Zaid Hamzah, Founder of CyLexic · 2019-06-12 · Publisher Lexis Nexis, 2005 ISBN 967-962-632-6...
Transcript of Zaid Hamzah, Founder of CyLexic · 2019-06-12 · Publisher Lexis Nexis, 2005 ISBN 967-962-632-6...
1
❖ Has consulted for the Malaysian Government cybersecurity agency to
develop a Manual on digital evidence
❖ Developed e-learning course for the CISSP domain on law, investigation &
ethics
❖ Taught “Information Security Law” at universities in Malaysia and Singapore.
Education
Bachelor of Law, National University of
Singapore
MA (Fletcher School of Law & Diplomacy, Tufts
University, USA
Strategic Counsel (Cybersecurity, Technology, IP)
Author of 9 books including “E-Security Law and Strategy”
Advocate & Solicitor, Singapore; & Solicitor, England & Wales*
Adjunct Senior Fellow, Nanyang Technological University,
Singapore (teaching cybersecurity law & cyberterrorism)
*Non-practicing solicitor ** in collaboration with SIM Global Education, Singapore
Zaid Hamzah, Founder of CyLexic www.cylexic.com
30 years professional experience including:
▪ Director, Microsoft Inc
▪ Chief Legal & Regulatory Officer, Telekom Malaysia
▪ Senior Legal Advisor, JV between Singapore Telecommunications,
Warner Brothers and Sony Pictures Entertainment (HOOQ)
▪ Acted as Adviser/Consultant for the Japanese and Malaysian
Governments
2
E-Security Law & Strategyby Zaid Hamzah
Publisher Lexis Nexis, 2005
www.lexisnexis.com.my
ISBN 967-962-632-6 (paperback)
E-Security Law and Strategy provides a concise and management-oriented legalguide on key aspects of information security and computer forensics, anemerging practice area that deals primarily with the management of digitalevidence. Aimed at IT professionals and business executives in corporations,organizations and government agencies as well as lawyers seeking anintroduction to this emerging practice area.
Course contents
3
Topics
Cybersecurity Law• Cybercrime• Cyberterrorism• Cyberwar
Investigation StepsEvidence managementProsecution in courts
Domestic Cybersecurity Law• Computer Misuse Act
Public International Law (Cyber War)Cyber Diplomacy & International RelationsCybercrime ConventionASEAN
Cybersecurity law and practice in industry
Cybersecurity Law & Investigation
5
1.Computer or IT system as a VICTIM of
cybercrime
2.Computer or IT system as a TOOL to
commit a crime
Two basic scenarios
Cybercrime, Cyberterrorism &
Cyberwar
International law
National Law
International
Relations &
Diplomacy
7
CASE STUDY 1
Singhealth Cyber attack
8
9
12
Cyber war &
International Law
13
14
CYBERCRIME – CASE STUDIES
15
16
STRAITS TIMES JAN 30, 2015
17
18
19
HACKING: THE LEGAL ASPECTS
20
LOG FILES: LEGAL EVIDENCE
IP Address: “Digital fingerprint”
GENERAL PRINCIPLES
21
22
Cybercrime – The Legal Aspects
The law operates in all aspects –You must understand legal issues &
its ramifications
Chain of
Custody
Integrity of
Evidence
Burden of Proof
Admissibility of
Evidence
23
The Legal & Investigation Cycle
Intrusion
Detection
Evidence Preservation
& AnalysisInvestigation
Prosecution
Legal Aspects
are Integral
Parts of Cycle
24
Digital Forensics & the Law
Computer Forensics:
An autopsy of a computer or network to uncover digital evidence of a crime
Role of Evidence in the CourtEvidence must be preserved and hold up in a court of law
MANAGING DIGITAL EVIDENCE
25
26
Integrity of Evidence
Admissibility of Evidence
Weightage of Evidence
Concepts
Burden of Proof Beyond reasonable doubt
Cannot be illegally obtained
If not strong, not so useful (but you can try)
Tampered evidence cannot be used
27
1. Physical evidence
2. Digital Evidence
Evidence Management Lifecycle
Identify Evidence
Collect Evidence
Process Evidence
Analyze Evidence
Present in report
IP addresses are
like the digital
fingerprint
28
Strategies to Manage Legal Aspects
Compliance with the law
Evidence produced must meet legal standards
Collection of evidence must comply with laws of criminal
procedures
• For successful criminal prosecution:– Must acquire the evidence while preserving the
integrity of the evidence• No damage during collection, transportation, or storage• Document everything• Collect everything the first time
– Establish a chain of custody
• What to watch out for…….– Don’t work on original evidence!– Can perform analysis of evidence on exact copy!– Make many copies and investigate them without
touching original– Can use time stamping/hash code techniques to
prove evidence has not been compromised
Key Aspects
Cybercrime, Cyberterrorism &
Cyberwar
International law
National Law
International
Relations &
Diplomacy
https://www.ict.org.il/Article/2083/Cyberizing-Counter-terrorism-Legislation#gsc.tab=0
CYBER WARFARE
32
https://www.law.upenn.edu/institutes/cerl/conferences/cyberwar/pap
ers/reading/Kanuck.pdf
EVIDENTIARY ASPECTS
36
37
Cybercrime – The Legal Aspects
The law operates in all aspects –You must understand legal issues &
its ramifications
Chain of
Custody
Integrity of
Evidence
Burden of Proof
Admissibility of
Evidence
38
The Legal & Investigation Cycle
Intrusion
Detection
Evidence Preservation
& AnalysisInvestigation
Prosecution
Legal Aspects
are Integral
Parts of Cycle
39
Digital Forensics & the Law
Computer Forensics:
An autopsy of a computer or network to uncover digital evidence of a crime
Role of Evidence in the CourtEvidence must be preserved and hold up in a court of law
40
Integrity of Evidence
Admissibility of Evidence
Weightage of Evidence
Concepts
Burden of Proof Beyond reasonable doubt
Cannot be illegally obtained
If not strong, not so useful (but you can try)
