Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Forensics. Overview Computer Crime Laws Computer Crime Laws Policy and Procedure Policy and Procedure Search Warrants Search Warrants Case Law.

Similar presentations


Presentation on theme: "Computer Forensics. Overview Computer Crime Laws Computer Crime Laws Policy and Procedure Policy and Procedure Search Warrants Search Warrants Case Law."— Presentation transcript:

1 Computer Forensics

2 Overview Computer Crime Laws Computer Crime Laws Policy and Procedure Policy and Procedure Search Warrants Search Warrants Case Law Case Law Intellectual Property Protection Intellectual Property Protection Privacy Privacy Ethics Ethics

3 Computer Crime What is Computer Crime? What is Computer Crime? Criminal activity directly related to the use of computers, specifically illegal trespass into the computer system or database of another, manipulation or theft of stored or on-line data, or sabotage of equipment and data. Criminal activity directly related to the use of computers, specifically illegal trespass into the computer system or database of another, manipulation or theft of stored or on-line data, or sabotage of equipment and data. Criminal activity can also comprise the use of computers to commit other kinds of crime: harrassment, scams, hate crimes, fomenting terrorism, etc Criminal activity can also comprise the use of computers to commit other kinds of crime: harrassment, scams, hate crimes, fomenting terrorism, etc

4 Computer Crime What is a Computer Crime? What is a Computer Crime? Stealing trade secrets from a competitor Stealing trade secrets from a competitor Extortion Extortion Use of a packet sniffer to watch instant messaging conversations Use of a packet sniffer to watch instant messaging conversations

5 Federal Computer Crime Laws 4 th Amendment 4 th Amendment Computer Fraud and Abuse Act of 1986 Computer Fraud and Abuse Act of 1986 Electronic Communications Privacy Act of 1986 Electronic Communications Privacy Act of 1986

6 Federal Computer Crime Laws Electronic Espionage Act of 1996 Electronic Espionage Act of 1996 Communications Decency Act 1996 Communications Decency Act 1996 Child Pornography Prevention Act Child Pornography Prevention Act Digital Millennium Copyright Act of 1998 Digital Millennium Copyright Act of 1998 COPPA - Children's Online Privacy Protection Act COPPA - Children's Online Privacy Protection Act HIPAA - Health Insurance Portability And Accountability Act HIPAA - Health Insurance Portability And Accountability Act Access Device Fraud Access Device Fraud USA Patriot Act USA Patriot Act

7 State Computer Crime Laws Computer crime laws are state-specific Computer crime laws are state-specific

8 Case Law What is case law? What is case law? “Created” by the rulings of judges on court cases “Created” by the rulings of judges on court cases Importance of case law? Importance of case law? Very few laws governing current and emerging technologies Very few laws governing current and emerging technologies Precedents set by case law often become legislative law Precedents set by case law often become legislative law

9 Computer Fraud and Abuse Act

10 15 USC § Fraudulent use of credit cards; penalties 15 USC § Fraudulent use of credit cards; penalties 18 USC § Fraud and related activity in connection with access devices 18 USC § Fraud and related activity in connection with access devices 18 USC § Fraud and related activity in connection with computers 18 USC § Fraud and related activity in connection with computers 18 USC § Fraud by wire, radio, or television 18 USC § Fraud by wire, radio, or television 18 USC § Prohibits malicious mischief 18 USC § Prohibits malicious mischief

11 15 USC §1644 Use, attempt or conspiracy to use card in transaction affecting interstate or foreign commerce Use, attempt or conspiracy to use card in transaction affecting interstate or foreign commerce Transporting, attempting or conspiring to transport card in interstate commerce Transporting, attempting or conspiring to transport card in interstate commerce Use of interstate commerce to sell or transport card Use of interstate commerce to sell or transport card Furnishing of money, etc., through use of card Furnishing of money, etc., through use of card

12 Crimes and Penalties Whoever in a transaction affecting interstate or foreign commerce furnishes money, property, services, (>$1,000) shall be fined not more than $10,000 or imprisoned not more than ten years, or both Whoever in a transaction affecting interstate or foreign commerce furnishes money, property, services, (>$1,000) shall be fined not more than $10,000 or imprisoned not more than ten years, or both

13 18 USC §1029 Counterfeit access devices Counterfeit access devices Telecommunications instrument modified to obtain unauthorized use of telecommunications services. Telecommunications instrument modified to obtain unauthorized use of telecommunications services. Fraudulent transactions using credit cards Fraudulent transactions using credit cards Use of scanning receiver Use of scanning receiver

14 Crimes and Penalties Forfeiture to the United States of any personal property used or intended to be used to commit the offense Forfeiture to the United States of any personal property used or intended to be used to commit the offense Fine under this title or imprisonment for not more than 20 years, or both. Fine under this title or imprisonment for not more than 20 years, or both.

15 18 USC §1030 Accesses a computer without authorization to obtain restricted data. Accesses a computer without authorization to obtain restricted data. Without authorization accesses Federal computers Without authorization accesses Federal computers Conduct fraud and obtains anything of value on such computers Conduct fraud and obtains anything of value on such computers Traffics in passwords or similar information Traffics in passwords or similar information

16 Crimes and Penalties The United States Secret Service has authority to investigate offenses The United States Secret Service has authority to investigate offenses Forfeiture of any personal property used or intended to be used to commit the offense Forfeiture of any personal property used or intended to be used to commit the offense Fine under this title or imprisonment for not more than 20 years, or both. Fine under this title or imprisonment for not more than 20 years, or both.

17 18 USC §1343 Fraud by means of wire, radio, or television communication in interstate or foreign commerce, Fraud by means of wire, radio, or television communication in interstate or foreign commerce, Transmission of digital or analog data in such fraud Transmission of digital or analog data in such fraud

18 Crimes and Penalties Fine under this title or imprisonment not more than five years, or both. Fine under this title or imprisonment not more than five years, or both. If the violation affects a financial institution, fine of $1,000,000 or imprisonment of 30 years, or both If the violation affects a financial institution, fine of $1,000,000 or imprisonment of 30 years, or both

19 18 USC § Prohibiting malicious mischief Prohibiting malicious mischief Computer hacking/website defacement Computer hacking/website defacement

20 Actual Crimes Many cases have been prosecuted under the computer crime statute, 18 U.S.C. § 1030 (unauthorized access). A few recent sample press releases from actual cases are available via links below: Many cases have been prosecuted under the computer crime statute, 18 U.S.C. § 1030 (unauthorized access). A few recent sample press releases from actual cases are available via links below: Kevin Mitnick Sentenced to Nearly Four Years in Prison; Computer Hacker Ordered to Pay Restitution to Victim Companies Whose Systems Were Compromised (August 9, 1999) Kevin Mitnick Sentenced to Nearly Four Years in Prison; Computer Hacker Ordered to Pay Restitution to Victim Companies Whose Systems Were Compromised (August 9, 1999) Source: rime.html rime.html rime.html

21 Actual Crimes Former Chief Computer Network Program Designer Arraigned for Alleged $10 Million Computer "Bomb" Former Chief Computer Network Program Designer Arraigned for Alleged $10 Million Computer "Bomb" Juvenile Computer Hacker Cuts off FAA Tower At Regional Airport -- First Federal Charges Brought Against a Juvenile for Computer Crime Juvenile Computer Hacker Cuts off FAA Tower At Regional Airport -- First Federal Charges Brought Against a Juvenile for Computer Crime Source: mpcrime.html mpcrime.html mpcrime.html

22 Sample Cases _Pages/21st_century_issues/21st_century_law/co mputer_crime_legal_01.htm _Pages/21st_century_issues/21st_century_law/co mputer_crime_legal_01.htm _Pages/21st_century_issues/21st_century_law/co mputer_crime_legal_01.htm _Pages/21st_century_issues/21st_century_law/co mputer_crime_legal_01.htm opn.html opn.html opn.html opn.html rrest.htm rrest.htm rrest.htm rrest.htm dict.htm dict.htm dict.htm dict.htm rsent.htm rsent.htm rsent.htm rsent.htm 2001_2.htm 2001_2.htm 2001_2.htm 2001_2.htm

23 Electronic Communications Privacy Act

24 Where Can I Find ECPA? United States Code Title 18 Crimes and Criminal Procedure Chapter 119 – Wire and Electronic Communications Interception and Interception of Oral Communications Sections

25 Overview of ECPA President Reagan signed ECPA into law in October 1986 President Reagan signed ECPA into law in October 1986 Designed to extend Title III Privacy Provisions to new technologies such as electronic mail, cellular phones, private communication carriers, and computer transmissions Designed to extend Title III Privacy Provisions to new technologies such as electronic mail, cellular phones, private communication carriers, and computer transmissions

26 “The Wiretap Act” This law required that enforcement agencies obtain a warrant before executing a wiretap (usually used to record voice conversations) This law required that enforcement agencies obtain a warrant before executing a wiretap (usually used to record voice conversations)

27 What Rights Does ECPA Provide? ECPA protects the transmission and storage of digital communication such as ECPA protects the transmission and storage of digital communication such as Authorities are forbidden to intercept non-voice portions of communication, thanks to ECPA Authorities are forbidden to intercept non-voice portions of communication, thanks to ECPA This is defined as "any transfer of signs, signals, writing, images, sound, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectric or photo-optical system." This is defined as "any transfer of signs, signals, writing, images, sound, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectric or photo-optical system."

