SlideShare a Scribd company logo

3170725_Unit-5.pptx

Download as PPTX, PDF
Y
YashPatel132112

The document discusses several key legal aspects and issues related to digital forensics. It outlines how digital forensics experts must consider existing laws when monitoring and collecting computer evidence. It also explains that proving possession of prohibited digital materials found on a computer involves establishing knowledge and control, which can be challenging. Additionally, it notes that electronic discovery and digital forensics both involve preserving and analyzing digital information, but that digital forensics experts perform the analysis while electronic discovery experts provide information to legal teams for analysis.

Engineering
1 of 28
Chapter 5:- LEGAL ASPECTS OF DIGITAL FORENSICS SUBJECT CODE: 3170725 Compiled By:- Akash Mehta
Outline  Understanding of legal aspects and their impact on digital forensics  Electronics Discovery 2
Understanding of legal aspects  Anyone overseeing network security must be aware of the legal implications of forensic activity. Security professionals need to consider their policy decisions and technical actions in the context of existing laws. For instance, you must have authorization before you monitor and collect information related to a computer intrusion.  There are also legal ramifications to using security monitoring tools. Digital Forensics is a relatively new discipline to the courts and many of the existing laws used to prosecute computer-related crimes, legal precedents, and practices related to digital forensics are in a state of flux. New court rulings are issued that 3
Legal Issues  Forensics is defined as “the use of science and technology to investigate and establish facts in criminal or civil courts of law.” As a subcategory of this, computer forensics attempts to assist litigants in establishing (or refuting) facts by examining digital evidence. This can range from activity that took place on a computer or cell phone, to information that was passed along by someone, or interaction with prohibited or protected material on that computer. 4
Legal Issues  The legal issues relevant to computer forensics are vast, and range from the qualification of experts, the reliability and accuracy of the forensic evidence that is being proffered, to the scope and result of an expert’s testimony. Here, we will focus on one of the most prominent legal issues in computer forensics: proof of possession of prohibited material.  Very often, a case has at its root an allegation that an individual or corporation had a certain piece of digital material on their computer. This may be photographs, videos, text documents, spreadsheets or other type of computer file. 5
Legal Issues  Applying a common sense analysis to these situations can be problematic. Typically, when we find something located in someone’s personal space (e.g. their kitchen, their car, or their briefcase) we presume the person possessed the item. In reality, there is a wide scale of uncertainty of whether the person possessed the item. When things are found outside of a person’s direct possession (e.g. their pocket or hand) the law regarding possession is rooted in the two concepts of : 1.) Knowledge; 2.) Control 6
Legal Issues  No one can possess something they don’t know about (the baseball thrown in their yard by a neighbour and covered with bushes) or that they do not control (the marijuana plant someone can see in their neighbour’s yard, yet over which they have no power).  Courts have affirmed the application of these principles to possession of material on computers 7
Legal Issues  Section 4(3) of the Criminal Code contains a definition of possession. Section 4(3)(a)(ii) contains the relevant part of that definition for present purposes:  a person has anything in possession when he … knowingly (ii) has it in any place … for the use or benefit of himself or another person;  Possession requires knowledge of the criminal character of the item in issue. In this case, the Crown had to prove that the appellant had 8
Legal Issues  Knowledge alone will not establish possession. The Crown must also prove that an accused with the requisite knowledge had a measure of control over the item in issue. Control refers to power or authority over the item whether exercised or not: R. v. Mohamad at paras. 60-61 (Ont. C.A.).  These central concepts are easily understood in simple “real world” examples about baseballs, cars and cocaine. However, it is the bridge between a computer forensic examination and a conclusion about these concepts that is often vexing or (worse) misunderstood by litigants and courts alike. 9
Legal Issues  A properly conducted examination of a hard drive is, at its root, a very black and white process of examining 1’s and 0’s. It is the multiple layers of interpretation of these 1’s and 0’s that must be subjected to careful legal scrutiny if a proper result is to be obtained.  The complicated nature of these interpretations, and the human frailties associated with such interpretations, are the grey area within which these cases can be won or lost. 10
Legal Issues  For example, images of a prohibited nature may be found to exist on a computer seized at a defendant’s home (we’ll call her Jane). Some litigants and courts may start from the proposition that material found on a computer was placed there by Jane. The danger with such a conclusion ignore the alternative explanations that may be just as, or more, likely, such as another person with access to the computer placed the material there.  This possibility is well known to those who litigate in this area. A computer regularly used by 12 different people is ripe for this explanation. However, computer forensic examinations will attempt to foreclose another physical person through the following means: 11
Legal Issues  Utilizing dates and times of access to the material to exclude other potential people, for instance when they couldn’t possibly have been physically in the home;  Determining if the material was accessed while the computer was logged into Jane’s user account, which may well have been password protected; or  The material was accessed at the same time as material specific to Jane, such as her work email or a project she was completing. 12
Legal Issues  These sorts of “exclusions” are merely propositions that may be very, or only partially, supported by the rest of the computer examination.  The reality is that much of the content accessed by computer users is not by request, but served out by internet web pages. In the 2010 case of R. v. G. the court considered whether this sort of unintentional and accidental downloading can explain the presence of prohibited material on a user’s computer. At trial, the judge had found: (at para. 22) 13
Legal Issues  [the] evidence that internet browsing can result in the inadvertent copying of images onto a hard drive is important. Anyone who has used the internet, perhaps to read the online version of a newspaper, will understand that the “page” that opens when one enters a website may be considerably larger than what is immediately visible to the user. That is, a web page may contain substantially more information, in the form of images and text, than what can be seen on the computer screen. To see everything, the user may have to scroll a considerable distance to the bottom of the page. 14
Legal Issues  The court in R. v. G. found the accused not guilty on all charges. This result, however, was built on the evidentiary foundation laid by cross examining the forensics expert. In R. v. C. the accused was convicted, and the court rejected the defence that had been successful in R. v. G., even mentioning the case: 15
Legal Issues  One of the grim realities of today’s internet is the constant threat of malware (viruses, trojans and worms, etc.). Malicious users scan the internet for poorly protected computers and focus attacks on them. Some web pages are exclusively set up to infect computers that access them, even if by accident or unintentionally. In July 2009, Google published a “Malware List” that identified 350,000 web pages that contained malicious software. This reality is often downplayed where the other side wishes to prove someone like Jane meant to download or access prohibited material. Courts have recognized these threats, and have even based findings on these threats. 16
Legal Issues  The law in this area demonstrates the difficulty with which legal principles are adapted to concepts of digital manipulation and storage. Often, cases turn on the facts that are successfully proven in the evidence stage; facts like how are files written to hard drives, and what types of “user” intervention are required to create them. Analogies about what people possess in their car, or their yard are illuminating, but often false or fallacious.  This summary only briefly considers a few of the multitude of legal issues involved in a computer forensics case. The law in this area is still coalescing, and few appellate level decisions are available. It is for this reason that the quality and type of evidence presented is even more decisive than in other types of litigation. Courts are looking for guidance on these issues, 17
Electronics Discovery  “What is the difference between electronic discovery and digital forensics?” There is often confusion between the disciplines of electronic discovery (eDiscovery) and digital forensics, but from a civil litigation perspective, the same rules apply to both. While both provide value in litigation, the differences are distinct. For starters, the pricing model is typically different. eDiscovery is often billed by the volume of data involved, and the digital forensics pricing model typically revolves around hourly rates. However, the most important difference between eDiscovery and digital forensics is who analyzes the information. 18
