Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Information System Security: Text and Cases

Published byDennis Woods Modified over 9 years ago

Similar presentations

Presentation on theme: "Principles of Information System Security: Text and Cases"— Presentation transcript:

1 Principles of Information System Security: Text and Cases
Gurpreet Dhillon PowerPoint Prepared by Youlong Zhuang University of Missouri-Columbia

2 Principles of Information System Security: Text and Cases
Chapter Fifteen Computer Forensics

3 Copyright 2006 John Wiley & Sons, Inc.
Learning Objectives Define computer forensics Differentiate “forensically identical data” and “functionally identical data” Understand formal procedure for gathering evidence Understand laws dictating formal procedure Describe emergent issues Copyright 2006 John Wiley & Sons, Inc.

4 The Basics of Computer Forensics
One’s computing activity mirrors one’s relationship with society One of society’s basic rights and responsibilities is to protect itself, its fabric and its members from egregious acts of others that threaten the foundation and stability of society Computer forensics concerns with the actions and deeds of anti-social group Copyright 2006 John Wiley & Sons, Inc.

5 Types and Scope of Crimes
Civil crimes are those committed against private individuals, be they persons or corporations Criminal acts are those committed against the state Copyright 2006 John Wiley & Sons, Inc.

6 Types and Scope of Crimes (cont’d)
Electronic data storage and transmission no longer requires that the user be physically present Users may not be observable to the gatekeeper of the data Such anonymity makes identifying criminals very difficult It is also difficult to apprehend and bring the criminal to trial Large amount of information is stored electronically Copyright 2006 John Wiley & Sons, Inc.

7 Copyright 2006 John Wiley & Sons, Inc.
Lack of Uniform Law The nature of law is reactive The laws to restrain cyber-criminals are still developing Lack of uniform state, national, and international law All parties have to agree to A description of the individual acts that compose cyber-crime Appropriate punishments Other indirect problems (e.g. extradition) Copyright 2006 John Wiley & Sons, Inc.

8 What is computer forensics?
The application of scientific knowledge about computers to legal problems The real-time computer forensics occurs during the use of a sniffer to watch the actual, contemporaneous transmission of data The reconstructive or post-facto computer forensics occurs when data or processes are recreated or revealed via the tracing or extraction of data (the focus of this chapter) Copyright 2006 John Wiley & Sons, Inc.

9 What is computer forensics? (cont’d)
The question of law has two parts Did a crime occur If so, what occurred “authenticity” proves the evidence is a true and faithful copy “continuity” is proof that the evidence itself and those persons handling and examining the evidence are accounted for Copyright 2006 John Wiley & Sons, Inc.

10 What is computer forensics? (cont’d)
Evidence can be “physical” or “logical” Physical evidence can be touched Logical refers to data that, in its native state, cannot be understood by a person – latent evidence Computer forensics has sub disciplines such as computer media analysis, imagery enhancement, video enhancement, audio enhancement, and database visualization Copyright 2006 John Wiley & Sons, Inc.

11 Gathering Evidence Forensically
Functionally identical data is a copy of the subject data that when used will perform exactly as the original data Forensically identical data is a mirror image of the original data down to the smallest details (the bits!) and the way those bits translate into humanly understandable information, such as time and data stamp Copyright 2006 John Wiley & Sons, Inc.

12 Gathering Evidence Forensically (cont’d)
Good features of a forensic tool It is the equivalent to the type of integrated development environment (IDE) It is widely accepted and used in the community It is adaptable to different environments Copyright 2006 John Wiley & Sons, Inc.

13 Formal Procedure for Gathering Data
It is required by the Fourth Amendment Law enforcement officials two responses Don’t do it Don’t touch anything; call us Copyright 2006 John Wiley & Sons, Inc.

14 Formal Procedure for Gathering Data (cont’d)
The political step Build trust with the local law enforcement officials The policy step Put in place a clear, written policy for event response The training step Make sure all related persons know the policy and procedures and practice, rehearse, drill Copyright 2006 John Wiley & Sons, Inc.

15 Law Dictating Formal Procedure
Search and seizure The actual forensic analysis The presentation in court of the information discovered above Copyright 2006 John Wiley & Sons, Inc.

16 Law Dictating Formal Procedure (cont’d)
Law governing seizure of evidence The Fourth Amendment of the United States Constitution The Privacy Protection Act The Electronic Communications Privacy Act Title III – The ECPA, The Pen Register and Trap and Trace Devices Statute Copyright 2006 John Wiley & Sons, Inc.

17 The Fourth Amendment to the United States Constitution
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Copyright 2006 John Wiley & Sons, Inc.

18 Exceptions to Search Limitations Imposed by the Fourth Amendment
Warrant-less searches are permissible if The search does not violate an individual’s “reasonable” or “legitimate” expectation of privacy The search falls within an established exception to the warrant requirement Copyright 2006 John Wiley & Sons, Inc.

19 Specific Exceptions that Apply to Computer-related Cases
A person possessing authority gives the inspector permission However, could be challenged in court There exists a requirement that individuals consent to searches as a condition of their use of the computer The relevant evidence is in danger of being destroyed Copyright 2006 John Wiley & Sons, Inc.

