1. Law Enforcement Operations Rules in Cybercrime and Cyber-Related
Incident Response Operations? (10pts)
a. Cybercrime Response. Cybercrime Response is the actual police intervention
in a cybercrime or cyber-related incident where the acquisition of matters of evidentiary value is traceable within the computer’s hardware, software and its network.
b. Guidelines in Responding to Cybercrime and Cyber-Related Incidents
1) When responding to a cybercrime incident, or to a crime scene where
Information and Communication Technology (ICT) equipment (e.g computers, digital storage devices and other electronic devices or equipment) are present, it is imperative for the First Responder (FR) to protect and preserve the crime scene and seek the assistance of the station IOC to identify potential evidence such as the following: a) Contraband or fruits of a crime; b) Tools used for the commission of the crime; and/or c) Other items that may be used in the commission of the crime. 2) The FR shall immediately coordinate with the nearest ACG office, through the station TOC or the IOC, for assistance. Upon arrival of the ACG personnel, they shall immediately conduct the “bag and tag” procedure on the digital evidence and turn over to the IOC. 3) The concerned investigating unit shall secure and submit a court order and necessary legal requirements for the ACG to conduct digital forensic examination that is in accordance with the rule on cybercrime warrants. The evidence seized shall then be subjected to digital forensic examination by the PNP ACG. The result of the forensic examination, as well as the testimony of the forensic expert, shall be made available during the trial.