Electronics Discovery  Simply defined, eDiscovery is the process of identifying, preserving, collecting, processing, reviewing, and analyzing electronically stored information (ESI) in litigation. The digital forensics process involves identifying, preserving, collecting, analyzing, and reporting on digital information. As you can see, they are very similar until the crucial difference, the responsible party for analyzing the information. In an eDiscovery matter, the role of the expert is to provide the information to legal teams in a reviewable format for the analysis. However when leveraging digital forensics, the expert will perform the analysis of the information and report the findings to 19
Electronics Discovery  The party performing the analysis of the electronic information, in my opinion, is the primary differentiator between eDiscovery and digital forensics.  Since most of you are fluent in how to properly leverage eDiscovery, I will discuss additional information of interest that is provided by digital forensics: 20
Electronics Discovery  Determining timelines of computer activity  Determining electronic communications outside of conventional email  Recovering deleted information  Analyzing Internet usage  Analyzing social network usage  Applications installed and executed  Analyzing pictures and movies  Peripheral device usage (USB drives, printers, etc.) 21
Electronics Discovery  There are matters in which we find that the “hybrid approach” is most successful. In these instances, we work with legal teams to develop the strategy for the case and obtain as much information as possible. We then perform the forensic analysis of the computer activity and provide the electronic documents to legal teams for their review. In both instances, the context of the information is obviously very important. When working with digital forensic experts, the more information you provide us surrounding the litigation matter, the more value we will be to you. In digital forensic engagements, we typically ask for the complaint and any relevant depositions 22
Electronics Discovery  Once we have completed our review of the applicable sections, we schedule a meeting with the client to determine the objectives, discuss strategy, and ask questions. The goal of digital forensic experts is to meet the objectives outlined with the digital information available. I assure you the time investment made with your expert on the front end will pay dividends as the case progresses. 23
Electronics Discovery  In any eDiscovery matter, there is the opportunity that the need for digital forensics will arise. For example, you have received the document production, and the volume is a small fraction of what is expected. Your client provides information indicating that electronic information has been destroyed intentionally; you will now likely need digital forensics to determine if, when, and how the destruction occurred. For this reason, I always suggest choosing litigation support companies with a strong competency in both disciplines to maintain the momentum in your case. In addition, “interview” the potential experts ensuring a good fit for the case and working with your legal team. 24
Electronics Discovery  The terms “eDiscovery” and “digital forensics” are often used interchangeably, but there are clear differences. It is my opinion that the critical difference is the analysis of the information. In an eDiscovery engagement, the legal teams review and analyze the information. In digital forensics, the expert reviews the digital information and provides the findings in an expert report. Because experts can vary greatly in experience, capabilities, and communication skills, choose the right expert carefully. 25
Electronics Discovery  Types of electronically stored information In the process of electronic discovery, all types of data can serve as evidence. This can include electronic documents, such as text, images, audio, video, calendars, instant messages, cellphone data, databases, spreadsheets, animation, websites and computer programs. Email can be an especially valuable source of evidence in civil or criminal litigation because people are often less careful in these exchanges than in hard-copy correspondence, such as written memos and postal letters. 26
Electronics Discovery  How does the e-discovery process work? The process of discovery begins when a lawsuit appears imminent, up to when digital evidence is presented in court. Attorneys from both sides will determine the scope of e-discovery. The following is a simple description of the e-discovery process:  Identification. ESI is identified by attorneys. E- discovery requests and challenges are made.  Preservation. Data that is identified as potentially relevant is placed under legal hold so it cannot be destroyed. Failure to preserve data will lead to sanctions and fines if the lost data puts the defense at 27
Electronics Discovery  How does the e-discovery process work?  Collection. Data is transferred from a company to legal counsel. The legal counsel determines the data's relevance.  Processing. Files are loaded into a review platform. Data is usually converted into a PDF (Portable Document Format) or TIFF (Tag Image File Format) for court.  Review. The review process assesses documents for privilege and responsiveness to discovery requests.  Production. Documents are exchanged with opposing counsels. 28

Recommended

Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
CSCJournals
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime Investigation
Harshita Ved
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
JIEMS Akkalkuwa
 
Electronic Document Management And Discovery
Electronic Document Management And DiscoveryElectronic Document Management And Discovery
Electronic Document Management And Discovery
Ronald Coleman
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
BhagyasriPatel2
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_Intindolo
John Intindolo
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
ssuser2bf502
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
DaniyaHuzaifa
 

Recommended

Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
CSCJournals
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime Investigation
Harshita Ved
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
JIEMS Akkalkuwa
 
Electronic Document Management And Discovery
Electronic Document Management And DiscoveryElectronic Document Management And Discovery
Electronic Document Management And Discovery
Ronald Coleman
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
BhagyasriPatel2
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_Intindolo
John Intindolo
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
ssuser2bf502
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
DaniyaHuzaifa
 
286CHAPTER 14CyberlawCHAPTER 15International and.docx
286CHAPTER 14CyberlawCHAPTER 15International and.docx286CHAPTER 14CyberlawCHAPTER 15International and.docx
286CHAPTER 14CyberlawCHAPTER 15International and.docx
rhetttrevannion
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
prashant3535
 
Hhs en12 legalities_and_ethics
Hhs en12 legalities_and_ethicsHhs en12 legalities_and_ethics
Hhs en12 legalities_and_ethics
Shoaib Sheikh
 
Interplay of Digital Forensics in eDiscovery
Interplay of Digital Forensics in eDiscoveryInterplay of Digital Forensics in eDiscovery
Interplay of Digital Forensics in eDiscovery
CSCJournals
 
Journal of Criminal Law and CriminologyVolume 103 Issue .docx
Journal of Criminal Law and CriminologyVolume 103 Issue .docxJournal of Criminal Law and CriminologyVolume 103 Issue .docx
Journal of Criminal Law and CriminologyVolume 103 Issue .docx
tawnyataylor528
 
76 s201924
76 s20192476 s201924
76 s201924
IJRAT
 
Wearable Technology
Wearable TechnologyWearable Technology
Wearable Technology
Kim Arnott
 
The Sedona Canada Panel on Privacy and E-Discovery
The Sedona Canada Panel on Privacy and E-DiscoveryThe Sedona Canada Panel on Privacy and E-Discovery
The Sedona Canada Panel on Privacy and E-Discovery
Dan Michaluk
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
YashPatel132112
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic Evidences
BRNSSPublicationHubI
 
Legally Correct But Technologically Off the Mark - The Case of Arie Genger
Legally Correct But Technologically Off the Mark - The Case of Arie GengerLegally Correct But Technologically Off the Mark - The Case of Arie Genger
Legally Correct But Technologically Off the Mark - The Case of Arie Genger
Mark Hyde
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of Ghana
Mohammed Mahfouz Alhassan
 
2627 8105-1-pb
2627 8105-1-pb2627 8105-1-pb
2627 8105-1-pb
Mohammed Mahfouz Alhassan
 
Amcto presentation final
Amcto presentation finalAmcto presentation final
Amcto presentation final
Dan Michaluk
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Research
marciahofmann
 
Cyber Crimes.pdf
Cyber Crimes.pdfCyber Crimes.pdf
Cyber Crimes.pdf
SunilSaklani6
 
DOJ
DOJDOJ
DOJ
Andrei Bujaki
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and Encryption
Sean Whalen
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
Hitesh Mohapatra
 
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMSA SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
IJNSA Journal
 

More Related Content

Similar to 3170725_Unit-5.pptx

286CHAPTER 14CyberlawCHAPTER 15International and.docx
286CHAPTER 14CyberlawCHAPTER 15International and.docx286CHAPTER 14CyberlawCHAPTER 15International and.docx
286CHAPTER 14CyberlawCHAPTER 15International and.docx
rhetttrevannion
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
prashant3535
 
Hhs en12 legalities_and_ethics
Hhs en12 legalities_and_ethicsHhs en12 legalities_and_ethics
Hhs en12 legalities_and_ethics
Shoaib Sheikh
 
Interplay of Digital Forensics in eDiscovery
Interplay of Digital Forensics in eDiscoveryInterplay of Digital Forensics in eDiscovery
Interplay of Digital Forensics in eDiscovery
CSCJournals
 
Journal of Criminal Law and CriminologyVolume 103 Issue .docx
Journal of Criminal Law and CriminologyVolume 103 Issue .docxJournal of Criminal Law and CriminologyVolume 103 Issue .docx
Journal of Criminal Law and CriminologyVolume 103 Issue .docx
tawnyataylor528
 
76 s201924
76 s20192476 s201924
76 s201924
IJRAT
 
Wearable Technology
Wearable TechnologyWearable Technology
Wearable Technology
Kim Arnott
 
