Applications with Warrants In Mind. The Law Why are there laws specifically for computer crimes? A...
-
date post
22-Dec-2015 -
Category
Documents
-
view
213 -
download
0
Transcript of Applications with Warrants In Mind. The Law Why are there laws specifically for computer crimes? A...
The LawThe Law
Why are there laws specifically for computer crimes?
A persons reasonable right to privacy The nature of computers and electronics
Probable cause
Why are there laws specifically for computer crimes?
A persons reasonable right to privacy The nature of computers and electronics
Probable cause
Search and SeizureSearch and Seizure
Basically identical to previous laws with exceptions to the actual allowable procedure for searching and/or seizing.
In both cases a warrant must be obtained before searching and seizing, but the conditions for each are different.
The exemption to a warrant is probable cause, but this is difficult for electronics
Basically identical to previous laws with exceptions to the actual allowable procedure for searching and/or seizing.
In both cases a warrant must be obtained before searching and seizing, but the conditions for each are different.
The exemption to a warrant is probable cause, but this is difficult for electronics
The ProcessThe Process
Crime is suspected Suspects are watched Their system is qualitatively analyzed When enough substantial evidence is
acquired a warrant is requested and granted by a magistrate judge.
They go to physically analyze the system
Crime is suspected Suspects are watched Their system is qualitatively analyzed When enough substantial evidence is
acquired a warrant is requested and granted by a magistrate judge.
They go to physically analyze the system
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Important things to Think aboutImportant things to Think about
The criminal computers are in most cases standard PC’s or laptops, but also are many times servers.
It is important to know what OS the machine is running.
Is the machine booby trapped? Where should I look for data?
The criminal computers are in most cases standard PC’s or laptops, but also are many times servers.
It is important to know what OS the machine is running.
Is the machine booby trapped? Where should I look for data?
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
The File SystemThe File System
Are the desired files hidden within other data types
Could the files be in hidden (invisible) directories
What programs could be running? Is there a program set to wipe the whole drive
upon boot up if a special password or key is not entered.
Are the desired files hidden within other data types
Could the files be in hidden (invisible) directories
What programs could be running? Is there a program set to wipe the whole drive
upon boot up if a special password or key is not entered.
Time constraintsTime constraints
How long will it take to get the warrant? With proper evidence it should not take long.
How long will the warrant last? Usually the warrant will last about a month.
How long is too long to hold on to a suspects computer? Depends on the nature and size of system.
How long will it take to get the warrant? With proper evidence it should not take long.
How long will the warrant last? Usually the warrant will last about a month.
How long is too long to hold on to a suspects computer? Depends on the nature and size of system.
Analyzing the Evidence Analyzing the Evidence
Much of the work in analyzing a system is hardware related
In most cases the first thing to do is make a copy of the hard drive
Once a hard copy is made they data can be sorted with out worry of contamination
They use hard drive duplicators
Much of the work in analyzing a system is hardware related
In most cases the first thing to do is make a copy of the hard drive
Once a hard copy is made they data can be sorted with out worry of contamination
They use hard drive duplicators
Forensics SoftwareForensics Software
SubRosaSoft in addition to making data recovery software for consumers and IT professionals also makes forensics software
MacForensicsLab keeps track of every action and window/button click; records date time of action.
SubRosaSoft in addition to making data recovery software for consumers and IT professionals also makes forensics software
MacForensicsLab keeps track of every action and window/button click; records date time of action.
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
http://www.engadget.com/2007/04/30/subrosasofts-maclockpick-extracts-personal-info-from-os-x/
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
http://www.macforensicslab.com/samplereport/Logs_2_1.html
AcknowledgementsAcknowledgements
Pictures in slides taken from image.google.com unless a link is provided on the particular slide indicating otherwise
Law information provided from US department of Justice
http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm
Pictures in slides taken from image.google.com unless a link is provided on the particular slide indicating otherwise
Law information provided from US department of Justice
http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm