computer forensics n.
Skip this Video
Loading SlideShow in 5 Seconds..
Computer Forensics PowerPoint Presentation
Download Presentation
Computer Forensics

play fullscreen
1 / 84

Computer Forensics

365 Views Download Presentation
Download Presentation

Computer Forensics

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Computer Forensics

  2. Overview • Computer Crime Laws • Policy and Procedure • Search Warrants • Case Law • Intellectual Property Protection • Privacy • Ethics

  3. Computer Crime • What is Computer Crime? • Criminal activity directly related to the use of computers, specifically illegal trespass into the computer system or database of another, manipulation or theft of stored or on-line data, or sabotage of equipment and data. • Criminal activity can also comprise the use of computers to commit other kinds of crime: harrassment, scams, hate crimes, fomenting terrorism, etc

  4. Computer Crime • What is a Computer Crime? • Stealing trade secrets from a competitor • Extortion • Use of a packet sniffer to watch instant messaging conversations

  5. Federal Computer Crime Laws • 4th Amendment • Computer Fraud and Abuse Act of 1986 • Electronic Communications Privacy Act of 1986

  6. Federal Computer Crime Laws • Electronic Espionage Act of 1996 • Communications Decency Act 1996 • Child Pornography Prevention Act • Digital Millennium Copyright Act of 1998 • COPPA - Children's Online Privacy Protection Act • HIPAA - Health Insurance Portability And Accountability Act • Access Device Fraud • USA Patriot Act

  7. State Computer Crime Laws • Computer crime laws are state-specific

  8. Case Law • What is case law? • “Created” by the rulings of judges on court cases • Importance of case law? • Very few laws governing current and emerging technologies • Precedents set by case law often become legislative law

  9. Computer Fraud and Abuse Act

  10. Computer Fraud and Abuse Act • 15 USC §1644 - Fraudulent use of credit cards; penalties • 18 USC §1029 - Fraud and related activity in connection with access devices • 18 USC §1030 - Fraud and related activity in connection with computers • 18 USC §1343 - Fraud by wire, radio, or television • 18 USC §1361-2 - Prohibits malicious mischief

  11. 15 USC §1644 • Use, attempt or conspiracy to use card in transaction affecting interstate or foreign commerce • Transporting, attempting or conspiring to transport card in interstate commerce • Use of interstate commerce to sell or transport card • Furnishing of money, etc., through use of card

  12. Crimes and Penalties • Whoever in a transaction affecting interstate or foreign commerce furnishes money, property, services, (>$1,000) shall be fined not more than $10,000 or imprisoned not more than ten years, or both

  13. 18 USC §1029 • Counterfeit access devices • Telecommunications instrument modified to obtain unauthorized use of telecommunications services. • Fraudulent transactions using credit cards • Use of scanning receiver

  14. Crimes and Penalties • Forfeiture to the United States of any personal property used or intended to be used to commit the offense • Fine under this title or imprisonment for not more than 20 years, or both.

  15. 18 USC §1030 • Accesses a computer without authorization to obtain restricted data. • Without authorization accesses Federal computers • Conduct fraud and obtains anything of value on such computers • Traffics in passwords or similar information

  16. Crimes and Penalties • The United States Secret Service has authority to investigate offenses • Forfeiture of any personal property used or intended to be used to commit the offense • Fine under this title or imprisonment for not more than 20 years, or both.

  17. 18 USC §1343 • Fraud by means of wire, radio, or television communication in interstate or foreign commerce, • Transmission of digital or analog data in such fraud

  18. Crimes and Penalties • Fine under this title or imprisonment not more than five years, or both. • If the violation affects a financial institution, fine of $1,000,000 or imprisonment of 30 years, or both

  19. 18 USC §1361-2 • Prohibiting malicious mischief • Computer hacking/website defacement

  20. Actual Crimes • Many cases have been prosecuted under the computer crime statute, 18 U.S.C. § 1030 (unauthorized access). A few recent sample press releases from actual cases are available via links below: • Kevin Mitnick Sentenced to Nearly Four Years in Prison; Computer Hacker Ordered to Pay Restitution to Victim Companies Whose Systems Were Compromised (August 9, 1999) Source:

  21. Actual Crimes • Former Chief Computer Network Program Designer Arraigned for Alleged $10 Million Computer "Bomb" • Juvenile Computer Hacker Cuts off FAA Tower At Regional Airport -- First Federal Charges Brought Against a Juvenile for Computer Crime Source:

