SlideShare a Scribd company logo

Berkeley College Cyber CrimeLecture Notes Chapter 11Searching .docx

Download as DOCX, PDF
A
AASTHA76

Berkeley College Cyber Crime Lecture Notes Chapter 11 Searching and Seizing Computer-Related Evidence I. TRADITIONAL PROBLEMS WITH FINDING DIGITAL EVIDENCE Unlike traditional investigations in which forensic experts are tasked with analysis of criminal evidence, computer-related investigations often require role multiplicity on the part of investigators. Computer crime investigators are often forced to act as case supervisors, investigators, crime-scene technicians, and forensic scientists. Such duality is further exacerbated by characteristics unique to digital evidence. · Digital evidence is especially volatile and voluminous, susceptible to climatic or environmental factors as well as human error. · It may be vulnerable to power surges, electro- magnetic fields, or extreme temperatures. · Unlike traditional evidence in which analysis of small samples is utilized to preserve the totality of the evidence, assessment of digital evidence requires evaluation of the whole, making investigative mistakes quite costly. · Digital evidence is also unique in its level of camouflage possibilities, lending itself to concealment by individuals desiring to hide information. Cyber criminals may hide incriminating evidence in plain sight without damaging its utility. · Cyber criminals also use encryption and steganography programs which has made the process of recovering data increasingly complex. · Cyber criminals use self-destructive programs to sabotage their own systems upon unauthorized access. II. PRE-SEARCH ACTIVITIES a. Intelligence gathering: determine location, size, type, and numbers of computers at a suspect scene. Dumpster diving: processing trash of suspect may provide information of passwords or personal information on the suspect. Social engineering and informants: gain information about suspects and personnel at the scene, types of computers and storage devices as well as operating systems. b. Warrant preparation and application: 1. Determine the role of the computer in the crime. 2. Specifications of operating systems, storage devices and hardware. 3. Structure the application according to the unique court environments in the area of service. Find a judge that supports law enforcement versus one that doesn’t. 4. Have the application reviewed by other specialists, computer investigators and legal experts, before submitting to the judge or magistrate. 5. Clearly substantiate any requests for seizure of equipment found at the scene. 6. If exigent circumstances exist, a request for a “no-knock” warrant should be included in the application. c. Probable cause: three elements are necessary in warrant. 1. Probable cause that a crime has been committed. 2. Probable cause that evidence of a crime exists. 3. Probable cause that extant evidence resides in a particular location. d. Preparing a Toolkit: include all traditional equipment law enforcement uses plus computer specific equipment and materials (some listed below): 1. ...

