Upload
kristopher-melton
View
220
Download
1
Embed Size (px)
Citation preview
SAK 4801 SPECIAL TOPICS IN COMPUER SCIENCE II Chapter 2 Law and Computer Forensics
Mohd Taufik AbdullahDepartment of Computer Science
Faculty of Computer Science and Information TechnologyUniversity Putra of Malaysia
Room No: 2.28
Portions of the material courtesy EC-Council
2 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
Learning ObjectivesAt the end of this chapter, you will be able to • Understand cyber law and computer
forensics• Reporting security breaches to law
enforcement• Building the cyber crime case• Initiate an investigation• Legal issues involved in seizure of computer
equipment• Understand privacy issues regarding
computer forensics
3 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
Chapter 2 Outline 2. Cyber Law and Computer Forensics
2.1. Cyber Law and Computer Forensics 2.2. Reporting Security Breaches to Law Enforcement 2.3. Federal Law (computer crimes) 2.4. Building cyber crime case 2.5. How the FBI Investigates Computer Crime 2.6. How to Initiate an Investigation 2.7. Legal Issues Involved in Seizure of Computer
Equipments 2.8. Privacy Issues Involved in Investigation 2.9. International Issues Related to Computer Forensics 2.10. Cyber Crime Investigation
5 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.1.1 What Is Cyber Crime? Cyber Crime is
Crime directed against a computer Crime where the computer contains evidence Crime where the computer is used as a tool to
commit the crime “Any crime in which computer-related technology is
encountered.”
6 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.1.2 What is Computer Forensics? Discipline using predefined procedures to
thoroughly examine a computer system to extract the evidence
Objectives of a computer forensics investigator: To determine the nature and events concerning a
crime To locate the perpetrator by following a
structured investigative procedure Methodology:
Acquire Authenticate Analyze
7 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.1.3 Computer Facilitated Crimes Our dependency on computer has given way to new
criminal opportunities Computers are increasingly being used as a tool for
committing crimes Computer crimes are posing new challenges for
investigators due to the following reason Speed Anonymity Fleeting nature of evidence
8 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.1.3 Computer Facilitated Crimes (Cont.) Speed
The proliferation of PCs and Internet access has made the exchange of information quick and inexpensive
The use of easily available tools and the proliferation of underground hacking groups have made it easier to commit cyber crimes.
Anonymity The Internet allows anyone to hide his identity
while committing crimes E-mail spoofing, creating fake profiles, and
committing identity theft are common occurrences, and there is nothing to stop it, making investigation difficult.
Fleeting nature of evidence
9 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.1.3 Computer Facilitated Crimes (Cont.) Fleeting nature of evidence
The volatility or transient nature of evidence is causing problem for investigators, as there is no collateral or forensic evidence such as eyewitnesses, fingerprints or DNA, making these crimes much harder to prosecute.
10 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.1.4 Cyber Laws Came into existence as conventional laws were of
little use to sentence perpetrators Defines rules on what data is protected and what is
available Defines ownership of data and data storage devices Defines rules for digital certificates and
authentication algorithms
11 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.1.5 Approaches to Formulate Cyber Laws Formulation or extending laws by nations within
their boundaries Multi-lateral international agreements for Internet Establishing a standardized international body Guidelines and rules from the user end
12 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.1.5 Some Areas Addressed By Cyber Laws Computer crime
Intellectual property Searching and seizing computers Cyberstalking Data protection and privacy Telecommunications laws
14 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.2.1 In the USAType of crime Appropriate federal
investigative Law AgenciesComputer intrusion (i.e. hacking)Password trafficking
• FBI local office• U.S. Secret Service• Internet Fraud Complaint
CenterInternet fraud and SPAM
• FBI local office• U.S. Secret Service
(Financial Crimes Division)• Federal Trade Commission
(online complaint• Internet Fraud Complaint
CenterInternet harassment • FBI local office
15 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.2.1 In The USA (Cont.)Type of crime Appropriate federal
investigative Law AgenciesChild Pornography or Exploitation
• FBI local office• U.S. Customers and Border
Patrol Protection Local Office• Internet Fraud Complaint
Center
Copyright(Software, movie, sound recording) piracyTrademark counterfeiting
• FBI local office• If imported, U.S. Customs
and Border Patrol Protection Local Office
• Internet Fraud Complaint Center
Theft of trade secrets
• FBI local office
16 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.2.1 In The USA (Cont.)Type of crime Appropriate federal
investigative Law AgenciesTrafficking in explosive or incendiary devices or firearms over the Internet
• FBI local office• ATF local office
Copyright(Software, movie, sound recording) piracy
• FBI local office• If imported, U.S. Customs
and Border Patrol Protection Local Office
• Internet Fraud Complaint Center
Theft of trade secrets
• FBI local office
17 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.2.2 Investigative Agency in the USA Federal Bureau of Investigation (FBI)
Protect U.S. against terrorist, cyber based attacks and foreign intelligence operations and espionage
Acting as leading law enforcement bureau for investigating cyber attacks by foreign rivals and terrorist
Prevent criminals, sexual predators, and others target on malevolent destruction from accessing the Internet
National Infrastructure Protection Center (NIPC) For threat assessment, warning, investigation,
and response to threats or attacks against critical information infrastructure such banking, telecommunications, energy, water systems, government operations, and emergency service.
18 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.2.2 Investigative Agency in the USA (Cont.) National Infrastructure Protection Center (NIPC)
For threat assessment, warning, investigation, and response to threats or attacks against critical information infrastructure such banking, telecommunications, energy, water systems, government operations, and emergency service.
Developed the “InfraGard” iniative.
20 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.3 Federal Law (Computer Crimes) To investigate computer-related crimes the FBI
uses the following statues: 18 U.S.C. 875: Interstate Communications:
Including Threats, Kidnapping, Ransom, Extortion 18 U.S.C. 1029: Fraud and related activity in
connection with access devices 18 U.S.C. 1030: Fraud and related activity in
connection with computers 18 U.S.C. 1343: Fraud by wire, radio or television 18 U.S.C. 1361: Injury to Government Property 18 U.S.C. 1362 Government communication
systems 18 U.S.C. 1831 Economic Espionage Act 18 U.S.C. 1832 Theft of Trade Secrets
22 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.4 Building Cyber Crime Case Identification of evidence Collecting and preserving digital evidence Factors that complicate prosecution Overcoming the obstacles.
24 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.5 How the FBI investigates Computer Crime FBI investigates incident when:
Federal criminal code violation occurs Federal violation factors validates
FBI uses: Various technical programs to address the
complexity Sophisticated methods for investigation. Specialized cyber squads for expert assistance
26 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.6 How to Initiate an Investigation Following points to be considered:
Reportable versus nonreportable Choice to go civil instead of criminal Acceptable-Use policy violations
EC-Council
28 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.7 Legal Issues Involved in Seizure of Computer Equipments Need for technical expertise
Limit seizure of hardware Impact of presence of privileged or protected
material in a computer system Stored electronic communication Consent of network system administrator
29 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.7.1 Seizure With a Warrant Law enforcement must establish "probable cause,
supported by Oath or affirmation” Description of place, thing or person is necessary Drafting of warrant should be in such a way that it
authorizes the agent to take necessary step Supporting affidavit should explain the possible
search strategies
30 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.7.2 Seizure Without a Warrant Search can be initiated without warrant if any one of
the following is there: Consent
Authority has given the consent voluntarily. Third party has given the consent. Implied consent.
Exigent circumstances Plain view Search incident to lawful arrest search strategies
32 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.8 Privacy Issues Involved in Investigations Reasonable Expectation of Privacy in Computers as
Storage Devices Reasonable Expectation of Privacy and Third-Party
Possession Private Searches Reasonable Expectation of Privacy in Public
Workplaces
34 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.9 International Issues Related to Computer Forensics Electronic evidence located outside the borders of
the country Seeking assistance from law enforcement
authorities in different country Preservation of evidence Consistency with all legal systems Allowance for the use of common language Applicability to all forensic evidence Applicability at every level
36 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
2.10 Cyber Crime Investigation Acquisition of the data from the system from which
the digital crime has been committed Identification of the digital evidence from the crime Evaluation and analysis of the evidence Presentation of the evidence to the court
38 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II
Cyber crime has originated from the growing dependence on computers in modern life
Various Law Enforcement Agencies such as FBI,NIPC investigate computer facilitated crimes and help in tracking cyber criminals
Federal laws related to computer crime,cyberstalking, search and seizure of computer,intellectual property rights are discussed
Building a cyber crime case and initiating investigation are crucial areas