1 / 27

Computer Forensics BACS 371

Computer Forensics BACS 371. Applicable Laws and Statutes . Outline. Basics of Computer Crime Relevant Laws & Statutes Pen/Trap Statue Federal Wiretap Act Electronic Communications Privacy Act (ECPA) Privacy Protection Act Foreign Intelligence Surveillance Act (FISA)

myrna
Télécharger la présentation

Computer Forensics BACS 371

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer ForensicsBACS 371 Applicable Laws and Statutes

  2. Outline • Basics of Computer Crime • Relevant Laws & Statutes • Pen/Trap Statue • Federal Wiretap Act • Electronic Communications Privacy Act (ECPA) • Privacy Protection Act • Foreign Intelligence Surveillance Act (FISA) • Computer Fraud & Abuse Act (CFAA) • U.S. Patriot Act

  3. Categories of Computer Crime1 • A computer can be the object of a crime • A computer can be the subject of a crime • The computer can be used as the tool for conducting or planning a crime • Includes… compromising a computer and using that computer as a source for further attacks • The symbol of the computer itself can be used to intimidate or deceive • The most significant omission, according to Casey, is computers as sources of digital evidence 1from Donn Parker as described in Eoghan Casey, Digital Evidence and Computer Crime

  4. USDOJ Categories1 • Hardware as Contraband or Fruits of a Crime • Hardware as an Instrumentality • Hardware as Evidence • Information as Contraband or Fruits of a Crime • Information as an Instrumentality • Information as Evidence 1 US Dept of Justice, Search and Seizure Guidelines Document

  5. Categories of Computer Crime • Computers as targets • Computers as storage devices • Computers as communication tools Same ole stuff, but computers are involved!!

  6. Computers as Targets • Viruses and worms • Trojan Horses • Theft of Data • Software Piracy • Trafficking in stolen goods • Defacing Corporate web sites

  7. Computers as Means • Embezzlement • Stalking • Gambling • Pornography • Counterfeiting • Forgery • Theft • Identity theft • Phishing • Pyramid schemes • Chain letters

  8. Computers as Storage • Drug trafficking • Book making • Burglary • Homicide • Child pornography

  9. Web Related Crime • Cyber-squatting • Internet gambling • Cyber stalking and harassment • Child pornography • Drug dealing • Cyber terrorism • Cyberplanning

  10. Laws and Statutes • As criminals devise new ways to use computers for crime, the justice system attempts to keep up by making new laws. • These laws generally lag behind the innovations of the criminals. • The following are the major laws and statutes used to fight cyber crime.

  11. Pen/Trap Statute • Governs the collection of non-content traffic data, such as numbers dialed by a particular phone. • Section 216 updates the statute in three ways: • Law enforcement may use pen/trap orders to trace communications on the Internet and other networks • Pen/trap orders issued by federal courts have nationwide effect • Law enforcement must file special report when they use a pen/trap order to install their own monitoring device on computers belonging to a public provider

  12. Title III of the Omnibus Crime Control and Safe Streets Act of 1968 • AKA “Federal Wiretap Act” 18 USC § § 2510-2522 • Covers illegal interception of voice and e-communications in real-time as they traverse networks. • Protects against unauthorized interception of communication • Delineates specific requirements for wiretapping: • Requires probable cause • Requires court approval • Requires that alternative avenues be exhausted • “Innocent” conversations must be excluded • Requires disclosure of surveillance upon conclusion of investigation

  13. Electronic Communications Privacy Act of 1986 The ECPA (18 USC §§ 2701 – 2712)deals primarily with stored computer files that have been transmitted over a network. 3 main categories are covered: • Communications (e-mail, voicemail, other files) • Transactional data (logs of who called who) • Subscriber/session information • Basically, it amended Title III of the Wiretap Act to extend to different types of electronic communications (including e-mail).

  14. Electronic Communications Privacy Act of 1986 • Title I • Statutory procedures for intercepting wire, oral, and electronic communications • Extended to digital communications and non-common carrier communications • Title II – Stored Communications Act • Protects communications not in transmission which have been stored in some way • Title III • Provides for law enforcement monitoring of electronic communications

  15. Requirements Under Title III • Must be authorized by Federal District Court Judge • Must demonstrate probable cause – with specifics • Must identify previous attempts at evidence collection and indicate why unsuccessful • Generally limited to 30 days • Progress reports must be issued every 7-10 days • Surveillance must be terminated when objective is met • Subjects must be notified when surveillance terminated • Service providers must cooperate with authorities possessing a valid court order • Any party to an illegal interception may be charged with a Federal offense punishable by 5 years in prison and/or fine

