Cyber Crimes Final Exam Study Guide!
T/F Courts were becoming Less familiar w/ digital evidence during the Enterprise Phase?
False they were MORE familiar w/ digital evidence
Name the Legislation "Against the unauthorized modification or deletion of data on a computer system, and against damage to computer hardware including networks. The maximum penalty for a single offense classified as a Felony of the Third Degree was: "Up to 5 years of imprisonment and a fine of up to $5,000 or any higher amount equal to double the pecuniary gain derived from the offense by the offender or double the pecuniary loss suffered by the victim."?!??!
Florida Computer Crimes Act of 1978?!?!?
________ _________ is when Data is unaltered and the acquisition process was documented?!?!
Forensic Soundness
What Standard is "Scientific evidence is only admissible if it is generally accepted as reliable by the scientific community"?!?!
Frye Standard
_________ ______ are Capable of providing communication, photography, navigation, entertainment, and data storage.
Handheld Devices
Explain what imaging, hashing/hash values are?!?!
Hashes-- they are used to identify and remove junk data with the NSRL/NIST used to de-duplicate files in computer forensics &electronic discovery Imaging--
During the Enterprise Phase more forensic tools were being developed to assist law enforcement: (_____ vs. _____-______ )
Propietary software vs. Open-Source
Whats a Collision?!?
an event of two or more records being assigned the same identifier or location in memory.
What case did the Supreme Court rule that law enforcement may obtain permission from 3rd PARTY so long as they share a common authority over the property being searched?!?!?!
(Illinois v. Rodriguez, 1990)
In Digital Forensics Collection/ Acquisition involves what 3 things?
1. Search & Seizure 2. DOCUMENT 3.Preservation (write Blocker,imaging,hash values)
What are the 4 common Stages of Digital Forensic Investigation?
1) Survey/ Identification 2) Collection/ Acquisition 3) Examination/ Analysis 4) Report/ Presentation
What are the 3 Steps in the Digital Forensic Process?!?!
1. Acquisition 2. Analysis 3. Reporting
W/ the Four common stages of a digital forensic investigation (and what's the most important part?)
1. Acquisition 2. Identification 3. Evaluation 4. Admission
What are 2 types of digital Forensics in the 1980's?!?!
1. Dead-box Forensics 2. Computer Forensics
Traditionally war are the 3 most common forms of digital evidence in computer systems?
1. Hardware 2. Software 3. Peripheral Devices
What 3 purposes digital evidence be used to link people,places, & objectives involved in a crime?
1. Identify or Eliminate Suspects 2. Refute Testimony 3. Corpus Delicti
List the 3 Supreme Court Cases & clauses that become extremely important when a suspect is compelled to provide the encryption key or password to an electronic device that may contain incriminating files?!?!?!!?
1. In re Boucher (2007) 2. United States v. Fricosu (2012) 3. In re Doe (2012)
There are inconsistencies between state and federal legislation in the United States, as well as a variety of international judicial systems w/ regards to what 2 SPECIFIC Legislation?!? - Key disclosure law - Different admissibility standards
1. Key disclosure law 2. Different admissibility standards
List 4 of the many problems during the "Ad Hoc" Stage (early 1980's)?
1. Lack of formal structure 2. Lack of Protocols 3. Lack of Training Tools 4. Chain of custody issues
What are Three methods of physical extraction (according to NIST)?!?!?
1. Logical extraction gets information from the device using the original equipment manufacturer application programming interface for synchronizing the phone's contents w/ a PC 2. Brute force Extraction is performed by 3rd party passcode brute force tools that send a series of passcodes / passwords to the mobile device 3. File system extraction is used for understanding the file structure, web browsing history, or app usage, and providing the examiner with the ability to perform an analysis with traditional computer forensic tools
Digital Forensics refers to the analysis of digital evidence give the 4 typed of forensics?!?!
1. Network forensics (Internet traffic) 2. Computer forensics (computer hardware) 3. mobile-device forensics (cell phone) 4. Malware forensics (viruses)
Give 4 Exceptions to Search Incident To Arrest?!?