  22. Sample Cases • • • • • • •

  23. Electronic Communications Privacy Act

  24. Where Can I Find ECPA? United States Code Title 18 Crimes and Criminal Procedure Chapter 119 – Wire and Electronic Communications Interception and Interception of Oral Communications Sections 2510 - 2522

  25. Overview of ECPA • President Reagan signed ECPA into law in October 1986 • Designed to extend Title III Privacy Provisions to new technologies such as electronic mail, cellular phones, private communication carriers, and computer transmissions

  26. “The Wiretap Act” • This law required that enforcement agencies obtain a warrant before executing a wiretap (usually used to record voice conversations)

  27. What Rights Does ECPA Provide? • ECPA protects the transmission and storage of digital communication such as email • Authorities are forbidden to intercept non-voice portions of communication, thanks to ECPA • This is defined as "any transfer of signs, signals, writing, images, sound, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectric or photo-optical system."

  28. ECPA Rights (cont.) • Act was designed to protect against electronic communication service providers from disclosing any contents of communication to authorities without lawful consent of the party that originated the communication • Act provided for coverage of all communication providers, not just “common carriers” available to the public

  29. Cellular Phone Communication • Act also protects cellular phone conversations; wired privacy extended to wireless • Penalty for intercepting a non-encrypted call is only a $500 fine, rather than the normal maximum of 5 years in prison • Note: This act also explicitly states it does not protect the “radio portion of a telephone that is transmitted between the cordless telephone handset and the base unit."

  30. Radio Paging • ECPA also protects pagers • Voice and digital display pagers were determined to be an extension of an original wired communication • However, tone-only pagers are not protected by ECPA

  31. Customer Records • ECPA provides for the protection of subscriber and customer records belonging to electronic service providers • Authorities cannot access these records without a search warrant and court order, unless otherwise notifying the customer

  32. References • •

  33. USA Patriot Act

  34. Some Perspective • On September 11, 2001, more Americans were murdered than… • American battle deaths in the war of 1812 • American battle deaths at Pearl Harbor • American battle deaths in the Indian Wars • American battle deaths in the Mexican War • American battle deaths in Vietnam prior to 1966 • Union battle deaths at Bull Run • Police officers killed in the line of duty since 1984 • Source: Federal Law Enforcement Training Center Glynco, Georgia

  35. USA Patriot Act – Oct 2001 • Provides Tools To Intercept and Obstruct Terrorism • Some believe it was too hasty • There were few conferences • The House vote was 357-66 • The Senate vote was 98-1

  36. USA Patriot Act • Specifically, the Act: • Creates several new crimes: bulk cash smuggling, attacking transportation systems, etc. • Expands prohibitions involving biological weapons • Lifts the statute of limitations on prosecuting some terrorism crimes • Increases penalties for some crimes • Requires background checks for licenses to transport hazardous materials • Expands money laundering laws and places more procedural requirements on banks • Promotes information sharing and coordination of intelligence efforts

  37. USA Patriot Act • Provides federal grants for terrorism prevention • Broadens the grounds for denying aliens admission • Alters some domestic security provisions for DoD • Most provisions of the Act shall cease to have effect on December 31, 2005 • However, a USA Patriot Act II is being discussed in Congress

  38. Computer Crime • Penalty of 5 years for a first offense and 10 years for a subsequent offense for damaging a federal computer system • Damage includes any computer impairment that causes the loss of at least $5,000 or threatens the public health or safety.

  39. Computer Crime • To be found guilty, the person must: • Knowingly cause the transmission of a program, information, code, or command that results in damage to a protected computer without authorization • Intentionally access a federal computer without authorization and cause damage (§ 814)

  40. Computer Crime • The act requires the attorney general to create regional computer forensic laboratories: • Examine seized or intercepted computer evidence • Train and educate federal, state, and local law enforcement and prosecutors • Assist federal, state, and local law enforcement in enforcing computer-related criminal laws • Promote sharing of federal expertise • The act also provides funding for these facilities (§ 816)

  41. Other Crimes / Penalties • Attacks Against Mass Transportation Systems • The crime is punishable by a fine, up to 20 years if the violator traveled or communicated across state lines or • The crime is punishable by life in prison if the offense resulted in death • Counterfeiting • The act makes counterfeiting punishable by up to 20 years in prison

