110 likes | 242 Views
Brendan James. C omputer forensics and crime. Computer Crime. Definition (Wikipedia): Criminal activity where a computer or network is the source, tool, target, or place of a crime. Illegal Access Illegal Interception Data Interference (Deletion, Alteration) Systems Interference
E N D
Brendan James Computer forensics and crime
Computer Crime • Definition (Wikipedia): • Criminal activity where a computer or network is the source, tool, target, or place of a crime. • Illegal Access • Illegal Interception • Data Interference (Deletion, Alteration) • Systems Interference • Forgery (ID theft) • Electronic Fraud
Computer Crime Over Time • 1991 – Estimated $5B in losses due to computer crime • 2005 – Est. $10B in losses
Computer Crime Issues • Tangible vs. Intangible • The amount of damage / theft a single person can commit is less restricted, compared to theft in a purely tangible world. • Unlimited information at their reach • From virtually anywhere • Legal + Illegal • A person might use the same computer for both legal and illegal purposes. • Depending on the legal purpose and the person’s country, seizing a computer may cause unforeseen problems. • The internet is open to all people, can everyone be trusted?
Computer Crime Issues (cont.) • Anonymity vs. Accountability • Many people using computers for legal purposes desire to be anonymous • So do criminals • Law Enforcement and society may benefit more from Accountability • A middle ground: Confidentiality • You are essentially anonymous; your identification is known to a third party
Class Discussion • Should an internet user’s identification be anonymous, confidential, known, or something else? • Should the same policy apply to all the internet, or should it vary based on the content, audience or
Computer Forensics • Definition (Wikipedia): • The art and science of applying computer science to aid the legal process. • What computer forensics experts do: • Identify sources of digital evidence • Preserve the evidence • Analyze the evidence • Present the findings
What might a computer forensics expert do? • Imaging of hard drives in a forensically sound manner (not altering any data) • Recovery of deleted files, emails, instant messages, pictures, audio and video files
What might a computer forensics expert do? (cont.) • Discovery of evidence of websites visited and time spent viewing each website • Discovery of evidence of internet downloads, faxes sent and received • Preservation of legal chain of custody and forensic integrity of data • Third-party expert witness testimony
Computer Forensic Cautions • Be sure that no evidence is altered, damaged or lost • No viruses are introduced during the analysis process • Evidence is handled so it is not compromised by mechanical or electromagnetic interference