Chapter 17


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Chapter 17

  1. 1. Chapter 17Computer Crime Hess 17-1
  2. 2. Introduction• Computer crimes are relatively easy to commit and difficult to detect• Most computer crimes are not prosecuted• Crimes involving computers have become much more sophisticated• Most computers on the planet are connected via the Internet• A new breed of detective—the cybercrime investigator Hess 17-2
  3. 3. The Scope and Cost of the ProblemSOURCES• IC3 2010 Internet Crime Report• 2010 CyberSecurity Watch Survey• 2010/2011 CSI Computer Crime and Security Survey• Created a fundamental change in law enforcement agencies Hess 17-3
  4. 4. Terminology and DefinitionsCOMMON TERMS• Cybercrime• Cybertechnology• Cyberspace• E-crime Hess 17-4
  5. 5. Terminology and DefinitionsTHE NET VERSUS THE WEB• Net is a network of networks• Web is an abstract space of informationLIVE CHAT ANDINSTANT MESSAGING• Two or more people• Talk online in real time Hess 17-5
  6. 6. Classification and Types of Computer Crimes OVERVIEW • Computer as target • Computer as tool • Computer as incidental to an offense • Be aware of the ever-expanding ways Hess 17-6
  7. 7. Classification and Types of Computer Crimes COMPUTER AS TARGET • Viruses and worms • Invariably involves hacking COMPUTER AS TOOL • Traditional methods elevated • Many offenses overlap Hess 17-7
  8. 8. Special Challenges in InvestigationOVERVIEW• Reluctance or failure to report crime• Lack of training• Need for specialists• Fragility of the evidence• Jurisdictional issues Hess 17-8
  9. 9. Special Challenges in InvestigationNONREPORTING OF COMPUTER CRIMES• Did not think law enforcement could help• Too insignificant to reportLACK OF INVESTIGATOR TRAINING• Cybercriminals are more technologically sophisticated• Law enforcement needs additional training Hess 17-9
  10. 10. Special Challenges in InvestigationNEED FOR SPECIALISTS AND TEAMWORK• Cybercrime unitFRAGILITY AND SENSITIVITY OF EVIDENCE• Computer evidence is very fragile• Can be altered or damaged easily• Could be rendered unusable Hess 17-10
  11. 11. Special Challenges in InvestigationJURISDICTIONAL ISSUES• Traditional boundaries are complicated• Double criminality• Need for unified global approach• Federal versus state• Growing pains for this area of law Hess 17-11
  12. 12. The Preliminary InvestigationCOMMON PROTOCOL• Secure, evaluate and document crime scene• Obtain a search warrant• Recognize, identify, collect and preserve the evidence• Package, transport and store evidence• Submit digital evidence• Document in an incident report Hess 17-12
  13. 13. The Preliminary InvestigationSECURING AND EVALUATING THE SCENE• Basic ON/OFF tenet• Follow departmental policy• Ensure that no unauthorized person has access• Ensure condition of electronic device is not altered• Properly document Hess 17-13
  14. 14. The Preliminary InvestigationOBTAINING A SEARCH WARRANT• Searches may be conducted by consent• Suspect unknown, warrant must be obtained• Have both a consent search form and a search warrant• Avoid destruction of evidence Hess 17-14
  15. 15. The Preliminary InvestigationRECOGNIZING EVIDENCE• Conventional  Fingerprints  Documents  Hard drive• Digital  Electronic files  E-mails Hess 17-15
  16. 16. The Preliminary InvestigationDOCUMENTING DIGITAL EVIDENCE• Thorough notes, sketches and photographs• Document condition and location of computer system• Photograph the entire scene• Photograph the front and back of the computer Hess 17-16
  17. 17. The Preliminary InvestigationCOLLECTING PHYSICAL AND DIGITAL EVIDENCE• Evidence often contained on disks• Devices may have fingerprints• Avoid contact with recording surfaces• Evidence log• Chain of custody issues Hess 17-17
  18. 18. The Preliminary InvestigationPACKAGING, TRANSPORTING AND STORING DIGITAL EVIDENCE• Keep away from magnetic fields• Store away from humidity extremes• Do not use plastic bags• Be aware of battery needs Hess 17-18
  19. 19. Forensic Examination of Computer Evidence DATA ANALYSIS AND RECOVERY • Deleted files remain on hard drive • Forensic expert can make viewable • Recycle bin • Data remanence Hess 17-19
  20. 20. Legal Considerations in Collecting and Analyzing Computer EvidenceWARRANT EXCEPTIONS• Contraband, fruits or instrumentalities of the crime• Prevent death or serious bodily injury• Has committed or is committing a criminal offense to which the materials relate Hess 17-20
  21. 21. Follow-Up InvestigationDEVELOPING SUSPECTS• Most cybercrimes committed by outsiders• Three categories  Crackers  Vandals  Criminals Hess 17-21
  22. 22. Follow-Up InvestigationORGANIZED CYBERCRIME GROUPS• Generally not loyal to one another• Operate in countries with weak hacking lawsUNDERCOVER INVESTIGATION AND SURVEILLANCE• Headed by computer expert• Online undercover officer Hess 17-22
  23. 23. Security of the Police Department’s Computers VULNERABILITY • Access via phone lines • Critical nature of law enforcement data • Agency’s network should be a top priority • Evidence logs • Other valuable data Hess 17-23
  24. 24. LegislationGOVERNMENT MEASURES• USA PATRIOT Act• Foreign Intelligence Surveillance Act (FISA)• National Security Letter (NSL)• Child Protection and Sexual Predator Punishment Act• All states have enacted tough computer crime control laws Hess 17-24
  25. 25. The Investigative TeamCYBER SPECIALISTS• Often requires a team approach• Equipment owner• Database technicians• Auditors• Computer experts• Programmers Hess 17-25
  26. 26. Resources AvailableSOURCES• National Cybercrime Training Partnership (NCTP)• Electronic Crimes Task Forces (ECTFs)• Perverted Justice• NetSmartz Hess 17-26
  27. 27. Preventing Computer CrimeSTRATEGIES• Educating top management• Educating employees• Instituting internal security precautions• Management  Commitment to defend against computer crime  Organization-wide policies Hess 17-27
  28. 28. Summary• Computer crimes are relatively easy to commit and difficult to detect• Basic tenet for first responders at computer crime scenes is to observe the ON/OFF rule• Most cybercrimes against businesses are committed by outsiders• Investigating such crimes often requires a team approach Hess 17-28