Education
1 of 6
Berkeley College Cyber Crime Lecture Notes Chapter 11 Searching and Seizing Computer-Related Evidence I. TRADITIONAL PROBLEMS WITH FINDING DIGITAL EVIDENCE Unlike traditional investigations in which forensic experts are tasked with analysis of criminal evidence, computer-related investigations often require role multiplicity on the part of investigators. Computer crime investigators are often forced to act as case supervisors, investigators, crime-scene technicians, and forensic scientists. Such duality is further exacerbated by characteristics unique to digital evidence. · Digital evidence is especially volatile and voluminous, susceptible to climatic or environmental factors as well as human error. · It may be vulnerable to power surges, electro- magnetic fields, or extreme temperatures. · Unlike traditional evidence in which analysis of small samples is utilized to preserve the totality of the evidence, assessment of digital evidence requires evaluation of the whole, making investigative mistakes quite costly. · Digital evidence is also unique in its level of camouflage possibilities, lending itself to concealment by individuals desiring to hide information. Cyber criminals may hide incriminating evidence in plain sight without damaging its utility. · Cyber criminals also use encryption and steganography programs which has made the process of recovering data increasingly complex. · Cyber criminals use self-destructive programs to sabotage their own systems upon unauthorized access.
II. PRE-SEARCH ACTIVITIES a. Intelligence gathering: determine location, size, type, and numbers of computers at a suspect scene. Dumpster diving: processing trash of suspect may provide information of passwords or personal information on the suspect. Social engineering and informants: gain information about suspects and personnel at the scene, types of computers and storage devices as well as operating systems. b. Warrant preparation and application: 1. Determine the role of the computer in the crime. 2. Specifications of operating systems, storage devices and hardware. 3. Structure the application according to the unique court environments in the area of service. Find a judge that supports law enforcement versus one that doesn’t. 4. Have the application reviewed by other specialists, computer investigators and legal experts, before submitting to the judge or magistrate. 5. Clearly substantiate any requests for seizure of equipment found at the scene. 6. If exigent circumstances exist, a request for a “no-knock” warrant should be included in the application. c. Probable cause: three elements are necessary in warrant.
1. Probable cause that a crime has been committed. 2. Probable cause that evidence of a crime exists. 3. Probable cause that extant evidence resides in a particular location. d. Preparing a Toolkit: include all traditional equipment law enforcement uses plus computer specific equipment and materials (some listed below): 1. Multiple boot disks 2. Backup hardware 3. Antivirus software 4. Imaging software 5. Forensic software 6. Extra cables, serial port connectors 7. Extension cords and power strips 8. Cell phone analysis software and necessary hardware III. On-Scene Activities a. Securing the crime scene: one of the most important, yet overlooked, factors in the successful prosecution of a suspect. 1. Dangerous individuals or safety hazards immediately recognized and contained or neutralized. 2. All computers must be locked and secured. They are to be protected by a police officer. 3. All non-police personnel must be removed from the immediate area of the evidence.
4. Network connections must be ascertained and appropriate action taken. 5. All suspects should be immediately separated and escorted to a predetermined location. b. Crime scene processing: 1. Photograph/Video: The golden rule for any successful criminal investigation should be document, document, document. Photographs and videos are an integral part of the documentation process, and they should occur at every stage of scene processing. 2. Sketching: Sketching a crime scene is essential in any criminal investigation. It provides an overview of the state of the scene and acts as corroboration for investigative field notes and scene photographs. Because extraneous objects may be omitted from crime-scene sketches and not from photographs, sketches represent a more focused illustration of the applicable evidence. 3. Locating evidence: focus on the general areas below: a. Desktops b. Monitors c. Keyboards d. Telephone e. Wallets or purses f. Clothing g. Trash cans, Shredders, Recycle bins or other garbage containers h. Printers
i. Inside the computer c. Seizure and transportation of evidence: 1. Whenever possible, each individual investigator or team of investigators should physically maintain in their possession a copy of the warrant. 2. Once the determination is made that evidence may be seized, and the collection process should be initiated with the imaging (i.e., duplicated byte for byte, bit for bit) of drives onto clean media 3. Bagging and tagging: Like any scientific evidence, great care must be exercised when collecting and preserving crime-scene evidence. The chain of custody and continuity of possession must be maintained at all times for court admissibility. Investigators should adhere to standard operating procedures for custodial evidence collection—keeping in mind that routinization enhances witness credibility and evidence validity. Although policies and procedures vary by department, certain things remain constant. Special care and caution should be exercised in preserving computer evidence. The materials may be affected by numerous environmental factors including heat, magnetic fields, static electricity as well as oil, dirt and dust. 4. Transportation to Laboratory: a. Once the evidence has been properly collected and loaded into appropriate vehicles for transportation, investigators should follow traditional procedures for exiting a crime scene (e.g., physically securing the scene and removal of recovery equipment). b. Prior to leaving, investigators should re-photograph the crime scene.
c. Upon arrival at the lab, shipping manifests should be checked over carefully, and all items should be properly accounted for. In addition, investigators should note the condition of the boxes upon unloading. These manifests should remain with the evidence at all times. d. Once accounted for, all incoming evidence should be entered into the appropriate evidence control systems and assigned to a location or examiner to await analysis. Homework Questions-Chapter 11 1. Describe the traditional problems associated with finding digital evidence. 2. Discuss the areas noted in the lecture notes relative to securing the crime scene in computer-related investigations. 3. Discuss the handling of seized evidence prior to transportation to the laboratory. 4. Discuss crime scene processing for computer-related crimes.

Recommended

Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...FORnSECSolutions
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsBest Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsFORnSECSolutions
 
Digital Forensics Assignment One UEL and Unicaf
Digital Forensics Assignment One UEL and UnicafDigital Forensics Assignment One UEL and Unicaf
Digital Forensics Assignment One UEL and UnicafDamaineFranklinMScBE
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
Ethical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsEthical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsShanaAneevan
 
Computer Forensics (1).pptx
Computer Forensics (1).pptxComputer Forensics (1).pptx
Computer Forensics (1).pptxGautam708801
 
CS426_forensics.ppt
CS426_forensics.pptCS426_forensics.ppt
CS426_forensics.pptFaiz430036
 
Review on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptxReview on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptxVaishnaviBorse8
 

Recommended

Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...FORnSECSolutions
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsBest Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsFORnSECSolutions
 
Digital Forensics Assignment One UEL and Unicaf
Digital Forensics Assignment One UEL and UnicafDigital Forensics Assignment One UEL and Unicaf
Digital Forensics Assignment One UEL and UnicafDamaineFranklinMScBE
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
Ethical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsEthical Hacking And Computer Forensics
Ethical Hacking And Computer ForensicsShanaAneevan
 
Computer Forensics (1).pptx
Computer Forensics (1).pptxComputer Forensics (1).pptx
Computer Forensics (1).pptxGautam708801
 
CS426_forensics.ppt
CS426_forensics.pptCS426_forensics.ppt
CS426_forensics.pptFaiz430036
 
Review on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptxReview on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptxVaishnaviBorse8
 
CRIM-INVEST-PROTOCOLS.pptx
CRIM-INVEST-PROTOCOLS.pptxCRIM-INVEST-PROTOCOLS.pptx
CRIM-INVEST-PROTOCOLS.pptxCDT3CSandayan
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptxHappyness Mkumbo
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsAnyck Turgeon, CFE/GRCP/CEFI/CCIP/C|CISO/CBA
 
Lab 1 Bag & Tag (cyber forensics)
Lab 1 Bag & Tag (cyber forensics)Lab 1 Bag & Tag (cyber forensics)
Lab 1 Bag & Tag (cyber forensics)MUSAAB HASAN
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditingSweta Kumari Barnwal
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptxBhagyasriPatel2
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptxYashPatel132112
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensicDINESH KAMBLE
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime sceneApplied Forensic Research Sciences
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Chap 2 computer forensics investigation
Chap 2 computer forensics investigationChap 2 computer forensics investigation
Chap 2 computer forensics investigationMalobe Lottin Cyrille Marcel
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
(APA 6th Edition Formatting and St.docx
(APA 6th Edition Formatting and St.docx(APA 6th Edition Formatting and St.docx
(APA 6th Edition Formatting and St.docxAASTHA76
 
(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docx
(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docx(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docx
(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docxAASTHA76
 

More Related Content

Similar to Berkeley College Cyber CrimeLecture Notes Chapter 11Searching .docx

CRIM-INVEST-PROTOCOLS.pptx
CRIM-INVEST-PROTOCOLS.pptxCRIM-INVEST-PROTOCOLS.pptx
CRIM-INVEST-PROTOCOLS.pptxCDT3CSandayan
 
Lab 1 Bag & Tag (cyber forensics)
Lab 1 Bag & Tag (cyber forensics)Lab 1 Bag & Tag (cyber forensics)
Lab 1 Bag & Tag (cyber forensics)MUSAAB HASAN
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 

Similar to Berkeley College Cyber CrimeLecture Notes Chapter 11Searching .docx (20)

CRIM-INVEST-PROTOCOLS.pptx
CRIM-INVEST-PROTOCOLS.pptxCRIM-INVEST-PROTOCOLS.pptx
CRIM-INVEST-PROTOCOLS.pptx
 
Computer Forensics.pptx
Computer Forensics.pptxComputer Forensics.pptx
Computer Forensics.pptx
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 
Lab 1 Bag & Tag (cyber forensics)
Lab 1 Bag & Tag (cyber forensics)Lab 1 Bag & Tag (cyber forensics)
Lab 1 Bag & Tag (cyber forensics)
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
3170725_Unit-1.pptx
3170725_Unit-1.pptx3170725_Unit-1.pptx
3170725_Unit-1.pptx
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime scene
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Chap 2 computer forensics investigation
Chap 2 computer forensics investigationChap 2 computer forensics investigation
Chap 2 computer forensics investigation
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 