  16. ECPA Information Categories Less difficult to acquire • Basic Subscriber Information • Name, address, telephone connection records, length of service, subscriber identity, means and sources of payment • Records Pertaining to a Subscriber • Account logs, cell site data, e-mail addresses, … • Contents • Actual files stored in the account • “Electronic Storage” contents for ECS providers • Contents stored by RCS providers • Contents held by neither More difficult to acquire

  17. ECPA Mechanisms for Government Entity to Compel Disclosure • Subpoena • Basic Subscriber information • Subpoena with Prior Notice • Opened e-mail • Court Order • Account logs and transactional records • Court Order with Prior Notice • Everything in an account except for unopened e-mail • Search Warrant • Full contents of account • No notice to subscriber required Less difficult to acquire More difficult to acquire

  18. Privacy Protection Act of 1980 • PPA (42 USC § 2000) • Unlawful for local, state, or Federal law enforcement authorities to search or seize those materials which may be publishable • Expand the 1968 Wiretap Act to include electronic bulletin boards • Protects • “work product” including impressions, conclusions, opinions, or theories • “documentary materials” including mechanically, magnetically, or electronically recorded cards, tapes or discs

  19. Privacy Protection Act of 1980 • Matters when search may result in seizure of 1st Amendment materials (publishing, …) • “Congress probably intended the PPA to apply only when law enforcement intentionally targeted First Amendment material that related to a crime.” • Incidental seizure of PPA-protected material commingled on a suspect’s computer with evidence of a crime does not give rise to PPA liability. • However, subsequent search of such material was mostly forbidden

  20. Foreign Intelligence Surveillance Act (FISA) of 1978 • Regulates wiretaps in national security cases • Broader than Title III • Allows more invasive searches • Lower probable-cause threshold • Differences • No requirement to disclose content or existence of surveillance • No protection for non-US citizens • For citizens, probable cause that criminal activity engagement is required • For others, suspicion of criminal activity is not required

  21. Computer Fraud and Abuse Act • Computer Fraud and Abuse Act (CFAA) • First law to address computer crime in which the computer is the subject of the crime • First law that does not have an analog to traditional crime • CFAA has been used to prosecute virus creators, hackers, information and identity thieves, and people who use computers to commit fraud

  22. Computer Fraud and Abuse Act of 1986 • Originally, very narrow in scope and not very effective • Makes it… • A felony to knowingly access a computer without authorization, or in excess of authorization, in order to obtain classified United States defense or foreign relations information. • A misdemeanor to knowingly access a computer without authorization, in excess of authorization, in order to obtain information contained in a financial record of a financial institution or in a consumer file of a consumer reporting agency. • A misdemeanor to knowingly access a computer without authorization, or in excess of authorization, in order to use, modify, destroy, or disclose information in, or prevent authorized use of, a computer operated on behalf of the United States if such conduct would affect the government’s use of the computer. • The Act also made it a crime to attempt to or conspire to commit any of the three acts defined above.

  23. Computer Fraud and Abuse Act of 1986 - Revised Original Act was modified to include: • Federal Interest Computer – expanded to include any computer which is used in interstate or foreign commerce or communications • Expanded criminal intent from “knowingly” to “intentionally” • Made it a misdemeanor to gain unauthorized access to • financial information from any financial institution or credit reporting agency, • any information in the possession of the government, • any private information where the defendants conduct involved interstate or foreign commerce • A felony if the activity involved an expectation of gain or if the offense was in the furtherance of another crime • Current Act protects computers involved in Interstate commerce or communication, Federal Interest, Government computers • Illegal actions included theft, destruction, or corruption of sensitive information

  24. Computer Fraud and Abuse Act of 1986 – Further Amendments • 1988 • Protections expanded to include all FDIC-insured institutions • 1990 • Expanding protections to foreign banks • 1994 • Developed three levels of intent • Intentional – did it on purpose • Reckless – should have known better • Negligent – you were careless, but didn’t mean to • Incorporated provisions for Denial of Service (DoS) attacks and potential harm to systems or components

  25. Key Terms in the CFAA

  26. Key Terms in the CFAA (Cont.)

  27. USA PATRIOT Act1Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Greatly broadened FBI’s authority to gather electronic evidence • Allows: • Intercept voice communications in computer hacking cases • Trace communications on the Internet • Subpoena for cable company records • Intercept communications of computer trespassers • ISPs can disclose content and non-content information in emergency situations • Nationwide search warrants for e-mail • “Sneak & Peek” – Permits investigator to delay notification of “search” • Establishment of Regional Computer Forensic laboratories 1http://www.usdoj.gov/criminal/cybercrime/PatriotAct.htm

More Related