140 likes | 253 Views
Applications with Warrants In Mind. The Law. Why are there laws specifically for computer crimes? A persons reasonable right to privacy The nature of computers and electronics Probable cause. Search and Seizure.
E N D
The Law • Why are there laws specifically for computer crimes? • A persons reasonable right to privacy • The nature of computers and electronics • Probable cause
Search and Seizure • Basically identical to previous laws with exceptions to the actual allowable procedure for searching and/or seizing. • In both cases a warrant must be obtained before searching and seizing, but the conditions for each are different. • The exemption to a warrant is probable cause, but this is difficult for electronics
The Process • Crime is suspected • Suspects are watched • Their system is qualitatively analyzed • When enough substantial evidence is acquired a warrant is requested and granted by a magistrate judge. • They go to physically analyze the system
Important things to Think about • The criminal computers are in most cases standard PC’s or laptops, but also are many times servers. • It is important to know what OS the machine is running. • Is the machine booby trapped? • Where should I look for data?
The File System • Are the desired files hidden within other data types • Could the files be in hidden (invisible) directories • What programs could be running? • Is there a program set to wipe the whole drive upon boot up if a special password or key is not entered.
Time constraints • How long will it take to get the warrant? • With proper evidence it should not take long. • How long will the warrant last? • Usually the warrant will last about a month. • How long is too long to hold on to a suspects computer? • Depends on the nature and size of system.
Analyzing the Evidence • Much of the work in analyzing a system is hardware related • In most cases the first thing to do is make a copy of the hard drive • Once a hard copy is made they data can be sorted with out worry of contamination • They use hard drive duplicators
Forensics Software • SubRosaSoft in addition to making data recovery software for consumers and IT professionals also makes forensics software • MacForensicsLab keeps track of every action and window/button click; records date time of action.
http://www.engadget.com/2007/04/30/subrosasofts-maclockpick-extracts-personal-info-from-os-x/http://www.engadget.com/2007/04/30/subrosasofts-maclockpick-extracts-personal-info-from-os-x/
Acknowledgements • Pictures in slides taken from image.google.com unless a link is provided on the particular slide indicating otherwise • Law information provided from US department of Justice • http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm