Presentation is loading. Please wait.

Presentation is loading. Please wait.

Crime & Evidence Concepts Computer Forensics BACS 371.

Published byCordelia Griffin Modified over 8 years ago

Similar presentations

Presentation on theme: "Crime & Evidence Concepts Computer Forensics BACS 371."— Presentation transcript:

1 Crime & Evidence Concepts Computer Forensics BACS 371

2 2 Introduction  Traditional criminal investigations involve the analysis of several types of evidence. This can include ballistic or bloodstain patterns, gunpowder residue, tire tracks, and fingerprints (to name a few).  E-evidence is the digital equivalent of the physical evidence found at crime scenes.  When collected and handled properly, e-evidence can be just as useful in a court of law.

3 3 Introduction (Cont.)  The expansion of the Internet provides countless opportunities for crimes to be committed.  Digital technologies record and document electronic trails of information that can be analyzed later.  E-mail, instant messages (IM), Web site visits  PDAs, iPods, smart phones, cookies, log files etc.  Application programs’ run history, USB mounting, etc.  All this provides a very rich environment for the forensic investigator.

4 4 Definition of Crime  A crime is an offensive act against society that violates a law and is punishable by the government.  Two important principles in this definition: 1. The act must violate at least one current criminal law. 2. It is the government (not the victim of the crime) that punishes the violator.

5 5 Crime Categories and Sentencing  Crimes divided into two broad categories:  Felonies—serious crimes punishable by fine and more than one year in prison.  Misdemeanors—lesser crimes punishable by fine and less than one year in prison.  Sentencing guidelines give directions for sentencing defendants.  Tougher sentencing guidelines for computer crimes came into effect in 2003. Since then these have been tested and fine tuned to a certain extent.

6 6 Cyber Crime Categories  The terms computer crime, cyber crime, information crime, and high-tech crime are generally used interchangeably.  Two categories of offenses that involve computers:  Computer as instrument—computer is used to commit the crime.  Computer as target—computer or its data is the target of the crime.  In some cases, the computer can be both the target and the instrument.

7 Computers as Targets  Viruses and worms  Trojan Horses  Theft of Data  Software Piracy  Trafficking in stolen goods  Defacing Corporate web sites

8 Computers as Instrument of Crime  Embezzlement  Stalking  Gambling  Pornography  Counterfeiting  Forgery  Theft  Identity theft  Phishing  Pyramid schemes  Chain letters  etc.

9 Computers as Storage  Computer storage can also be involved in the crime. This is particularly true with the new “cloud-based” services.  If the data is stored or moves over an international border, it makes for some interesting (and complex) legal situations.  For example:  Off-shore gambling sites  Credit card fraud rings  Wikileaks type sites…

10 10 Cybercrime Statutes and Acts  Generally, laws and statutes lag behind the “latest trends” in cyber crime.  Given that an act isn’t a crime until a law exists, this means that many exploits are allowed to happen at least once free of punishment.  Once a law exists, it is still a challenge for the statute to keep up with new cyber crime trends and abuses.

11 11 Civil vs. Criminal Charges  There are 2 major categories of criminal charges; civil and criminal. Each has it’s own system of courts and procedures.  Civil charges are brought by a person or company  Parties must show proof they are entitled to evidence.  Criminal charges can be brought only by the government  Law enforcement agencies have authority to seize evidence.  Penalties are generally more severe and can include loss of liberty and/or life.

12 12 Comparing Criminal and Civil Laws CharacteristicsCriminal LawCivil Law ObjectiveTo protect society’s interests by defining offenses against the public To allow an injured private party to bring a lawsuit for the injury PurposeTo deter crime and punish criminals To deter injuries and compensate the injured party Wrongful actViolates a statuteCauses harm to an individual, group of people, or legal entity Who brings charges against an offender A local, state, or federal government body A private party—a person, company, or group of people (Continued)

13 13 Criminal and Civil Laws (Cont.) CharacteristicsCriminal LawCivil Law Deals withCriminal violationsNoncriminal injuries Authority to search for and seize evidence More immediate; law agencies have power to seize information and issue subpoenas or search warrants Parties need to show proof that they are entitled to evidence Burden of proofBeyond a reasonable doubt Preponderance of the evidence Principal types of penalties or punishment Capital punishment, fines, or imprisonment Monetary damages paid to victims or some equitable relief

