Computer Forensics and Cyber Crime Britz ©2004 Pearson Education, Inc

Introduction
Computer Forensics and Cyber Crime

Britz
PRENTICE HALL
2004 Pearson Education,
Inc.
Cyberspace and
Criminal Behavior
History has shown periods of enlightenment and

progress
Industrial revolution brought automation of
tasks, etc.
increased public knowledge (i.e. printing press
made information available to the masses
increased medical services due to enhanced
communication and transportation
Computer Forensics and
PRENTICE
AdvantagesoftheInformationRevolution:
Commerce
Research
Education
Public knowledge
Entertainment
Public discourse
Health
Multiculturalism
Law enforcement
PRENTICE
Negative Results
Cyber-dependence and incompetence has decreased the

ability of students to conduct independent research; led to a
decrease in verification of sources; obliterated traditional
methods of academic inquiry
Erosion of physical health has created a sedentary lifestyle
Reduction of interpersonal communications has created
a reliance on electronic communication at the expense of
interpersonal communication.
Deviance and crime anonymity promotes deviant behavior
while creating elevated levels of vulnerability in unsuspecting
users; global interconnectivity enhances potential gain from
criminal activity
PRENTICE
Cyberspace and
Criminal Behavior
Cyberspace the
place between
places; the
indefinite place
where individuals
transact and
communicate
PRENTICE
Intangibility of electronic
communications
Not really a new concept traditional communications

have fallen within this existential space
Telephonic communications, for example, cross both time

and space and were predated by wire exchanges
However, the physicality of virtual world has increased

with the Internet due to the convergence of audio, video,
and data
No other medium of communication has provided such

potentiality.
PRENTICE
Privacy vs. protection
debate rages over

the level of
supervision
appropriate in this
medium. Privacy
advocates include:
The Grateful Deads
David Barlow, and
Lotus inventor,
Mitchell Kapor cofounders of the
Electronic Frontier
Foundation.
PRENTICE
Governments position
Such potentiality must be monitored to prevent the

exploitation and victimization of innocents
Critics have suggested that the government has been

too zealous in its pursuit of security. They have
described their approach as Orwellian, citing Steve
Jackson Games, Inc. v. U.S. Secret Service as an
example.
PRENTICE
Privacy Advocates
Position
Any supervision and/or government

oversight abridges the 1st Amendment, and
should be prohibited as a matter of law.
Critics have suggested that their position is

untenable as it fails to recognize the dangers
inherent in anonymous communication.
They argue that an unregulated global
exchange encourages deviance.
PRENTICE
No compromise has yet been

reached.
PRENTICE
Clarification of terms
PRENTICE
Traditional Definitions of
Computer Crime
Computer Related Crime
Cybercrime
PRENTICE
Computer Crime
Any criminal act

committed via
computer
PRENTICE
Computer Related Crime
any criminal act in which a

computer is involved, however
peripherally
PRENTICE
Cybercrime
Any abuse or misuse of computer

systems which result in direct
and/or concomitant losses
PRENTICE
Problems with
definitions
definitions vary by agency, legislation, and

enforcement
can not be used to replace traditional statutes
extortion is extortion is extortion regardless
of the method employed to communicate the
threat.
TERMS WILL BE USED INTERCHANGEABLY
PRENTICE
Traditional Problems
Associated With
Computer Crime
While criminals have always displayed an

ability to adapt to changing technologies,
law enforcement agencies and government
institutions, bound by bureaucracy, have
not.
Computer crime, in particular, has proven a
significant challenge to LE personnel for a
variety of reasons.
PRENTICE
Traditional Problems
Associated with
Computer Crime
Physicality and jurisdictional concerns

Lack of communication b/w agencies
Physicality and jurisdictional concerns
Intangibility of physical evidence
Lack of communication between
agencies
Inconsistency of law and community
standards
Intangibility of evidence
Cost/benefit to perpetrator
PRENTICE
Physicality and
Jurisdictional Concerns
intangibility of activity and location are not provided for

by law individuals sitting at their desk can enter
various countries without the use of passports or
documentation.
vicinage an element necessary for successful
prosecution requires the specification of the crime scene
(physical not virtual), i.e., Where did the crime actually
occur? If a Citadel cadet from 4th Battalion illegally
transferred money from The Bank of Sicily to The Bank
of London, where did the crime occur? Which laws
apply?
PRENTICE
Jurisdiction
Which agency is responsible for

the investigation of a particular
incident.
Using the previous example, which
agency has primary jurisdiction
over the thief?
PRENTICE
Lack of communication
between agencies
i.e., traditional lack
of collaboration
further
compounded by
the introduction of
international
concerns
PRENTICE
Inconsistency of law and

community standards
i.e., definitions of obscenity, criminality, etc.