Tampered evidence cannot be used
41
1. Physical evidence
2. Digital Evidence
Evidence Management Lifecycle
Identify Evidence
Collect Evidence
Process Evidence
Analyze Evidence
Present in report
IP addresses are
like the digital
fingerprint
42
Strategies to Manage Legal Aspects
Compliance with the law
Evidence produced must meet legal standards
Collection of evidence must comply with laws of criminal
procedures
PROSECUTION IN THE COURTS
43
Prosecuting Cybercrime in the Courts
1. Prosecution of Criminal Offences1. Building the cybercrime case - the trial process
2. What is electronic document discovery
3. What does a public prosecutor do in a court room?
4. Typical documents in criminal proceedings
2. Burden of Proof1. Concept of burden of proof - what is the burden of
proof required?
2. What does “beyond reasonable doubt” mean?
3. What does “on balance of probabilities” mean
44
Digital Evidence
1. Overview of digital forensics and the law
2. Evidence in generala) Why collect evidence
b) Identifying digital evidence
c) Evidence collection options
d) Types of Evidence• Direct and indirect
• Hearsay evidence
3. Methods to gather, preserve and present evidence of a computer crime
45
Defence Counsel Strategies
1. How does the defence lawyer carry out defence in cybercrime cases?
1. Basic techniques
a) Challenging the method of evidence collection
b) Challenging the qualifications of the evidence collector
c) Raising doubts – its importance in criminal prosecution
2. Advanced techniques
3. Legal challenges in cloud forensics
4. Understanding Rules of Procedures
46
Testifying in a cybercrime case
1. Testifying as an evidentiary witness
2. Testifying as an expert witness
3. Giving direct testimony
4. Cross-examination tactics
47
Issues in cross border computer crime
1. Importance of cross border collaboration between law enforcement bodies
2. Role of Interpol
3. International Court of Justice1. No cybersecurity cases to date
4. Case Study: Ardit Ferizi case (cyber terrorism)
48
CYBERSECURITY LAW IN THE CORPORATE CONTEXT
49
50
Cyber
AttacksRecoverSurvive
Is it a criminal
offence?
How should digital evidence be
collected so that it is admissible in
court?
How to ensure
successful
prosecution in
court?
What is the proper investigation
procedure?
In any cyber attack, legal issues
must be addressed
What can the police search and seize?
Cyberattacks & how the law fits in…….
51
Cybersecurity
Cybercrime &
Cyberterrorism
Computer
Crime
Corporate
Wrongs
When a cybercrime
takes place, an
investigation must be
carried out – the police
must be involved.
Computer crime: Offences against
computers and IT system
Cybercrime: Crimes committed using
computers and IT systems
Domains in Cybersecurity Law, Investigation & Risk
Management
52
How to comply with the law?
What kind of legal risk management
framework
should be established?
What kind of governance, risk & compliance
framework should be established?
Legal Issues Facing Governments and Industry
53
Analytic Framework
Legal Risk Management in Cybersecurity
Has the law been broken? Is this a
crime?
Has digital evidence been properly
collected to meet the legal requirements?
If I take pre-emptive strike measures is it
legal?
Is my intelligence gathering method
legal?
54
Cybersecurity Risk Management & Governance Need to Develop
Proactive Framework
Governments, enterprises and
organizations need to create a structured
and proactive risk management framework
that deals with the legal aspects of
cybersecurity attacks. It is an essential
building block to deter and prevent cyber
attacks. We offer capability building
programs as well as design of systems and
procedures as part of the risk management
framework
Enterprises need to develop structured
framework
55
LEGAL AGREEMENTS
Standard Operating Procedur
es & Manuals
NEGOTIATION
Digital Asset
Protection Programs
Legal Due Diligence
COSTREVENUE
PROFITABILITY
Civil cases
(cybersecurity)
Digital
Evidence
Cybercrime
InvestigationCybersecurity
law compliance
Personal Data
Protection & Privacy
Compliance
Cybersecurity
Corporate Policy
Key Aspects - Industry
56
Cybersecurity Intelligence Gathering:
Legal Aspects
Standard Operating Procedur
es & Manuals
Cybercrime Pre-emptive
Strikes: Legal
Aspects
Digital Asset
Protection Programs
Cybercrime Criminal
Procedure
E-Discovery
Cybercrime
Law
Digital
Evidence
Cybercrime
Investigation
Cybercrime
Prosecution
Personal Data
Protection & Privacy
Compliance
Cybersecurity
Corporate Policy
Key Aspects
57
CASE STUDY 1
Singhealth Cyber attack
58
59
END
62