More from AASTHA76

(APA 6th Edition Formatting and St.docx
(APA 6th Edition Formatting and St.docx(APA 6th Edition Formatting and St.docx
(APA 6th Edition Formatting and St.docxAASTHA76
 
(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docx
(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docx(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docx
(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docxAASTHA76
 
(Glossary of Telemedicine and eHealth)· Teleconsultation Cons.docx
(Glossary of Telemedicine and eHealth)· Teleconsultation Cons.docx(Glossary of Telemedicine and eHealth)· Teleconsultation Cons.docx
(Glossary of Telemedicine and eHealth)· Teleconsultation Cons.docxAASTHA76
 
(Assmt 1; Week 3 paper) Using ecree Doing the paper and s.docx
(Assmt 1; Week 3 paper) Using ecree Doing the paper and s.docx(Assmt 1; Week 3 paper) Using ecree Doing the paper and s.docx
(Assmt 1; Week 3 paper) Using ecree Doing the paper and s.docxAASTHA76
 
(Image retrieved at httpswww.google.comsearchhl=en&biw=122.docx
(Image retrieved at httpswww.google.comsearchhl=en&biw=122.docx(Image retrieved at httpswww.google.comsearchhl=en&biw=122.docx
(Image retrieved at httpswww.google.comsearchhl=en&biw=122.docxAASTHA76
 
(Dis) Placing Culture and Cultural Space Chapter 4.docx
(Dis) Placing Culture and Cultural Space Chapter 4.docx(Dis) Placing Culture and Cultural Space Chapter 4.docx
(Dis) Placing Culture and Cultural Space Chapter 4.docxAASTHA76
 
(1) Define the time value of money.  Do you believe that the ave.docx
(1) Define the time value of money.  Do you believe that the ave.docx(1) Define the time value of money.  Do you believe that the ave.docx
(1) Define the time value of money.  Do you believe that the ave.docxAASTHA76
 
(chapter taken from Learning Power)From Social Class and t.docx
(chapter taken from Learning Power)From Social Class and t.docx(chapter taken from Learning Power)From Social Class and t.docx
(chapter taken from Learning Power)From Social Class and t.docxAASTHA76
 
(Accessible at httpswww.hatchforgood.orgexplore102nonpro.docx
(Accessible at httpswww.hatchforgood.orgexplore102nonpro.docx(Accessible at httpswww.hatchforgood.orgexplore102nonpro.docx
(Accessible at httpswww.hatchforgood.orgexplore102nonpro.docxAASTHA76
 
(a) The current ratio of a company is 61 and its acid-test ratio .docx
(a) The current ratio of a company is 61 and its acid-test ratio .docx(a) The current ratio of a company is 61 and its acid-test ratio .docx
(a) The current ratio of a company is 61 and its acid-test ratio .docxAASTHA76
 
(1) How does quantum cryptography eliminate the problem of eaves.docx
(1) How does quantum cryptography eliminate the problem of eaves.docx(1) How does quantum cryptography eliminate the problem of eaves.docx
(1) How does quantum cryptography eliminate the problem of eaves.docxAASTHA76
 
#transformation10EventTrendsfor 201910 Event.docx
#transformation10EventTrendsfor 201910 Event.docx#transformation10EventTrendsfor 201910 Event.docx
#transformation10EventTrendsfor 201910 Event.docxAASTHA76
 
$10 now and $10 when complete Use resources from the required .docx
$10 now and $10 when complete Use resources from the required .docx$10 now and $10 when complete Use resources from the required .docx
$10 now and $10 when complete Use resources from the required .docxAASTHA76
 
#MicroXplorer Configuration settings - do not modifyFile.Versio.docx
#MicroXplorer Configuration settings - do not modifyFile.Versio.docx#MicroXplorer Configuration settings - do not modifyFile.Versio.docx
#MicroXplorer Configuration settings - do not modifyFile.Versio.docxAASTHA76
 
#include string.h#include stdlib.h#include systypes.h.docx
#include string.h#include stdlib.h#include systypes.h.docx#include string.h#include stdlib.h#include systypes.h.docx
#include string.h#include stdlib.h#include systypes.h.docxAASTHA76
 
