Applications with Warrants In MindThe LawSearch and SeizureThe ProcessImportant things to Think aboutThe File SystemTime constraintsAnalyzing the EvidencePowerPoint PresentationForensics SoftwareSlide 11Slide 12Slide 13AcknowledgementsApplications with Warrants In MindApplications with Warrants In MindThe LawThe LawWhy are there laws specifically for computer crimes?A persons reasonable right to privacyThe nature of computers and electronicsProbable causeWhy are there laws specifically for computer crimes?A persons reasonable right to privacyThe nature of computers and electronicsProbable causeSearch and SeizureSearch and SeizureBasically identical to previous laws with exceptions to the actual allowable procedure for searching and/or seizing.In both cases a warrant must be obtained before searching and seizing, but the conditions for each are different.The exemption to a warrant is probable cause, but this is difficult for electronicsBasically identical to previous laws with exceptions to the actual allowable procedure for searching and/or seizing.In both cases a warrant must be obtained before searching and seizing, but the conditions for each are different.The exemption to a warrant is probable cause, but this is difficult for electronicsThe ProcessThe ProcessCrime is suspectedSuspects are watchedTheir system is qualitatively analyzedWhen enough substantial evidence is acquired a warrant is requested and granted by a magistrate judge.They go to physically analyze the systemCrime is suspectedSuspects are watchedTheir system is qualitatively analyzedWhen enough substantial evidence is acquired a warrant is requested and granted by a magistrate judge.They go to physically analyze the systemQuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.Important things to Think aboutImportant things to Think aboutThe criminal computers are in most cases standard PC’s or laptops, but also are many times servers.It is important to know what OS the machine is running.Is the machine booby trapped?Where should I look for data?The criminal computers are in most cases standard PC’s or laptops, but also are many times servers.It is important to know what OS the machine is running.Is the machine booby trapped?Where should I look for data?QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.The File SystemThe File SystemAre the desired files hidden within other data typesCould the files be in hidden (invisible) directoriesWhat programs could be running?Is there a program set to wipe the whole drive upon boot up if a special password or key is not entered.Are the desired files hidden within other data typesCould the files be in hidden (invisible) directoriesWhat programs could be running?Is there a program set to wipe the whole drive upon boot up if a special password or key is not entered.Time constraintsTime constraintsHow long will it take to get the warrant?With proper evidence it should not take long.How long will the warrant last?Usually the warrant will last about a month.How long is too long to hold on to a suspects computer?Depends on the nature and size of system.How long will it take to get the warrant?With proper evidence it should not take long.How long will the warrant last?Usually the warrant will last about a month.How long is too long to hold on to a suspects computer?Depends on the nature and size of system.Analyzing the Evidence Analyzing the Evidence Much of the work in analyzing a system is hardware relatedIn most cases the first thing to do is make a copy of the hard driveOnce a hard copy is made they data can be sorted with out worry of contaminationThey use hard drive duplicatorsMuch of the work in analyzing a system is hardware relatedIn most cases the first thing to do is make a copy of the hard driveOnce a hard copy is made they data can be sorted with out worry of contaminationThey use hard drive duplicatorsQuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.Forensics SoftwareForensics SoftwareSubRosaSoft in addition to making data recovery software for consumers and IT professionals also makes forensics software MacForensicsLab keeps track of every action and window/button click; records date time of action.SubRosaSoft in addition to making data recovery software for consumers and IT professionals also makes forensics software MacForensicsLab keeps track of every action and window/button click; records date time of action.QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.http://www.engadget.com/2007/04/30/subrosasofts-maclockpick-extracts-personal-info-from-os-x/QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.http://www.macforensicslab.com/samplereport/Logs_2_1.htmlAcknowledgementsAcknowledgementsPictures in slides taken from image.google.com unless a link is provided on the particular slide indicating otherwiseLaw information provided from US department of Justicehttp://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htmPictures in slides taken from image.google.com unless a link is provided on the particular slide indicating otherwiseLaw information provided from US department of
or
We will never post anything without your permission.
Don't have an account? Sign up