Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Forensics BACS 371

Published byReginald Atkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Forensics BACS 371"— Presentation transcript:

1 Computer Forensics BACS 371
Applicable Laws and Statutes

2 Outline Basic Categories of Computer Crime Constitutional Amendments
Relevant Laws & Statutes Pen/Trap Statue Federal Wiretap Act Electronic Communications Privacy Act (ECPA) Privacy Protection Act Foreign Intelligence Surveillance Act (FISA) Computer Fraud & Abuse Act (CFAA) U.S. Patriot Act

3 Categories of Computer Crime1
A computer can be the object of a crime A computer can be the subject of a crime The computer can be used as the tool for conducting or planning a crime Includes… compromising a computer and using that computer as a source for further attacks The symbol of the computer itself can be used to intimidate or deceive The most significant omission, according to Casey, is computers as sources of digital evidence 1 from Donn Parker as described in Eoghan Casey, Digital Evidence and Computer Crime

4 USDOJ Categories1 Hardware as Contraband or Fruits of a Crime
Hardware as an Instrumentality Hardware as Evidence Information as Contraband or Fruits of a Crime Information as an Instrumentality Information as Evidence 1 US Dept of Justice, Search and Seizure Guidelines Document

5 Categories of Computer Crime
Computers as targets Computers as storage devices Computers as communication tools Same ole stuff, but computers are involved!! Computers as targets: Attack on the confidentiality, integrity, or availability of a computer’s information or services. Acquire information on the computer Control the target system without authorization or payment Alter integrity of data or interfere with delivery of service Computers as storage devices: Passive storage of information concerning a crime. Computers as a communication tool: Traditional crimes committed online. or chat used to plan a crime.

6 Computers as Targets Viruses and worms Trojan Horses Theft of Data
Software Piracy Trafficking in stolen goods Defacing Corporate web sites

7 Computers as Means (tool)
Embezzlement Stalking Gambling Pornography Counterfeiting Forgery Theft Identity theft Phishing Pyramid schemes Chain letters

8 Computers as Storage Drug trafficking Book making Burglary Homicide
Child pornography

9 Web Related Crime Cyber-squatting Internet gambling
Cyber stalking and harassment Child pornography Drug dealing Cyber terrorism Cyberplanning

10 The Key Point… The main point is that computers can be used in a wide variety of criminal activities. Since a “crime” requires an existing statute, that places a heavy burden on law makers. More often than not, the law lags behind the crimes that are in progress. The remainder of this slide set talks about the legal “weapons” against cyber crime. As a forensic analyst, you need to know about these laws so you will be aware of what is and is not a “crime”.

11 Constitutional Amendments
There are several Constitutional Amendments that are directly related to computer forensics. The most important one is the 4th Amendment. It protects people from “unreasonable” searching by government agents without probable cause. With the exclusion of a set of “exceptions”, this right cannot be impinged upon. It is important for you to understand it because failure to follow it can render evidence inadmissible. From a forensics standpoint, underlying the 4th Amendment is the right to “privacy.” Surprisingly, this right is not stated anywhere in the Constitution. Rather, it is inferred by the court from several of the Constitutional Amendments.

12 Constitutional Amendments
Other important Amendments to the forensic analyst are the 1st ,5th, and 14th. The 1st Amendment guarantees the right to freedom of speech and religion. Privileged information and what constitutes the “press” are the links to forensics. The 5th relates to self incrimination and guarantees “due process of the law” (which links to forensics). The 14th came about after the Civil War and also supports the notion of “due process of the law.” We will go into detail about the Constitutional Amendments in a later lecture.

13 Laws and Statutes As criminals devise new ways to use computers for crime, the justice system attempts to keep up by making new laws. These laws are written to stop past criminal activity. As technology progresses, the laws have to be re- written and amended. The following are the major laws and statutes used to fight cyber crime.