28 ECPA Rights (cont.) Act was designed to protect against electronic communication service providers from disclosing any contents of communication to authorities without lawful consent of the party that originated the communication Act was designed to protect against electronic communication service providers from disclosing any contents of communication to authorities without lawful consent of the party that originated the communication Act provided for coverage of all communication providers, not just “common carriers” available to the public Act provided for coverage of all communication providers, not just “common carriers” available to the public

29 Cellular Phone Communication Act also protects cellular phone conversations; wired privacy extended to wireless Act also protects cellular phone conversations; wired privacy extended to wireless Penalty for intercepting a non-encrypted call is only a $500 fine, rather than the normal maximum of 5 years in prison Penalty for intercepting a non-encrypted call is only a $500 fine, rather than the normal maximum of 5 years in prison Note: This act also explicitly states it does not protect the “radio portion of a telephone that is transmitted between the cordless telephone handset and the base unit." Note: This act also explicitly states it does not protect the “radio portion of a telephone that is transmitted between the cordless telephone handset and the base unit."

30 Radio Paging ECPA also protects pagers ECPA also protects pagers Voice and digital display pagers were determined to be an extension of an original wired communication Voice and digital display pagers were determined to be an extension of an original wired communication However, tone-only pagers are not protected by ECPA However, tone-only pagers are not protected by ECPA

31 Customer Records ECPA provides for the protection of subscriber and customer records belonging to electronic service providers ECPA provides for the protection of subscriber and customer records belonging to electronic service providers Authorities cannot access these records without a search warrant and court order, unless otherwise notifying the customer Authorities cannot access these records without a search warrant and court order, unless otherwise notifying the customer

32 References date/ecpa.html date/ecpa.html date/ecpa.html date/ecpa.html

33 USA Patriot Act

34 Some Perspective On September 11, 2001, more Americans were murdered than… American battle deaths in the war of 1812 American battle deaths at Pearl Harbor American battle deaths in the Indian Wars American battle deaths in the Mexican War American battle deaths in Vietnam prior to 1966 Union battle deaths at Bull Run Police officers killed in the line of duty since 1984 Source: Federal Law Enforcement Training Center Glynco, Georgia

35 USA Patriot Act – Oct 2001 Provides Tools To Intercept and Obstruct Terrorism Provides Tools To Intercept and Obstruct Terrorism Some believe it was too hasty Some believe it was too hasty There were few conferences There were few conferences The House vote was The House vote was The Senate vote was 98-1 The Senate vote was 98-1

36 USA Patriot Act Specifically, the Act: Specifically, the Act: 1. Creates several new crimes: bulk cash smuggling, attacking transportation systems, etc. 2. Expands prohibitions involving biological weapons 3. Lifts the statute of limitations on prosecuting some terrorism crimes 4. Increases penalties for some crimes 5. Requires background checks for licenses to transport hazardous materials 6. Expands money laundering laws and places more procedural requirements on banks 7. Promotes information sharing and coordination of intelligence efforts

37 USA Patriot Act 8. Provides federal grants for terrorism prevention 9. Broadens the grounds for denying aliens admission 10. Alters some domestic security provisions for DoD Most provisions of the Act shall cease to have effect on December 31, 2005 Most provisions of the Act shall cease to have effect on December 31, 2005 However, a USA Patriot Act II is being discussed in Congress However, a USA Patriot Act II is being discussed in Congress

38 Computer Crime Penalty of 5 years for a first offense and 10 years for a subsequent offense for damaging a federal computer system Penalty of 5 years for a first offense and 10 years for a subsequent offense for damaging a federal computer system Damage includes any computer impairment that causes the loss of at least $5,000 or threatens the public health or safety. Damage includes any computer impairment that causes the loss of at least $5,000 or threatens the public health or safety.

39 Computer Crime To be found guilty, the person must: To be found guilty, the person must: 1. Knowingly cause the transmission of a program, information, code, or command that results in damage to a protected computer without authorization 2. Intentionally access a federal computer without authorization and cause damage (§ 814)

40 Computer Crime The act requires the attorney general to create regional computer forensic laboratories: The act requires the attorney general to create regional computer forensic laboratories: 1. Examine seized or intercepted computer evidence 2. Train and educate federal, state, and local law enforcement and prosecutors 3. Assist federal, state, and local law enforcement in enforcing computer-related criminal laws 4. Promote sharing of federal expertise The act also provides funding for these facilities (§ 816) The act also provides funding for these facilities (§ 816)