$ stated in thousands)Net Assets, Controlling Interest.docx
$ stated in thousands)Net Assets, Controlling Interest.docx$ stated in thousands)Net Assets, Controlling Interest.docx
$ stated in thousands)Net Assets, Controlling Interest.docxAASTHA76
 
#include stdio.h#include stdlib.h#include pthread.h#in.docx
#include stdio.h#include stdlib.h#include pthread.h#in.docx#include stdio.h#include stdlib.h#include pthread.h#in.docx
#include stdio.h#include stdlib.h#include pthread.h#in.docxAASTHA76
 
#include customer.h#include heap.h#include iostream.docx
#include customer.h#include heap.h#include iostream.docx#include customer.h#include heap.h#include iostream.docx
#include customer.h#include heap.h#include iostream.docxAASTHA76
 
#Assessment BriefDiploma of Business Eco.docx
#Assessment BriefDiploma of Business Eco.docx#Assessment BriefDiploma of Business Eco.docx
#Assessment BriefDiploma of Business Eco.docxAASTHA76
 
#include stdio.h#include stdint.h#include stdbool.h.docx
#include stdio.h#include stdint.h#include stdbool.h.docx#include stdio.h#include stdint.h#include stdbool.h.docx
#include stdio.h#include stdint.h#include stdbool.h.docxAASTHA76
 

More from AASTHA76 (20)

(APA 6th Edition Formatting and St.docx
(APA 6th Edition Formatting and St.docx(APA 6th Edition Formatting and St.docx
(APA 6th Edition Formatting and St.docx
 
(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docx
(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docx(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docx
(a) Thrasymachus’ (the sophist’s) definition of Justice or Right o.docx
 
(Glossary of Telemedicine and eHealth)· Teleconsultation Cons.docx
(Glossary of Telemedicine and eHealth)· Teleconsultation Cons.docx(Glossary of Telemedicine and eHealth)· Teleconsultation Cons.docx
(Glossary of Telemedicine and eHealth)· Teleconsultation Cons.docx
 
(Assmt 1; Week 3 paper) Using ecree Doing the paper and s.docx
(Assmt 1; Week 3 paper) Using ecree Doing the paper and s.docx(Assmt 1; Week 3 paper) Using ecree Doing the paper and s.docx
(Assmt 1; Week 3 paper) Using ecree Doing the paper and s.docx
 
(Image retrieved at httpswww.google.comsearchhl=en&biw=122.docx
(Image retrieved at httpswww.google.comsearchhl=en&biw=122.docx(Image retrieved at httpswww.google.comsearchhl=en&biw=122.docx
(Image retrieved at httpswww.google.comsearchhl=en&biw=122.docx
 
(Dis) Placing Culture and Cultural Space Chapter 4.docx
(Dis) Placing Culture and Cultural Space Chapter 4.docx(Dis) Placing Culture and Cultural Space Chapter 4.docx
(Dis) Placing Culture and Cultural Space Chapter 4.docx
 
(1) Define the time value of money.  Do you believe that the ave.docx
(1) Define the time value of money.  Do you believe that the ave.docx(1) Define the time value of money.  Do you believe that the ave.docx
(1) Define the time value of money.  Do you believe that the ave.docx
 
(chapter taken from Learning Power)From Social Class and t.docx
(chapter taken from Learning Power)From Social Class and t.docx(chapter taken from Learning Power)From Social Class and t.docx
(chapter taken from Learning Power)From Social Class and t.docx
 
(Accessible at httpswww.hatchforgood.orgexplore102nonpro.docx
(Accessible at httpswww.hatchforgood.orgexplore102nonpro.docx(Accessible at httpswww.hatchforgood.orgexplore102nonpro.docx
(Accessible at httpswww.hatchforgood.orgexplore102nonpro.docx
 
(a) The current ratio of a company is 61 and its acid-test ratio .docx
(a) The current ratio of a company is 61 and its acid-test ratio .docx(a) The current ratio of a company is 61 and its acid-test ratio .docx
(a) The current ratio of a company is 61 and its acid-test ratio .docx
 
