Covers computer crimes, preserving evidence and conducting basic investigations

Cisco Motivation and Study Techniques to help

you learn, remember, and pass your Many go unnoticed
CISSP
technical exams! Crimes against a computer
CEH Two Categories
Crimes using a computer
More coming soon...
DoS

www.mindcert.com Visit us
Theft of passwords
Network Intrusions
RFI
Emanation Eavesdrop pig
TEMPEST
Social Engineering
Subscribe via RSS Illegal Content of Material Porn

Fraud
Common Crimes
Software Piracy
Certified Professionals are morally and legally held to a higher standard Virus
Should be included in Organizational computing policy Malicious Code Trojan
Conduct themselves with highest standards of ethical, moral, and legal behavior Worm
Not commit any unlawful or unethical act Spoofing
Appropriately Report unlawful behavior Information Warfare
Support effort to promote prudent information security measures ISC2 Code of Ethics Data-Diddling Modification of data
provide competent service to their employees and clients
Terrorism
Execute responsibilities with highest standards
The ethical requirements of those working in DDoS of Yahoo, Amazon, ZDNEet Feb 2000
Not misuse information in which they come into contact with during their duties
computer security
Internet Activity should be treated as a privilege May 2000
Love Letter Worm
Seeks to gain unauthorized access to resources
Microsoft - Source Code Oct 2000
Disrupts intended use of the Internet Internet Activities Board Well known examples
Wastes resources (IAB) Code of Ethics
Unacceptable actions Mitnick 1985-1995
Compromises privacy of others
Involves negligence in conduct of Blaster Worm 2003
Internet Experiments
Legislative Makes the Statutory laws

Information is intangible
Administrative makes the Administrative Laws
An investigation will interfere with Three Branches of Government
normal business operations
Judicial Common laws found in court decisions
May find difficulty gathering evidence Problems
Experts are required
Made by legislative branch
laws
Geographic Held in the United Stated Code (U.S.C)
Jurisdictions
Title comes first!!!
Gathering, control, and preservation many computer crimes under this
Statutory law Title 18 of the 1992 edition of the U.S.C Crimes and Criminal Procedures 18 U.S.C $ 1030 (1986)
Computer evidence can be easily modified
Must be followed in order to protect evidence
US Computer Fraud and Abuse Act 1986 Addresses Fraud using government computers
Location
Time obtained Code of the Federal Register (C.F.R)
Administrative Law
Identification of individual who discovered Chain of evidence
Components
Identification of individual who secured the evidence Violates government laws for the
protection of the people Financial Penalties and Prison
Identification of individual who controlled/ Criminal Law
maintained possession of evidence
Wrong inflected upon a person or organization No prison
Discovery and recognition Civil Law
Protection
Recording Standards of performance and conduct Financial penalties and prison
Law as it applies to Information Admin/Regulatory Law
Collect all relevant storage media Systems Security Company Law
Make image of HDD
Collection Intent varies country to country
Print out screen
EU has more protective laws for
Avoid Degaussing equipment individual privacy DPA
Life Cycle
Tagging and marking Identification Keystroke monitoring
e-mail monitoring
Store in a proper environment Preservation Personnel Security
Badges
Transportation
CISSP
Magnetic card keys
Presentation in court Law Investigation
and Ethics Must inform users
Return to evidence owner
Electronic Monitoring Use banners
Evidence must meet stringent Apply uniformly
requirements
Must be done in a lawful manner Explain acceptable use
Related to the crime Relevant Explain who can read e-mail and how
Common Law US long it is backed up for
Obtained in a lawful manner Legally Permissible No guarantee of privacy

Not been tampered or modified Reliable Admissibility US Law Access Controls may not provide granularity
Access to Internet causes potential problems
Identified without changing or
Criminal and Civil penalties can be imposed
damaging evidence Properly Identified
Effective 21 August 1996
Health Care Issues
Not subject to damage The investigation of Computer Crime Information Privacy Laws The rights of the individual for people
Preservation Common Law
HIPAA who have information over them
Original Addresses Procedures for the execution of such rights
Best Evidence
Evidence The uses and disclosures that should be authorized
Copy Secondary Evidence Occurs after individual has gained
unlawful access to a system, then
Proves or disproves an act based upon the five lured into an attractive area "honey
senses pot" in order to provide time to
Direct Evidence Ethical
Witness identify the individual
Enticement vs Entrapment Enticement
Inconvertable
Conclusive Evidence Encourages the commitment of a
Overrides all evidence crime that the individual had no
Types of Evidence intention of committing Non-Ethical
Expert Entrapment
Opinions
Non Expert
Generally Accepted Systems Security Accepted Principles
Inference on other information Circumstantial Principles (GASSP)
Not Law
Not based on first hand knowledge US
Computer Security Act 1987
Made during the regular conduct of Privacy and Crime Laws
the business or witness Hearsay United Kingdom Misuse Act 1990
Made at or near the time of occurrence Exceptions Electronic Communications Privacy Act
1986 Protect against eavesdropping
of act being investigated

Telephone Records 17 Years

Exclude Others
Patent
Video Camera
Audit Trails Protects words sounds that present an good or service
Trademark
System Logs
Good sources of evidence
System backups Intellectual Property Protects original works of authorship.
Copyright Can be used for software
Witnesses
Surveillance
Propriety technical or business information
Emails Trade Secret
Recipes
Establish liaison with Law Enforcement
Decide when and if to bring in Law Enforcement
Setting up means of reporting
computer crimes
procedures Investigations committee
Start Internal Conducting Investigations
Planning and conducting investigations
Senior Management
HR
Proper Collection of Evidence

CISSP Law and Ethics.mmap - 11/06/2008 - Andrew Mason

Incident Handling Matters