14 Pen/Trap Statute Governs the collection of non-content traffic data, such as numbers dialed by a particular phone. Section 216 updates the statute in three ways: Law enforcement may use pen/trap orders to trace communications on the Internet and other networks Pen/trap orders issued by federal courts have nationwide effect Law enforcement must file special report when they use a pen/trap order to install their own monitoring device on computers belonging to a public provider This law was updated several times to include the Internet and Cross-state data traffic. With regard to computer networks, the Pen/Trap statute includes most header information (e.g., “to”, and “from” fields, as well as information identifying which computers the passed on its route). If the subject line or the content is captured, then the Wiretap Act is the appropriate statute to consider. Pen register orders require only certification from a law enforcement officer that the information is likely to be relevant (for probable cause purposes). Slide taken directly from slideset associated with: Volonino, Anzaldua, & Godwin “Computer Forensics: Principles and Practices”, Prentice-Hall 2006.

15 Title III of the Omnibus Crime Control and Safe Streets Act of 1968
aka “Federal Wiretap Act” 18 USC § § Covers illegal interception of voice and e-communications in real-time as they traverse networks. Protects against unauthorized interception of communication Delineates specific requirements for wiretapping: Requires probable cause Requires court approval Requires that alternative avenues be exhausted “Innocent” conversations must be excluded Requires disclosure of surveillance upon conclusion of investigation Originally passed in 1968 and focused on telephone calls. Was modified to include computer communications (referred to as “e-communications” in the act). Title III gives greater protection to the contents of communication than it gives to information about the communication.

16 Electronic Communications Privacy Act of 1986
The ECPA (18 USC §§ 2701 – 2712) deals primarily with stored computer files that have been transmitted over a network. 3 main categories are covered: Communications ( , voic , other files) Transactional data (logs of who called who) Subscriber/session information Basically, it amended Title III of the Wiretap Act to extend to different types of electronic communications (including ). In certain situations, ECPA takes precedence over the right to privacy implied by the 4th Amendment Only applies to stored computer information and not to real-time interception (that’s wire-tap act) ECPA allows ISPs to look through all stored messages (including waiting in an inbox and recently sent and received mail). Had a good deal of concern about who the data could be shared with. With proper legal authority, content of stored messages can be seized.

17 Electronic Communications Privacy Act of 1986
Title I Statutory procedures for intercepting wire, oral, and electronic communications Extended to digital communications and non-common carrier communications Title II – Stored Communications Act Protects communications not in transmission which have been stored in some way Title III Provides for law enforcement monitoring of electronic communications Prior to title I, only audio communications were covered (by wiretap act). When computer networks became popular, the old law did not apply. Title II (stored communications act) is designed to protect communications not in transmission that have been stored or saved.

18 Requirements Under Title III
Must be authorized by Federal District Court Judge Must demonstrate probable cause – with specifics Must identify previous attempts at evidence collection and indicate why unsuccessful Generally limited to 30 days Progress reports must be issued every 7-10 days Surveillance must be terminated when objective is met Subjects must be notified when surveillance terminated Service providers must cooperate with authorities possessing a valid court order After surveillance, subject must be given an inventory of what was catalogued. Any party to an illegal interception may be charged with a Federal offense punishable by 5 years in prison and/or fine

19 ECPA Information Categories
Less difficult to acquire Basic Subscriber Information Name, address, telephone connection records, length of service, subscriber identity, means and sources of payment Records Pertaining to a Subscriber Account logs, cell site data, addresses, … Contents Actual files stored in the account “Electronic Storage” contents for ECS providers Contents stored by RCS providers Contents held by neither As you move down the list, the information becomes harder to get (from a legal standpoint). More privacy concerns to get content than to get name and address. More difficult to acquire

20 ECPA Mechanisms for Government Entity to Compel Disclosure
Subpoena Basic Subscriber information Subpoena without Prior Notice Opened Court Order Account logs and transactional records Court Order without Prior Notice Everything in an account except for unopened Search Warrant Full contents of account No notice to subscriber required Less difficult to acquire This is the range of mechanisms used to get the different categories of information. Note that Subpoena relatively “easier” to get than a full search warrant. This is due to the fact that the legal system wants to preserve 4th amendment privacy rights. More difficult to acquire