further complicated on the international level
where some societies may tolerate, or even
condone, certain behaviors
Example: Antigua, Caracas, and the Dominican

Republic all challenge American sovereignty over
wagers placed by Americans through online
casinos and sports books
PRENTICE
Intangibility of evidence
patrol officers unsure as to
recognition of evidence
patrol officers unsure of method of
preservation of evidence
PRENTICE
Cost/benefit to
perpetrator
much less expensive AND the risk of

successful prosecution is slight
do not need method of transportation
do not need funds
do not need storage capabilities
are not labor intensive and can be committed
alone
All these significantly decrease the risk to the
deviant and severely hamper law
enforcement efforts.
PRENTICE
Perceived insignificance
and stereotypes
stereotypes of computer
criminals often involve
non-threatening, physically
challenged individuals (i.e.,
computer geeks)
stereotypes of computer
crimes usually involve
hacking and improper use
PRENTICE
Prosecutorial
Reluctance
Apathy (or perhaps laziness)
Lack of concern of constituents
Lack of cooperation in extradition requests
Victims reluctance to prosecute
Labor intensive nature of case preparation
Lack of resources for offender tracking
PRENTICE
Lack of Reporting
Fortune 500 companies

have been electronically
compromised to the tune
of at least $10
Billion/year
Although this number is

increasing, early studies
indicated that only 17%
of such victimizations
were reported to the
police.
PRENTICE
Reasons for nonreporting:
Consumer confidence must assure consumers that their

personal data is safe. (ex., Citibank)
Corporate interests do not want to lose control over their
investigation. They wish to control level of access and scope
of investigation. They naively believe that if criminal activity is
uncovered, they can simply report their findings to the police.
Cost/benefit analysis believe that the low likelihood of
enforcement and prosecution vs. the high likelihood of lost
consumer confidence is simply not worth it
Jurisdictional uncertainty many companies are unclear
as to which agency to report to.
PRENTICE
Jurisprudential
inconsistency
The Supreme
Court has denied
certiorari on the
vast majority of
cases, resulting in
a patchwork of
law across the
United States.
PRENTICE
Lack of Resources
1.
2.
3.
4.
5.
6.
7.
8.
Traditional budget constraints

Nature of technology
Cost of training
Cost of additional personnel
Cost of hardware
Cost of software
Cost of laboratory
Inability to compete with private industry
PRENTICE
Traditional Budget
Constraints
Law enforcement
has always been
significantly under
funded: the public
unwilling to
expend
community funds
on LE training,
personnel, and
technology.
PRENTICE
Nature of technology
Always changing
requires perpetual training.
(ex. Wireless technologies
and emerging encryption
and steganography
programs are increasingly
common and have
complicated LE efforts)
Thus, training soon
becomes obsolete
PRENTICE
Cost of Training
Extremely expensive NTI, for

example, charges more than
$1500 per person. Coupled with
per diem expenses and the cost of
software licenses, this training is all
but out of reach for many
agencies.
PRENTICE
Cost of additional
personnel
For every officer transferred to

technology crime, another must be
recruited, hired, and trained to take
his/her place.
PRENTICE
Cost of hardware
equipment soon becomes

obsolete, precluding the purchase
of pricey components
PRENTICE
Cost of software
Forensic software is extremely

expensive. Products by
Guidance Software, NTI, and
AccessData packages exceed
several hundred dollars for a
single license! Minimum
requirements include: data
duplication, data verification,
data capture, data recovery, data
preservation, and data analysis.
In addition, password cracking,
text searching, and document
viewing tools are needed.
PRENTICE
Cost of laboratory
Must find
appropriate,
unallocated
space within or
outside of the
department
(discussed in
detail in Chapter
9)
PRENTICE
Inability to compete with

corporations
Individuals with forensic training

are highly prized by corporations.
Since they can afford to offer high
salaries and lucrative benefit
packages, they can successfully
lure officers into private practice.
PRENTICE
Extent of the problem
Computer crimes range in severity from

