Scribd Logo
Upload

Welcome to Scribd!

  • Csi L9

    Uploaded by

    Rabab Zaidi
    4 views3 pages
    The document discusses several challenges in cybercrime investigation including the variety of electronic devices, large amounts of data, and lack of qualified personnel. It defines cybercrime as crimes committed using computers or where computers are victims. Technology has increased identity theft and intellectual property crimes. Digital evidence consists of sequences of zeros and ones that can only be interpreted with software, and includes data stored worldwide in encrypted cloud environments, posing challenges for investigators. Digital devices may contain contraband, evidence, or have been used to facilitate crimes. Metadata is also a potential source of evidence.

    Original Description:

    csi notes lectures 9

    Original Title

    CSI-L9

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses several challenges in cybercrime investigation including the variety of electronic devices, large amounts of data, and lack of qualified personnel. It defines cybercrime as crimes committed using computers or where computers are victims. Technology has increased identity theft and intellectual property crimes. Digital evidence consists of sequences of zeros and ones that can only be interpreted with software, and includes data stored worldwide in encrypted cloud environments, posing challenges for investigators. Digital devices may contain contraband, evidence, or have been used to facilitate crimes. Metadata is also a potential source of evidence.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views3 pages

    Csi L9

    Uploaded by

    Rabab Zaidi
    The document discusses several challenges in cybercrime investigation including the variety of electronic devices, large amounts of data, and lack of qualified personnel. It defines cybercrime as crimes committed using computers or where computers are victims. Technology has increased identity theft and intellectual property crimes. Digital evidence consists of sequences of zeros and ones that can only be interpreted with software, and includes data stored worldwide in encrypted cloud environments, posing challenges for investigators. Digital devices may contain contraband, evidence, or have been used to facilitate crimes. Metadata is also a potential source of evidence.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    CSI- L9 Readings

    Unique challenges
    - Variety of electronic devices available
    - Amount of data produced by these devices
    - And lack of qualified personnel
    - Lack of resources for training

    A Lot of different names for the profession: Computer crime, cyber crime, electronic crime

    Maras (2015) defines cybercrime as ‘the use of the Internet, computers, and related
    technologies in the commission of a crime,and limits cybercrime to those where a
    computer is used to commit a crime, or the computer is the victim of a crime

    Technology has led to significant increase in the frequency and severity of certain
    crimes eg, identity theft and intellectual property theft

    ● Physical presence at crime scene is not needed in cyber crime.


    ● Social media gives access to criminals staking out potential victims to burgalize.
    ● Anonymity of individuals on the internet protection for potential criminals
    ● Rise of new opportunities phishing,online gambling and cyberterrorism
    ● Chat rooms, websites and online services → new ways to commit crime
    ● Digital investigators must bring cybercriminals to justice

    Cloud based applications and deployments allow data to be stores anywhere in the
    world and often in an encrypted environment → increasing challengers for digital
    investigators

    ● Cybercrime faction in the FBI constantly evolving.

    ‘Digital evidence is defined as information and data of value to an investigation that is


    stored on, received, or transmitted by an electronic device’ (NIJ, 2008)

    ● Digital evidence is no reproducible, easily manipulated


    ● Digital data is series of small units on a storage device set to 0 or 1 representing
    a microscopic physical condition (often electric charge on media)
    ● Each of these units ‘0 or 1’ is called a bit
    1 bit = 8 bytes
    ● Each byte represents a hexadecimal value, and groups of hexadecimal values
    form numbers, letters, words, and all other manifestations of information stored
    on computers and their related devices

    → basically to summarise
    Thus, all digital evidence consists of sequences of zeroes and ones which can be seen
    and interpreted only with some type of software (Casey, 2011).

    ● Major issues in the reliability of digital evidence → must be scientifically


    acceptable testing procedures
    ● The mutable, fleeting, and intangible nature of digital evidence

    Digital device is critical to the production of digital evidence, 3 roles in cybercrime

    ● Content are contraband


    ● contains information (data/artifacts) that can be evidence of a crime
    ● Device may have been used to facilitate a crime

    3 types of storage media in these devices


    ● Magnetic (eg,hard drives)
    ● Optical (eg, DVDS)
    ● Electrical (eg,USB)

    ● metadata (detailed information about a particular piece of data) can also be a


    source of digital evidence.

    ● Not all digital evidence is on computer: sometimes stores by internet service


    providers and businesses across the world. → cloud computing
    ● Cloud computing development has transformed the way data is stored and
    processes
    ● Difficulty for law enforcement from technical, organizational and legal standpoints
    → a number of providers (facebook, ebay etc) assist law enforcement in
    obtaining records in accordance with state laws and corporate policies.
    ● Debate in standard operating procedures for digital investigations → still heavily
    debated
    Devices have different infrastructures, firmware, software and operating systems
    → most individuals have several connected devices → Several investigators must work
    in tandem

    Scale and cloud resources

    ● Increasing volume of information that is now available is a challenge for digital


    investigators.
    ● Due to the increase value of information in the world,the ability law enforcement
    and the legal system is heavily challenged
    ● Move to cloud computing → software and data may be stored physically in
    different geographical locations by third party providers eg, telstra etc
    ● Many digital forensic process models were developed before the
    development of cloud technologies

    ● First and foremost is the need to establish universally accepted standards and
    competencies for both the profession and the individuals who wish to practice
    within it.

    Notes done in the actual lecture


    ● These were not finish hahah

    AFP investigation life cycle


    Referral→ investigation planning → collection → resolution→ court

    Referral: from partner agency, intel work up, NCME or ACCE


    Planning: crime type specific planning, tactical planning and assessment, joint agency
    approach
    Collection: general inquiries, controlled operations & warrant applications
    Resolution: warrant execution and arrest

    Legislation AFP DF works with


    ● Caveat → high level summary in crime acts 1914

    General questions asked at scene


    Computer → is it on? Locked? Who has access? Biometrics? Devices connected?
    USD → whats on it? When were the files connected?

    You might also like