Chapter 17 Computer Crime Hess 17-1
Chapter 17
Computer Crime
Hess 17-1
Introduction• Computer crimes are relatively easy to commit and
difficult to detect• Most computer crimes are not prosecuted• Crimes involving computers have become much more
sophisticated• Most computers on the planet are connected via the
Internet• A new breed of detective—the cybercrime investigator
Hess 17-2
SOURCES• IC3 2010 Internet Crime Report• 2010 CyberSecurity Watch Survey• 2010/2011 CSI Computer Crime and Security Survey• Created a fundamental change in law enforcement
agencies
Hess 17-3
The Scope and Cost of the Problem
COMMON TERMS• Cybercrime• Cybertechnology • Cyberspace • E-crime
Hess 17-4
Terminology and Definitions
THE NET VERSUS THE WEB• Net is a network of networks• Web is an abstract space of
information
LIVE CHAT ANDINSTANT MESSAGING
• Two or more people• Talk online in real time
Hess 17-5
Terminology and Definitions
OVERVIEW• Computer as target• Computer as tool• Computer as incidental to an offense• Be aware of the ever-expanding ways
Hess 17-6
Classification and Types of Computer Crimes
COMPUTER AS TARGET• Viruses and worms• Invariably involves hacking
COMPUTER AS TOOL• Traditional methods elevated• Many offenses overlap
Hess 17-7
Classification and Types of Computer Crimes
OVERVIEW• Reluctance or failure to report crime• Lack of training • Need for specialists • Fragility of the evidence • Jurisdictional issues
Hess 17-8
Special Challenges in Investigation
NONREPORTING OF COMPUTER CRIMES• Did not think law enforcement could help• Too insignificant to report
LACK OF INVESTIGATOR TRAINING• Cybercriminals are more technologically sophisticated• Law enforcement needs additional training
Hess 17-9
Special Challenges in Investigation
NEED FOR SPECIALISTS AND TEAMWORK• Cybercrime unit
FRAGILITY AND SENSITIVITY OF EVIDENCE• Computer evidence is very fragile• Can be altered or damaged easily• Could be rendered unusable
Hess 17-10
Special Challenges in Investigation
JURISDICTIONAL ISSUES• Traditional boundaries are complicated• Double criminality• Need for unified global approach• Federal versus state• Growing pains for this area of law
Hess 17-11
Special Challenges in Investigation
COMMON PROTOCOL• Secure, evaluate and document crime scene• Obtain a search warrant• Recognize, identify, collect and preserve the evidence• Package, transport and store evidence• Submit digital evidence • Document in an incident report
Hess 17-12
The Preliminary Investigation
SECURING AND EVALUATING THE SCENE• Basic ON/OFF tenet• Follow departmental policy • Ensure that no unauthorized person has access • Ensure condition of electronic device is not altered• Properly document
Hess 17-13
The Preliminary Investigation
OBTAINING A SEARCH WARRANT• Searches may be conducted by consent• Suspect unknown, warrant must be obtained• Have both a consent search form and a search warrant• Avoid destruction of evidence
Hess 17-14
The Preliminary Investigation
RECOGNIZING EVIDENCE• Conventional
Fingerprints Documents Hard drive
• Digital Electronic files E-mails
Hess 17-15
The Preliminary Investigation
DOCUMENTING DIGITAL EVIDENCE• Thorough notes, sketches and photographs• Document condition and location of computer system• Photograph the entire scene • Photograph the front and back of the computer
Hess 17-16
The Preliminary Investigation
COLLECTING PHYSICAL AND DIGITAL EVIDENCE• Evidence often contained on disks• Devices may have fingerprints• Avoid contact with recording surfaces• Evidence log• Chain of custody issues
Hess 17-17
The Preliminary Investigation
PACKAGING, TRANSPORTING AND STORINGDIGITAL EVIDENCE
• Keep away from magnetic fields• Store away from humidity extremes• Do not use plastic bags• Be aware of battery needs
Hess 17-18
The Preliminary Investigation
DATA ANALYSIS AND RECOVERY• Deleted files remain on hard drive• Forensic expert can make viewable• Recycle bin• Data remanence
Hess 17-19
Forensic Examination of Computer Evidence
WARRANT EXCEPTIONS• Contraband, fruits or instrumentalities of the crime• Prevent death or serious bodily injury• Has committed or is committing a criminal offense to
which the materials relate
Hess 17-20
Legal Considerations in Collecting and Analyzing Computer Evidence
DEVELOPING SUSPECTS• Most cybercrimes committed by outsiders• Three categories
Crackers Vandals Criminals
Hess 17-21
Follow-Up Investigation
ORGANIZED CYBERCRIME GROUPS• Generally not loyal to one another• Operate in countries with weak hacking laws
UNDERCOVER INVESTIGATION AND SURVEILLANCE• Headed by computer expert• Online undercover officer
Hess 17-22
Follow-Up Investigation
VULNERABILITY• Access via phone lines• Critical nature of law enforcement data • Agency’s network should be a top priority• Evidence logs • Other valuable data
Hess 17-23
Security of the Police Department’s Computers
GOVERNMENT MEASURES• USA PATRIOT Act• Foreign Intelligence Surveillance Act (FISA)• National Security Letter (NSL)• Child Protection and Sexual Predator Punishment Act• All states have enacted tough computer crime control
laws
Hess 17-24
Legislation
CYBER SPECIALISTS• Often requires a team
approach• Equipment owner• Database technicians• Auditors• Computer experts • Programmers
Hess 17-25
The Investigative Team
SOURCES• National Cybercrime Training Partnership (NCTP)• Electronic Crimes Task Forces (ECTFs)• Perverted Justice• NetSmartz
Hess 17-26
Resources Available
STRATEGIES• Educating top management • Educating employees • Instituting internal security precautions• Management
Commitment to defend against computer crime Organization-wide policies
Hess 17-27
Preventing Computer Crime
Summary• Computer crimes are relatively easy to commit and
difficult to detect• Basic tenet for first responders at computer crime
scenes is to observe the ON/OFF rule• Most cybercrimes against businesses are committed by
outsiders• Investigating such crimes often requires a team
approach
Hess 17-28