The Sedona Canada Panel on Privacy and E-Discovery
The Sedona Canada Panel on Privacy and E-DiscoveryThe Sedona Canada Panel on Privacy and E-Discovery
The Sedona Canada Panel on Privacy and E-Discovery
Dan Michaluk
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
YashPatel132112
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic Evidences
BRNSSPublicationHubI
 
Legally Correct But Technologically Off the Mark - The Case of Arie Genger
Legally Correct But Technologically Off the Mark - The Case of Arie GengerLegally Correct But Technologically Off the Mark - The Case of Arie Genger
Legally Correct But Technologically Off the Mark - The Case of Arie Genger
Mark Hyde
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of Ghana
Mohammed Mahfouz Alhassan
 
2627 8105-1-pb
2627 8105-1-pb2627 8105-1-pb
2627 8105-1-pb
Mohammed Mahfouz Alhassan
 
Amcto presentation final
Amcto presentation finalAmcto presentation final
Amcto presentation final
Dan Michaluk
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Research
marciahofmann
 
Cyber Crimes.pdf
Cyber Crimes.pdfCyber Crimes.pdf
Cyber Crimes.pdf
SunilSaklani6
 
DOJ
DOJDOJ
DOJ
Andrei Bujaki
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and Encryption
Sean Whalen
 

Similar to 3170725_Unit-5.pptx (20)

286CHAPTER 14CyberlawCHAPTER 15International and.docx
286CHAPTER 14CyberlawCHAPTER 15International and.docx286CHAPTER 14CyberlawCHAPTER 15International and.docx
286CHAPTER 14CyberlawCHAPTER 15International and.docx
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
Hhs en12 legalities_and_ethics
Hhs en12 legalities_and_ethicsHhs en12 legalities_and_ethics
Hhs en12 legalities_and_ethics
 
Interplay of Digital Forensics in eDiscovery
Interplay of Digital Forensics in eDiscoveryInterplay of Digital Forensics in eDiscovery
Interplay of Digital Forensics in eDiscovery
 
Journal of Criminal Law and CriminologyVolume 103 Issue .docx
Journal of Criminal Law and CriminologyVolume 103 Issue .docxJournal of Criminal Law and CriminologyVolume 103 Issue .docx
Journal of Criminal Law and CriminologyVolume 103 Issue .docx
 
76 s201924
76 s20192476 s201924
76 s201924
 
Wearable Technology
Wearable TechnologyWearable Technology
Wearable Technology
 
The Sedona Canada Panel on Privacy and E-Discovery
The Sedona Canada Panel on Privacy and E-DiscoveryThe Sedona Canada Panel on Privacy and E-Discovery
The Sedona Canada Panel on Privacy and E-Discovery
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
 
A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic Evidences
 
Legally Correct But Technologically Off the Mark - The Case of Arie Genger
Legally Correct But Technologically Off the Mark - The Case of Arie GengerLegally Correct But Technologically Off the Mark - The Case of Arie Genger
Legally Correct But Technologically Off the Mark - The Case of Arie Genger
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of Ghana
 
2627 8105-1-pb
2627 8105-1-pb2627 8105-1-pb
2627 8105-1-pb
 
Amcto presentation final
Amcto presentation finalAmcto presentation final
Amcto presentation final
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Research
 
Cyber Crimes.pdf
Cyber Crimes.pdfCyber Crimes.pdf
Cyber Crimes.pdf
 
DOJ
DOJDOJ
DOJ
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and Encryption
 

Recently uploaded

Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
Hitesh Mohapatra
 
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMSA SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
IJNSA Journal
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
IJECEIAES
 
Question paper of renewable energy sources
Question paper of renewable energy sourcesQuestion paper of renewable energy sources
Question paper of renewable energy sources
mahammadsalmanmech
 
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball playEric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
enizeyimana36
 
Properties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptxProperties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptx
MDSABBIROJJAMANPAYEL
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
nooriasukmaningtyas
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
ihlasbinance2003
 
Engine Lubrication performance System.pdf
Engine Lubrication performance System.pdfEngine Lubrication performance System.pdf
Engine Lubrication performance System.pdf
mamamaam477
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
NidhalKahouli2
 
Textile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdfTextile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdf
NazakatAliKhoso2
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
jpsjournal1
 
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
Yasser Mahgoub
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
Aditya Rajan Patra
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Christina Lin
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
Rahul
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
gerogepatton
 
The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.
sachin chaurasia
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
co23btech11018
 
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdfIron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
RadiNasr
 

Recently uploaded (20)

Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
 
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMSA SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
 
Question paper of renewable energy sources
Question paper of renewable energy sourcesQuestion paper of renewable energy sources
Question paper of renewable energy sources
 
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball playEric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
 
Properties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptxProperties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptx
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
 
Engine Lubrication performance System.pdf
Engine Lubrication performance System.pdfEngine Lubrication performance System.pdf
Engine Lubrication performance System.pdf
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
 
Textile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdfTextile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdf
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
 
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
 
The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
 
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdfIron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf
 

3170725_Unit-5.pptx

  • 1. Chapter 5:- LEGAL ASPECTS OF DIGITAL FORENSICS SUBJECT CODE: 3170725 Compiled By:- Akash Mehta
  • 2. Outline  Understanding of legal aspects and their impact on digital forensics  Electronics Discovery 2
  • 3. Understanding of legal aspects  Anyone overseeing network security must be aware of the legal implications of forensic activity. Security professionals need to consider their policy decisions and technical actions in the context of existing laws. For instance, you must have authorization before you monitor and collect information related to a computer intrusion.  There are also legal ramifications to using security monitoring tools. Digital Forensics is a relatively new discipline to the courts and many of the existing laws used to prosecute computer-related crimes, legal precedents, and practices related to digital forensics are in a state of flux. New court rulings are issued that 3
  • 4. Legal Issues  Forensics is defined as “the use of science and technology to investigate and establish facts in criminal or civil courts of law.” As a subcategory of this, computer forensics attempts to assist litigants in establishing (or refuting) facts by examining digital evidence. This can range from activity that took place on a computer or cell phone, to information that was passed along by someone, or interaction with prohibited or protected material on that computer. 4
  • 5. Legal Issues  The legal issues relevant to computer forensics are vast, and range from the qualification of experts, the reliability and accuracy of the forensic evidence that is being proffered, to the scope and result of an expert’s testimony. Here, we will focus on one of the most prominent legal issues in computer forensics: proof of possession of prohibited material.  Very often, a case has at its root an allegation that an individual or corporation had a certain piece of digital material on their computer. This may be photographs, videos, text documents, spreadsheets or other type of computer file. 5
  • 6. Legal Issues  Applying a common sense analysis to these situations can be problematic. Typically, when we find something located in someone’s personal space (e.g. their kitchen, their car, or their briefcase) we presume the person possessed the item. In reality, there is a wide scale of uncertainty of whether the person possessed the item. When things are found outside of a person’s direct possession (e.g. their pocket or hand) the law regarding possession is rooted in the two concepts of : 1.) Knowledge; 2.) Control 6
  • 7. Legal Issues  No one can possess something they don’t know about (the baseball thrown in their yard by a neighbour and covered with bushes) or that they do not control (the marijuana plant someone can see in their neighbour’s yard, yet over which they have no power).  Courts have affirmed the application of these principles to possession of material on computers 7
  • 8. Legal Issues  Section 4(3) of the Criminal Code contains a definition of possession. Section 4(3)(a)(ii) contains the relevant part of that definition for present purposes:  a person has anything in possession when he … knowingly (ii) has it in any place … for the use or benefit of himself or another person;  Possession requires knowledge of the criminal character of the item in issue. In this case, the Crown had to prove that the appellant had 8
