SAK 4801 SPECIAL TOPICS IN COMPUER SCIENCE II Chapter 2 Law and Computer Forensics Mohd Taufik Abdullah Department of Computer Science Faculty of Computer

SAK 4801 SPECIAL TOPICS IN COMPUER SCIENCE II Chapter 2 Law and Computer Forensics

Mohd Taufik AbdullahDepartment of Computer Science

Faculty of Computer Science and Information TechnologyUniversity Putra of Malaysia

Room No: 2.28

Portions of the material courtesy EC-Council

2 Chapter 2 Law and Computer Forensics SAK4801 Special Topics in Computer Science II

Learning ObjectivesAt the end of this chapter, you will be able to • Understand cyber law and computer

forensics• Reporting security breaches to law

enforcement• Building the cyber crime case• Initiate an investigation• Legal issues involved in seizure of computer

equipment• Understand privacy issues regarding

computer forensics


Chapter 2 Outline 2. Cyber Law and Computer Forensics

2.1. Cyber Law and Computer Forensics 2.2. Reporting Security Breaches to Law Enforcement 2.3. Federal Law (computer crimes) 2.4. Building cyber crime case 2.5. How the FBI Investigates Computer Crime 2.6. How to Initiate an Investigation 2.7. Legal Issues Involved in Seizure of Computer

Equipments 2.8. Privacy Issues Involved in Investigation 2.9. International Issues Related to Computer Forensics 2.10. Cyber Crime Investigation

2.1 Cyber Law and Computer Forensics


2.1.1 What Is Cyber Crime? Cyber Crime is

Crime directed against a computer Crime where the computer contains evidence Crime where the computer is used as a tool to

commit the crime “Any crime in which computer-related technology is

encountered.”


2.1.2 What is Computer Forensics? Discipline using predefined procedures to

thoroughly examine a computer system to extract the evidence

Objectives of a computer forensics investigator: To determine the nature and events concerning a

crime To locate the perpetrator by following a

structured investigative procedure Methodology:

Acquire Authenticate Analyze


2.1.3 Computer Facilitated Crimes Our dependency on computer has given way to new

criminal opportunities Computers are increasingly being used as a tool for

committing crimes Computer crimes are posing new challenges for

investigators due to the following reason Speed Anonymity Fleeting nature of evidence


2.1.3 Computer Facilitated Crimes (Cont.) Speed

The proliferation of PCs and Internet access has made the exchange of information quick and inexpensive

The use of easily available tools and the proliferation of underground hacking groups have made it easier to commit cyber crimes.

Anonymity The Internet allows anyone to hide his identity

while committing crimes E-mail spoofing, creating fake profiles, and

committing identity theft are common occurrences, and there is nothing to stop it, making investigation difficult.

Fleeting nature of evidence


2.1.3 Computer Facilitated Crimes (Cont.) Fleeting nature of evidence

The volatility or transient nature of evidence is causing problem for investigators, as there is no collateral or forensic evidence such as eyewitnesses, fingerprints or DNA, making these crimes much harder to prosecute.


2.1.4 Cyber Laws Came into existence as conventional laws were of

little use to sentence perpetrators Defines rules on what data is protected and what is

available Defines ownership of data and data storage devices Defines rules for digital certificates and

authentication algorithms


2.1.5 Approaches to Formulate Cyber Laws Formulation or extending laws by nations within

their boundaries Multi-lateral international agreements for Internet Establishing a standardized international body Guidelines and rules from the user end


2.1.5 Some Areas Addressed By Cyber Laws Computer crime

Intellectual property Searching and seizing computers Cyberstalking Data protection and privacy Telecommunications laws

2.2 Reporting Security Breaches to Law

Enforcement


2.2.1 In the USAType of crime Appropriate federal

investigative Law AgenciesComputer intrusion (i.e. hacking)Password trafficking

• FBI local office• U.S. Secret Service• Internet Fraud Complaint

CenterInternet fraud and SPAM

• FBI local office• U.S. Secret Service

(Financial Crimes Division)• Federal Trade Commission

(online complaint• Internet Fraud Complaint

CenterInternet harassment • FBI local office


2.2.1 In The USA (Cont.)Type of crime Appropriate federal

investigative Law AgenciesChild Pornography or Exploitation

• FBI local office• U.S. Customers and Border

Patrol Protection Local Office• Internet Fraud Complaint

Center

Copyright(Software, movie, sound recording) piracyTrademark counterfeiting

• FBI local office• If imported, U.S. Customs

and Border Patrol Protection Local Office

• Internet Fraud Complaint Center

Theft of trade secrets

• FBI local office


2.2.1 In The USA (Cont.)Type of crime Appropriate federal

investigative Law AgenciesTrafficking in explosive or incendiary devices or firearms over the Internet

• FBI local office• ATF local office

Copyright(Software, movie, sound recording) piracy

• FBI local office• If imported, U.S. Customs

and Border Patrol Protection Local Office

• Internet Fraud Complaint Center

Theft of trade secrets

• FBI local office


2.2.2 Investigative Agency in the USA Federal Bureau of Investigation (FBI)

Protect U.S. against terrorist, cyber based attacks and foreign intelligence operations and espionage

Acting as leading law enforcement bureau for investigating cyber attacks by foreign rivals and terrorist

Prevent criminals, sexual predators, and others target on malevolent destruction from accessing the Internet

National Infrastructure Protection Center (NIPC) For threat assessment, warning, investigation,

and response to threats or attacks against critical information infrastructure such banking, telecommunications, energy, water systems, government operations, and emergency service.


2.2.2 Investigative Agency in the USA (Cont.) National Infrastructure Protection Center (NIPC)

For threat assessment, warning, investigation, and response to threats or attacks against critical information infrastructure such banking, telecommunications, energy, water systems, government operations, and emergency service.

Developed the “InfraGard” iniative.

2.3 Federal Law (Computer Crimes)


2.3 Federal Law (Computer Crimes) To investigate computer-related crimes the FBI

uses the following statues: 18 U.S.C. 875: Interstate Communications:

Including Threats, Kidnapping, Ransom, Extortion 18 U.S.C. 1029: Fraud and related activity in

connection with access devices 18 U.S.C. 1030: Fraud and related activity in

connection with computers 18 U.S.C. 1343: Fraud by wire, radio or television 18 U.S.C. 1361: Injury to Government Property 18 U.S.C. 1362 Government communication

systems 18 U.S.C. 1831 Economic Espionage Act 18 U.S.C. 1832 Theft of Trade Secrets

2.4 Building Cyber crime case


2.4 Building Cyber Crime Case Identification of evidence Collecting and preserving digital evidence Factors that complicate prosecution Overcoming the obstacles.

2.5 How the FBI Investigates Computer

Crimes


2.5 How the FBI investigates Computer Crime FBI investigates incident when:

Federal criminal code violation occurs Federal violation factors validates

FBI uses: Various technical programs to address the

complexity Sophisticated methods for investigation. Specialized cyber squads for expert assistance

2.6 How to Initiate an Investigation


2.6 How to Initiate an Investigation Following points to be considered:

Reportable versus nonreportable Choice to go civil instead of criminal Acceptable-Use policy violations

EC-Council

2.7 Legal Issues Involved in Seizure of Computer

Equipments


2.7 Legal Issues Involved in Seizure of Computer Equipments Need for technical expertise

Limit seizure of hardware Impact of presence of privileged or protected

material in a computer system Stored electronic communication Consent of network system administrator


2.7.1 Seizure With a Warrant Law enforcement must establish "probable cause,

supported by Oath or affirmation” Description of place, thing or person is necessary Drafting of warrant should be in such a way that it

authorizes the agent to take necessary step Supporting affidavit should explain the possible

search strategies


2.7.2 Seizure Without a Warrant Search can be initiated without warrant if any one of

the following is there: Consent

Authority has given the consent voluntarily. Third party has given the consent. Implied consent.

Exigent circumstances Plain view Search incident to lawful arrest search strategies

2.8 Privacy Issues Involved in Investigation


2.8 Privacy Issues Involved in Investigations Reasonable Expectation of Privacy in Computers as

Storage Devices Reasonable Expectation of Privacy and Third-Party

Possession Private Searches Reasonable Expectation of Privacy in Public

Workplaces

2.9 International Issues Related to Computer

Forensics


2.9 International Issues Related to Computer Forensics Electronic evidence located outside the borders of

the country Seeking assistance from law enforcement

authorities in different country Preservation of evidence Consistency with all legal systems Allowance for the use of common language Applicability to all forensic evidence Applicability at every level

2.10 Cyber Crime Investigation


2.10 Cyber Crime Investigation Acquisition of the data from the system from which

the digital crime has been committed Identification of the digital evidence from the crime Evaluation and analysis of the evidence Presentation of the evidence to the court

Summary


Cyber crime has originated from the growing dependence on computers in modern life

Various Law Enforcement Agencies such as FBI,NIPC investigate computer facilitated crimes and help in tracking cyber criminals

Federal laws related to computer crime,cyberstalking, search and seizure of computer,intellectual property rights are discussed

Building a cyber crime case and initiating investigation are crucial areas

End of Chapter 2

Documents

SAK 4801 SPECIAL TOPICS IN COMPUER SCIENCE II Chapter 2 Law and Computer Forensics Mohd Taufik Abdullah Department of Computer Science Faculty of Computer