  42. Other Crimes / Penalties • Harboring or Concealing Terrorists • This crime is punishable by a fine and 10 years in prison (§ 803) • Biological Weapons • This is punishable by a fine, and 10 years in prison • Money Laundering • This crime is punishable by 5 years in prison • For Federal employees, the crime is punishable by a fine 3 times the value received, and 15 years in prison, (§ 329)

  43. Increased Penalties • Arson from 20 years to life • Energy facility damage, from 10 to 20 years • Supporting terrorists, from 10 to 15 years • Supporting designated foreign terrorist organizations, from 10 to 20 years • Destroying national defense materials, from 10 to 20 years • Sabotaging nuclear facilities from 10 to 20 years • Carrying a weapon or explosive on an aircraft from 15 to 20 years • Damaging interstate gas or hazardous pipeline facility, from 15 to 20 years

  44. Information Sharing • The act: • Foreign and national intelleigence surveillance can exchange information (§ 504) • Regional information sharing between federal, state, and local law enforcement (§ 701) • Attorney general can apply to a court for disclosure of educational records to prosecute a terrorist act • Act also provides immunity for people who in good faith disclose these documents) (§ 507, 508)

  45. Privacy Implications • American Civil Liberties Union: “The USA Patriot Act allows the government to use its intelligence gathering power to circumvent the standard that must be met for criminal wiretaps. … • The new law allows use of Foreign Intelligence Surveillance Act surveillance authority even if the primary purpose were a criminal investigation. • Intelligence surveillance merely needs to be only for a "significant" purpose. • Law enforcement may search primarily for evidence of crime, without establishing probable cause • This provision authorizes unconstitutional physical searches and wiretaps

  46. Privacy Implications • “In allowing for "nationwide service" of pen register and trap and trace orders, the law further marginalizes the role of the judiciary. • It authorizes what would be the equivalent of a blank warrant in the physical world: the court issues the order, and the law enforcement agent fills in the places to be searched. • This is not consistent with the important Fourth Amendment privacy protection of requiring that warrants specify the place to be searched.” • In short, the USA Patriot Act assumes no “expectation of privacy”

  47. Case Study: Carnivore • TCP/IP packet sniffer developed by the FBI that has the ability to store all traffic on a network • Intended Uses: Terrorism, Espionage, Child Pornography/Exploitation, Information Warfare/Hacking, Organized Crime/Drug Trafficking, Fraud • Reassembles your e-mail, webpages, files and searches for keywords

  48. Case Study: Carnivore • Legitimate use vs. invasion of privacy • Find out which web sites you visit • • • Read your e-mail • bomb making instructions • love letters • Save a copy of files you download • •

  49. Case Study: Carnivore • Pre-USA Patriot Act realities: • FBI suspects you of criminal activity • Requests court order to use Carnivore • Installs Carnivore at your ISP • Carnivore grabs all of your packets authorized in the court order • Carnivore must not grab anyone else’s packets • Data physically collected once a day • Court order expires in 30 days • Post-USA Patriot Act fears: • The FBI can use Carnivore to go fishing for personal information

  50. Related Cases • John Walker Lindh – sentenced to 20 years in federal prison • Conspiracy to Murder U.S. Nationals (18 U.S.C. § 2332(b)) (Count One) • Conspiracy to Provide Material Support & Resources to Foreign Terrorist Organizations (18 U.S.C. Defendant. ) § 2339B) (Counts Two & Four) • Providing Material Support & Resources to Foreign Terrorist Organizations (18 U.S.C. §§ 2339B ) & 2) (Counts Three & Five) • Conspiracy to Contribute Services to al Qaeda (31 C.F.R. §§ 595.205 & 595.204 & 50 U.S.C. § 1705(b)) (Count Six) • Contributing Services to al Qaeda (31 C.F.R. §§ 595.204 & 595.205, 50 U.S.C. § 1705(b) & 18 U.S.C. § 2) (Count Seven) • Conspiracy to Supply Services to the Taliban (31 C.F.R. §§ 545.206(b) & 545.204 & 50 U.S.C. § 1705(b)) (Count Eight) • Supplying Services to the Taliban (31 C.F.R. §§ 545.204 & 545.206(a), 50 U.S.C. § 1705(b) & 18 U.S.C. § 2) (Count Nine) • Using and Carrying Firearms and Destructive Devices During Crimes ) of Violence (18 U.S.C. §§ 924(c) & 2) (Count Ten)