(1) How does quantum cryptography eliminate the problem of eaves.docx
(1) How does quantum cryptography eliminate the problem of eaves.docx(1) How does quantum cryptography eliminate the problem of eaves.docx
(1) How does quantum cryptography eliminate the problem of eaves.docx
 
#transformation10EventTrendsfor 201910 Event.docx
#transformation10EventTrendsfor 201910 Event.docx#transformation10EventTrendsfor 201910 Event.docx
#transformation10EventTrendsfor 201910 Event.docx
 
$10 now and $10 when complete Use resources from the required .docx
$10 now and $10 when complete Use resources from the required .docx$10 now and $10 when complete Use resources from the required .docx
$10 now and $10 when complete Use resources from the required .docx
 
#MicroXplorer Configuration settings - do not modifyFile.Versio.docx
#MicroXplorer Configuration settings - do not modifyFile.Versio.docx#MicroXplorer Configuration settings - do not modifyFile.Versio.docx
#MicroXplorer Configuration settings - do not modifyFile.Versio.docx
 
#include string.h#include stdlib.h#include systypes.h.docx
#include string.h#include stdlib.h#include systypes.h.docx#include string.h#include stdlib.h#include systypes.h.docx
#include string.h#include stdlib.h#include systypes.h.docx
 
$ stated in thousands)Net Assets, Controlling Interest.docx
$ stated in thousands)Net Assets, Controlling Interest.docx$ stated in thousands)Net Assets, Controlling Interest.docx
$ stated in thousands)Net Assets, Controlling Interest.docx
 
#include stdio.h#include stdlib.h#include pthread.h#in.docx
#include stdio.h#include stdlib.h#include pthread.h#in.docx#include stdio.h#include stdlib.h#include pthread.h#in.docx
#include stdio.h#include stdlib.h#include pthread.h#in.docx
 
#include customer.h#include heap.h#include iostream.docx
#include customer.h#include heap.h#include iostream.docx#include customer.h#include heap.h#include iostream.docx
#include customer.h#include heap.h#include iostream.docx
 
#Assessment BriefDiploma of Business Eco.docx
#Assessment BriefDiploma of Business Eco.docx#Assessment BriefDiploma of Business Eco.docx
#Assessment BriefDiploma of Business Eco.docx
 
#include stdio.h#include stdint.h#include stdbool.h.docx
#include stdio.h#include stdint.h#include stdbool.h.docx#include stdio.h#include stdint.h#include stdbool.h.docx
#include stdio.h#include stdint.h#include stdbool.h.docx
 

Recently uploaded

Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 

Recently uploaded (20)

Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 

Berkeley College Cyber CrimeLecture Notes Chapter 11Searching .docx

  • 1. Berkeley College Cyber Crime Lecture Notes Chapter 11 Searching and Seizing Computer-Related Evidence I. TRADITIONAL PROBLEMS WITH FINDING DIGITAL EVIDENCE Unlike traditional investigations in which forensic experts are tasked with analysis of criminal evidence, computer-related investigations often require role multiplicity on the part of investigators. Computer crime investigators are often forced to act as case supervisors, investigators, crime-scene technicians, and forensic scientists. Such duality is further exacerbated by characteristics unique to digital evidence. · Digital evidence is especially volatile and voluminous, susceptible to climatic or environmental factors as well as human error. · It may be vulnerable to power surges, electro- magnetic fields, or extreme temperatures. · Unlike traditional evidence in which analysis of small samples is utilized to preserve the totality of the evidence, assessment of digital evidence requires evaluation of the whole, making investigative mistakes quite costly. · Digital evidence is also unique in its level of camouflage possibilities, lending itself to concealment by individuals desiring to hide information. Cyber criminals may hide incriminating evidence in plain sight without damaging its utility. · Cyber criminals also use encryption and steganography programs which has made the process of recovering data increasingly complex. · Cyber criminals use self-destructive programs to sabotage their own systems upon unauthorized access.
  • 2. II. PRE-SEARCH ACTIVITIES a. Intelligence gathering: determine location, size, type, and numbers of computers at a suspect scene. Dumpster diving: processing trash of suspect may provide information of passwords or personal information on the suspect. Social engineering and informants: gain information about suspects and personnel at the scene, types of computers and storage devices as well as operating systems. b. Warrant preparation and application: 1. Determine the role of the computer in the crime. 2. Specifications of operating systems, storage devices and hardware. 3. Structure the application according to the unique court environments in the area of service. Find a judge that supports law enforcement versus one that doesn’t. 4. Have the application reviewed by other specialists, computer investigators and legal experts, before submitting to the judge or magistrate. 5. Clearly substantiate any requests for seizure of equipment found at the scene. 6. If exigent circumstances exist, a request for a “no-knock” warrant should be included in the application. c. Probable cause: three elements are necessary in warrant.
  • 3. 1. Probable cause that a crime has been committed. 2. Probable cause that evidence of a crime exists. 3. Probable cause that extant evidence resides in a particular location. d. Preparing a Toolkit: include all traditional equipment law enforcement uses plus computer specific equipment and materials (some listed below): 1. Multiple boot disks 2. Backup hardware 3. Antivirus software 4. Imaging software 5. Forensic software 6. Extra cables, serial port connectors 7. Extension cords and power strips 8. Cell phone analysis software and necessary hardware III. On-Scene Activities a. Securing the crime scene: one of the most important, yet overlooked, factors in the successful prosecution of a suspect. 1. Dangerous individuals or safety hazards immediately recognized and contained or neutralized. 2. All computers must be locked and secured. They are to be protected by a police officer. 3. All non-police personnel must be removed from the immediate area of the evidence.
  • 4. 4. Network connections must be ascertained and appropriate action taken. 5. All suspects should be immediately separated and escorted to a predetermined location. b. Crime scene processing: 1. Photograph/Video: The golden rule for any successful criminal investigation should be document, document, document. Photographs and videos are an integral part of the documentation process, and they should occur at every stage of scene processing. 2. Sketching: Sketching a crime scene is essential in any criminal investigation. It provides an overview of the state of the scene and acts as corroboration for investigative field notes and scene photographs. Because extraneous objects may be omitted from crime-scene sketches and not from photographs, sketches represent a more focused illustration of the applicable evidence. 3. Locating evidence: focus on the general areas below: a. Desktops b. Monitors c. Keyboards d. Telephone e. Wallets or purses f. Clothing g. Trash cans, Shredders, Recycle bins or other garbage containers h. Printers
  • 5. i. Inside the computer c. Seizure and transportation of evidence: 1. Whenever possible, each individual investigator or team of investigators should physically maintain in their possession a copy of the warrant. 2. Once the determination is made that evidence may be seized, and the collection process should be initiated with the imaging (i.e., duplicated byte for byte, bit for bit) of drives onto clean media 3. Bagging and tagging: Like any scientific evidence, great care must be exercised when collecting and preserving crime-scene evidence. The chain of custody and continuity of possession must be maintained at all times for court admissibility. Investigators should adhere to standard operating procedures for custodial evidence collection—keeping in mind that routinization enhances witness credibility and evidence validity. Although policies and procedures vary by department, certain things remain constant. Special care and caution should be exercised in preserving computer evidence. The materials may be affected by numerous environmental factors including heat, magnetic fields, static electricity as well as oil, dirt and dust. 4. Transportation to Laboratory: a. Once the evidence has been properly collected and loaded into appropriate vehicles for transportation, investigators should follow traditional procedures for exiting a crime scene (e.g., physically securing the scene and removal of recovery equipment). b. Prior to leaving, investigators should re-photograph the crime scene.
  • 6. c. Upon arrival at the lab, shipping manifests should be checked over carefully, and all items should be properly accounted for. In addition, investigators should note the condition of the boxes upon unloading. These manifests should remain with the evidence at all times. d. Once accounted for, all incoming evidence should be entered into the appropriate evidence control systems and assigned to a location or examiner to await analysis. Homework Questions-Chapter 11 1. Describe the traditional problems associated with finding digital evidence. 2. Discuss the areas noted in the lecture notes relative to securing the crime scene in computer-related investigations. 3. Discuss the handling of seized evidence prior to transportation to the laboratory. 4. Discuss crime scene processing for computer-related crimes.