SAK 4801 SPECIAL TOPICS IN COMPUER SCIENCE II Chapter 2 Law and Computer Forensics Mohd Taufik Abdullah Department of Computer Science Faculty of Computer Science and Information Technology University Putra of Malaysia Room No: 2.28 Portions of the material courtesy EC-Council
Learning Objectives At the end of this chapter, you will be able to Understand cyber law and computer forensics Reporting security breaches to law enforcement Building the cyber crime case Initiate an investigation Legal issues involved in seizure of computer equipment Understand privacy issues regarding computer forensics
Chapter 2 Outline 2.1. Cyber Law and Computer Forensics 2.2. Reporting Security Breaches to Law Enforcement 2.3. Federal Law (computer crimes) 2.4. Building cyber crime case 2.5. How the FBI Investigates Computer Crime 2.6. How to Initiate an Investigation 2.7. Legal Issues Involved in Seizure of Computer Equipments 2.8. Privacy Issues Involved in Investigation 2.9. International Issues Related to Computer Forensics 2.10. Cyber Crime Investigation
2.1 Cyber Law and Computer Forensics
2.1.1 What Is Cyber Crime? Cyber Crime is Crime directed against a computer Crime where the computer contains evidence Crime where the computer is used as a tool to commit the crime “Any crime in which computer-related technology is encountered.”
2.1.2 What is Computer Forensics? Discipline using predefined procedures to thoroughly examine a computer system to extract the evidence Objectives of a computer forensics investigator: To determine the nature and events concerning a crime To locate the perpetrator by following a structured investigative procedure Methodology: Acquire Authenticate Analyze
2.1.3 Computer Facilitated Crimes Our dependency on computer has given way to new criminal opportunities Computers are increasingly being used as a tool for committing crimes Computer crimes are posing new challenges for investigators due to the following reason Speed Anonymity Fleeting nature of evidence
2.1.3 Computer Facilitated Crimes (Cont.) Speed The proliferation of PCs and Internet access has made the exchange of information quick and inexpensive The use of easily available tools and the proliferation of underground hacking groups have made it easier to commit cyber crimes. Anonymity The Internet allows anyone to hide his identity while committing crimes E-mail spoofing, creating fake profiles, and committing identity theft are common occurrences, and there is nothing to stop it, making investigation difficult. Fleeting nature of evidence
2.1.3 Computer Facilitated Crimes (Cont.) Fleeting nature of evidence The volatility or transient nature of evidence is causing problem for investigators, as there is no collateral or forensic evidence such as eyewitnesses, fingerprints or DNA, making these crimes much harder to prosecute.
2.1.4 Cyber Laws Came into existence as conventional laws were of little use to sentence perpetrators Defines rules on what data is protected and what is available Defines ownership of data and data storage devices Defines rules for digital certificates and authentication algorithms
2.1.5 Approaches to Formulate Cyber Laws Formulation or extending laws by nations within their boundaries Multi-lateral international agreements for Internet Establishing a standardized international body Guidelines and rules from the user end
2.1.5 Some Areas Addressed By Cyber Laws Computer crime Intellectual property Searching and seizing computers Cyberstalking Data protection and privacy Telecommunications laws
2.2 Reporting Security Breaches to Law Enforcement
2.2.1 In the USA Type of crime Appropriate federal investigative Law Agencies Computer intrusion (i.e. hacking) Password trafficking FBI local office U.S. Secret Service Internet Fraud Complaint Center Internet fraud and SPAM U.S. Secret Service (Financial Crimes Division) Federal Trade Commission (online complaint Internet harassment
2.2.1 In The USA (Cont.) Type of crime Appropriate federal investigative Law Agencies Child Pornography or Exploitation FBI local office U.S. Customers and Border Patrol Protection Local Office Internet Fraud Complaint Center Copyright(Software, movie, sound recording) piracy Trademark counterfeiting If imported, U.S. Customs and Border Patrol Protection Local Office Theft of trade secrets
2.2.1 In The USA (Cont.) Type of crime Appropriate federal investigative Law Agencies Trafficking in explosive or incendiary devices or firearms over the Internet FBI local office ATF local office Copyright(Software, movie, sound recording) piracy If imported, U.S. Customs and Border Patrol Protection Local Office Internet Fraud Complaint Center Theft of trade secrets
2.2.2 Investigative Agency in the USA Federal Bureau of Investigation (FBI) Protect U.S. against terrorist, cyber based attacks and foreign intelligence operations and espionage Acting as leading law enforcement bureau for investigating cyber attacks by foreign rivals and terrorist Prevent criminals, sexual predators, and others target on malevolent destruction from accessing the Internet National Infrastructure Protection Center (NIPC) For threat assessment, warning, investigation, and response to threats or attacks against critical information infrastructure such banking, telecommunications, energy, water systems, government operations, and emergency service.