41 Other Crimes / Penalties Attacks Against Mass Transportation Systems Attacks Against Mass Transportation Systems The crime is punishable by a fine, up to 20 years if the violator traveled or communicated across state lines or The crime is punishable by a fine, up to 20 years if the violator traveled or communicated across state lines or The crime is punishable by life in prison if the offense resulted in death The crime is punishable by life in prison if the offense resulted in death Counterfeiting Counterfeiting The act makes counterfeiting punishable by up to 20 years in prison The act makes counterfeiting punishable by up to 20 years in prison

42 Other Crimes / Penalties Harboring or Concealing Terrorists Harboring or Concealing Terrorists This crime is punishable by a fine and 10 years in prison (§ 803) This crime is punishable by a fine and 10 years in prison (§ 803) Biological Weapons Biological Weapons This is punishable by a fine, and 10 years in prison This is punishable by a fine, and 10 years in prison Money Laundering Money Laundering This crime is punishable by 5 years in prison This crime is punishable by 5 years in prison For Federal employees, the crime is punishable by a fine 3 times the value received, and 15 years in prison, (§ 329) For Federal employees, the crime is punishable by a fine 3 times the value received, and 15 years in prison, (§ 329)

43 Increased Penalties Arson from 20 years to life Arson from 20 years to life Energy facility damage, from 10 to 20 years Energy facility damage, from 10 to 20 years Supporting terrorists, from 10 to 15 years Supporting terrorists, from 10 to 15 years Supporting designated foreign terrorist organizations, from 10 to 20 years Supporting designated foreign terrorist organizations, from 10 to 20 years Destroying national defense materials, from 10 to 20 years Destroying national defense materials, from 10 to 20 years Sabotaging nuclear facilities from 10 to 20 years Sabotaging nuclear facilities from 10 to 20 years Carrying a weapon or explosive on an aircraft from 15 to 20 years Carrying a weapon or explosive on an aircraft from 15 to 20 years Damaging interstate gas or hazardous pipeline facility, from 15 to 20 years Damaging interstate gas or hazardous pipeline facility, from 15 to 20 years

44 Information Sharing The act: The act: 1. Foreign and national intelleigence surveillance can exchange information (§ 504) 2. Regional information sharing between federal, state, and local law enforcement (§ 701) 3. Attorney general can apply to a court for disclosure of educational records to prosecute a terrorist act 4. Act also provides immunity for people who in good faith disclose these documents) (§ 507, 508)

45 Privacy Implications American Civil Liberties Union: “The USA Patriot Act allows the government to use its intelligence gathering power to circumvent the standard that must be met for criminal wiretaps. … American Civil Liberties Union: “The USA Patriot Act allows the government to use its intelligence gathering power to circumvent the standard that must be met for criminal wiretaps. … The new law allows use of Foreign Intelligence Surveillance Act surveillance authority even if the primary purpose were a criminal investigation. The new law allows use of Foreign Intelligence Surveillance Act surveillance authority even if the primary purpose were a criminal investigation. Intelligence surveillance merely needs to be only for a "significant" purpose. Intelligence surveillance merely needs to be only for a "significant" purpose. Law enforcement may search primarily for evidence of crime, without establishing probable cause Law enforcement may search primarily for evidence of crime, without establishing probable cause This provision authorizes unconstitutional physical searches and wiretaps This provision authorizes unconstitutional physical searches and wiretaps

46 Privacy Implications “In allowing for "nationwide service" of pen register and trap and trace orders, the law further marginalizes the role of the judiciary. “In allowing for "nationwide service" of pen register and trap and trace orders, the law further marginalizes the role of the judiciary. It authorizes what would be the equivalent of a blank warrant in the physical world: the court issues the order, and the law enforcement agent fills in the places to be searched. It authorizes what would be the equivalent of a blank warrant in the physical world: the court issues the order, and the law enforcement agent fills in the places to be searched. This is not consistent with the important Fourth Amendment privacy protection of requiring that warrants specify the place to be searched.” This is not consistent with the important Fourth Amendment privacy protection of requiring that warrants specify the place to be searched.” In short, the USA Patriot Act assumes no “expectation of privacy” In short, the USA Patriot Act assumes no “expectation of privacy”

47 Case Study: Carnivore TCP/IP packet sniffer developed by the FBI that has the ability to store all traffic on a network TCP/IP packet sniffer developed by the FBI that has the ability to store all traffic on a network Intended Uses: Terrorism, Espionage, Child Pornography/Exploitation, Information Warfare/Hacking, Organized Crime/Drug Trafficking, Fraud Intended Uses: Terrorism, Espionage, Child Pornography/Exploitation, Information Warfare/Hacking, Organized Crime/Drug Trafficking, Fraud Reassembles your , webpages, files and searches for keywords Reassembles your , webpages, files and searches for keywords

48 Case Study: Carnivore Legitimate use vs. invasion of privacy Legitimate use vs. invasion of privacy Find out which web sites you visit Find out which web sites you visit deathtoamerica.com deathtoamerica.com girlsgonewild.com girlsgonewild.com Read your Read your bomb making instructions bomb making instructions love letters love letters Save a copy of files you download Save a copy of files you download shoebomb.zip shoebomb.zip transactions.zip transactions.zip

49 Case Study: Carnivore Pre-USA Patriot Act realities: Pre-USA Patriot Act realities: FBI suspects you of criminal activity FBI suspects you of criminal activity Requests court order to use Carnivore Requests court order to use Carnivore Installs Carnivore at your ISP Installs Carnivore at your ISP Carnivore grabs all of your packets authorized in the court order Carnivore grabs all of your packets authorized in the court order Carnivore must not grab anyone else’s packets Carnivore must not grab anyone else’s packets Data physically collected once a day Data physically collected once a day Court order expires in 30 days Court order expires in 30 days Post-USA Patriot Act fears: Post-USA Patriot Act fears: The FBI can use Carnivore to go fishing for personal information The FBI can use Carnivore to go fishing for personal information

50 Related Cases John Walker Lindh – sentenced to 20 years in federal prison John Walker Lindh – sentenced to 20 years in federal prison Conspiracy to Murder U.S. Nationals (18 U.S.C. § 2332(b)) (Count One) Conspiracy to Murder U.S. Nationals (18 U.S.C. § 2332(b)) (Count One) Conspiracy to Provide Material Support & Resources to Foreign Terrorist Organizations (18 U.S.C. Defendant. ) § 2339B) (Counts Two & Four) Conspiracy to Provide Material Support & Resources to Foreign Terrorist Organizations (18 U.S.C. Defendant. ) § 2339B) (Counts Two & Four) Providing Material Support & Resources to Foreign Terrorist Organizations (18 U.S.C. §§ 2339B ) & 2) (Counts Three & Five) Providing Material Support & Resources to Foreign Terrorist Organizations (18 U.S.C. §§ 2339B ) & 2) (Counts Three & Five) Conspiracy to Contribute Services to al Qaeda (31 C.F.R. §§ & & 50 U.S.C. § 1705(b)) (Count Six) Conspiracy to Contribute Services to al Qaeda (31 C.F.R. §§ & & 50 U.S.C. § 1705(b)) (Count Six) Contributing Services to al Qaeda (31 C.F.R. §§ & , 50 U.S.C. § 1705(b) & 18 U.S.C. § 2) (Count Seven) Contributing Services to al Qaeda (31 C.F.R. §§ & , 50 U.S.C. § 1705(b) & 18 U.S.C. § 2) (Count Seven) Conspiracy to Supply Services to the Taliban (31 C.F.R. §§ (b) & & 50 U.S.C. § 1705(b)) (Count Eight) Conspiracy to Supply Services to the Taliban (31 C.F.R. §§ (b) & & 50 U.S.C. § 1705(b)) (Count Eight) Supplying Services to the Taliban (31 C.F.R. §§ & (a), 50 U.S.C. § 1705(b) & 18 U.S.C. § 2) (Count Nine) Supplying Services to the Taliban (31 C.F.R. §§ & (a), 50 U.S.C. § 1705(b) & 18 U.S.C. § 2) (Count Nine) Using and Carrying Firearms and Destructive Devices During Crimes ) of Violence (18 U.S.C. §§ 924(c) & 2) (Count Ten) Using and Carrying Firearms and Destructive Devices During Crimes ) of Violence (18 U.S.C. §§ 924(c) & 2) (Count Ten)

51 Related Cases Zacarias Moussaoui – awaiting twice-delayed trial Zacarias Moussaoui – awaiting twice-delayed trial Conspiracy to Commit Acts of Terrorism Transcending National Boundaries (18 U.S.C. §§ 2332b(a)(2) & (c)) (Count One) Conspiracy to Commit Acts of Terrorism Transcending National Boundaries (18 U.S.C. §§ 2332b(a)(2) & (c)) (Count One) Conspiracy to Commit Aircraft Piracy (49 U.S.C. §§ 46502(a)(1)(A) and (a)(2)(B)) (Count Two) Conspiracy to Commit Aircraft Piracy (49 U.S.C. §§ 46502(a)(1)(A) and (a)(2)(B)) (Count Two) Conspiracy to Destroy Aircraft (18 U.S.C. §§ 32(a)(7) & 34) (Count Three) Conspiracy to Destroy Aircraft (18 U.S.C. §§ 32(a)(7) & 34) (Count Three) Conspiracy to Use Weapons of Mass Destruction (18 U.S.C. § 2332a(a)) (Count Four) Conspiracy to Use Weapons of Mass Destruction (18 U.S.C. § 2332a(a)) (Count Four) Conspiracy to Murder United States Employees (18 U.S.C. §§ 1114 & 1117) (Count Five) Conspiracy to Murder United States Employees (18 U.S.C. §§ 1114 & 1117) (Count Five) Conspiracy to Destroy Property (18 U.S.C. §§ 844(f), (i), (n)) (Count Six) Conspiracy to Destroy Property (18 U.S.C. §§ 844(f), (i), (n)) (Count Six)

