Networking 978-0123742681 Chapter 2 Quiz

Unlock access to all the studying documents.

View Full Document

Chapter 2

Language of Computer Crime Investigation

Resources

The following organizations with related resources are mentioned in this chapter.

RESOURCE SOURCE DESCRIPTION

DFRWS http://www.dfrws.org Digital Forensics Research Workshop.

ENFSI http://www.enfsi.org European Forensic IT Working Group.

FLETC http://www.fletc.gov Provides computer forensic training to law enforcement

personnel.

Objectives

On completion of this chapter, the student will

– Be aware of new terms that have arisen as technology has been used for committing

crimes.

– Be aware of the difficulty in defining computer crime.

Chapter Guide

Since the late 1980s there have been significant advances in investigating crime involving

computers. In addition to advances in tool development, there have been refinements in the law,

computer crime categories, and digital investigative methods and theory. However, because it is

Although every effort is made to prevent bugs in software used in digital investigations, they do

exist and can result in evidence being lost or interpreted incorrectly. Therefore, in addition to

knowing which tools are best for a given task, digital investigators must be capable of validating

the results to ensure that their results are correct. Validation involves checking and documenting

the results of one tool with another either by comparing the results from both tools to ensure they

are in agreement, or by using one tool to verify low-level data has been interpreted correctly by

another tool. For instance, two tools should recover the same deleted files from a given file

system, and all tools should calculate date-time stamps correctly.

In addition to validating their own work and tools, forensic examiners can benefit from the

results of the US National Institute of Standards and Testing (NIST) Computer Forensic Tool

Testing (CFTT) program. This program is currently testing hardware write blockers as well as

the ability of forensic tools to acquire digital evidence from storage media and recover deleted

files. This testing does not include the recovery of overwritten data using more sophisticated

Can Intelligence Agencies Read Overwritten Data? A Response to Gutmann,

The role a computer plays in a crime will dictate how it and its contents are processed.

Therefore, it is important for digital investigators to understand the different roles, which are

d Seizing Computers and Obtaining Electronic

Contraband Fruits of Crime Instrumentality Evidence

Hardware Cloned mobile

telephones, or

hardware for

Stolen computers, or

equipment

purchased with

Printer used to

produce counterfeit

banknotes, or

Mobile phone may

be evidence of

parole violation even

Notably, a source of evidence can fall into multiple categories. For instance, a flatbed scanner

used to digitize child pornography can be considered in both the hardware as instrumentality and

hardware as evidence categories.

Other categorizations of the impact of technology on crime can also be useful but have their

limitations (see DECC2e, pages 31-33). Another useful categorization presented by Nigel Jones

in Digital Investigation (Volume 1, Issue 3, www.digitalinvestigation.net) is provided below:

Discussion of these categories can help students expand their understanding of computer-related

crime.

Multiple Choice Questions

1. Computers can play the following roles in a crime:

2. The first US law to address computer crime was:

3. The following specializations exist in digital investigations:

4. The first tool for making forensic copies of computer storage media was:

5. One of the most common approaches to validating forensic software is to:

6. An instrumentality of a crime is:

7. Contraband can include:

8. A cloned mobile telephone is an example of:

9. Digital photographs or videos of child exploitation is an example of:

10. Stolen bank account information is an example of:

11. A network sniffer program is an example of:

12. Computer equipment purchased with stolen credit card information is an example of:

13. A printer used for counterfeiting is an example of:

14. Phone company records are an example of:

15. In the course of conducting forensic analysis, which of the following actions are carried

out?

1. A single crime can fall into more than one of the following categories: hardware or

information as evidence, instrumentality, and contraband or fruits of crime.

2. The American Society of Crime Laboratory Directors (ASCLD) is the only group to

establish guidelines for how digital evidence is handled in crime labs.

3. The NIST Computer Forensic Tool Testing Project has identified all bugs in all forensic

hardware and software.

4. A network can be an instrumentality of a crime.

6. Contraband is property that the private citizen is not permitted to possess.

7. The main reason for seizing contraband or fruits of crime is to prevent and deter future

crimes.

8. A computer can be considered instrumentality because it contained a file that detailed the

growing characteristics of marijuana plants.

9. The US Computer Assistance Law Enforcement Act (CALEA) that took effect in 2000

compels telephone companies to keep detailed

10. When a computer contains only a few pieces of digital evidence, investigators are

authorized to collect the entire computer.

11. When a computer is used to forge documents or break into other computers, it is the

subject of the crime.

12. A flatbed scanner used to digitize child pornography can be considered in both the

hardware as instrumentality and hardware as evidence categories.

13.

interchangeably.

14. The distinction between a computer as the object and subject of a crime is useful from an

investigative standpoint because it relates to the intent of the offender.

15. Network sniffer software is illegal to possess, and therefore is considered contraband.

Essay Questions

1. Discuss the benefits and shortcomings of creating specializations of crime scene experts,

evidence examiners, and investigators. What are the advantages and disadvantages for requiring

individuals in each specialization to pass a standard competency test?

2. What term do you think best describes this field (e.g., computer forensics, forensic

computing, digital forensics) and why?

3. What roles can computers play in a crime? Give an example of each role.