Chapter 14



Chapter 14—Cyber Crimes

Introduction—Objectives

1. Discuss typical uses for the Internet.

2. Differentiate among the three general categories of cyber crime.

3. Discuss the process of investigating and processing various types of computer evidence.

4. Distinguish among the four types of computer evidence presented at court.

5. Identify various types of evidence that can be collected at a cyber crime scene and its forensic value.

6. Discuss the importance of the various tools available to cyber crime investigators/experts.

7. Explain the importance of the expert witness in cyber crimes.

8. Examine how cyber evidence is documented.

9. Discuss concerns associated with the future of cyber crimes.

Introduction—Vocabulary

← clone—a copy made in the same type of media

← computer forensics—the specialized practice of identifying, preserving, extracting, documenting, and interpreting electronic data that can be used as evidence

← content spyware—software that is used to allow a hacker to access all the activity on an individual’s personal/business computer

← cyber-terrorism—hacking into a company’s internal networking system for the purpose of demonstrating or protesting a political agenda

← hacking—intentionally entering an unauthorized network system

← Internet forensics—uses the same analysis techniques as computer forensics except the emphasis is placed on the Internet as a whole

← malware—software designed to provide unauthorized access to a computer system

← phishing—illegally gathering personal information

← Trojan horse—software designed with the intention to harm a computer or the information therein

← worm—self-replicating malware program that spreads through a computer system by sending copies of itself to networked computers

It Takes a Hacker

← Kevin Mitnick, computer hacker, evaded detection until he hacked Shimomura’s computer

← Tsutomu Shimomura, a computer engineer, helped the FBI catch the elusive hacker

Monitoring posts track Mitnick’s activities

Trail led to Raleigh, NC

Driving the streets to pick up signature signals

← Mitnick is the first convicted of gaining access to an interstate computer for criminal purposes

Introduction (Obj 14.1)

← Computer forensics—is the systematic identification, preservation, extraction, documentation, and analysis of electronic data that could potentially be used as evidence in court

← Internet forensics—similar to computer forensics but with an emphasis on the Internet as a whole

Identity Theft

← A criminal can obtain personal information by:

Searching trash for sensitive papers that are not shredded

Phishing—defrauding a victim by sending e-mails that look real and asking for information

Spyware programs that reside on a victim’s computer and collect sensitive information

Types of Cyber Crime (Obj 14.2)

Computer integrity crimes

Computer-assisted crimes

Computer content crimes

1 – Computer Integrity Crimes

← Crimes that involve illegal access to data on a computer or network

← Hacking—intentionally entering an unauthorized computer or network

Hacker1—someone entering with criminal intent

Hacker2—someone who is hired to legitimately test the vulnerability of a security system

← Cyber-terrorism—hacking into a network for protesting a political agenda

Hacker Computer Code

Computer Integrity Crimes

← Social Engineering—establishing trust with key inside people with the intent of determining possible passwords

← Malware—software designed to provide unauthorized access to a computer

Trojan horse—appears legitimate, but

Worm—self-replicating malware that spreads to other computers and networks

← Content spyware—allows a hacker to access all the activity on an individual’s computer

2 – Computer-Assisted Crimes

The Virtual Bank Robbery

The Virtual Sting

The Virtual Scam

3 – Computer Content Crimes

← Posting illegal content on the Internet

Sexually explicit materials

Child pornography

Hateful or aggressive speech or text related to race and extreme politics

Distribution of information about making and using drugs and weapons

Sites for organizations to do harm

Distasteful emails, chat rooms, and blogs

Investigation and Prosecuting

(Obj 14.3, 14.4, 14.5, 14.6, 14.7, 14.8)

← Forensic value of collectable evidence

← Preserving the Evidence

Chain of custody

Turn off or pull the plug?

When and how to turn a computer on

← Analyzing the Evidence

Cloning—creating an exact copy of the hard drive, bit by bit

Use the hard drive copy for analysis

Difficult to find the pertinent data

Software programs sort and index computer evidence

Trace Evidence

← In computer forensics, trace evidence is essentially hidden evidence in deleted files.

← A computer’s hard drive is made up of sectors, chunks of memory to store files and data. The sectors consist of clusters, smaller segments of memory.

How Slack Space is Created

Recovering Metadata

Forensic Tools

← When deciding what equipment to use, take into consideration:

type of investigation

type of evidence

operating system

extensive training in the equipment

financial resources of the cyber crime department

Documenting Evidence

← Relevant and fact-based

← Understandable format

← Clearly written

← Describe evidence collection process

← Results clearly stated

Presenting Computer Evidence in Court

← Four types of computer evidence may be presented in court

Real—actual and tangible

Documentary—written

Testimonial—written or spoken by witness

Demonstrative—facts or objects

Presenting Computer Evidence in Court

Expert Testimony

← The expert must tell the jury

What he or she did

Why he or she did it

How he or she did it

What the findings were

Future of Cyber Crime (Obj 14.9)

← Encourage cyber ethics

← Educate the public to protect itself and understand the consequences

← Keeping up with new technologies

Chapter Summary

← Individuals and businesses use the Internet to

provide mobile access to data,

to share information,

for education, and

for communication.

← The Internet is important for financial transactions

← As we rely more and more on the Internet, the greater the risk of unauthorized access to private information

← The 3 categories of computer and Internet crimes:

computer integrity crimes,

computer-assisted crimes, and

computer content crimes.

← Hackers have strong skills in computers and computer systems they are trying to expose.

← Phishing is defrauding the victim by sending a fraudulent, real-looking e-mail that asks the recipient to update (reveal) their personal information.

← All evidence collected during an investigation of a cyber crime must first be cloned.

← Documented evidence in a report must be concise and fact based.

← Four types of computer evidence are used in court

real evidence,

documentary evidence,

testimonial evidence, and

demonstrative evidence.

← Collected data is typically the most compelling evidence provided in cyber crime trials;

← However, investigators must first prove that the integrity of the hardware was maintained when collecting the evidence.

← The expert witness:

is often key in the decision made by a jury, and

must present fact-based evidence in a way that is clear and convincing to a jury.

← The potential pool of cyber criminals grows as

technology improves, and

the number of people who use computers grows.

← As technology advances, law-enforcement agencies must continue to establish procedures and methods for managing online activity.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download