Online , profile picture
Uploaded byOnline
615 views

Building a cybercrime case

The document discusses cybercrime and building a cybercrime case. It defines different types of cyber crimes including data crimes like data interception and theft, and network crimes like network interference and sabotage. It explains the three bodies of law relevant to cybercrime cases - criminal law which deals with punishments, civil law which deals with disputes between individuals, and administrative law which governs government agencies. It then outlines the key steps in incident handling for cybersecurity incidents - preparation, identification, containment, eradication, recovery, and lessons learned. Finally, it discusses the importance of properly managing digital evidence collected during an investigation.

Embed presentation

© FISE Building A Cybercrime Case
Introduction • The growing danger from crimes committed against computers, or against information on computers, is beginning to claim attention in national capitals. In most countries around the world, however, existing laws are likely to be unenforceable against such crimes. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from those who would steal, deny access to, or destroy valuable information.
Types of Cyber Crimes: Data crimes. • Data Interception: Interception of data in transmission. • Data Modification: Alteration, destruction, or erasing of data. • Data Theft: Taking or copying data, regardless of whether it is protected by other laws, e.g., copyright, privacy, etc.
Types of Cyber Crimes: Network crimes • Network Interference: Impeding or preventing access for others. The most common example of this action is instigating • a distributed denial of service (DDOS) attack, flooding Web sites or Internet Service Providers. DDOS attacks are often launched from numerous computers that have been hacked to obey commands of the perpetrator. • Network Sabotage: Modification or destruction of a network or system.
Types of Cyber Crimes: Related crimes. • Aiding and Abetting: Enabling the commission of a cyber crime. • Computer-Related Forgery: Alteration of data with intent to represent as authentic. • Computer-Related Fraud: Alteration of data with intent to derive economic benefit from its misrepresentation.
Bodies Of Law THREE bodies of law : (1) Criminal law, or penal law • Is the body of rules with the potential for severe impositions as punishment for failure to comply. Criminal punishment, depending on the offense and jurisdiction, may include execution, loss of liberty, government supervision (parole or probation), or fines.
Bodies Of Law • There are some archetypal (example) crimes, like murder, but the acts that are forbidden are not wholly consistent between different criminal codes, and even within a particular code lines may be blurred as civil infractions may give rise also to criminal consequences. Criminal law typically is enforced by the government, unlike the civil law, which may be enforced by private parties.
Bodies Of Law (2) Civil law • As opposed to criminal law, is the branch of law dealing with disputes between individuals and/or organizations, in which compensation may be awarded to the victim. For instance, if a car crash victim claims damages against the driver for loss or injury sustained in an accident, this will be a civil law case.
Bodies Of Law (3) Administrative law • Is the body of law that governs the activities of administrative agencies of government. Government agency action can include rulemaking, adjudication, or the enforcement of a specific regulatory agenda. Administrative law is considered a branch of public law.
Bodies Of Law • As a body of law, administrative law deals with the decision- making of administrative units of government (e.g., tribunals, boards or commissions) that are part of a national regulatory scheme in such areas as police law, international trade, manufacturing, the environment, taxation, broadcasting, immigration and transport. Administrative law expanded greatly during the twentieth century, as legislative bodies worldwide created more government agencies to regulate the increasingly complex social, economic and political spheres of human interaction.
Security Incident: The attempted or successful unauthorized access, use disclosure, modification, or destruction of information or interference with system operations in an information system
Examples • Bombings, explosions, fire, flood, storm, power outage, hardware/software failure • Cyber-theft, identity-theft, intellectual property theft, regular theft (involving information), virus, worm, network intrusions, unauthorized use, denial of service, etc } Contingency Plan } Incident response
Goals • Provide an effective and efficient means of dealing with the situation • in a manner that reduces the potential impact to the organization. • Provide management with sufficient information in order to decide on • an appropriate course of action. • Maintain or restore business continuity. • Defend against future attacks. • Deter attacks through investigation and prosecution.
Incident Handling Steps • Preparation • Identification • Containment • Eradication • Recovery • Lessons learned
Incident Handling Steps • Preparation - The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly. • Identification - The response team is activated to decide whether a particular event is, in fact, a security incident. The team will tracks Internet security activity and has the most current information on viruses and worms. • Containment - The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.
Incident Handling Steps • Eradication - The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed. • Recovery - Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence. • Lessons learned - The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.
Why Need Structure Handling • Structure/Organization – Dealing with incidents can be chaotic – Simultaneous incidents occur – Having a predefined methodology lends structure to the chaos • Efficiency – Time is often of the essence when dealing with incidents – Incidents can be costly both financially and organizationally • Process oriented approach – Breaks incidents into small manageable chunks – Logical order of dealing with issues – Includes methods for improving the overall process
Why Need Structure Handling • Dealing with the unexpected – Provides a mental framework for dealing with incidents in general – Promotes flexible thinking to deal with novel situations • Legal Considerations – Can demonstrate due care or due diligence – May limit liability – May reduce insurance premiums
Evidence Management • During an incident, evidence may be collected during any of the 6 steps. • In early stages we may not know what the final outcome might be (e.g., Job Termination, Civil or Criminal Litigation). • Network/Computer Forensics may become an issue • Must collect data in a “Forensically Friendly” manner • Must maintain the chain of custody • Important to understand the evidence lifecycle
Forensics • Computer Forensics: The study of computer technology as it relates to the law. • Forensic Analysis: Examination of material and/or data to determine its essential features and their relationship in an effort to discover evidence in a manner that is admissible in a court of law; post- mortem examination.
Forensics • Electronic Evidence: Evidence relating to the issue that consists of computer files, or data, in their electronic state. • Electronic Media Discovery: The discoverability of electronic data or files.
Forensics • Chain of Custody: A means of accountability, that shows who obtained the evidence, where and when the evidence was obtained, who secured the evidence, who had control or possession of the evidence. • Rules of Evidence: Evidence must be competent, relevant, and material to the issue.
Evidence Life Cycle • Collection & identification • Storage, preservation, and • transportation • Presentation in court • Return to victim or court
Case Study: MALAYSIAN CYBERLAWS AND THEIR IMPLE

More Related Content

PPT
Lesson 1
byMLG College of Learning, Inc
 
PPT
Lesson 2
byMLG College of Learning, Inc
 
PPTX
Implications of acts in organizations
bySwarupa Rani Sahu
 
PDF
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
byBrowne Jacobson LLP
 
KEY
Chapter 10, part 1
bymisecho
 
KEY
Mis
bymisecho
 
PPTX
Topic 3 Current Legislation.pptx
byAmandaWeaver21
 
PDF
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
byARMA International
 
Lesson 1
byMLG College of Learning, Inc
 
Lesson 2
byMLG College of Learning, Inc
 
Implications of acts in organizations
bySwarupa Rani Sahu
 
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
byBrowne Jacobson LLP
 
Chapter 10, part 1
bymisecho
 
Mis
bymisecho
 
Topic 3 Current Legislation.pptx
byAmandaWeaver21
 
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
byARMA International
 

What's hot

PPT
Lesson 2
byMLG College of Learning, Inc
 
PDF
Aprio cybersecurity and board information
byAprio
 
PPTX
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
byGovernment Technology and Services Coalition
 
PPT
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
byLisa Abe-Oldenburg, B.Comm., JD.
 
PPSX
Otieno antony rethinking internet shutdown
byOtieno Antony
 
PPT
Lesson 4
byMLG College of Learning, Inc
 
PPT
Lesson 1 - Technical Controls
byMLG College of Learning, Inc
 
PDF
What Financial Institution Cyber Regs Tell the Infrastructure Sector
byCBIZ, Inc.
 
PPTX
cyber security notes
bySHIKHAJAIN163
 
PPT
Lesson 1
byMLG College of Learning, Inc
 
PDF
Mbs r35 b
bySelectedPresentations
 
PPT
Lesson 2
byMLG College of Learning, Inc
 
PPTX
DLP: Monitoring Legal Obligations, Managing The Challenges
byNapier University
 
PPT
Ch14
byRoxanne2006
 
PPTX
Data Loss: Derelication of Duties?
byNapier University
 
PPTX
2.5 safety and security of data in ict systems 13 12-11
bymrmwood
 
KEY
Mis
bymisecho
 
PPTX
One hour cyber july 2013
byDan Michaluk
 
PPTX
Secuntialesse
byAnne Starr
 
Lesson 2
byMLG College of Learning, Inc
 
Aprio cybersecurity and board information
byAprio
 
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
byGovernment Technology and Services Coalition
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
byLisa Abe-Oldenburg, B.Comm., JD.
 
Otieno antony rethinking internet shutdown
byOtieno Antony
 
Lesson 4
byMLG College of Learning, Inc
 
Lesson 1 - Technical Controls
byMLG College of Learning, Inc
 
What Financial Institution Cyber Regs Tell the Infrastructure Sector
byCBIZ, Inc.
 
cyber security notes
bySHIKHAJAIN163
 
Lesson 1
byMLG College of Learning, Inc
 
Mbs r35 b
bySelectedPresentations
 
Lesson 2
byMLG College of Learning, Inc
 
DLP: Monitoring Legal Obligations, Managing The Challenges
byNapier University
 
Ch14
byRoxanne2006
 
Data Loss: Derelication of Duties?
byNapier University
 
2.5 safety and security of data in ict systems 13 12-11
bymrmwood
 
Mis
bymisecho
 
One hour cyber july 2013
byDan Michaluk
 
Secuntialesse
byAnne Starr
 

Similar to Building a cybercrime case

PDF
cyber forensics-incident response methodology.pdf
bymcjaya2024
 
PDF
cyber forensics incident response methodology.pdf
bymcjaya2024
 
PDF
Incident response methodology
byPiyush Jain
 
PDF
IRM scm-incident response methodology.pdf
bymcjaya2024
 
PPT
SITA LAB PPT (XYBER CRIME)
byAsish Verma
 
PPT
164199724-Introduction-To-Digital-Forensics-ppt.ppt
byharshbj1801
 
PDF
Cybercrimeandforensic 120828021931-phpapp02
byGol D Roger
 
PPT
Cyber crime and forensic
bySANTANU KUMAR DAS
 
PPT
4482LawEthics.ppt
byLAXMIPRASANNA565999
 
PPT
Cyber Forensics.ppt
byHODCSEKncet
 
PPT
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
byCristian Driga
 
PPTX
Module 2_ Cyber offenses & Cybercrimes(Updated).pptx
byplacementstwc
 
PPTX
FCL-Introduction.pptx
byaratibhavsar
 
PDF
Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...
byFecomercioSP
 
PPT
cyber forensics - TYPES OF CYBER FORENSICS.ppt
bymcjaya2024
 
PPT
4482LawEthics.pptwhich you should learns
byfillformadarsh
 
PPT
4482LawEthics 3333333333333333333333333333333333333333333333333...
bybahawalofficial218
 
PPT
Law & Ethics.pptx - B.COM [Business Law]
bykaibinni5
 
PPT
4482 Law Ethics for Every Steps in Life and Business.ppt
byAlifahadHussain
 
PDF
Digital Crime & Forensics - Presentation
byprashant3535
 
cyber forensics-incident response methodology.pdf
bymcjaya2024
 
cyber forensics incident response methodology.pdf
bymcjaya2024
 
Incident response methodology
byPiyush Jain
 
IRM scm-incident response methodology.pdf
bymcjaya2024
 
SITA LAB PPT (XYBER CRIME)
byAsish Verma
 
164199724-Introduction-To-Digital-Forensics-ppt.ppt
byharshbj1801
 
Cybercrimeandforensic 120828021931-phpapp02
byGol D Roger
 
Cyber crime and forensic
bySANTANU KUMAR DAS
 
4482LawEthics.ppt
byLAXMIPRASANNA565999
 
Cyber Forensics.ppt
byHODCSEKncet
 
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
byCristian Driga
 
Module 2_ Cyber offenses & Cybercrimes(Updated).pptx
byplacementstwc
 
FCL-Introduction.pptx
byaratibhavsar
 
Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...
byFecomercioSP
 
cyber forensics - TYPES OF CYBER FORENSICS.ppt
bymcjaya2024
 
4482LawEthics.pptwhich you should learns
byfillformadarsh
 
4482LawEthics 3333333333333333333333333333333333333333333333333...
bybahawalofficial218
 
