Cyber Crime Scene Investigation

Conducting Computer forensic Investigation

Assessing Evidence (crime scene technician):

• case assessment
• processing location assessment
• evidence assessment
• acquiring digital evidence from its source
• examining evidence

Closing the case

Investigating Computer Crime

Roles in an Investigation:

• First Responder
• identifies crime scene;
• protects the crime scene
• preserving temporary and fragile evidence
• Investigator
• establishing the chain of command
• conducting the crime scene search
• maintaining integrity of the evidence
• Crime Scene Technician
• computer forensics specialist
• preserving volatile evidence
• preparation of devices for transportation

Investigating the Computer

Investigation of a machine:

• common steps to protect the integrity and prevent loss of evidence
• problem of search warrants

• Demystifying Computer/Cybercrime
• Investigating Computer Crime
• Conducting a Computer Forensic Investigation - the importance of qualified technician on crime scene

prepare a final report and submit the report to investigator, who will make a decision if this is enough to pursue a conviction

Cyberinvestigator

Demystifying Computer/Cybercrime

• notification of the crime to the appropriate authorities
• computer may play two roles:

- target of the crime,

- tool used to commit a crime

An investigator who specializes in cybercrime needs a few characteristics additional to generic qualities of a good investigator:

• basic understanding of computer science;

• understanding of computer networking protocols;

• knowledge of computer jargon;

• an understanding of hacker culture;

• knowledge of computer and networking security issues.

Categories of cyberinvestigators by Skill Set:

• specialize in computer/network crime;
• computer specialist who conduct investigation;
• equally skilled in investigation and IT;
• without real skills in either investigation or IT

Diferentiation of cyber crimes - use/depend on the NET

Categories of Cybercrimes

• crimes that USE the Net - old kinds of crimes (e. g. illegal gambling) committed through Net. Computer is not a necessary element of the crime
• crimes that DEPEND ON the Net - the crime is unique and came into existence with the advent of the Internet (e. g. unauthorized access)

Facebook Server Room

Violent or potentially violent:

• Cyberterrorism;
• Assault by threat;
• Cyberstalking;
• Child pornography;

Nonviolent:

• Cybertrespass;
• Cybertheft;
• Cyberfraud;
• Destructive Cyber crimes;
• Other

Prioritizing Cyber Crime enforcement

• extent of harm;
• frequency of occurrence;
• availability of personnel;
• training of personnel;
• jurisdiction;
• difficulty of investigation;
• political factors

Cyber Crime - Definition

Cyber Crime is typically described as any criminal act dealing with computers or computer networks.

Computers and networks can be involved in crimes in several different ways:

• as a tool of the crime
• as the target of the crime ("victim")
• used for incidental purposes related to the crime (e.g. to keep records of drug sales)

IP Viking live

http://map.ipviking.com/

A map prepared by norse-corp to show real-time visibility into global cyber attacks

Cyber Crime Scene Investigation

by Agnieszka Musiał