: Apprehension, Extradition, and

Chapter 19 Civil Litigation .................................................................................................315

Chapter 20 Conclusion .......................................................................................................324

John and Antonia can be contacted through their book website:

This chapter (and book) is for:

1.1 WHY THIS BOOK

2. Cybercrime can be solved. Just because it is a cybercrime, doesn’t mean it is hard to

• Proﬁt and Losses. Cybercrime is immensely proﬁtable for cybercriminals, but

Title: Lectures on English poets

Author: James Russell Lowell

Release date: December 5, 2023 [eBook #72324]

Original publication: Cleveland: The Rowfant Club, 1897

Credits: Charlene Taylor and the Online Distributed

*** START OF THE PROJECT GUTENBERG EBOOK LECTURES

“—CALL UP HIM WHO LEFT HALF-TOLD

“Mr. Lowell has completed his course of lectures on English

“His appointment to the Professorship of Belles Lettres in

We share, too, in the delight of his first audience on reading:

“The lines of Dante seem to answer his every mood:

“So in ‘Paradise Lost’ not only is there the pomp of long

“Every desire of the heart finds its gratification in the poet