Law & Ethics.pptx - B.COM [Business Law]
bykaibinni5
 
4482 Law Ethics for Every Steps in Life and Business.ppt
byAlifahadHussain
 
Digital Crime & Forensics - Presentation
byprashant3535
 

More from Online

PPT
Philosophy of early childhood education 3
byOnline
 
PPT
Philosophy of early childhood education 2
byOnline
 
PPT
Philosophy of early childhood education 1
byOnline
 
PPT
Philosophy of early childhood education 4
byOnline
 
PPT
Operation and expression in c++
byOnline
 
PPT
Functions
byOnline
 
PPT
Formatted input and output
byOnline
 
PPT
Control structures selection
byOnline
 
PPT
Control structures repetition
byOnline
 
PPT
Introduction to problem solving in c++
byOnline
 
PPT
Optical transmission technique
byOnline
 
PPT
Multi protocol label switching (mpls)
byOnline
 
PPT
Lan technologies
byOnline
 
PPT
Introduction to internet technology
byOnline
 
PPT
Internet standard routing protocols
byOnline
 
PPT
Internet protocol
byOnline
 
PPT
Application protocols
byOnline
 
PPT
Addressing
byOnline
 
PPT
Transport protocols
byOnline
 
PPT
Leadership
byOnline
 
Philosophy of early childhood education 3
byOnline
 
Philosophy of early childhood education 2
byOnline
 
Philosophy of early childhood education 1
byOnline
 
Philosophy of early childhood education 4
byOnline
 
Operation and expression in c++
byOnline
 
Functions
byOnline
 
Formatted input and output
byOnline
 
Control structures selection
byOnline
 
Control structures repetition
byOnline
 
Introduction to problem solving in c++
byOnline
 
Optical transmission technique
byOnline
 
Multi protocol label switching (mpls)
byOnline
 
Lan technologies
byOnline
 
Introduction to internet technology
byOnline
 
Internet standard routing protocols
byOnline
 
Internet protocol
byOnline
 
Application protocols
byOnline
 
Addressing
byOnline
 
Transport protocols
byOnline
 
Leadership
byOnline
 

Recently uploaded

PPTX
Surface tension is the force acting per unit lenth of thec surface
bysavithakps95
 
PPTX
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
PPTX
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
PPT
Card repertory , Boger card , Kishore card
byDr Dhwanika Dhagat
 
PDF
Intellectual Property Rights II Types (IPR)
byAmit Gangwal
 
PPTX
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
PDF
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PDF
3-ACES-Hyderabad-Vs-Municipal-Corporation-Hyderabad-on-2-Sep-1994.pdf
byssuser9d8e4e
 
PPTX
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
PPTX
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
PDF
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
PPTX
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
PDF
BP801T BIOSTATISITCS AND RESEARCH METHODOLOGY (Theory) Unit 2 Part 1
byRushi Mandali
 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
PDF
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
PDF
Intellectual Property Rights I Types (IPR)
byAmit Gangwal
 
PPTX
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
 
PDF
BP809ET COSMETIC SCIENCE (Theory) Unit 1
byRushi Mandali
 
PDF
Intellectual Property Rights III Types (IPR)
byAmit Gangwal
 
Surface tension is the force acting per unit lenth of thec surface
bysavithakps95
 
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
Card repertory , Boger card , Kishore card
byDr Dhwanika Dhagat
 
Intellectual Property Rights II Types (IPR)
byAmit Gangwal
 
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
3-ACES-Hyderabad-Vs-Municipal-Corporation-Hyderabad-on-2-Sep-1994.pdf
byssuser9d8e4e
 
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
BP801T BIOSTATISITCS AND RESEARCH METHODOLOGY (Theory) Unit 2 Part 1
byRushi Mandali
 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
Intellectual Property Rights I Types (IPR)
byAmit Gangwal
 
