Chapter 14 Cyber Crimes © 2012 Cengage Learning. All Rights Reserved.

Chapter 14

Cyber Crimes

© 2012 Cengage Learning. All Rights Reserved

2 Forensic Science II: Cyber Crimes, Chapter 14


Introduction—Objectives

1. Discuss typical uses for the Internet.2. Differentiate among the three general

categories of cyber crime.3. Discuss the process of investigating and

processing various types of computer evidence.

4. Distinguish among the four types of computer evidence presented at court.




5. Identify various types of evidence that can be collected at a cyber crime scene and its forensic value.

6. Discuss the importance of the various tools available to cyber crime investigators/experts.

7. Explain the importance of the expert witness in cyber crimes.




8. Examine how cyber evidence is documented.

9. Discuss concerns associated with the future of cyber crimes.



Introduction—Vocabulary

o clone—a copy made in the same type of media

o computer forensics—the specialized practice of identifying, preserving, extracting, documenting, and interpreting electronic data that can be used as evidence

o content spyware—software that is used to allow a hacker to access all the activity on an individual’s personal/business computer




o cyber-terrorism—hacking into a company’s internal networking system for the purpose of demonstrating or protesting a political agenda

o hacking—intentionally entering an unauthorized network system

o Internet forensics—uses the same analysis techniques as computer forensics except the emphasis is placed on the Internet as a whole




o malware—software designed to provide unauthor-ized access to a computer system

o phishing—illegally gathering personal informationo Trojan horse—software designed with the intention

to harm a computer or the information thereino worm—self-replicating malware program that

spreads through a computer system by sending copies of itself to networked computers



It Takes a Hacker

o Kevin Mitnick, computer hacker, evaded detection until he hacked Shimomura’s computer

o Tsutomu Shimomura, a computer engineer, helped the FBI catch the elusive hacker• Monitoring posts track Mitnick’s activities• Trail led to Raleigh, NC• Driving the streets to pick up signature signals

o Mitnick is the first convicted of gaining access to an interstate computer for criminal purposes



Introduction (Obj 14.1)

o Computer forensics—is the systematic identification, preservation, extraction, documentation, and analysis of electronic data that could potentially be used as evidence in court

o Internet forensics—similar to computer forensics but with an emphasis on the Internet as a whole



Identity Theft

o A criminal can obtain personal information by:• Searching trash for sensitive papers that are not

shredded• Phishing—defrauding a victim by sending e-

mails that look real and asking for information• Spyware programs that reside on a victim’s

computer and collect sensitive information



Phishing Example



PhishingProcess



Types of Cyber Crime (Obj 14.2)

1. Computer integrity crimes2. Computer-assisted crimes3. Computer content crimes



1 – Computer Integrity Crimes

o Crimes that involve illegal access to data on a computer or network

o Hacking—intentionally entering an unauthorized computer or network• Hacker1—someone entering with criminal intent• Hacker2—someone who is hired to legitimately

test the vulnerability of a security systemo Cyber-terrorism—hacking into a network for

protesting a political agenda



Hacker Computer Code



Computer Integrity Crimes

o Social Engineering—establishing trust with key inside people with the intent of determining possible passwords

o Malware—software designed to provide unauthorized access to a computer

• Trojan horse—appears legitimate, but • Worm—self-replicating malware that spreads to other

computers and networkso Content spyware—allows a hacker to access all the

activity on an individual’s computer



2 – Computer-Assisted Crimes

o The Virtual Bank Robbery

o The Virtual Sting

o The Virtual Scam



3 – Computer Content Crimes

o Posting illegal content on the Internet• Sexually explicit materials• Child pornography• Hateful or aggressive speech or text related to

race and extreme politics• Distribution of information about making and

using drugs and weapons• Sites for organizations to do harm• Distasteful emails, chat rooms, and blogs



Investigation and Prosecuting(Obj 14.3, 14.4, 14.5, 14.6, 14.7, 14.8)

o Forensic value of collectable evidence



Investigation and Prosecuting

o Preserving the Evidence• Chain of custody• Turn off or pull the plug?• When and how to turn a

computer on



Investigation and Prosecuting

o Analyzing the Evidence• Cloning—creating an exact copy of the hard

drive, bit by bit• Use the hard drive copy for analysis• Difficult to find the pertinent data• Software programs sort and index computer

evidence



Trace Evidence

o In computer forensics, trace evidence is essentially hidden evidence in deleted files.

o A computer’s hard drive is made up of sectors, chunks of memory to store files and data. The sectors consistof clusters, smaller segments of memory.



How Slack Space is Created



Recovering Metadata



Forensic Tools

o When deciding what equipment to use, take into consideration:• type of investigation• type of evidence• operating system• extensive training in the equipment• financial resources of the cyber crime department



Documenting Evidence

o Relevant and fact-based

o Understandable formato Clearly writteno Describe evidence

collection processo Results clearly stated



Presenting Computer Evidence in Court

o Four types of computer evidence may be presented in court• Real—actual and tangible• Documentary—written• Testimonial—written or spoken by witness• Demonstrative—facts or objects



Presenting Computer Evidence in Court



Expert Testimony

o The expert must tell the jury• What he or she did• Why he or she did it• How he or she did it• What the findings were



Future of Cyber Crime (Obj 14.9)

o Encourage cyber ethicso Educate the public to protect itself and

understand the consequenceso Keeping up with new technologies



Chapter Summary

o Individuals and businesses use the Internet to • provide mobile access to data, • to share information, • for education, and • for communication.

o The Internet is important for financial transactionso As we rely more and more on the Internet, the

greater the risk of unauthorized access to private information



Chapter Summary

o The 3 categories of computer and Internet crimes:• computer integrity crimes, • computer-assisted crimes, and • computer content crimes.

o Hackers have strong skills in computers and computer systems they are trying to expose.

o Phishing is defrauding the victim by sending a fraudulent, real-looking e-mail that asks the recipient to update (reveal) their personal information.



Chapter Summary

o All evidence collected during an investigation of a cyber crime must first be cloned.

o Documented evidence in a report must be concise and fact based.

o Four types of computer evidence are used in court• real evidence, • documentary evidence, • testimonial evidence, and • demonstrative evidence.



Chapter Summary

o Collected data is typically the most compelling evidence provided in cyber crime trials;

o However, investigators must first prove that the integrity of the hardware was maintained when collecting the evidence.

o The expert witness: • is often key in the decision made by a jury, and• must present fact-based evidence in a way that is clear and

convincing to a jury.



Chapter Summary

o The potential pool of cyber criminals grows as• technology improves, and • the number of people who use computers grows.

o As technology advances, law-enforcement agencies must continue to establish procedures and methods for managing online activity.

Chapter 14 Cyber Crimes © 2012 Cengage Learning. All Rights Reserved.

Documents

computer system o

cyber evidence

o computer forensicsis

future of cyber crimes

cengage learning

rights reserved slide

computer hacker

forensic science