Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 12: Federal Rules and Criminal Codes.

Published byMorris Turner Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 12: Federal Rules and Criminal Codes."— Presentation transcript:

1 Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 12: Federal Rules and Criminal Codes

2 © Pearson Education Computer Forensics: Principles and Practices 2 Objectives Identify federal rules of evidence and other principles of due process of the law Explain the legal foundation and reasons for pretrial motions regarding evidence Identify the limitations on expectations of privacy Explain the major anticrime laws and amendments impacting discovery and use of e-evidence

3 © Pearson Education Computer Forensics: Principles and Practices 3 Introduction In this chapter you will learn about the due process of law, federal rules of evidence and procedure, and anticrime laws. You will learn about the authority granted to investigators under privacy laws and the limitations those laws impose to protect civil rights.

4 © Pearson Education Computer Forensics: Principles and Practices 4 Due Process of the Law Due process of the law is a fundamental principle to ensure all civil and criminal cases follow rules to prevent prejudicial treatment Primary rules ensuring due process:  Federal Rules of Civil Procedure  Federal Rules of Criminal Procedure  Federal Rules of Evidence

5 © Pearson Education Computer Forensics: Principles and Practices 5 Due Process of the Law (Cont.) Federal rules of procedure regulate production of evidence  Amendment to Rule 34 made electronic data subject to discovery  This change raised issues about e-evidence How can evidence be authenticated, proved reliable, and determined to be admissible in criminal and civil proceedings

6 © Pearson Education Computer Forensics: Principles and Practices 6 In Practice: Supreme Court Approves E-Discovery Changes In April 2006, U.S. Supreme Court approved proposed amendments to the Federal Rules of Civil Procedure concerning discovery of “electronically stored information” Amendments will impose greater precision and change the way lawyers and courts approach e-discovery

7 © Pearson Education Computer Forensics: Principles and Practices 7 Due Process of the Law (Cont.) Federal Rules of Evidence adopted in 1975 Rules govern the admissibility of evidence, including electronic records or data Some rules are exclusionary rules that specify types of evidence that can be excluded In establishing admissibility, many rules concentrate first on evidence’s relevancy

8 © Pearson Education Computer Forensics: Principles and Practices 8 Due Process of the Law (Cont.) Exclusionary rules test whether evidence will be admissible Exclusionary rules pertain to:  Relevancy  Privilege  Opinion of expert  Hearsay  Authentication

9 © Pearson Education Computer Forensics: Principles and Practices 9 Federal Rules of Evidence Pertaining to E-Evidence Federal Rules of EvidenceDescription Rule 104(a) Preliminary questions of admissibility generally Preliminary questions concerning the qualification of an expert witness or the admissibility of evidence are decided by the court Rule 401. Definition of Relevant Evidence Relevant evidence means evidence that can make some fact or issue more probable or less probable than it would be without the evidence Rule 402. Relevant Evidence Generally Admissible; Irrelevant Evidence Inadmissible All relevant evidence is admissible, except as otherwise provided by the Constitution of the United States, by Act of Congress, by these rules, or by other rules of the Supreme Court (Continued)

10 © Pearson Education Computer Forensics: Principles and Practices 10 Federal Rules of Evidence Pertaining to E-Evidence (Cont.) Federal Rules of EvidenceDescription Rule 702. Testimony by ExpertsThis rule broadly governs the admissibility of expert testimony Rule 704. Opinion on Ultimate IssueTestimony in the form of an opinion— that is not inadmissible for some other reason—is allowed Rule 802. Hearsay RuleHearsay is not admissible except as provided by these rules or by other rules of the Supreme Court

11 © Pearson Education Computer Forensics: Principles and Practices 11 Due Process of the Law (Cont.) Hearsay evidence  Hearsay Rule 802 can block admissibility except in case of an exception  Electronic records that are business records are admissible under the business records exception rule Motions to suppress evidence are handled before trial in a motion in limine