52 Related Cases Interesting topics in Moussaoui case: Interesting topics in Moussaoui case: U.S. District Court Judge Leonie Brinkema released a detailed government report on the computers and search in the case U.S. District Court Judge Leonie Brinkema released a detailed government report on the computers and search in the case The evidence includes 140 computer hard drives, four of which used by Moussaoui The evidence includes 140 computer hard drives, four of which used by Moussaoui FBI investigators copied their hard drives using Safeback and Logicube software FBI investigators copied their hard drives using Safeback and Logicube software Computer forensics experts were unable to find any trace of Moussaoui's account or some 27 variations of that address Computer forensics experts were unable to find any trace of Moussaoui's account or some 27 variations of that address A search of computers Moussaoui may have used at a Kinko's in Eagan, Minnesota, also came to a dead end because Kinko's cleans out the hard drives on its public computers once every week A search of computers Moussaoui may have used at a Kinko's in Eagan, Minnesota, also came to a dead end because Kinko's cleans out the hard drives on its public computers once every week

53 References 2.html 2.html ml ml cr-00455/docs/68092/0.pdf cr-00455/docs/68092/0.pdf

54 Computer Privacy

55 Privacy What is privacy? What is privacy? How is it determined? How is it determined? To determine and define what privacy is, we must look at current law, case precedence, and public opinion To determine and define what privacy is, we must look at current law, case precedence, and public opinion

56 Constitutional Search 4 th Amendment of the U.S. Constitution 4 th Amendment of the U.S. Constitution “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. ”

57 Privacy What websites are you visiting? What websites are you visiting? Wireless internet Wireless internet Where are you? Where are you? GPS cell phones, vehicles with OnStar GPS cell phones, vehicles with OnStar What and where are you purchasing? What and where are you purchasing? Credit cards Credit cards Bluetooth- and RFID-enabled devices and clothing Bluetooth- and RFID-enabled devices and clothing

58 Security and Privacy Security is a wider Concept Security is a wider Concept Security of Information embraces: Security of Information embraces: Confidentiality Confidentiality Integrity Integrity Availability Availability Achieving Security involves People, Procedures, and Technology Achieving Security involves People, Procedures, and Technology The same is true for Privacy The same is true for Privacy

59 Laws and Policies govern Privacy Privacy is no longer a vague concept Privacy is no longer a vague concept It has been legislated It has been legislated A body of case law exists A body of case law exists Federal laws, State Laws, Supra-national laws Federal laws, State Laws, Supra-national laws Even the US Constitution has a bearing Even the US Constitution has a bearing Lastly, companies have Policies Lastly, companies have Policies

60 Topical Relevance Massive on-line databases of people Massive on-line databases of people Extensive on-line interactions between companies Extensive on-line interactions between companies Millions of daily transactions between companies and customers Millions of daily transactions between companies and customers Who owns all this, and who has a need to know?

61 Motivation for Companies Maintain competitive edge Maintain competitive edge Ensure legal compliance Ensure legal compliance Enhance company image Enhance company image Privacy is a requirement – not a customer delight

62 Many Privacy Rights are embedded in Criminal Statutes US Mail US Mail Telephone conversation Telephone conversation Library borrowing Library borrowing Bank records Bank records Student records Student records Etc. Etc. Federal and States

63 Plethora of Laws FERPA FERPA Student records Student records ECPA Electronic Communications Privacy Act ECPA Electronic Communications Privacy Act Most basic act for access, use, disclosure, interception and privacy of electronic communications Most basic act for access, use, disclosure, interception and privacy of electronic communications Section 208 of The E-Government Act Section 208 of The E-Government Act Federal agencies should protect PII collected Federal agencies should protect PII collected

