Applications with Warrants In Mind

Applications with Warrants In Mind

The LawThe Law

Why are there laws specifically for computer crimes?

A persons reasonable right to privacy The nature of computers and electronics

Probable cause

Why are there laws specifically for computer crimes?

A persons reasonable right to privacy The nature of computers and electronics

Probable cause

Search and SeizureSearch and Seizure

Basically identical to previous laws with exceptions to the actual allowable procedure for searching and/or seizing.

In both cases a warrant must be obtained before searching and seizing, but the conditions for each are different.

The exemption to a warrant is probable cause, but this is difficult for electronics

Basically identical to previous laws with exceptions to the actual allowable procedure for searching and/or seizing.

In both cases a warrant must be obtained before searching and seizing, but the conditions for each are different.

The exemption to a warrant is probable cause, but this is difficult for electronics

The ProcessThe Process

Crime is suspected Suspects are watched Their system is qualitatively analyzed When enough substantial evidence is

acquired a warrant is requested and granted by a magistrate judge.

They go to physically analyze the system

Crime is suspected Suspects are watched Their system is qualitatively analyzed When enough substantial evidence is

acquired a warrant is requested and granted by a magistrate judge.

They go to physically analyze the system

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

Important things to Think aboutImportant things to Think about

The criminal computers are in most cases standard PC’s or laptops, but also are many times servers.

It is important to know what OS the machine is running.

Is the machine booby trapped? Where should I look for data?

The criminal computers are in most cases standard PC’s or laptops, but also are many times servers.

It is important to know what OS the machine is running.

Is the machine booby trapped? Where should I look for data?

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

The File SystemThe File System

Are the desired files hidden within other data types

Could the files be in hidden (invisible) directories

What programs could be running? Is there a program set to wipe the whole drive

upon boot up if a special password or key is not entered.

Are the desired files hidden within other data types

Could the files be in hidden (invisible) directories

What programs could be running? Is there a program set to wipe the whole drive

upon boot up if a special password or key is not entered.

Time constraintsTime constraints

How long will it take to get the warrant? With proper evidence it should not take long.

How long will the warrant last? Usually the warrant will last about a month.

How long is too long to hold on to a suspects computer? Depends on the nature and size of system.

How long will it take to get the warrant? With proper evidence it should not take long.

How long will the warrant last? Usually the warrant will last about a month.

How long is too long to hold on to a suspects computer? Depends on the nature and size of system.

Analyzing the Evidence Analyzing the Evidence

Much of the work in analyzing a system is hardware related

In most cases the first thing to do is make a copy of the hard drive

Once a hard copy is made they data can be sorted with out worry of contamination

They use hard drive duplicators

Much of the work in analyzing a system is hardware related

In most cases the first thing to do is make a copy of the hard drive

Once a hard copy is made they data can be sorted with out worry of contamination

They use hard drive duplicators

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

Forensics SoftwareForensics Software

SubRosaSoft in addition to making data recovery software for consumers and IT professionals also makes forensics software

MacForensicsLab keeps track of every action and window/button click; records date time of action.

SubRosaSoft in addition to making data recovery software for consumers and IT professionals also makes forensics software

MacForensicsLab keeps track of every action and window/button click; records date time of action.

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

http://www.engadget.com/2007/04/30/subrosasofts-maclockpick-extracts-personal-info-from-os-x/

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

http://www.macforensicslab.com/samplereport/Logs_2_1.html

AcknowledgementsAcknowledgements

Pictures in slides taken from image.google.com unless a link is provided on the particular slide indicating otherwise

Law information provided from US department of Justice

http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm

Pictures in slides taken from image.google.com unless a link is provided on the particular slide indicating otherwise

Law information provided from US department of Justice

http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm