Cybercrime Investigations
A term used online and elsewhere for stolen identity information
FULLZ
What are the different types of cyber-dependent crimes?
- Hacking - Viruses - DDoS Attacks
What are the 2 categories of cybercrime?
1) Cyber-dependent 2) Cyber-enabled
What are the 3 benefits to using an anonymizer?
1) Help minimize risk 2) Prevent identity theft 3) Protect search history from public disclosure
An IP Address serves 2 principal functions:
1) Host/Network identification 2) Location addressing
What are the 5 Online Investigative Priciples?
1) Obtaining Information from Unrestricted Sources 2) Obtaining Identifying Information about Users or Networks 3) Real-Time Communications 4) Accessing Restricted Sources 5) Online Communications - Generally
What are the 2 types of IP addresses?
1) Static 2) Dynamic
What are the 2 types of Metadata?
1) Structural 2) Descriptive
What are the 4 parts of digital communication?
1) Timing 2) Size 3) Connection 4) Content
Agents who are specifically trained in seizing and analyzing digital evidence
Computer Investigative Specialists (CIS)
The process of encoding messages or information in such a way that only authorized parties can read it
Encryption
Law enforcement officers may obtain information from publicly accessible online sources and facilities under the same conditions as they may obtain information from other sources generally available to the public
Online Investigative Principle #1 - Obtaining Information from Unrestricted Sources
Agents may use tools n their intended lawful manner under the same circumstances in which agency rules permit took them to look up similar identifying information through non-electronic means
Online Investigative Principle #2 - Obtaining Identifying Information about Users or Networks
An agent may passively observe and log real-time electronic communication open to the public under the same circumstances in which the agent could attend a public meeting
Online Investigative Principle #3 - Real-Time Communications
Law enforcement agents may not access restricted online sources or facilities absent legal authority permitting entry into private space
Online Investigative Principle #4 - Accessing Restricted Sources
Law enforcement agents may use online services to communicate in the same way as they use other types of communication devices, such as the telephone and the mail
Online Investigative Principle #5 - Online Communications - Generally
The attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication
Phishing
An anonymization protocol developed by the Defense Advanced Research Projects Agency (DARPA) used to decrypt Internet traffic through three different relays
TOR (The Onion Router)
A market in which goods and services are traded illegally
Underground/Black Markets
What are the roles of CIS agents?
- Preserve digital evidence - Assist in drafting the search warrant - Assist in executing the search warrant - Retrieve evidence from digital sources and provide to Special Agent in a usable format - Restore subject computers in a virtual world
What are the different types of cyber-enabled crimes?
- Theft - Fraud
Use proxy server computers that act as an intermediary and privacy shield between a client computer and the rest of the Interney
Anonymizers
A category of technology that obscures a user's content, location, or identity and makes the user's Internet activity untraceable
Anonymizers/Proxies
Crimes that can only be committed using a computer, computer network, or other form of communications technology
Cyber-Dependent
Crimes are traditional in nature and may only be increased in their scale by the use of computers, computer networks, or other forms of communications technology
Cyber-enabled
The World Wide Web content that exists in an overlay of networks that use the public internet, but require specific software, configurations, and authorization access
Dark Web
The intentional or unintentional release of secure information to an untrusted environment
Data Breach
The unauthorized copying, transferring, or retrieval of data from a computer or server
Data Exfiltration
The content of the World Wide Web that is not indexed by standard search engines
Deep Web
Uses individual instances of application data or the data content stating an object's information such as title, author, subject, publisher, etc.
Descriptive Metadata
A hierarchal, distributed naming system for computers, services, or any resource connected to the Internet or a private network
Domain Name System (DNS)
Temporarily assigned from the pool of available addresses registered to the ISP
Dynamic Addresses
A numerical label assigned to each device participating in a computer network that uses the IP for communication
Internet Protocol (IP) Address
An organization that provides service for accessing, using, or participating in the internet
Internet Service Provider (ISP)
_____ are also known as physical addresses.
MAC Addresses
A unique identifier assigned to network interfaces for communications on the physical network segment
Media Access Control (MAC) Address
A description of data
Metadata
________ is concealed at every point in the Tor circuit.
Routing Information
A non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures
Social Engineering
Permanently assigned to a device so that it always has the same IP Address
Static Addresses
Data about the structures or containers of data which describe type, versions, relationships, and other characteristics of structured digital information
Structural Metadata
The portion of the World Wide Web that is readily available to the general public and searchable with standard Web search engines
Surface Web
A full-service operating system that is stored on a flash drive that can be used to access the dark net
TAILS
