190 likes | 404 Views
2. Roles of Computers. Crimes directed against a computerCrimes where the computer contains evidenceCrimes where the computer is used to commit the crime. 3. Searching and Seizing by the Organization that Owns the Computer. May be governed by the Electronic Communications Privacy Act and other pri
E N D
1. Cyber Crime I Search & Seizure, Human Factors
2. 2 Roles of Computers Crimes directed against a computer
Crimes where the computer contains evidence
Crimes where the computer is used to commit the crime
3. 3 Searching and Seizing by the Organization that Owns the Computer May be governed by the Electronic Communications Privacy Act and other privacy acts and regulations
Reasonable expectation of privacy
Not governed by the Fourth Amendment
May not be acting as an agent of law enforcement
Organizations should have explicit policy that permits such searches
4. 4 Expectation of Privacy
5. 5 DoJ Manual’s Types of Search and Seizure Search the computer and print out a hard copy of particular files at that time
Avoid at all costs – can pollute the evidence
Search the computer and make an electronic copy of particular files at that time
Avoid at all costs
Create a duplicate electronic copy of the entire storage device on-site, and then later recreate a working copy of the storage device off-site for review
A good approach if limited by operational constraints
Seize the equipment, remove it from the premises, and review its contents off-site
Best approach where possible
6. 6 Computer Records as Evidence - Fed. R. Evid. 803(6): The Business Records Exception
7. 7 Types of Computer Records Under Rule 803(6) Computer-stored records
Email
Document files
Spreadsheets
Computer-generated files
Logs
Both stored and generated
Files that are created by users but require processing by the computer
Some parts may be covered, some may not
8. 8 Aspects of Evidence Authenticity
Best evidence
Probative
Fruit of the poisoned tree
Computer records as summaries
9. 9
10. 10 Key Issues Motive
Means
Opportunity
11. 11 Relate to the Notion of Threat Agents
12. 12 Jones’ Motivation Taxonomy Political
Secular
Crime
Personal gain
Revenge
Financial
Knowledge or information
Peer recognition
Power
Curiosity
Religion
Terrorism
Competitive advantage
Belief
13. 13 Means Relates to Access and Methods How did the attacker enter the target system?
What were the access paths?
Internal
External
Jones’ Capability Taxonomy
Software
Scripts
Technology
Facilities
Education and training
Methods
Books and manuals
14. 14 Opportunity Taken with means helps determine if the suspect is a credible attacker
Education/training
Tools/scripts
Knowledge of the victim system
Assistance
Associates
Groups
Insider help
15. 15 FBI Adversarial Matrix - Organizational
16. 16 FBI Adversarial Matrix - Operational
17. 17 FBI Adversarial Matrix - Behavioral
18. 18 FBI Adversarial Matrix - Resource
19. 19