1 / 84

Computer Forensics

Computer Forensics. Overview. Computer Crime Laws Policy and Procedure Search Warrants Case Law Intellectual Property Protection Privacy Ethics. Computer Crime. What is Computer Crime?

RoyLauris
Download Presentation

Computer Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Forensics

  2. Overview • Computer Crime Laws • Policy and Procedure • Search Warrants • Case Law • Intellectual Property Protection • Privacy • Ethics

  3. Computer Crime • What is Computer Crime? • Criminal activity directly related to the use of computers, specifically illegal trespass into the computer system or database of another, manipulation or theft of stored or on-line data, or sabotage of equipment and data. • Criminal activity can also comprise the use of computers to commit other kinds of crime: harrassment, scams, hate crimes, fomenting terrorism, etc

  4. Computer Crime • What is a Computer Crime? • Stealing trade secrets from a competitor • Extortion • Use of a packet sniffer to watch instant messaging conversations

  5. Federal Computer Crime Laws • 4th Amendment • Computer Fraud and Abuse Act of 1986 • Electronic Communications Privacy Act of 1986

  6. Federal Computer Crime Laws • Electronic Espionage Act of 1996 • Communications Decency Act 1996 • Child Pornography Prevention Act • Digital Millennium Copyright Act of 1998 • COPPA - Children's Online Privacy Protection Act • HIPAA - Health Insurance Portability And Accountability Act • Access Device Fraud • USA Patriot Act

  7. State Computer Crime Laws • Computer crime laws are state-specific

  8. Case Law • What is case law? • “Created” by the rulings of judges on court cases • Importance of case law? • Very few laws governing current and emerging technologies • Precedents set by case law often become legislative law

  9. Computer Fraud and Abuse Act

  10. Computer Fraud and Abuse Act • 15 USC §1644 - Fraudulent use of credit cards; penalties • 18 USC §1029 - Fraud and related activity in connection with access devices • 18 USC §1030 - Fraud and related activity in connection with computers • 18 USC §1343 - Fraud by wire, radio, or television • 18 USC §1361-2 - Prohibits malicious mischief

  11. 15 USC §1644 • Use, attempt or conspiracy to use card in transaction affecting interstate or foreign commerce • Transporting, attempting or conspiring to transport card in interstate commerce • Use of interstate commerce to sell or transport card • Furnishing of money, etc., through use of card

  12. Crimes and Penalties • Whoever in a transaction affecting interstate or foreign commerce furnishes money, property, services, (>$1,000) shall be fined not more than $10,000 or imprisoned not more than ten years, or both

  13. 18 USC §1029 • Counterfeit access devices • Telecommunications instrument modified to obtain unauthorized use of telecommunications services. • Fraudulent transactions using credit cards • Use of scanning receiver

  14. Crimes and Penalties • Forfeiture to the United States of any personal property used or intended to be used to commit the offense • Fine under this title or imprisonment for not more than 20 years, or both.

  15. 18 USC §1030 • Accesses a computer without authorization to obtain restricted data. • Without authorization accesses Federal computers • Conduct fraud and obtains anything of value on such computers • Traffics in passwords or similar information

  16. Crimes and Penalties • The United States Secret Service has authority to investigate offenses • Forfeiture of any personal property used or intended to be used to commit the offense • Fine under this title or imprisonment for not more than 20 years, or both.

  17. 18 USC §1343 • Fraud by means of wire, radio, or television communication in interstate or foreign commerce, • Transmission of digital or analog data in such fraud

  18. Crimes and Penalties • Fine under this title or imprisonment not more than five years, or both. • If the violation affects a financial institution, fine of $1,000,000 or imprisonment of 30 years, or both

  19. 18 USC §1361-2 • Prohibiting malicious mischief • Computer hacking/website defacement

  20. Actual Crimes • Many cases have been prosecuted under the computer crime statute, 18 U.S.C. § 1030 (unauthorized access). A few recent sample press releases from actual cases are available via links below: • Kevin Mitnick Sentenced to Nearly Four Years in Prison; Computer Hacker Ordered to Pay Restitution to Victim Companies Whose Systems Were Compromised (August 9, 1999) Source: http://www.usdoj.gov/criminal/cybercrime/compcrime.html

  21. Actual Crimes • Former Chief Computer Network Program Designer Arraigned for Alleged $10 Million Computer "Bomb" • Juvenile Computer Hacker Cuts off FAA Tower At Regional Airport -- First Federal Charges Brought Against a Juvenile for Computer Crime Source: http://www.usdoj.gov/criminal/cybercrime/compcrime.html

  22. Sample Cases • http://www.daviddfriedman.com/Academic/Course_Pages/21st_century_issues/21st_century_law/computer_crime_legal_01.htm • http://www.law.emory.edu/11circuit/june2000/99-12723.opn.html • http://www.usdoj.gov/criminal/cybercrime/cccases.html • http://www.usdoj.gov/criminal/cybercrime/garciaArrest.htm • http://www.usdoj.gov/criminal/cybercrime/jiangIndict.htm • http://www.usdoj.gov/criminal/cybercrime/schellersent.htm • http://www.usdoj.gov/criminal/cybercrime/usamay2001_2.htm

  23. Electronic Communications Privacy Act

  24. Where Can I Find ECPA? United States Code Title 18 Crimes and Criminal Procedure Chapter 119 – Wire and Electronic Communications Interception and Interception of Oral Communications Sections 2510 - 2522

  25. Overview of ECPA • President Reagan signed ECPA into law in October 1986 • Designed to extend Title III Privacy Provisions to new technologies such as electronic mail, cellular phones, private communication carriers, and computer transmissions

  26. “The Wiretap Act” • This law required that enforcement agencies obtain a warrant before executing a wiretap (usually used to record voice conversations)

  27. What Rights Does ECPA Provide? • ECPA protects the transmission and storage of digital communication such as email • Authorities are forbidden to intercept non-voice portions of communication, thanks to ECPA • This is defined as "any transfer of signs, signals, writing, images, sound, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectric or photo-optical system."

  28. ECPA Rights (cont.) • Act was designed to protect against electronic communication service providers from disclosing any contents of communication to authorities without lawful consent of the party that originated the communication • Act provided for coverage of all communication providers, not just “common carriers” available to the public

  29. Cellular Phone Communication • Act also protects cellular phone conversations; wired privacy extended to wireless • Penalty for intercepting a non-encrypted call is only a $500 fine, rather than the normal maximum of 5 years in prison • Note: This act also explicitly states it does not protect the “radio portion of a telephone that is transmitted between the cordless telephone handset and the base unit."

  30. Radio Paging • ECPA also protects pagers • Voice and digital display pagers were determined to be an extension of an original wired communication • However, tone-only pagers are not protected by ECPA

  31. Customer Records • ECPA provides for the protection of subscriber and customer records belonging to electronic service providers • Authorities cannot access these records without a search warrant and court order, unless otherwise notifying the customer

  32. References • http://www.digitalcentury.com/encyclo/update/ecpa.html • http://floridalawfirm.com/privacy.html

  33. USA Patriot Act

  34. Some Perspective • On September 11, 2001, more Americans were murdered than… • American battle deaths in the war of 1812 • American battle deaths at Pearl Harbor • American battle deaths in the Indian Wars • American battle deaths in the Mexican War • American battle deaths in Vietnam prior to 1966 • Union battle deaths at Bull Run • Police officers killed in the line of duty since 1984 • Source: Federal Law Enforcement Training Center Glynco, Georgia

  35. USA Patriot Act – Oct 2001 • Provides Tools To Intercept and Obstruct Terrorism • Some believe it was too hasty • There were few conferences • The House vote was 357-66 • The Senate vote was 98-1

  36. USA Patriot Act • Specifically, the Act: • Creates several new crimes: bulk cash smuggling, attacking transportation systems, etc. • Expands prohibitions involving biological weapons • Lifts the statute of limitations on prosecuting some terrorism crimes • Increases penalties for some crimes • Requires background checks for licenses to transport hazardous materials • Expands money laundering laws and places more procedural requirements on banks • Promotes information sharing and coordination of intelligence efforts

  37. USA Patriot Act • Provides federal grants for terrorism prevention • Broadens the grounds for denying aliens admission • Alters some domestic security provisions for DoD • Most provisions of the Act shall cease to have effect on December 31, 2005 • However, a USA Patriot Act II is being discussed in Congress

  38. Computer Crime • Penalty of 5 years for a first offense and 10 years for a subsequent offense for damaging a federal computer system • Damage includes any computer impairment that causes the loss of at least $5,000 or threatens the public health or safety.

  39. Computer Crime • To be found guilty, the person must: • Knowingly cause the transmission of a program, information, code, or command that results in damage to a protected computer without authorization • Intentionally access a federal computer without authorization and cause damage (§ 814)

  40. Computer Crime • The act requires the attorney general to create regional computer forensic laboratories: • Examine seized or intercepted computer evidence • Train and educate federal, state, and local law enforcement and prosecutors • Assist federal, state, and local law enforcement in enforcing computer-related criminal laws • Promote sharing of federal expertise • The act also provides funding for these facilities (§ 816)

  41. Other Crimes / Penalties • Attacks Against Mass Transportation Systems • The crime is punishable by a fine, up to 20 years if the violator traveled or communicated across state lines or • The crime is punishable by life in prison if the offense resulted in death • Counterfeiting • The act makes counterfeiting punishable by up to 20 years in prison

  42. Other Crimes / Penalties • Harboring or Concealing Terrorists • This crime is punishable by a fine and 10 years in prison (§ 803) • Biological Weapons • This is punishable by a fine, and 10 years in prison • Money Laundering • This crime is punishable by 5 years in prison • For Federal employees, the crime is punishable by a fine 3 times the value received, and 15 years in prison, (§ 329)

  43. Increased Penalties • Arson from 20 years to life • Energy facility damage, from 10 to 20 years • Supporting terrorists, from 10 to 15 years • Supporting designated foreign terrorist organizations, from 10 to 20 years • Destroying national defense materials, from 10 to 20 years • Sabotaging nuclear facilities from 10 to 20 years • Carrying a weapon or explosive on an aircraft from 15 to 20 years • Damaging interstate gas or hazardous pipeline facility, from 15 to 20 years

  44. Information Sharing • The act: • Foreign and national intelleigence surveillance can exchange information (§ 504) • Regional information sharing between federal, state, and local law enforcement (§ 701) • Attorney general can apply to a court for disclosure of educational records to prosecute a terrorist act • Act also provides immunity for people who in good faith disclose these documents) (§ 507, 508)

  45. Privacy Implications • American Civil Liberties Union: “The USA Patriot Act allows the government to use its intelligence gathering power to circumvent the standard that must be met for criminal wiretaps. … • The new law allows use of Foreign Intelligence Surveillance Act surveillance authority even if the primary purpose were a criminal investigation. • Intelligence surveillance merely needs to be only for a "significant" purpose. • Law enforcement may search primarily for evidence of crime, without establishing probable cause • This provision authorizes unconstitutional physical searches and wiretaps

  46. Privacy Implications • “In allowing for "nationwide service" of pen register and trap and trace orders, the law further marginalizes the role of the judiciary. • It authorizes what would be the equivalent of a blank warrant in the physical world: the court issues the order, and the law enforcement agent fills in the places to be searched. • This is not consistent with the important Fourth Amendment privacy protection of requiring that warrants specify the place to be searched.” • In short, the USA Patriot Act assumes no “expectation of privacy”

  47. Case Study: Carnivore • TCP/IP packet sniffer developed by the FBI that has the ability to store all traffic on a network • Intended Uses: Terrorism, Espionage, Child Pornography/Exploitation, Information Warfare/Hacking, Organized Crime/Drug Trafficking, Fraud • Reassembles your e-mail, webpages, files and searches for keywords

  48. Case Study: Carnivore • Legitimate use vs. invasion of privacy • Find out which web sites you visit • deathtoamerica.com • girlsgonewild.com • Read your e-mail • bomb making instructions • love letters • Save a copy of files you download • shoebomb.zip • transactions.zip

  49. Case Study: Carnivore • Pre-USA Patriot Act realities: • FBI suspects you of criminal activity • Requests court order to use Carnivore • Installs Carnivore at your ISP • Carnivore grabs all of your packets authorized in the court order • Carnivore must not grab anyone else’s packets • Data physically collected once a day • Court order expires in 30 days • Post-USA Patriot Act fears: • The FBI can use Carnivore to go fishing for personal information

  50. Related Cases • John Walker Lindh – sentenced to 20 years in federal prison • Conspiracy to Murder U.S. Nationals (18 U.S.C. § 2332(b)) (Count One) • Conspiracy to Provide Material Support & Resources to Foreign Terrorist Organizations (18 U.S.C. Defendant. ) § 2339B) (Counts Two & Four) • Providing Material Support & Resources to Foreign Terrorist Organizations (18 U.S.C. §§ 2339B ) & 2) (Counts Three & Five) • Conspiracy to Contribute Services to al Qaeda (31 C.F.R. §§ 595.205 & 595.204 & 50 U.S.C. § 1705(b)) (Count Six) • Contributing Services to al Qaeda (31 C.F.R. §§ 595.204 & 595.205, 50 U.S.C. § 1705(b) & 18 U.S.C. § 2) (Count Seven) • Conspiracy to Supply Services to the Taliban (31 C.F.R. §§ 545.206(b) & 545.204 & 50 U.S.C. § 1705(b)) (Count Eight) • Supplying Services to the Taliban (31 C.F.R. §§ 545.204 & 545.206(a), 50 U.S.C. § 1705(b) & 18 U.S.C. § 2) (Count Nine) • Using and Carrying Firearms and Destructive Devices During Crimes ) of Violence (18 U.S.C. §§ 924(c) & 2) (Count Ten)

More Related