12 © Pearson Education Computer Forensics: Principles and Practices 12 Due Process of the Law (Cont.) Under Federal Rule 702, a forensic investigator’s qualifications or tools or methods used in an investigation can be objected to From 1923 to 1993, the Frye test was used to determine admissibility of expert witness testimony and methodologies In 1993, the Daubert test replaced the Frye test

13 © Pearson Education Computer Forensics: Principles and Practices 13 Due Process of the Law (Cont.) To determine admissibility, a judge must decide:  Whether the theory or technique can be and has been tested  Whether it has been subjected to peer review and publication  The known or potential error  The general acceptance of the theory in the scientific community  Whether the proffered testimony is based upon the expert’s special skill

14 © Pearson Education Computer Forensics: Principles and Practices 14 Due Process of the Law (Cont.) A physical document can be authenticated by direct evidence or circumstantial evidence  Examples of circumstantial evidence include document’s appearance, content, or substance The same circumstantial evidence courts use to authenticate physical documents applies to e-mail messages Rule 901 requires that the person who introduces the message provide evidence sufficient to prove that the message is what its proponent claims it is

15 © Pearson Education Computer Forensics: Principles and Practices 15 Due Process of the Law (Cont.) Reliability of e-evidence and methods used must also be established by proving that  The computer equipment is accepted as standard and competent and was in good working order  Qualified computer operators were employed  Proper procedures were followed in connection with the input and output of information  A reliable software program and hardware were used  Equipment was programmed and operated correctly  Exhibit is properly identified as the output in question

16 © Pearson Education Computer Forensics: Principles and Practices 16 Due Process of the Law (Cont.) Circumstantial e-mail evidence authenticates other e-mail  E-mail messages not directly relevant may be relevant when used to authenticate other messages  Content of messages may have a style similar to that in other documents Circumstantial evidence can also be used to authenticate chat room sessions

17 © Pearson Education Computer Forensics: Principles and Practices 17 In Practice: The Importance of Style In a sexual harassment case, a manager produced an e-mail supposedly sent by an employee Computer forensics investigation concluded it was impossible to prove the e-mail had been sent by the employee The employee produced e-mail messages that differed markedly in style from the one the manager had received

18 © Pearson Education Computer Forensics: Principles and Practices 18 Anticrime Laws Electronic Communications Privacy Act of 1986  Applies to stored files that had been transmitted over a network  Goal is to balance privacy rights with law enforcement needs Limitations of privacy laws Courts’ interpretation of Fourth Amendment protection

19 © Pearson Education Computer Forensics: Principles and Practices 19 In Practice: Constitutional Rights Are Not Unlimited Alan Scott shredded documents that contained evidence of tax evasion, then argued that shredding created a reasonable expectation of privacy Use of technology (the shredder) does not provide constitutional protection Reconstruction of documents did not violate expectation of privacy because he had no foundation for that expectation

20 © Pearson Education Computer Forensics: Principles and Practices 20 Anticrime Laws (Cont.) Federal Wiretap Statue of 1968  ECPA amended this statute to include interception of electronic communications, including e-mail  USA PATRIOT act also expanded the list of activities for which wiretaps can be ordered  Wiretaps are ordered when terrorist bombings, hijackings, or other violent crimes are suspected  Statute requires that recordings captured with the wiretap must be given to the judge within a reasonable amount of time

21 © Pearson Education Computer Forensics: Principles and Practices 21 Anticrime Laws (Cont.) Pen/Trap Statute, Section 216  Governs the collection of noncontent traffic data, such as numbers dialed by a particular phone  Section 216 updates the statute in three ways: Law enforcement may use pen/trap orders to trace communications on the Internet and other networks Pen/trap orders issued by federal courts have nationwide effect Law enforcement must file special report when they use a pen/trap order to install their own monitoring device on computers belonging to a public provider

22 © Pearson Education Computer Forensics: Principles and Practices 22 Anticrime Laws (Cont.) Counterfeit Access Device and Computer Fraud and Abuse Act  This act primarily covered illegal access or use of protected government systems  Aimed at individuals who broke into or stole information from government computers  Law was too narrow so it was amended twice Through CFAA in 1994 Through National Information Infrastructure Protection Act (NII) in 1996

23 © Pearson Education Computer Forensics: Principles and Practices 23 In Practice: Federal Wiretap Authority Two sources of authority for federal wiretaps within the United States  Federal Wiretap Act (Title III) of 1968 Sets procedures for real-time surveillance of voice, e- mail, fax, and Internet communications  Foreign Intelligence Surveillance Act (FISA) of 1978 Allows wiretapping based on probable cause that the person is a member of a foreign terrorist group or agent of foreign power

24 © Pearson Education Computer Forensics: Principles and Practices 24 Anticrime Laws (Cont.) USA PATRIOT Act  This act greatly broadened the FBI’s authority to monitor phone conversations, e-mail, pagers, wireless phones, computers, and other electronic communications  This act made it lawful for an officer to intercept a computer trespasser’s wire or electronic communication transmitted to or through a protected computer

25 © Pearson Education Computer Forensics: Principles and Practices 25 Anticrime Laws (Cont.) USA PATRIOT Act authorizations include:  Intercepting voice communications in computer hacking investigations  Allowing law enforcement to trace communications on the Internet and other computer networks within the pen and trap statute  Intercepting communications of computer trespassers  Writing nationwide search warrants for e-mail  Deterring and preventing cyberterrorism

26 © Pearson Education Computer Forensics: Principles and Practices 26 Anticrime Laws (Cont.) USA PATRIOT Act (cont.)  Act changed the point at which targets are notified of the search  Delayed notification is called the sneak and peek provision  Law enforcement can delay notification for up to 90 days or even longer by showing good cause for delay

27 © Pearson Education Computer Forensics: Principles and Practices 27 Anticrime Laws (Cont.) USA PATRIOT Act (cont.)  Expanded power for surveillance: Judicial supervision of telephone and Internet surveillance by law enforcement is limited Law enforcement and intelligence agencies have broad access to sensitive medical, mental health, financial, and educational records with limited judicial oversight Government has power to conduct secret searches of individuals’ homes and businesses, including monitoring books bought from bookstores or borrowed from libraries

28 © Pearson Education Computer Forensics: Principles and Practices 28 Anticrime Laws (Cont.) USA PATRIOT Act (cont.)  Requires an agency that sets up surveillance to identify: Any officers who installed or accessed the device to obtain information from the network The date and time the device was installed and uninstalled, and the duration of each time the device was accessed The configuration of the device at the time of installation, plus any later modification Any information that the device has collected

29 © Pearson Education Computer Forensics: Principles and Practices 29 In Practice: Defendant’s Attempt to Exclude E-Evidence Rejected U.S. Court of Appeals rejected a defendant’s efforts to exclude evidence that had been obtained using cell-site data Defendant argued that his phone had been turned into a tracking device Court ruled that this data fell into the realm of electronic communication and suppression was not a remedy for legal interception of electronic communications

30 © Pearson Education Computer Forensics: Principles and Practices 30 Anticrime Laws (Cont.) Electronic surveillance issues  In 2005 – 2006, it was reported that President George W. Bush had authorized the NSA to spy on Americans without warrants  Administration justified action as required to combat terrorism  Legal scholars argued that this warrantless wiretapping in violation of FISA and bypassing Congress constituted an impeachable offense

31 © Pearson Education Computer Forensics: Principles and Practices 31 Anticrime Laws (Cont.) Computer Fraud and Abuse Act (CFAA)  First law to address computer crime in which the computer is the subject of the crime  CFAA has been used to prosecute virus creators, hackers, information and identity thieves, and people who use computers to commit fraud

32 © Pearson Education Computer Forensics: Principles and Practices 32 Key Terms in the CFAA Key TermsThis Term Means... Protected computerA protected computer means a computer that:  Is used by a financial institution  Is used by the U.S. government  Affects domestic, interstate commerce  Affects foreign commerce Authorized accessTwo references regarding authorized access:  Without authorization  Exceeding authorized access DamageDamage is defined as any impairment to the integrity or availability of data (Continued)

