Chapter 14
Chapter 14—Cyber Crimes
Introduction—Objectives
1. Discuss typical uses for the Internet.
2. Differentiate among the three general categories of cyber crime.
3. Discuss the process of investigating and processing various types of computer evidence.
4. Distinguish among the four types of computer evidence presented at court.
5. Identify various types of evidence that can be collected at a cyber crime scene and its forensic value.
6. Discuss the importance of the various tools available to cyber crime investigators/experts.
7. Explain the importance of the expert witness in cyber crimes.
8. Examine how cyber evidence is documented.
9. Discuss concerns associated with the future of cyber crimes.
Introduction—Vocabulary
← clone—a copy made in the same type of media
← computer forensics—the specialized practice of identifying, preserving, extracting, documenting, and interpreting electronic data that can be used as evidence
← content spyware—software that is used to allow a hacker to access all the activity on an individual’s personal/business computer
← cyber-terrorism—hacking into a company’s internal networking system for the purpose of demonstrating or protesting a political agenda
← hacking—intentionally entering an unauthorized network system
← Internet forensics—uses the same analysis techniques as computer forensics except the emphasis is placed on the Internet as a whole
← malware—software designed to provide unauthorized access to a computer system
← phishing—illegally gathering personal information
← Trojan horse—software designed with the intention to harm a computer or the information therein
← worm—self-replicating malware program that spreads through a computer system by sending copies of itself to networked computers
It Takes a Hacker
← Kevin Mitnick, computer hacker, evaded detection until he hacked Shimomura’s computer
← Tsutomu Shimomura, a computer engineer, helped the FBI catch the elusive hacker
Monitoring posts track Mitnick’s activities
Trail led to Raleigh, NC
Driving the streets to pick up signature signals
← Mitnick is the first convicted of gaining access to an interstate computer for criminal purposes
Introduction (Obj 14.1)
← Computer forensics—is the systematic identification, preservation, extraction, documentation, and analysis of electronic data that could potentially be used as evidence in court
← Internet forensics—similar to computer forensics but with an emphasis on the Internet as a whole
Identity Theft
← A criminal can obtain personal information by:
Searching trash for sensitive papers that are not shredded
Phishing—defrauding a victim by sending e-mails that look real and asking for information
Spyware programs that reside on a victim’s computer and collect sensitive information
Types of Cyber Crime (Obj 14.2)
Computer integrity crimes
Computer-assisted crimes
Computer content crimes
1 – Computer Integrity Crimes
← Crimes that involve illegal access to data on a computer or network
← Hacking—intentionally entering an unauthorized computer or network
Hacker1—someone entering with criminal intent
Hacker2—someone who is hired to legitimately test the vulnerability of a security system
← Cyber-terrorism—hacking into a network for protesting a political agenda
Hacker Computer Code
Computer Integrity Crimes
← Social Engineering—establishing trust with key inside people with the intent of determining possible passwords
← Malware—software designed to provide unauthorized access to a computer
Trojan horse—appears legitimate, but
Worm—self-replicating malware that spreads to other computers and networks
← Content spyware—allows a hacker to access all the activity on an individual’s computer
2 – Computer-Assisted Crimes
The Virtual Bank Robbery
The Virtual Sting
The Virtual Scam
3 – Computer Content Crimes
← Posting illegal content on the Internet
Sexually explicit materials
Child pornography
Hateful or aggressive speech or text related to race and extreme politics
Distribution of information about making and using drugs and weapons
Sites for organizations to do harm
Distasteful emails, chat rooms, and blogs
Investigation and Prosecuting
(Obj 14.3, 14.4, 14.5, 14.6, 14.7, 14.8)
← Forensic value of collectable evidence
← Preserving the Evidence
Chain of custody
Turn off or pull the plug?
When and how to turn a computer on
← Analyzing the Evidence
Cloning—creating an exact copy of the hard drive, bit by bit
Use the hard drive copy for analysis
Difficult to find the pertinent data
Software programs sort and index computer evidence
Trace Evidence
← In computer forensics, trace evidence is essentially hidden evidence in deleted files.
← A computer’s hard drive is made up of sectors, chunks of memory to store files and data. The sectors consist of clusters, smaller segments of memory.
How Slack Space is Created
Recovering Metadata
Forensic Tools
← When deciding what equipment to use, take into consideration:
type of investigation
type of evidence
operating system
extensive training in the equipment
financial resources of the cyber crime department
Documenting Evidence
← Relevant and fact-based
← Understandable format
← Clearly written
← Describe evidence collection process
← Results clearly stated
Presenting Computer Evidence in Court
← Four types of computer evidence may be presented in court
Real—actual and tangible
Documentary—written
Testimonial—written or spoken by witness
Demonstrative—facts or objects
Presenting Computer Evidence in Court
Expert Testimony
← The expert must tell the jury
What he or she did
Why he or she did it
How he or she did it
What the findings were
Future of Cyber Crime (Obj 14.9)
← Encourage cyber ethics
← Educate the public to protect itself and understand the consequences
← Keeping up with new technologies
Chapter Summary
← Individuals and businesses use the Internet to
provide mobile access to data,
to share information,
for education, and
for communication.
← The Internet is important for financial transactions
← As we rely more and more on the Internet, the greater the risk of unauthorized access to private information
← The 3 categories of computer and Internet crimes:
computer integrity crimes,
computer-assisted crimes, and
computer content crimes.
← Hackers have strong skills in computers and computer systems they are trying to expose.
← Phishing is defrauding the victim by sending a fraudulent, real-looking e-mail that asks the recipient to update (reveal) their personal information.
← All evidence collected during an investigation of a cyber crime must first be cloned.
← Documented evidence in a report must be concise and fact based.
← Four types of computer evidence are used in court
real evidence,
documentary evidence,
testimonial evidence, and
demonstrative evidence.
← Collected data is typically the most compelling evidence provided in cyber crime trials;
← However, investigators must first prove that the integrity of the hardware was maintained when collecting the evidence.
← The expert witness:
is often key in the decision made by a jury, and
must present fact-based evidence in a way that is clear and convincing to a jury.
← The potential pool of cyber criminals grows as
technology improves, and
the number of people who use computers grows.
← As technology advances, law-enforcement agencies must continue to establish procedures and methods for managing online activity.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- dod 7000.14 r volume 2a chapter 1
- dod 7000.14 r volume 7a chapter 57
- dod 7000.14 r chapter 12
- dod 7000.14 r volume 10 chapter 13
- dod 7000.14 r volume 7a chapter 26
- dod 7000.14 r volume 8 chapter 5
- dod 7000.14 r volume 12 chapter 7
- dod 7000.14 r volume 4 chapter 6
- fmr 7000.14 r volume 2a chapter 1
- chapter 14 lesson 4 cells and eneeryy gt
- chapter 14 alcohols exam style questions
- chapter 14 alcohol ms