Chapter 14 Cyber Crimes © 2012 Cengage Learning. All Rights Reserved
Dec 15, 2015
Chapter 14
Cyber Crimes
© 2012 Cengage Learning. All Rights Reserved
2 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Introduction—Objectives
1. Discuss typical uses for the Internet.2. Differentiate among the three general
categories of cyber crime.3. Discuss the process of investigating and
processing various types of computer evidence.
4. Distinguish among the four types of computer evidence presented at court.
3 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Introduction—Objectives
5. Identify various types of evidence that can be collected at a cyber crime scene and its forensic value.
6. Discuss the importance of the various tools available to cyber crime investigators/experts.
7. Explain the importance of the expert witness in cyber crimes.
4 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Introduction—Objectives
8. Examine how cyber evidence is documented.
9. Discuss concerns associated with the future of cyber crimes.
5 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Introduction—Vocabulary
o clone—a copy made in the same type of media
o computer forensics—the specialized practice of identifying, preserving, extracting, documenting, and interpreting electronic data that can be used as evidence
o content spyware—software that is used to allow a hacker to access all the activity on an individual’s personal/business computer
6 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Introduction—Vocabulary
o cyber-terrorism—hacking into a company’s internal networking system for the purpose of demonstrating or protesting a political agenda
o hacking—intentionally entering an unauthorized network system
o Internet forensics—uses the same analysis techniques as computer forensics except the emphasis is placed on the Internet as a whole
7 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Introduction—Vocabulary
o malware—software designed to provide unauthor-ized access to a computer system
o phishing—illegally gathering personal informationo Trojan horse—software designed with the intention
to harm a computer or the information thereino worm—self-replicating malware program that
spreads through a computer system by sending copies of itself to networked computers
8 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
It Takes a Hacker
o Kevin Mitnick, computer hacker, evaded detection until he hacked Shimomura’s computer
o Tsutomu Shimomura, a computer engineer, helped the FBI catch the elusive hacker• Monitoring posts track Mitnick’s activities• Trail led to Raleigh, NC• Driving the streets to pick up signature signals
o Mitnick is the first convicted of gaining access to an interstate computer for criminal purposes
9 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Introduction (Obj 14.1)
o Computer forensics—is the systematic identification, preservation, extraction, documentation, and analysis of electronic data that could potentially be used as evidence in court
o Internet forensics—similar to computer forensics but with an emphasis on the Internet as a whole
10 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Identity Theft
o A criminal can obtain personal information by:• Searching trash for sensitive papers that are not
shredded• Phishing—defrauding a victim by sending e-
mails that look real and asking for information• Spyware programs that reside on a victim’s
computer and collect sensitive information
11 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Phishing Example
12 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
PhishingProcess
13 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Types of Cyber Crime (Obj 14.2)
1. Computer integrity crimes2. Computer-assisted crimes3. Computer content crimes
14 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
1 – Computer Integrity Crimes
o Crimes that involve illegal access to data on a computer or network
o Hacking—intentionally entering an unauthorized computer or network• Hacker1—someone entering with criminal intent• Hacker2—someone who is hired to legitimately
test the vulnerability of a security systemo Cyber-terrorism—hacking into a network for
protesting a political agenda
15 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Hacker Computer Code
16 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Computer Integrity Crimes
o Social Engineering—establishing trust with key inside people with the intent of determining possible passwords
o Malware—software designed to provide unauthorized access to a computer
• Trojan horse—appears legitimate, but • Worm—self-replicating malware that spreads to other
computers and networkso Content spyware—allows a hacker to access all the
activity on an individual’s computer
17 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
2 – Computer-Assisted Crimes
o The Virtual Bank Robbery
o The Virtual Sting
o The Virtual Scam
18 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
3 – Computer Content Crimes
o Posting illegal content on the Internet• Sexually explicit materials• Child pornography• Hateful or aggressive speech or text related to
race and extreme politics• Distribution of information about making and
using drugs and weapons• Sites for organizations to do harm• Distasteful emails, chat rooms, and blogs
19 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Investigation and Prosecuting(Obj 14.3, 14.4, 14.5, 14.6, 14.7, 14.8)
o Forensic value of collectable evidence
20 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Investigation and Prosecuting
o Preserving the Evidence• Chain of custody• Turn off or pull the plug?• When and how to turn a
computer on
21 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Investigation and Prosecuting
o Analyzing the Evidence• Cloning—creating an exact copy of the hard
drive, bit by bit• Use the hard drive copy for analysis• Difficult to find the pertinent data• Software programs sort and index computer
evidence
22 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Trace Evidence
o In computer forensics, trace evidence is essentially hidden evidence in deleted files.
o A computer’s hard drive is made up of sectors, chunks of memory to store files and data. The sectors consistof clusters, smaller segments of memory.
23 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
How Slack Space is Created
24 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Recovering Metadata
25 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Forensic Tools
o When deciding what equipment to use, take into consideration:• type of investigation• type of evidence• operating system• extensive training in the equipment• financial resources of the cyber crime department
26 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Documenting Evidence
o Relevant and fact-based
o Understandable formato Clearly writteno Describe evidence
collection processo Results clearly stated
27 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Presenting Computer Evidence in Court
o Four types of computer evidence may be presented in court• Real—actual and tangible• Documentary—written• Testimonial—written or spoken by witness• Demonstrative—facts or objects
28 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Presenting Computer Evidence in Court
29 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Expert Testimony
o The expert must tell the jury• What he or she did• Why he or she did it• How he or she did it• What the findings were
30 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Future of Cyber Crime (Obj 14.9)
o Encourage cyber ethicso Educate the public to protect itself and
understand the consequenceso Keeping up with new technologies
31 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Chapter Summary
o Individuals and businesses use the Internet to • provide mobile access to data, • to share information, • for education, and • for communication.
o The Internet is important for financial transactionso As we rely more and more on the Internet, the
greater the risk of unauthorized access to private information
32 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Chapter Summary
o The 3 categories of computer and Internet crimes:• computer integrity crimes, • computer-assisted crimes, and • computer content crimes.
o Hackers have strong skills in computers and computer systems they are trying to expose.
o Phishing is defrauding the victim by sending a fraudulent, real-looking e-mail that asks the recipient to update (reveal) their personal information.
33 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Chapter Summary
o All evidence collected during an investigation of a cyber crime must first be cloned.
o Documented evidence in a report must be concise and fact based.
o Four types of computer evidence are used in court• real evidence, • documentary evidence, • testimonial evidence, and • demonstrative evidence.
34 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Chapter Summary
o Collected data is typically the most compelling evidence provided in cyber crime trials;
o However, investigators must first prove that the integrity of the hardware was maintained when collecting the evidence.
o The expert witness: • is often key in the decision made by a jury, and• must present fact-based evidence in a way that is clear and
convincing to a jury.
35 Forensic Science II: Cyber Crimes, Chapter 14
© 2012 Cengage Learning. All Rights Reserved
Chapter Summary
o The potential pool of cyber criminals grows as• technology improves, and • the number of people who use computers grows.
o As technology advances, law-enforcement agencies must continue to establish procedures and methods for managing online activity.