33 © Pearson Education Computer Forensics: Principles and Practices 33 Key Terms in the CFAA (Cont.) Key TermsThis Term Means... LossAny reasonable cost to any victim, including:  Responding to an offense  Conducting a damage assessment  Restoring the data, program, etc.  Lost revenue or other damages ConductDetermines if the damage done was intentional, reckless, or negligent  Intentional conduct  Reckless conduct

34 © Pearson Education Computer Forensics: Principles and Practices 34 In Practice: Applying Crime Laws Drugs known as “research chemicals” were sold openly from U.S. Web sites to customers around the world In 2004, the DEA shut down the Web sites and arrested site operators Web site operators were prosecuted under a law that prohibits possession and supply of chemicals “substantially similar” to controlled substances

35 © Pearson Education Computer Forensics: Principles and Practices 35 Summary You have learned about the Federal Rules of Evidence and Procedure Actual cases and court decisions were presented to illustrate the challenges an investigator faces Before seizing computers, Fourth Amendment search warrant requirements need to be met

36 © Pearson Education Computer Forensics: Principles and Practices 36 Summary (Cont.) The Electronic Communication Privacy Act (ECPA) must be considered Anticrime legislation such as the USA PATRIOT Act provides greater authority to law officials and investigators Ethical issues and dilemmas will be covered in the next chapter

Download ppt "Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 12: Federal Rules and Criminal Codes."

Similar presentations

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.

Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.
Key New Surveillance Provisions Professor Peter P. Swire Ohio State University Privacy 2001 Conference October 4, 2001.

Key New Surveillance Provisions Professor Peter P. Swire Ohio State University Privacy 2001 Conference October 4, 2001.
SEARCH AND SEIZURE: COMPLICATED BY TECHNOLOGY

SEARCH AND SEIZURE: COMPLICATED BY TECHNOLOGY
Northside I.S.D. Acceptable Use Policy 2009-2010.

Northside I.S.D. Acceptable Use Policy
ISRCL- Young Lawyers Anthony Gett Barrister & Senior Legal Officer Commonwealth Director of Public Prosecutions (Australia)

ISRCL- Young Lawyers Anthony Gett Barrister & Senior Legal Officer Commonwealth Director of Public Prosecutions (Australia)
LEGAL CONSIDERATIONS OF FORENSIC SCIENCE CHAPTER 2.

LEGAL CONSIDERATIONS OF FORENSIC SCIENCE CHAPTER 2.
Chapter 18: The Federal Court System Section 2

Chapter 18: The Federal Court System Section 2
Copyright 2005 - 2009: Hi Tech Criminal Justice, Raymond E. Foster Police Technology Police Technology Chapter Fourteen Police Technology Wiretaps.

Copyright : Hi Tech Criminal Justice, Raymond E. Foster Police Technology Police Technology Chapter Fourteen Police Technology Wiretaps.
Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.

Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
Patriot Act October 26, 2001. United (and) Strengthening America (by) Providing appropriate tools required (to) intercept (and) obstruct Terrorism Act.

Patriot Act October 26, United (and) Strengthening America (by) Providing appropriate tools required (to) intercept (and) obstruct Terrorism Act.
Effects of Counterterrorism Legislation post 09/11 James J. Clements Honors Colloquium May 3 rd, 2007.

Effects of Counterterrorism Legislation post 09/11 James J. Clements Honors Colloquium May 3 rd, 2007.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
USA PATRIOT ACT USA PATRIOT ACT

USA PATRIOT ACT USA PATRIOT ACT
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Chapter 15 Counter-terrorism. Introduction  United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.

Chapter 15 Counter-terrorism. Introduction  United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
Legal Issues Computer Forensics COEN 252 Drama in Soviet Court. Post-Stalin (1955). Painted by Solodovnikov. Oil on Canvas, 110 x 130 cm.

Legal Issues Computer Forensics COEN 252 Drama in Soviet Court. Post-Stalin (1955). Painted by Solodovnikov. Oil on Canvas, 110 x 130 cm.

Similar presentations

Ads by Google