21 Privacy Protection Act of 1980
PPA (42 USC § 2000) Unlawful for local, state, or Federal law enforcement authorities to search or seize those materials which may be publishable Expand the 1968 Wiretap Act to include electronic bulletin boards Protects “work product” including impressions, conclusions, opinions, or theories “documentary materials” including mechanically, magnetically, or electronically recorded cards, tapes or discs

22 Privacy Protection Act of 1980
Matters when search may result in seizure of 1st Amendment materials (publishing, …) “Congress probably intended the PPA to apply only when law enforcement intentionally targeted First Amendment material that related to a crime.” Incidental seizure of PPA-protected material commingled on a suspect’s computer with evidence of a crime does not give rise to PPA liability. However, subsequent search of such material was mostly forbidden This puts analyst in the difficult position of having to search through things it’s okay to look at and not through things it is not okay to look at.

23 Foreign Intelligence Surveillance Act (FISA) of 1978
Regulates wiretaps in national security cases Broader than Title III Allows more invasive searches Lower probable-cause threshold Differences No requirement to disclose content or existence of surveillance No protection for non-US citizens For citizens, probable cause that criminal activity engagement is required For others, suspicion of criminal activity is not required Allows wiretapping in the US based on probable cause that person is a terrorist

24 Computer Fraud and Abuse Act
Computer Fraud and Abuse Act (CFAA) First law to address computer crime in which the computer is the subject of the crime First law that does not have an analog to traditional crime CFAA has been used to prosecute virus creators, hackers, information and identity thieves, and people who use computers to commit fraud Slide taken directly from slideset associated with: Volonino, Anzaldua, & Godwin “Computer Forensics: Principles and Practices”, Prentice-Hall 2006.

25 Computer Fraud and Abuse Act of 1986
Originally, very narrow in scope and not very effective Makes it… A felony to knowingly access a computer without authorization, or in excess of authorization, in order to obtain classified United States defense or foreign relations information. A misdemeanor to knowingly access a computer without authorization, in excess of authorization, in order to obtain information contained in a financial record of a financial institution or in a consumer file of a consumer reporting agency. A misdemeanor to knowingly access a computer without authorization, or in excess of authorization, in order to use, modify, destroy, or disclose information in, or prevent authorized use of, a computer operated on behalf of the United States if such conduct would affect the government’s use of the computer. The Act also made it a crime to attempt to or conspire to commit any of the three acts defined above.

26 Computer Fraud and Abuse Act of 1986 - Revised
Original Act was modified to include: Federal Interest Computer – expanded to include any computer which is used in interstate or foreign commerce or communications Expanded criminal intent from “knowingly” to “intentionally” Made it a misdemeanor to gain unauthorized access to financial information from any financial institution or credit reporting agency, any information in the possession of the government, any private information where the defendants conduct involved interstate or foreign commerce A felony if the activity involved an expectation of gain or if the offense was in the furtherance of another crime Current Act protects computers involved in Interstate commerce or communication, Federal Interest, Government computers Illegal actions included theft, destruction, or corruption of sensitive information

27 Computer Fraud and Abuse Act of 1986 – Further Amendments
1988 Protections expanded to include all FDIC-insured institutions 1990 Expanding protections to foreign banks 1994 Developed three levels of intent Intentional – did it on purpose Reckless – should have known better Negligent – you were careless, but didn’t mean to Incorporated provisions for Denial of Service (DoS) attacks and potential harm to systems or components

28 Key Terms in the CFAA Key Terms This Term Means . . .
Protected computer A protected computer means a computer that: Is used by a financial institution Is used by the U.S. government Affects domestic, interstate commerce Affects foreign commerce Authorized access Two categories of unauthorized access: Without authorization Exceeding authorized access Damage Damage is defined as any impairment to the integrity or availability of data Slide taken directly from slideset associated with: Volonino, Anzaldua, & Godwin “Computer Forensics: Principles and Practices”, Prentice-Hall 2006.