14 Types of Cyber Crime  Generally speaking, there are 2 types of cyber crime; violent crime and non-violent crime.  Violent Cyber Crime  Cyberterrorism  Assault by Threat  Cyberstalking  Pornography  …

15 Types of Cyber Crime  Non-Violent Crime  Cybertrespass  Cybertheft  Embezzlement  Unlawful appropriation  Corporate/Industrial espionage  Plagiarism  Credit card theft  Identity theft  DNS Cache poisoning  Cyberfraud  Destructive cyber crimes  Deleting data or program files  Vandalizing web pages  Introducing viruses, worms, or malicious code  Mounting a DoS attack

16 16 Information Warfare and Cyberterrorism  The terms “cyberterrorism”, “cyber warfare”, and “information warfare” are relatively new.  Basically, there are an extension of war into and through cyberspace.  It is an area that the U.S. military is moving into aggressively.  Legal defenses against cyberterrorism  USA PATRIOT Act of 2002  FBI’s Computer Forensics Advisory Board

17 17 Famous examples of Cyber crimes  Early cases that illustrate the importance of knowing the law regarding computer crimes.  Robert T. Morris Jr. (Morris worm):  Morris was charged with violation of the Computer Fraud and Abuse Act (CFAA).  Morris sentenced to 3 years probation, 400 hours of community service, and a $10,500 fine.  Onel De Guzman (Lovebug virus):  Lovebug virus did $7 billion in damage in 2000.  De Guzman released because no law in the Philippines made what he had done a crime.  Computer crimes can be prosecuted only if they violate existing laws.

18 18 Evidence Basics  Evidence is proof of a fact about what did or did not happen.  To be legally admissible, evidence must be reliable and relevant.  At a minimum, to be admissible, evidence requires legal search and seizure along with a valid chain of custody.  Three types of evidence can be used to persuade someone: 1. Testimony of a witness – based on 5 senses 2. Physical evidence – anything tangible 3. Electronic evidence – digital (intangible) evidence

19 19 Evidence Basics  Testimony of a witness is traditionally considered the “best” form of evidence.  Physical and electronic evidence are “circumstantial” evidence.  Circumstantial evidence is not a direct statement from an eyewitness or participant. It can be admissible and can be quite strong. Many cases are decided strictly based on this type of evidence.  All e-evidence is, by its nature, circumstantial evidence.  Both cyber crimes and traditional crimes can leave cybertrails of evidence.

20 20 Types of Evidence  Artifact evidence— any change in evidence that causes the investigator to incorrectly think that the evidence relates to the crime.  Inculpatory evidence— evidence that supports a given theory.  Exculpatory evidence— evidence that contradicts a given theory.  Admissible evidence— evidence allowed to be presented at trial.  Inadmissible evidence— evidence that cannot be presented at trial.  Tainted evidence—evidence obtained from illegal search or seizure.

21 21 Types of Evidence (Cont.)  E-evidence — generic term for any electronic evidence. Destruction of e-evidence is called “spoliation” and is considered “obstruction of justice”.  Hearsay evidence— secondhand evidence. Generally inadmissible.  Expert testimony — is generally admissible. It is an exception to the hearsay rule.  Material evidence—evidence relevant and significant to lawsuit  Immaterial evidence— evidence that is not relevant or significant  Documentary evidence — Physical or electronic evidence (which is also circumstantial).

22 22 Fourth Amendment Rights  Evidence is commonly collected through a search and subsequent seizure. There are very specific rules governing this process.  The Fourth Amendment of the U.S. Constitution protects against unreasonable searches and seizures.  Covers individuals and corporations Home Workplace Automobile, etc.  Law enforcement must show probable cause of a crime.  There are several notable exceptions to this amendment.

23 23 In Practice: Search Warrant for Admissible Evidence  A search warrant is issued only if law enforcement provides sufficient proof that there is probable cause a crime has been committed.  The law officer must specify what premises, things, or persons will be searched in very exact terms.  Evidence discovered during legal search can be seized.  Evidence seized after an illegal search is tainted and is normally inadmissible.

24 Testimony  Testimony – comments and arguments made by attorney, judge, & others. Could also be maps, models, etc.. Testimony is not evidence, but may be admissible and allowed as evidence.  The job of the lawyer is to put evidence together into a crime hypothesis that makes sense.  Evidence that:  Supports hypothesis = inculpatory  Contradicts hypothesis = exculpatory

25 25 Rules of Evidence and Expert Testimony  Federal Rules of Evidence (Fed. R. Evid.) determine admissibility of evidence.  According to Fed. R. Evid., electronic materials qualify as “originals” for court use as long as they are handed properly and are “accurate” copies of the original.  An expert witness is a qualified specialist who testifies in court.  Expert testimony is an exception to the rule against giving opinions in court (i.e., the “hearsay rule”).

