Subscribe via RSS - MindCert.com

1 Covers computer crimes, preserving evidence and conducting basic investigations Cisco Motivation and Study Techniques to help you learn, remember, and pass your Many go unnoticed CISSP. technical exams! Crimes against a computer CEH Two Categories Crimes using a computer More coming DoS. Visit us Theft of passwords Network Intrusions RFI. Emanation Eavesdrop pig TEMPEST. Social Engineering Subscribe via RSS Illegal Content of Material Porn Fraud Common Crimes Software Piracy Certified Professionals are morally and legally held to a higher standard Virus Should be included in Organizational computing policy Malicious Code Trojan Conduct themselves with highest standards of ethical, moral, and legal behavior Worm Not commit any unlawful or unethical act Spoofing Appropriately Report unlawful behavior Information Warfare Support effort to promote prudent information security measures ISC2 Code of Ethics Data-Diddling Modification of data provide competent service to their employees and clients Terrorism Execute responsibilities with highest standards The ethical requirements of those working in DDoS of Yahoo, Amazon, ZDNEet Feb 2000.

2 Not misuse information in which they come into contact with during their duties computer security Internet Activity should be treated as a privilege May 2000. Love Letter Worm Seeks to gain unauthorized access to resources Microsoft - Source Code Oct 2000. Disrupts intended use of the Internet Internet Activities Board Well known examples Wastes resources (IAB) Code of Ethics Unacceptable actions Mitnick 1985-1995. Compromises privacy of others Involves negligence in conduct of Blaster Worm 2003. Internet Experiments Legislative Makes the Statutory laws Information is intangible Administrative makes the Administrative Laws An investigation will interfere with Three Branches of Government normal business operations Judicial Common laws found in court decisions May find difficulty gathering evidence Problems Experts are required Made by legislative branch laws Geographic Held in the United Stated Code ( ).

3 Jurisdictions Title comes first!!! Gathering, control, and preservation many computer crimes under this Statutory law Title 18 of the 1992 edition of the Crimes and Criminal Procedures 18 $ 1030 (1986). Computer evidence can be easily modified Must be followed in order to protect evidence US Computer Fraud and Abuse Act 1986 Addresses Fraud using government computers Location Time obtained Code of the Federal Register ( ). Administrative Law Identification of individual who discovered Chain of evidence Components Identification of individual who secured the evidence Violates government laws for the protection of the people Financial Penalties and Prison Identification of individual who controlled/ Criminal Law maintained possession of evidence Wrong inflected upon a person or organization No prison Discovery and recognition Civil Law Protection Recording Standards of performance and conduct Financial penalties and prison Law as it applies to Information Admin/Regulatory Law Collect all relevant storage media Systems Security Company Law Make image of HDD.

4 Collection Intent varies country to country Print out screen EU has more protective laws for Avoid Degaussing equipment Life Cycle CISSP individual privacy DPA. Tagging and marking Identification Law Investigation Keystroke monitoring and Ethics e-mail monitoring Store in a proper environment Preservation Personnel Security Badges Transportation Magnetic card keys Presentation in court Must inform users Return to evidence owner Electronic Monitoring Use banners Evidence must meet stringent Apply uniformly requirements Must be done in a lawful manner Explain acceptable use Related to the crime Relevant Explain who can read e-mail and how Common Law US long it is backed up for Obtained in a lawful manner Legally Permissible No guarantee of privacy Not been tampered or modified Reliable Admissibility US Law Access Controls may not provide granularity Access to Internet causes potential problems Identified without changing or Criminal and Civil penalties can be imposed damaging evidence Properly Identified Effective 21 August 1996.

5 Health Care Issues Not subject to damage The investigation of Computer crime Information Privacy Laws The rights of the individual for people Preservation Common Law HIPAA who have information over them Original Addresses Procedures for the execution of such rights Best Evidence Evidence The uses and disclosures that should be authorized Copy Secondary Evidence Occurs after individual has gained unlawful access to a system, then Proves or disproves an act based upon the five lured into an attractive area "honey senses pot" in order to provide time to Direct Evidence Ethical Witness identify the individual Enticement vs Entrapment Enticement Inconvertable Conclusive Evidence Encourages the commitment of a Overrides all evidence crime that the individual had no Types of Evidence intention of committing Non-Ethical Expert Entrapment Opinions Non Expert Generally Accepted Systems Security Accepted Principles Inference on other information Circumstantial Principles (GASSP).

6 Not Law Not based on first hand knowledge US. Computer Security Act 1987. Made during the regular conduct of Privacy and crime Laws the business or witness Hearsay United Kingdom Misuse Act 1990. Made at or near the time of occurrence Exceptions Electronic Communications Privacy Act 1986 Protect against eavesdropping of act being investigated Telephone Records 17 Years Exclude Others Patent Video Camera Audit Trails Protects words sounds that present an good or service Trademark System Logs Good sources of evidence System backups Intellectual Property Protects original works of authorship. Copyright Can be used for software Witnesses Surveillance Propriety technical or business information Emails Trade Secret Recipes Establish liaison with Law Enforcement Decide when and if to bring in Law Enforcement Setting up means of reporting computer crimes procedures Investigations committee Start Internal Conducting Investigations Planning and conducting investigations Senior Management HR.

7 Proper Collection of Evidence CISSP Law and - 15/05/2009 - Andrew Mason Incident Handling Matters