20 Specific Exceptions that Apply to Computer-related Cases (cont’d)
Plain view Search incident to a lawful arrest Routine search on inventory items that are seized during the performance of other official duties Searches that occur at boarders of the U.S. Copyright 2006 John Wiley & Sons, Inc.

21 Copyright 2006 John Wiley & Sons, Inc.
Workplace Searches Private sector workplaces A worker usually retains a right to a reasonable expectation of privacy in the workplace Warrant-less searches rarely violate the reasonable expectation of privacy Copyright 2006 John Wiley & Sons, Inc.

22 Workplace Searches (cont’d)
Public sector workplace searches Warrant-less searches are performed under the aegis of written office policy that authorize access to an employee’s workspace Warrant-less searches are deemed both “reasonable” and “work-related.” Copyright 2006 John Wiley & Sons, Inc.

23 General Principles for Search and Seizure of Computers with a Warrant
Search and seizure has to be informed by That which is permissible under the law A technical knowledge of what is possible in a search of computer and computer-related evidence That which is needful during the search in order to recover the desired evidence Copyright 2006 John Wiley & Sons, Inc.

24 Copyright 2006 John Wiley & Sons, Inc.
General Principles for Search and Seizure of Computers with a Warrant (cont’d) Step 1: Assemble, in advance, a team to write the warrant application that consists of The investigator, the prosecutor, and the technical expert Step 2: Develop as much knowledge as possible about the systems to be investigated Copyright 2006 John Wiley & Sons, Inc.

25 Copyright 2006 John Wiley & Sons, Inc.
General Principles for Search and Seizure of Computers with a Warrant (cont’d) Step 3: Develop a plan for the search Step 4: Draft the warrant request The object of the search Accurately and particularly the property to be seized The possible search strategies and the legal and practical considerations that inform the proposed search strategy Copyright 2006 John Wiley & Sons, Inc.

26 Considerations Affecting the Search Strategy
Search the computer and print out a hard copy of particular files at the time of the on-site search Search computer and make an electronic copy of particular files at the time of the on-site search Create a duplicate electronic copy of the entire storage device during the on-site search, and then later recreate a working copy of the storage device off-site for review Seize the equipment, remove it from the premises, and review its contents off-site Copyright 2006 John Wiley & Sons, Inc.

27 The Privacy Protection Act
The purpose is to protect persons involved in First Amendment activities, who are not themselves suspected of criminal activities for which the materials that they possess are being sought It gives very wide scope to what can constitute First Amendment activities It makes no distinction between the paper and electronic publishing Copyright 2006 John Wiley & Sons, Inc.

28 The Electronic Communications Privacy Act
Types of service provided Electronic communication service provider – any service that makes it possible for a user to send or receive communications across a wire or in an otherwise electronic form Remote computing service provider – provision of storage and computing services by means of an electronic communications system Copyright 2006 John Wiley & Sons, Inc.

29 Types of Information that may be Held by Service Providers
Basic subscriber information that reveals the customer name and the nature of the relationship that the customer has with the provider Other information or records that reveal information about the customer Actual files stored by the provider on behalf of the customer Copyright 2006 John Wiley & Sons, Inc.

30 Means of Obtaining Information Protected by the ECPA
Subpoena – lowest order of proof is required Subpoena with prior notice to the customer A court order issued under Section 2703 (d) of the Act A court order issued under Section 2703 (d) with prior notice give to the customer Search warrant Copyright 2006 John Wiley & Sons, Inc.

31 Voluntary Disclosure and the ECPA
Information data may be disclosed when The disclosure is incidental to rendering the service or protecting rights of the provider The provider reasonably believes that a situation exists in which if the information is not disclosed a person is in immediate danger of death or injury The disclosure is made with permission of the person who is described by the information Copyright 2006 John Wiley & Sons, Inc.

32 Voluntary Disclosure and the ECPA (cont’d)
Transactional data may be voluntarily disclosed by the provider when The disclosure is incidental to rendering the service or protecting rights of the provider The disclosure is made to a law enforcement official if the contents were inadvertently obtained by the provider and it appears that the data pertains to the commission of a crime Copyright 2006 John Wiley & Sons, Inc.

33 Voluntary Disclosure and the ECPA (cont’d)
Transactional data may be voluntarily disclosed by the provider when The provider reasonably believes that a situation exists in which if the information is not disclosed in immediate danger of death or injury The Child Protection and Sexual Predator Punishment Act of 1998 requires such disclosure Copyright 2006 John Wiley & Sons, Inc.

34 Voluntary Disclosure and the ECPA (cont’d)
Transactional data may be voluntarily disclosed by the provider when the disclosure is made to the intended recipient with the consent of the sender To a forwarding address Pursuant to a legal process Violations of ECPA do not lead to suppression of evidence (civil actions are possible) Copyright 2006 John Wiley & Sons, Inc.

35 Real-time Monitoring of Communications Networks
To obtain a pen/trap order, the applicant must Identify themselves Identify the law enforcement agency under whose aegis the investigation occurs Certify that the information likely to be gained is pertinent to an ongoing criminal investigation Copyright 2006 John Wiley & Sons, Inc.

36 Real-time Monitoring of Communications Networks (cont’d)
The Wiretap Statue prohibits a third party from eavesdropping on the content of a conversation The legitimacy of a surveillance action Is the monitored communication considered “oral” or “electronic” Will the surveillance lead to an interception of protected communication Does a statutory exception exist Copyright 2006 John Wiley & Sons, Inc.

37 Copyright 2006 John Wiley & Sons, Inc.
Exceptions to the Act Consent is deemed to be given if The interceptor is a party to the conversation One of the parties to the conversation has given consent There exists an exception for a provider The “computer trespasser” exception exists to allow victims of hacking to authorize investigators to monitor the trespasser Copyright 2006 John Wiley & Sons, Inc.

38 Exceptions to the Act (cont’d)
The “extension telephone” exception works like the banner consent exception in that it allows a person who works for a firm and uses a telephone extension provided by the firm to be monitored “Inadvertently obtained criminal evidence” can be divulged to law enforcement officials The “accessible to the public” exception states that any person may intercept a communication if that data is readily accessible to the public Copyright 2006 John Wiley & Sons, Inc.

39 Law Governing Analysis and Presentation of Evidence
Federal Rules of Evidence Individual state may have its own rules of evidence The chain of custody admissibility Copyright 2006 John Wiley & Sons, Inc.

40 Copyright 2006 John Wiley & Sons, Inc.
The Chain of Custody Evidence must be proven true in order to be presented at trial Custody procedures are designed to guarantee the veracity of the evidence The whereabouts of the evidence must be documented from start to finish The evidence produced at trial should be the same and identical to that which was seized Copyright 2006 John Wiley & Sons, Inc.

41 General Rules of Admissibility
Real evidence It relates to the actual existence of the evidence Testimonial evidence It relates to the actual occurrences by a witness in court Copyright 2006 John Wiley & Sons, Inc.

42 Copyright 2006 John Wiley & Sons, Inc.
Emergent issues International arena Common interest and a base of power Political good will The convention and its particulars National arena Copyright 2006 John Wiley & Sons, Inc.

43 Copyright 2006 John Wiley & Sons, Inc.
All rights reserved. Reproduction or translation of this work beyond that permitted in section 117 of the 1976 United States Copyright Act without express permission of the copyright owner is unlawful. Request for further information should be addressed to the Permission Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages caused by the use of these programs or from the use of the information herein. Copyright 2006 John Wiley & Sons, Inc.

Download ppt "Principles of Information System Security: Text and Cases"

Similar presentations

Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.

Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.
Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.

Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
COPYRIGHT NOTICE: This presentation contains copyrighted and/ or trademarked material the use of which has not always been specifically authorized by.

COPYRIGHT NOTICE: This presentation contains copyrighted and/ or trademarked material the use of which has not always been specifically authorized by.
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Legal Issues Computer Forensics COEN 252 Drama in Soviet Court. Post-Stalin (1955). Painted by Solodovnikov. Oil on Canvas, 110 x 130 cm.

Legal Issues Computer Forensics COEN 252 Drama in Soviet Court. Post-Stalin (1955). Painted by Solodovnikov. Oil on Canvas, 110 x 130 cm.
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc. 15-1 Introduction to Information Technology.

Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
Law enforcement officers conduct searches every day in an effort to find evidence that can be seized and used in court to prosecute people who have violated.

Law enforcement officers conduct searches every day in an effort to find evidence that can be seized and used in court to prosecute people who have violated.
Chapter 17 Videotapes, Photographs, Documents, and Writings as Evidence.

Chapter 17 Videotapes, Photographs, Documents, and Writings as Evidence.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Class 7 Internet Privacy Law Your Digital Afterlife.

Class 7 Internet Privacy Law Your Digital Afterlife.
The Exclusionary Rule The Fourth Amendment History of the Exclusionary Rule Deontological Defenses of the Rule Consequentialist Defenses Objections Alternatives.

The Exclusionary Rule The Fourth Amendment History of the Exclusionary Rule Deontological Defenses of the Rule Consequentialist Defenses Objections Alternatives.
Business Law for the Entrepreneur and Manager

Business Law for the Entrepreneur and Manager
7. Legal. Topics Fourth Amendment E-Discovery Duty to Preserve Private Searches ECPA Searching With & Without a Warrant.

7. Legal. Topics Fourth Amendment E-Discovery Duty to Preserve Private Searches ECPA Searching With & Without a Warrant.
Class 11 Internet Privacy Law Government Surveillance.

Class 11 Internet Privacy Law Government Surveillance.
1 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Legal Issues in Cybercrime Cases: Search & Seizure.

1 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Legal Issues in Cybercrime Cases: Search & Seizure.
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
Chapter Seven – Searches and Seizures and the Right to Privacy Rolando V. del Carmen.

Chapter Seven – Searches and Seizures and the Right to Privacy Rolando V. del Carmen.
Lecture 11: Law and Ethics

Lecture 11: Law and Ethics

Similar presentations

Ads by Google