64 Plethora of Laws HIPAA Health Information Portability and Accountability Act HIPAA Health Information Portability and Accountability Act Medical records Medical records Gramm-Leach Bliley Act Gramm-Leach Bliley Act protects consumers’ personal financial information held by financial institutions. protects consumers’ personal financial information held by financial institutions. The (Federal) Privacy Act of 1974 The (Federal) Privacy Act of 1974 FTC approved “fair information practices” that are widely accepted principles of privacy protection FTC approved “fair information practices” that are widely accepted principles of privacy protection

65 Plethora of Laws Section 208 of The E-Government Act Section 208 of The E-Government Act Federal agencies should protect PII (personally Identifiable Information) collected Federal agencies should protect PII (personally Identifiable Information) collected Sarbanes-Oxley Sarbanes-Oxley accounting fraud accounting fraud securities-law violations securities-law violations Enhanced penalties for white collar crime Enhanced penalties for white collar crime executives directly responsible for problems executives directly responsible for problems Accurate records to be maintained for 5 years Accurate records to be maintained for 5 years Basel II Basel II

66 Plethora of Laws CAN-SPAM Act CAN-SPAM Act Has not yet succeeded in reducing unwanted e- mail Has not yet succeeded in reducing unwanted e- mail New measures being agreed on by MS, Amazon, Brightmail, etc to filter spam New measures being agreed on by MS, Amazon, Brightmail, etc to filter spam Massachusetts court decided that ISPs may read subscribers’ messages Massachusetts court decided that ISPs may read subscribers’ messages But all major ISPs disavowed any desire to read But all major ISPs disavowed any desire to read

67 Patriot Act USA Patriot Act USA Patriot Act Negates almost every privacy prescription heretofore stated, under special circumstances Negates almost every privacy prescription heretofore stated, under special circumstances The circumstances are not tightly defined The circumstances are not tightly defined Hence, Governmental abuse is expected & has happened Hence, Governmental abuse is expected & has happened Not only allows the Government to violate Privacy, but mandates that companies collude in this Not only allows the Government to violate Privacy, but mandates that companies collude in this Is this the anti-law of Privacy?

68 Cookies and Privacy Simply surfing makes you the target of spyware Simply surfing makes you the target of spyware Cookies placed on your computer can Cookies placed on your computer can Profile your on-line behavior Profile your on-line behavior Track websites you have visited Track websites you have visited Trigger targeted pop-up ads Trigger targeted pop-up ads Record search terms and form entries Record search terms and form entries Security scanners like Spybot and Zone Labs can detect and remove such intrusive cookies Security scanners like Spybot and Zone Labs can detect and remove such intrusive cookies Try a free scan on your computer and see what you get: Try a free scan on your computer and see what you get: ex4.html ex4.html ex4.html ex4.html

69 Surfing Dangers Simply surfing can have your browser ‑ driven online financial security information stolen: Simply surfing can have your browser ‑ driven online financial security information stolen: 52,00.asp 52,00.asp 52,00.asp 52,00.asp The attacker uploaded a small file with JavaScript to infected Web sites and altered the Web server configuration to append the script to all files served by the Web server (IIS). The attacker uploaded a small file with JavaScript to infected Web sites and altered the Web server configuration to append the script to all files served by the Web server (IIS). No anti-virus program would stop it, No anti-virus program would stop it, no firewall would slow it down and no firewall would slow it down and no shipping IE security patch would even notice it. no shipping IE security patch would even notice it. Visit the page, get the infection. It was that simple. Visit the page, get the infection. It was that simple.

70 Surfing Dangers - Solution Use Firefox (browser component of Mozilla, open source) Use Firefox (browser component of Mozilla, open source) That’s the recommendation of CERT That’s the recommendation of CERT You may not enjoy Active X (MS specific code in some web-sites) You may not enjoy Active X (MS specific code in some web-sites)

71 ISO/IEC Standard based on BS 7799 Standard based on BS 7799 Important, detailed, complex standard Important, detailed, complex standard Covers People, Process and Technology Covers People, Process and Technology A wide-ranging document on Information Security A wide-ranging document on Information Security Has numerous recommendations in detail Has numerous recommendations in detail Companies can be certified against this standard Companies can be certified against this standard

72 Understanding and Implementng ISO/IEC Start with Toolkit Start with Toolkit Full ISO17799 compliant information security policies Full ISO17799 compliant information security policies Disaster recovery planning kit Disaster recovery planning kit Road map for certification Road map for certification Audit kit (checklists, etc) for a modern network system Audit kit (checklists, etc) for a modern network system Comprehensive glossary of information security Comprehensive glossary of information security Business impact analysis questionnaire Business impact analysis questionnaire