  • 9. Legal Issues  Knowledge alone will not establish possession. The Crown must also prove that an accused with the requisite knowledge had a measure of control over the item in issue. Control refers to power or authority over the item whether exercised or not: R. v. Mohamad at paras. 60-61 (Ont. C.A.).  These central concepts are easily understood in simple “real world” examples about baseballs, cars and cocaine. However, it is the bridge between a computer forensic examination and a conclusion about these concepts that is often vexing or (worse) misunderstood by litigants and courts alike. 9
  • 10. Legal Issues  A properly conducted examination of a hard drive is, at its root, a very black and white process of examining 1’s and 0’s. It is the multiple layers of interpretation of these 1’s and 0’s that must be subjected to careful legal scrutiny if a proper result is to be obtained.  The complicated nature of these interpretations, and the human frailties associated with such interpretations, are the grey area within which these cases can be won or lost. 10
  • 11. Legal Issues  For example, images of a prohibited nature may be found to exist on a computer seized at a defendant’s home (we’ll call her Jane). Some litigants and courts may start from the proposition that material found on a computer was placed there by Jane. The danger with such a conclusion ignore the alternative explanations that may be just as, or more, likely, such as another person with access to the computer placed the material there.  This possibility is well known to those who litigate in this area. A computer regularly used by 12 different people is ripe for this explanation. However, computer forensic examinations will attempt to foreclose another physical person through the following means: 11
  • 12. Legal Issues  Utilizing dates and times of access to the material to exclude other potential people, for instance when they couldn’t possibly have been physically in the home;  Determining if the material was accessed while the computer was logged into Jane’s user account, which may well have been password protected; or  The material was accessed at the same time as material specific to Jane, such as her work email or a project she was completing. 12
  • 13. Legal Issues  These sorts of “exclusions” are merely propositions that may be very, or only partially, supported by the rest of the computer examination.  The reality is that much of the content accessed by computer users is not by request, but served out by internet web pages. In the 2010 case of R. v. G. the court considered whether this sort of unintentional and accidental downloading can explain the presence of prohibited material on a user’s computer. At trial, the judge had found: (at para. 22) 13
  • 14. Legal Issues  [the] evidence that internet browsing can result in the inadvertent copying of images onto a hard drive is important. Anyone who has used the internet, perhaps to read the online version of a newspaper, will understand that the “page” that opens when one enters a website may be considerably larger than what is immediately visible to the user. That is, a web page may contain substantially more information, in the form of images and text, than what can be seen on the computer screen. To see everything, the user may have to scroll a considerable distance to the bottom of the page. 14
  • 15. Legal Issues  The court in R. v. G. found the accused not guilty on all charges. This result, however, was built on the evidentiary foundation laid by cross examining the forensics expert. In R. v. C. the accused was convicted, and the court rejected the defence that had been successful in R. v. G., even mentioning the case: 15
  • 16. Legal Issues  One of the grim realities of today’s internet is the constant threat of malware (viruses, trojans and worms, etc.). Malicious users scan the internet for poorly protected computers and focus attacks on them. Some web pages are exclusively set up to infect computers that access them, even if by accident or unintentionally. In July 2009, Google published a “Malware List” that identified 350,000 web pages that contained malicious software. This reality is often downplayed where the other side wishes to prove someone like Jane meant to download or access prohibited material. Courts have recognized these threats, and have even based findings on these threats. 16
  • 17. Legal Issues  The law in this area demonstrates the difficulty with which legal principles are adapted to concepts of digital manipulation and storage. Often, cases turn on the facts that are successfully proven in the evidence stage; facts like how are files written to hard drives, and what types of “user” intervention are required to create them. Analogies about what people possess in their car, or their yard are illuminating, but often false or fallacious.  This summary only briefly considers a few of the multitude of legal issues involved in a computer forensics case. The law in this area is still coalescing, and few appellate level decisions are available. It is for this reason that the quality and type of evidence presented is even more decisive than in other types of litigation. Courts are looking for guidance on these issues, 17
  • 18. Electronics Discovery  “What is the difference between electronic discovery and digital forensics?” There is often confusion between the disciplines of electronic discovery (eDiscovery) and digital forensics, but from a civil litigation perspective, the same rules apply to both. While both provide value in litigation, the differences are distinct. For starters, the pricing model is typically different. eDiscovery is often billed by the volume of data involved, and the digital forensics pricing model typically revolves around hourly rates. However, the most important difference between eDiscovery and digital forensics is who analyzes the information. 18