1. Plain view doctrine 2. Motor vehicle searches 3. Border searches 4. Open fields
In the ADMISSIBILITY OF EVIDENCE Give the 5 Evidentiary Issues when assessing the Admissibility of Electronic Evidence?!?!
1. Relevance 2. Authenticity 3. Not hearsay or is admissible hearsay 4. Original writing rule 5. Not duly prejudicial
In SCIENTIFIC EVIDENCE List the 3 Tradition standards for assessing the admissibility of scientific evidence from expert testimony?!!?
1.Frye 2. Federal Rules of Evidence 702 3. Daubert
What are the 3 Basic Requirements for a Warrant?!?
1.Must signed by a Neutral/Impartial judge or magistrate w/ NO vested interest 2. Must have PROBABLE CAUSE 3. Explicitly explain what crime was committed, & the location to be searched & the specific items to be seized
Name this Amendement "No person shall be held w/ out right to a Grand Jury, Double Jeopardy, Right to not Testify against self, Due process of law; nor shall private property be taken for public use, w/out compensation"?!?!?
5th Amendement
The Pre-Forensics stage in the early 1980's was called the __ ___ stage.
Ad Hoc Stage
_________ vs. _________ Dow Pharmaceuticals 1993 suggested 4 criteria for determining whether the relevant scientific evidence, theory, or study is reliable, therefore admissible, in court, List the 4 Criteria outlined?!?!
Daubert v. Merrell 1. Testing 2. Publication 3. Error Rate 4. Acceptance
_______ ________ is the investigation and analysis of media originating from digital sources in an effort to uncover evidence to present in a court of law.?!??!
Computer Forensics
What was established in 1986 involving the evolution of computer forensics legislation?
Computer Fraud & Abuse Act in 1986
Define what "Confirmation Bias" is and explain how it can cause you to make less than optimal choices?!?!?
Confirmation bias os when people filter out potentially useful facts that don't Agree w/ their own opinion. It affects perceptions & the decision making process can cause us to make less-than-optimal choices.
A __________ __________ is made when an individual gives permission, voluntarily and without deceit, to law enforcement to conduct a search.
Consent Search
Computer Forensics is also known as _______ _______?
Digital Forensics
These 4 events could be seen as the end to what Phase? --- 1. Backlogs of cases involving digital evidence 2. Lack training its expensive 3. No standards in certification/expertise 4. Need tools that can handle the ever-changing world of Technology
End of Enterprise Phase
What phase was when the 1st International Association for Forensic Science conference (1999) met? Coming out w/ the International Journal of Digital Evidence (2002) claiming computer forensics was Inaccurate?!??!
End of Structured Phase
_______ Phase was during the early 2000's known as the "Golden Age".
Enterprise Phase
What was Established in United States vs. Robinson in 1973?!?!?
Established constitutionality of search incident to arrest
__________ / ___________ involves: — Data recovery & extraction — Slack space — Tools of the trade — Repeatability & Reproducibility
Examination / Analysis
In storage devices ______ vs. ______ are 2 types of hard drives?!?!?!
External vs. Internal
In 1990 the Supreme Court declared an Exception redrawing warrants. Saying a warrantless search may be constitutional even if it does violate a person's reasonable expectation of privacy as long as it falls w/ in an established exception to the rule was declared in what Legal Case?!?!?
Illinois v. Rodriguez (1990)
How does SWGDE define digital evidence?
Information of probative value stored or transmitted in digital form
What 2 Supreme Court cases deal w/ the Right to Privacy & the "Reasonableness Standard"?!?!?
Katz vs. United States 1967 & U.S. vs. Pouloson 1994
A _____ _________ law is legislation that mandates a person to provide encryption keys or passwords to law enforcement for digital forensic investigations?!?!
Key Disclosure
The size & look of computer has dramatically changed but what system is the "Grandaddy of them all"?!?!
Legacy Systems
What Principal is this— "When there is contact between two items, there is an exchange of material"?!?!?
Locards Pricpal of Exchange
In 1966 this case was ruled on by the Supreme court saying "You have the right to remain silent. Anything you say can and will be used against you in the court of law. You have the right to talk to a lawyer and have him or her present with you while you are being questioned. If you cannot afford to hire a lawyer, one will be appointed to represent you before any questioning, if you wish"?!??!
Miranda vs. Arizona 1966
Who was Responsible for Launching this Initiative and what Project was to "provide unbiased, open, and objective means for manufacturers, law enforcement, and the legal community to assess the validity of tools used in computer forensics"?!?!?!?
National Institute of Standards and Technology (NIST) Launched the Computer Forensic Tool Testing project (CFTT)
The 1970's was known for ____,____, & ________? List 2 important events in 1978 & 1979?
Peace, Love, & Cyber-crimes -Florida, Fagler (1978) -Interpol (1979)
What is Slack Space?!?!
Portions of a hard drive that are not fully used by the current allocated file and which may contain data from a previously deleted file
What is "Evidence Integrity" defined as?!?
Reliability & Truthfulness of the evidence
Floopy Disks, CD's, USB's, thumb drives, memory cards are all examples of _______ ______ _______?!?!?
Removal Media Devices
Define Repeatability vs. Reproducibility
Repeatability-- same measurement procedure, same observer, same instrument, same period of time, same location Reproducibity-- Different Principle of Measurement, Observer, Method of Measurement
"Old Crimes w/ New Tricks" Is associated w/ what?
Salami Slicing
Who made this definition? Defining What?
Scientific Working Group on Digital Eviedence (SWGDE) Defining Digital Evidence
What Clause is where the defendant may "Plead the Fifth" so he/she does not have to answer any questions or provide testimony that might be self- incriminating"?!?!
Self-Incrimination Clause
Explain the difference w/ Hardware vs. software write-blockers?!?!
Software & hardware write blockers do the same job They prevent writes to storage devices. The main difference between the 2 types is: -Software write blockers are installed on a forensic computer workstation -- Hardware write blockers have write blocking software installed on a controller chip inside a portable physical device
Name the Supreme Court case concluded w/ a explanation of "Exigent Circumstances"?!?!?!?
State vs. Smith 2009
Expain the difference w/ Steganography vs. Encryption?!?!
Steganography deals with composing hidden messages so that only the sender and the receiver know that the message even exists. Encryption is the process of encoding messages or Info in such a way that only authorized people can read using an encryption algorithm, generating ciphertext that can only be read if decrypted
What phase was Characterized by the harmonization between computer forensic procedure/policy and computer crime legislation?!?!? (2 stage)
Structured Phase (Mid 1980s)
These 3 main events characterized what phase & When? 1. Several federal statutes criminalized various forms of hacking & wire fraud 2. Companies drafted appropriate use policies. 3. Courts encouraged the dev. of computer forensic tools that could withstand the courtroom
Structured Phase during the Mid 1980s
The _______ recommended "harmonization" of criminal laws penalizing computer fraud in 1980s.
The Organistion of Economic Co-operation and Development (OECD)
Define "Corpus delicti"?!?!?
The facts and circumstances constituting a breach of a law.
Explain what the 4th Amendment entails?
The right of people to be secure in their persons, houses, papers, and effects, against UNREASONABLE SEARCHES & SEIZURES if no Warrants have been issued upon probable cause particularly describing the place to be searched or things to be seized
In Evidence Integrity Transparency & _______ _ are crucial essential evidential aspects.
Validity
What is "Locard's Principle of Exchange"?!?!?
When a person comes into contact with an object or other person, a potential transfer of physical evidence can occur
Define what Wiping is?!?!
Wiping can perform various types and intensities of drive wiping operations overriding a system
What is a Write Blocker??
Write blocker is any tool that permits read-only access to data storage devices w/ out compromising the integrity of the data. A write blocker can guarantee the protection of the data chain of custody
Can digital Evidence may be used in both Criminal & Civil Cases? List 3 Examples
Yes 1. State of Florida vs. Casie Marie Anthony 2. Rotenburg Cannibal Case 3. Berryman-Dages city of Gainsville
What was important in United States v. Finley (2007)?!?!
important because the Search occurred post-arrest and the cell phone was retrieved from his pants pocket