73 Privacy Under Fire Patriot Act Patriot Act 6 month wiretap without court order 6 month wiretap without court order “Patriot Act 2” “Patriot Act 2” More expansive laws than Patriot Act More expansive laws than Patriot Act Privacy vs. Freedom of Information Act Privacy vs. Freedom of Information Act School and University s School and University s Privacy vs. general public good Privacy vs. general public good Your best interests vs. 10 million+ peoples’ Your best interests vs. 10 million+ peoples’

74 Laws Protecting Privacy 4 th Amendment of the U.S. Constitution 4 th Amendment of the U.S. Constitution Electronic Communications Privacy Act Electronic Communications Privacy Act HIPAA HIPAA Intellectual Property laws Intellectual Property laws Copyright Copyright Trademark Trademark

75 Search Warrants Obtained by law enforcement by testifying to an uninvolved public agent of judicial review naming Obtained by law enforcement by testifying to an uninvolved public agent of judicial review naming The crime being investigated under probable cause The crime being investigated under probable cause The specific location(s) to be searched The specific location(s) to be searched The items and names of persons to be seized The items and names of persons to be seized

76 Search Warrants Search warrants do not solely apply to physical domains Search warrants do not solely apply to physical domains Also apply to wire taps, either phone or network Also apply to wire taps, either phone or network Patriot Act expands the powers of law enforcement, allowing for easier granting of warrants requesting wire tap access Patriot Act expands the powers of law enforcement, allowing for easier granting of warrants requesting wire tap access

77 Search Warrants Must be clear and concise Must be clear and concise Items seized must be listed or at least covered in the text of the warrant Items seized must be listed or at least covered in the text of the warrant Errors or omissions may result in evidence being thrown out of court Errors or omissions may result in evidence being thrown out of court

78 Subpoenas Subpoena –The process by which a court orders a witness to appear (and sometimes present evidence) at a judicial proceeding and produce certain evidence for purposes of discovery Subpoena –The process by which a court orders a witness to appear (and sometimes present evidence) at a judicial proceeding and produce certain evidence for purposes of discovery For example, using ISP connection logs to determine a particular subscriber’s identity For example, using ISP connection logs to determine a particular subscriber’s identity

79 Court Orders Court Orders – Official judge’s proclamation requiring or authorizing the carrying out of certain steps by one or more parties to a case Court Orders – Official judge’s proclamation requiring or authorizing the carrying out of certain steps by one or more parties to a case For example, using a packet-sniffer on an ISP’s router to collect all packets coming from a particular IP address to reconstruct an AIM session. For example, using a packet-sniffer on an ISP’s router to collect all packets coming from a particular IP address to reconstruct an AIM session.

80 Chain of Custody Begins with seizure of items during the execution of the search warrant Begins with seizure of items during the execution of the search warrant Accounts for every minute the items are in custody Accounts for every minute the items are in custody Must be maintained from seizure through court appearance Must be maintained from seizure through court appearance Failure to maintain chain of custody may result in inadmissibility of evidence Failure to maintain chain of custody may result in inadmissibility of evidence

81 Chain of Custody Important for businesses as a case may end up in court Important for businesses as a case may end up in court Failure to adequately show computer or item did not have an opportunity to be tampered with may result in an unfavorable judgment Failure to adequately show computer or item did not have an opportunity to be tampered with may result in an unfavorable judgment

82 Video “Search and Seizure” “Search and Seizure” U.S. Secret Service U.S. Secret Service

83 Summary Many legal issues facing technology and computer forensics from start of investigation through court testimony Many legal issues facing technology and computer forensics from start of investigation through court testimony Complexities and adaptability of technology also potentially create a myriad of issues Complexities and adaptability of technology also potentially create a myriad of issues Following well-documented procedures for obtaining and handling evidence Following well-documented procedures for obtaining and handling evidence

84 References US Department of Labor / Office of Administrative Law Judges - Supoena Form US Department of Labor / Office of Administrative Law Judges - Supoena Form Cyberlaw: Problems of Policy and Jurisprudence in the Information Age – Patricia L. Bellia, Paul Schiff Berman, David G. Post, Thomson/West 2003 Cyberlaw: Problems of Policy and Jurisprudence in the Information Age – Patricia L. Bellia, Paul Schiff Berman, David G. Post, Thomson/West th Amendment 4 th Amendment IEEE Code of Ethics &file=code.xml&xsl=generic.xsl IEEE Code of Ethics &file=code.xml&xsl=generic.xsl &file=code.xml&xsl=generic.xsl &file=code.xml&xsl=generic.xsl COPS.org Code of Ethics COPS.org Code of Ethics Court Order Court Order


Download ppt "Computer Forensics. Overview Computer Crime Laws Computer Crime Laws Policy and Procedure Policy and Procedure Search Warrants Search Warrants Case Law."

Similar presentations


Ads by Google