  • 19. Electronics Discovery  Simply defined, eDiscovery is the process of identifying, preserving, collecting, processing, reviewing, and analyzing electronically stored information (ESI) in litigation. The digital forensics process involves identifying, preserving, collecting, analyzing, and reporting on digital information. As you can see, they are very similar until the crucial difference, the responsible party for analyzing the information. In an eDiscovery matter, the role of the expert is to provide the information to legal teams in a reviewable format for the analysis. However when leveraging digital forensics, the expert will perform the analysis of the information and report the findings to 19
  • 20. Electronics Discovery  The party performing the analysis of the electronic information, in my opinion, is the primary differentiator between eDiscovery and digital forensics.  Since most of you are fluent in how to properly leverage eDiscovery, I will discuss additional information of interest that is provided by digital forensics: 20
  • 21. Electronics Discovery  Determining timelines of computer activity  Determining electronic communications outside of conventional email  Recovering deleted information  Analyzing Internet usage  Analyzing social network usage  Applications installed and executed  Analyzing pictures and movies  Peripheral device usage (USB drives, printers, etc.) 21
  • 22. Electronics Discovery  There are matters in which we find that the “hybrid approach” is most successful. In these instances, we work with legal teams to develop the strategy for the case and obtain as much information as possible. We then perform the forensic analysis of the computer activity and provide the electronic documents to legal teams for their review. In both instances, the context of the information is obviously very important. When working with digital forensic experts, the more information you provide us surrounding the litigation matter, the more value we will be to you. In digital forensic engagements, we typically ask for the complaint and any relevant depositions 22
  • 23. Electronics Discovery  Once we have completed our review of the applicable sections, we schedule a meeting with the client to determine the objectives, discuss strategy, and ask questions. The goal of digital forensic experts is to meet the objectives outlined with the digital information available. I assure you the time investment made with your expert on the front end will pay dividends as the case progresses. 23
  • 24. Electronics Discovery  In any eDiscovery matter, there is the opportunity that the need for digital forensics will arise. For example, you have received the document production, and the volume is a small fraction of what is expected. Your client provides information indicating that electronic information has been destroyed intentionally; you will now likely need digital forensics to determine if, when, and how the destruction occurred. For this reason, I always suggest choosing litigation support companies with a strong competency in both disciplines to maintain the momentum in your case. In addition, “interview” the potential experts ensuring a good fit for the case and working with your legal team. 24
  • 25. Electronics Discovery  The terms “eDiscovery” and “digital forensics” are often used interchangeably, but there are clear differences. It is my opinion that the critical difference is the analysis of the information. In an eDiscovery engagement, the legal teams review and analyze the information. In digital forensics, the expert reviews the digital information and provides the findings in an expert report. Because experts can vary greatly in experience, capabilities, and communication skills, choose the right expert carefully. 25
  • 26. Electronics Discovery  Types of electronically stored information In the process of electronic discovery, all types of data can serve as evidence. This can include electronic documents, such as text, images, audio, video, calendars, instant messages, cellphone data, databases, spreadsheets, animation, websites and computer programs. Email can be an especially valuable source of evidence in civil or criminal litigation because people are often less careful in these exchanges than in hard-copy correspondence, such as written memos and postal letters. 26
  • 27. Electronics Discovery  How does the e-discovery process work? The process of discovery begins when a lawsuit appears imminent, up to when digital evidence is presented in court. Attorneys from both sides will determine the scope of e-discovery. The following is a simple description of the e-discovery process:  Identification. ESI is identified by attorneys. E- discovery requests and challenges are made.  Preservation. Data that is identified as potentially relevant is placed under legal hold so it cannot be destroyed. Failure to preserve data will lead to sanctions and fines if the lost data puts the defense at 27
  • 28. Electronics Discovery  How does the e-discovery process work?  Collection. Data is transferred from a company to legal counsel. The legal counsel determines the data's relevance.  Processing. Files are loaded into a review platform. Data is usually converted into a PDF (Portable Document Format) or TIFF (Tag Image File Format) for court.  Review. The review process assesses documents for privilege and responsiveness to discovery requests.  Production. Documents are exchanged with opposing counsels. 28