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
 
BP809ET COSMETIC SCIENCE (Theory) Unit 1
byRushi Mandali
 
Intellectual Property Rights III Types (IPR)
byAmit Gangwal
 

Building a cybercrime case

  • 1.
    © FISE Building ACybercrime Case
  • 2.
    Introduction • The growingdanger from crimes committed against computers, or against information on computers, is beginning to claim attention in national capitals. In most countries around the world, however, existing laws are likely to be unenforceable against such crimes. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from those who would steal, deny access to, or destroy valuable information.
  • 3.
    Types of CyberCrimes: Data crimes. • Data Interception: Interception of data in transmission. • Data Modification: Alteration, destruction, or erasing of data. • Data Theft: Taking or copying data, regardless of whether it is protected by other laws, e.g., copyright, privacy, etc.
  • 4.
    Types of CyberCrimes: Network crimes • Network Interference: Impeding or preventing access for others. The most common example of this action is instigating • a distributed denial of service (DDOS) attack, flooding Web sites or Internet Service Providers. DDOS attacks are often launched from numerous computers that have been hacked to obey commands of the perpetrator. • Network Sabotage: Modification or destruction of a network or system.
  • 5.
    Types of CyberCrimes: Related crimes. • Aiding and Abetting: Enabling the commission of a cyber crime. • Computer-Related Forgery: Alteration of data with intent to represent as authentic. • Computer-Related Fraud: Alteration of data with intent to derive economic benefit from its misrepresentation.
  • 6.
    Bodies Of Law THREEbodies of law : (1) Criminal law, or penal law • Is the body of rules with the potential for severe impositions as punishment for failure to comply. Criminal punishment, depending on the offense and jurisdiction, may include execution, loss of liberty, government supervision (parole or probation), or fines.
  • 7.
    Bodies Of Law •There are some archetypal (example) crimes, like murder, but the acts that are forbidden are not wholly consistent between different criminal codes, and even within a particular code lines may be blurred as civil infractions may give rise also to criminal consequences. Criminal law typically is enforced by the government, unlike the civil law, which may be enforced by private parties.
  • 8.
    Bodies Of Law (2)Civil law • As opposed to criminal law, is the branch of law dealing with disputes between individuals and/or organizations, in which compensation may be awarded to the victim. For instance, if a car crash victim claims damages against the driver for loss or injury sustained in an accident, this will be a civil law case.
  • 9.
    Bodies Of Law (3)Administrative law • Is the body of law that governs the activities of administrative agencies of government. Government agency action can include rulemaking, adjudication, or the enforcement of a specific regulatory agenda. Administrative law is considered a branch of public law.
  • 10.
    Bodies Of Law •As a body of law, administrative law deals with the decision- making of administrative units of government (e.g., tribunals, boards or commissions) that are part of a national regulatory scheme in such areas as police law, international trade, manufacturing, the environment, taxation, broadcasting, immigration and transport. Administrative law expanded greatly during the twentieth century, as legislative bodies worldwide created more government agencies to regulate the increasingly complex social, economic and political spheres of human interaction.
  • 11.
    Security Incident: The attemptedor successful unauthorized access, use disclosure, modification, or destruction of information or interference with system operations in an information system
  • 12.
    Examples • Bombings, explosions,fire, flood, storm, power outage, hardware/software failure • Cyber-theft, identity-theft, intellectual property theft, regular theft (involving information), virus, worm, network intrusions, unauthorized use, denial of service, etc } Contingency Plan } Incident response
  • 16.
    Goals • Provide aneffective and efficient means of dealing with the situation • in a manner that reduces the potential impact to the organization. • Provide management with sufficient information in order to decide on • an appropriate course of action. • Maintain or restore business continuity. • Defend against future attacks. • Deter attacks through investigation and prosecution.
  • 17.
    Incident Handling Steps •Preparation • Identification • Containment • Eradication • Recovery • Lessons learned
  • 18.
    Incident Handling Steps •Preparation - The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly. • Identification - The response team is activated to decide whether a particular event is, in fact, a security incident. The team will tracks Internet security activity and has the most current information on viruses and worms. • Containment - The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.
  • 19.
    Incident Handling Steps •Eradication - The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed. • Recovery - Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence. • Lessons learned - The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.
  • 20.
    Why Need StructureHandling • Structure/Organization – Dealing with incidents can be chaotic – Simultaneous incidents occur – Having a predefined methodology lends structure to the chaos • Efficiency – Time is often of the essence when dealing with incidents – Incidents can be costly both financially and organizationally • Process oriented approach – Breaks incidents into small manageable chunks – Logical order of dealing with issues – Includes methods for improving the overall process
  • 21.
    Why Need StructureHandling • Dealing with the unexpected – Provides a mental framework for dealing with incidents in general – Promotes flexible thinking to deal with novel situations • Legal Considerations – Can demonstrate due care or due diligence – May limit liability – May reduce insurance premiums
  • 22.
    Evidence Management • Duringan incident, evidence may be collected during any of the 6 steps. • In early stages we may not know what the final outcome might be (e.g., Job Termination, Civil or Criminal Litigation). • Network/Computer Forensics may become an issue • Must collect data in a “Forensically Friendly” manner • Must maintain the chain of custody • Important to understand the evidence lifecycle
  • 23.
    Forensics • Computer Forensics:The study of computer technology as it relates to the law. • Forensic Analysis: Examination of material and/or data to determine its essential features and their relationship in an effort to discover evidence in a manner that is admissible in a court of law; post- mortem examination.
  • 24.
    Forensics • Electronic Evidence: Evidencerelating to the issue that consists of computer files, or data, in their electronic state. • Electronic Media Discovery: The discoverability of electronic data or files.
  • 25.
    Forensics • Chain ofCustody: A means of accountability, that shows who obtained the evidence, where and when the evidence was obtained, who secured the evidence, who had control or possession of the evidence. • Rules of Evidence: Evidence must be competent, relevant, and material to the issue.
  • 26.
    Evidence Life Cycle •Collection & identification • Storage, preservation, and • transportation • Presentation in court • Return to victim or court
  • 27.