26 Discovery  Discovery is the process whereby each party has a right to learn about the others evidence. This is where it is determined if evidence is relevant. All evidence must be disclosed in advance.  Evidence not disclosed in advance may be deemed inadmissible.  Includes information that must be provided by each party if requested.  There are many methods of discovery.

27 27 Discovery Methods  Interrogatories  Written answers made under oath to written questions  Requests for admissions  Intended to ascertain the authenticity of a document or the truth of an assertion  Requests for production  Involves the inspection of documents and property  Depositions  Out-of-court testimony made under oath by the opposing party or other witnesses

28 28 Electronic Discovery (E-Discovery)  Zubulake v. USB Warburg (2003) - Landmark case involving e-discovery.  Based on this case, courts recognized five categories of stored data: 1. Active, online data 2. Near-line data 3. Offline storage/archives 4. Backup tapes 5. Erased, fragmented, or damaged data  Increased demand for e-discovery based on this (and other related) rulings.

29 29 Increased Demand for E-Discovery  Most business operations and transactions are done on computers and stored on digital devices.  Most common means of communication are electronic.  People are candid in their e-mail and instant messages.  E-evidence is very difficult to completely destroy (but can be difficult to find).

30 30 Electronic Evidence: Technology and Legal Issues  Discovery requests for electronic information can lead to considerable labor.  Why?  Electronic evidence is volatile and may be easily changed. Requires extra care.  Electronic evidence conversely is difficult to delete entirely. Traces must be located.  Fun Fact: E-mail evidence has become the most common type of e-evidence.

31 31 In Practice: Largest Computer Forensics Case in History—Enron  Government investigators searched more than 400 computers and handheld devices, plus over 10,000 backup tapes.  The investigation also included records from Arthur Andersen, Enron’s accounting firm.  “Explosive” e-mail from J.P. Morgan Chase employees about Enron was part of a corollary case.

32 32 Summary  E-evidence plays an important role in crime reconstruction.  Crimes are not limited to cyber crimes; cybertrails are left by many traditional crimes.  Without evidence of an act or activity that violates a statute, there is no crime.  Rules must be followed to gather, search for, and seize evidence in order to protect individual rights.

33 33 Summary (Cont.)  E-discovery refers to the discovery of electronic documents, data, e-mail, etc.  E-discovery is more complex than traditional discovery of information.  Tools used to recover lost or destroyed data can also be used in e-discovery of evidence.

Download ppt "Crime & Evidence Concepts Computer Forensics BACS 371."

Similar presentations

Introduction to Computer Forensics

Introduction to Computer Forensics
Copyright © 2008 by West Legal Studies in Business A Division of Thomson Learning Chapter 8 Crimes Twomey Jennings Anderson’s Business Law and the Legal.

Copyright © 2008 by West Legal Studies in Business A Division of Thomson Learning Chapter 8 Crimes Twomey Jennings Anderson’s Business Law and the Legal.
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
© 2004 West Legal Studies in Business A Division of Thomson Learning 1 Chapter 8 Criminal Law and Cyber Crimes Chapter 8 Criminal Law and Cyber Crimes.

© 2004 West Legal Studies in Business A Division of Thomson Learning 1 Chapter 8 Criminal Law and Cyber Crimes Chapter 8 Criminal Law and Cyber Crimes.
Chapter 14 Crime and Justice in the New Millennium

Chapter 14 Crime and Justice in the New Millennium
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
Chapter 17 Videotapes, Photographs, Documents, and Writings as Evidence.

Chapter 17 Videotapes, Photographs, Documents, and Writings as Evidence.
U.S. Government Chapter 15 Section 3

U.S. Government Chapter 15 Section 3
INTRODUCTION TO THE LAW OF EVIDENCE

INTRODUCTION TO THE LAW OF EVIDENCE
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.
Computer Forensics BACS 371

Computer Forensics BACS 371
Unit Five Lesson 31 How do the Fourth and Fifth Amendments Protect Against Unreasonable Law Enforcement Procedures.

Unit Five Lesson 31 How do the Fourth and Fifth Amendments Protect Against Unreasonable Law Enforcement Procedures.
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

Similar presentations

Ads by Google