29 Key Terms in the CFAA (Cont.)
This Term Means . . . Loss Any reasonable cost to any victim, including: Responding to an offense Conducting a damage assessment Restoring the data, program, etc. Lost revenue or other damages Conduct Determines if the damage done was: Intentional conduct Reckless conduct Negligent Slide taken directly from slideset associated with: Volonino, Anzaldua, & Godwin “Computer Forensics: Principles and Practices”, Prentice-Hall 2006.

30 USA PATRIOT Act1 Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Greatly broadened FBI’s authority to gather electronic evidence Allows: Intercept voice communications in computer hacking cases Trace communications on the Internet Subpoena for cable company records Intercept communications of computer trespassers ISPs can disclose content and non-content information in emergency situations Nationwide search warrants for “Sneak & Peek” – Permits investigator to delay notification of “search” Establishment of Regional Computer Forensic laboratories 1http://

Download ppt "Computer Forensics BACS 371"

Similar presentations

Key New Surveillance Provisions Professor Peter P. Swire Ohio State University Privacy 2001 Conference October 4, 2001.

Key New Surveillance Provisions Professor Peter P. Swire Ohio State University Privacy 2001 Conference October 4, 2001.
Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.

Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.
Copyright © 2008 by West Legal Studies in Business A Division of Thomson Learning Chapter 8 Crimes Twomey Jennings Anderson’s Business Law and the Legal.

Copyright © 2008 by West Legal Studies in Business A Division of Thomson Learning Chapter 8 Crimes Twomey Jennings Anderson’s Business Law and the Legal.
©The USA PATRIOT Act and You: A Legal Update Jennifer Stisa Granick, Esq. Stanford Law School Center for Internet & Society 559 Nathan Abbott Way Stanford,

©The USA PATRIOT Act and You: A Legal Update Jennifer Stisa Granick, Esq. Stanford Law School Center for Internet & Society 559 Nathan Abbott Way Stanford,
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Copyright 2005 - 2009: Hi Tech Criminal Justice, Raymond E. Foster Police Technology Police Technology Chapter Fourteen Police Technology Wiretaps.

Copyright : Hi Tech Criminal Justice, Raymond E. Foster Police Technology Police Technology Chapter Fourteen Police Technology Wiretaps.
2 Language of Computer Crime Investigation

2 Language of Computer Crime Investigation
Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.

Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 12: Federal Rules and Criminal Codes.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 12: Federal Rules and Criminal Codes.
Legal Considerations in Obtaining Electronic Evidence in Online Investigations CSC 486/586 1.

Legal Considerations in Obtaining Electronic Evidence in Online Investigations CSC 486/586 1.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
USA PATRIOT ACT USA PATRIOT ACT

USA PATRIOT ACT USA PATRIOT ACT
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Chapter 15 Counter-terrorism. Introduction  United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.

Chapter 15 Counter-terrorism. Introduction  United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
U.S criminal law’s reinforcement of technological measures protecting property: where the DMCA fits in Elliot N. Turrini Assistant U.S. Attorney Computer.

U.S criminal law’s reinforcement of technological measures protecting property: where the DMCA fits in Elliot N. Turrini Assistant U.S. Attorney Computer.
Chapter 10 Privacy and the Police State. Governmental Intrusion into Individual Privacy Affects written and oral communications Data-GPS coordinates Fourth.

Chapter 10 Privacy and the Police State. Governmental Intrusion into Individual Privacy Affects written and oral communications Data-GPS coordinates Fourth.
GOVERNMENT ACCESS TO ELECTRONIC COMMUNICATIONS – UPDATING THE RULES EDUCAUSE Live! June 9, 2010 James X. Dempsey Center for Democracy & Technology 1.

GOVERNMENT ACCESS TO ELECTRONIC COMMUNICATIONS – UPDATING THE RULES EDUCAUSE Live! June 9, 2010 James X. Dempsey Center for Democracy & Technology 1.

Similar presentations

Ads by Google