2.2.2 Investigative Agency in the USA (Cont.) National Infrastructure Protection Center (NIPC) For threat assessment, warning, investigation, and response to threats or attacks against critical information infrastructure such banking, telecommunications, energy, water systems, government operations, and emergency service. Developed the “InfraGard” iniative.
2.3 Federal Law (Computer Crimes)
2.3 Federal Law (Computer Crimes) To investigate computer-related crimes the FBI uses the following statues: 18 U.S.C. 875: Interstate Communications: Including Threats, Kidnapping, Ransom, Extortion 18 U.S.C. 1029: Fraud and related activity in connection with access devices 18 U.S.C. 1030: Fraud and related activity in connection with computers 18 U.S.C. 1343: Fraud by wire, radio or television 18 U.S.C. 1361: Injury to Government Property 18 U.S.C. 1362 Government communication systems 18 U.S.C. 1831 Economic Espionage Act 18 U.S.C. 1832 Theft of Trade Secrets
2.4 Building Cyber crime case
2.4 Building Cyber Crime Case Identification of evidence Collecting and preserving digital evidence Factors that complicate prosecution Overcoming the obstacles.
2.5 How the FBI Investigates Computer Crimes
2.5 How the FBI investigates Computer Crime FBI investigates incident when: Federal criminal code violation occurs Federal violation factors validates FBI uses: Various technical programs to address the complexity Sophisticated methods for investigation. Specialized cyber squads for expert assistance
2.6 How to Initiate an Investigation
2.6 How to Initiate an Investigation Following points to be considered: Reportable versus nonreportable Choice to go civil instead of criminal Acceptable-Use policy violations EC-Council
2.7 Legal Issues Involved in Seizure of Computer Equipments
2.7 Legal Issues Involved in Seizure of Computer Equipments Need for technical expertise Limit seizure of hardware Impact of presence of privileged or protected material in a computer system Stored electronic communication Consent of network system administrator
2.7.1 Seizure With a Warrant Law enforcement must establish "probable cause, supported by Oath or affirmation” Description of place, thing or person is necessary Drafting of warrant should be in such a way that it authorizes the agent to take necessary step Supporting affidavit should explain the possible search strategies
2.7.2 Seizure Without a Warrant Search can be initiated without warrant if any one of the following is there: Consent Authority has given the consent voluntarily. Third party has given the consent. Implied consent. Exigent circumstances Plain view Search incident to lawful arrest search strategies
2.8 Privacy Issues Involved in Investigation
2.8 Privacy Issues Involved in Investigations Reasonable Expectation of Privacy in Computers as Storage Devices Reasonable Expectation of Privacy and Third-Party Possession Private Searches Reasonable Expectation of Privacy in Public Workplaces
2.9 International Issues Related to Computer Forensics
2.9 International Issues Related to Computer Forensics Electronic evidence located outside the borders of the country Seeking assistance from law enforcement authorities in different country Preservation of evidence Consistency with all legal systems Allowance for the use of common language Applicability to all forensic evidence Applicability at every level
2.10 Cyber Crime Investigation
2.10 Cyber Crime Investigation Acquisition of the data from the system from which the digital crime has been committed Identification of the digital evidence from the crime Evaluation and analysis of the evidence Presentation of the evidence to the court
Summary
Cyber crime has originated from the growing dependence on computers in modern life Various Law Enforcement Agencies such as FBI,NIPC investigate computer facilitated crimes and help in tracking cyber criminals Federal laws related to computer crime,cyberstalking, search and seizure of computer,intellectual property rights are discussed Building a cyber crime case and initiating investigation are crucial areas
End of Chapter 2