nuisance activity (i.e., spamming, etc.) to
computer-assisted criminal activity (i.e.,
burglary, fraud, etc.) to computer-initiated
criminal activity (i.e., embezzlement,
fraud, etc.).
Purposes include: white collar crime,

economic espionage, organized crime,
foreign intelligence gathering, terrorism,
sexual deviance, and technologically
innovated traditional crime.
PRENTICE
Computers as targets
Phreaking
Viruses and worms
Trojans and hacking
Miscellaneous
PRENTICE
Phreaking
phreaking activity in which

telecommunications systems are
manipulated and ultimately
compromised the precursor to
contemporary hacking
PRENTICE
Viruses and worms
viruses and worms increasingly

popular, they pose significant
concerns for individuals,
businesses, universities, and
governments. (ex. Love Bug
affected at least 45 million
computers and caused billions of
dollars in damages.
PRENTICE
Trojans and hacking
Tools for stealing data are readily

available for download from the
Internet (including, BackOrifice,
NetBus, and DeepThroat). Such
theft poses significant concern for
corporations and governments, as
trade secrets and public
infrastructures are at risk.
PRENTICE
Other Activities
Software piracy, trafficking in stolen

goods, etc. (discussed in detail in
Chapter 4)
PRENTICE
Computers as
instruments
(discussed in detail in chapter 4)
a.
b.
c.
d.
e.
f.
Embezzlement
Stalking
Gambling
Child pornography
Counterfeiting
Fraud
PRENTICE
Computers as
incidentals
(discussed in detail in Chapter 4)
a.
b.
c.
bookmaking
narcotics trafficking
homicide
PRENTICE
Estimates of Computer
Crime
Estimates of computer crime are poor at

best:
Actual costs range from $15 to

$250 billion
Businesses affected range from

25% to 99%
More than of businesses spend

5% or less of their IT budget on security.
A 185% increase in KP cases in one

year!
Estimated that one KP bulletin board was
accessed by over 250 users a day.
PRENTICE
Extent of business
victimization
25% of respondents detected external

system
penetration
27% detected denial of service
79% detected employee abuse of Internet
privileges
85% - detected viruses
19% suffered unauthorized use
19% reported 10 or more incidents
35% reported 2-5 incidents
64% of those acknowledging an attack reported
Web-site vandalism
60% reported denial of service
over 260 million dollars in damages were reported
by those with documentation
PRENTICE

Computer Forensics and Cyber Crime Britz ©2004 Pearson Education, Inc

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Computer Forensics and Cyber Crime Britz ©2004 Pearson Education, Inc

Загружено:

Авторское право:

Доступные форматы

Introduction

Computer Forensics and Cyber Crime

History has shown periods of enlightenment and

Computer Forensics and

Computer Forensics and

Cyber-dependence and incompetence has decreased the

Computer Forensics and

Computer Forensics and

Not really a new concept traditional communications

Telephonic communications, for example, cross both time

However, the physicality of virtual world has increased

No other medium of communication has provided such

Computer Forensics and

Privacy vs. protection

Computer Forensics and

debate rages over

Such potentiality must be monitored to prevent the

Critics have suggested that the government has been

Computer Forensics and

Any supervision and/or government

Critics have suggested that their position is

Computer Forensics and

No compromise has yet been

Computer Forensics and

Computer Forensics and

Computer Forensics and

Computer Forensics and

Any criminal act

Computer Related Crime

any criminal act in which a

Computer Forensics and

Computer Forensics and

Any abuse or misuse of computer

definitions vary by agency, legislation, and

Computer Forensics and

While criminals have always displayed an

Computer Forensics and

Physicality and jurisdictional concerns

Computer Forensics and

intangibility of activity and location are not provided for

Computer Forensics and

Which agency is responsible for

Computer Forensics and

Computer Forensics and

Inconsistency of law and

i.e., definitions of obscenity, criminality, etc.

Example: Antigua, Caracas, and the Dominican

Computer Forensics and

Computer Forensics and

much less expensive AND the risk of

Computer Forensics and

Computer Forensics and

Computer Forensics and

Fortune 500 companies

Although this number is

Computer Forensics and

Reasons for nonreporting:

Consumer confidence must assure consumers that their

Computer Forensics and

Computer Forensics and

Traditional budget constraints

Computer Forensics and