Scribd
Upload
16 views

Chapter 1 Introduction to Computer Crime & Digital forensic

The document provides an overview of computer crime, its characteristics, categories, and the relationship between computer crime, law, and cybersecurity. It outlines the procedures for digital forensic investigations, emphasizing the importance of digital evidence and its admissibility in court. Key topics include the methods of investigation, the role of cybersecurity in preventing cybercrime, and the necessary skills for conducting digital forensic analysis.

Uploaded by

Liyat Tesfaye
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
16 views

Chapter 1 Introduction to Computer Crime & Digital forensic

The document provides an overview of computer crime, its characteristics, categories, and the relationship between computer crime, law, and cybersecurity. It outlines the procedures for digital forensic investigations, emphasizing the importance of digital evidence and its admissibility in court. Key topics include the methods of investigation, the role of cybersecurity in preventing cybercrime, and the necessary skills for conducting digital forensic analysis.

Uploaded by

Liyat Tesfaye
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

COMPUTER CRIME & DIGITAL

FORENSIC
CHAPTER ONE : INTRODUCTION

INSTRUCTOR : SAMUEL TAMIRAT


PhD candidate
MAIN POINT

• Computer crime
• Computer crime characteristic and category
• Computer Crime and Law
• Computer crime & Cyber security
• Computer crime & digital forensic investigation
• Digital Evidence
• Digital forensic investigation procedure
COMPUTER CRIME

• Computer Crime = > Computer + Crime: Crime committed using


computer
• A crime involving computers (digital device) where computer used as a
tool or victim
• Computer crime proclamation (2006),
• High tech crime, IT crime, E-crime

• Computer Crime characteristics


• Trans nationalization
• Very sophisticated
• Highly Scalable (e.g. DOS vs DDOS attack)
• Difficult to know who is behind the crime
• Cheap and easy to commit
COMPUTER CRIME CHARACTERISTICS

• Financially Motivated
• Steal Data/Information stored or transfer over the network
• Many cyber crimes have an international component
• Suspect –victim- server are in the same country
• Suspect- victim in one country and server in another country
• Suspect –victim- server in different country
• Different type of Individual/ organization commit crime
COMPUTER CRIME CATEGORIES

• Novel/ Migrant Cyber Crime


• Novel: unique to the digital world (e.g. DOS)
• Migrant: exit before the internet and boost after the existence of internet (migrate from analog to digital) (e.g.
Malware distribution)
• Crimes against CI / Crime against personal/ financial gain/ Content based Cyber Crime
• Crimes against CI: unauthorized access/ unauthorized modification (illegal hacking=illegal access (without no
right, Exceeding access level), cracking=illegal access + damage/still)
• Crime against personal/ financial gain (e.g. computer fraud, spam)
• Content based Cyber Crime
• Child pornography
• Cyber terrorism
COMPUTER CRIME CATEGORIES (CONT.…)

• Targeted/ Tools/ Incidental


• Targeted: focus on the target/Computer (e.g. DOS)
• Tools: make use of computer (e.g. child pornography)
• Incidental: e.g. (using eBaY to buy weapon)
COMPUTER CRIME AND LAW

• Ethiopian Criminal Law


• Article (706, and 711)
• Hacking
• Penalized
• ACT
• Intentional
• Negligent
• Accidental
• Clearance
• Without authorization
• Exceeding authorization
CYBER CRIME AND LAW (CONT.…,)
• Cyber Crime /2016
• Criminalizing hacking and cracking
• Intentionally
• Without authorization
• In excess of authorization
• Crime against private
• Investigative and prosecutorial power
• It is federal police to investigate the cybercrime /2016
• INSA limited to technical support/ expert witnesses /2016
• INSA /Sudden Search /
• NISS involve in investigation when it is involved in cyber terrorism
COMPUTER CRIME AND CYBER SECURITY

• Cyber Security : Attempt to protect networks, computer programs and data from
attack, damage or unauthorized access.
• Confidentiality
• Authorized Person access confidential information
• Integrity
• Maintain Consistency, Accuracy and trustworthiness of data
• Availability
• Those who should have access data can access data when they want
COMPUTER CRIME AND CYBER SECURITY(CONT.…)

• Cyber crime attack each area of the CIA model


• Confidentiality
• Stealing password
• Integrity
• Using a virus to modify data
• Availability
• DDOS attack

• Cyber crime happens when cyber security fails


COMPUTER CRIME AND CYBER SECURITY (CONT.…)

• Cyber security focus on protection of data / information


• Confidentiality
• Identity management and access control
• Data encryption (Data at rest as well as in motion)
• Integrity
• Data encryption (Data at rest as well as in motion)
• Availability
• Consider Redundancy (failover, load balancing, RAID, Cluster)
• Disaster Recovery
• Software Solution (firewall)
COMPUTER CRIME INVESTIGATION

• Computer crime investigation is very much like traditional investigation


• Investigation methods
• Interview / Interrogation
• Surveillance /intelligence gathering
• Forensics (Reconstruction)
• Attempt to reconstruct event (who, What, When,Where, why)
• Undercover investigation
• Investigator pretend to be a hacker selling malicious code
DIGITAL FORENSICS INVESTIGATION

• Digital Investigation
• Process to answer questions about digital states and events

• Digital forensic Investigation


• Special case of digital investigation
• Use procedure and technique
• The collection, preservation, analysis and presentation of computer related evidence for court of
law.

• Digital Evidence
• Data that proves or disproves a hypothesis that was formulated during an investigation
REQUIRED CHARACTERISTICS FOR DIGITAL
FORENSICS
• Observation
• Critical Thinking
• Relational Analysis
• Timeline Analysis
• Functional Analysis
DIGITAL EVIDENCE

• Digital evidence is data that supports or refutes a hypothesis formulated during an


investigation
• Evidence
• Direct: Direct describes an even or information (log file)
• Indirect: Data related to an even or information in a secondary way.

• Evidence need context


DIGITAL EVIDENCE (CONT.…)

• Cause of Digital evidence distortion


• System Administrator
• Attackers/ hacker action
• Victim action
• Secondary transfer (mobile to PC )
• Nature / weather
DIGITAL EVIDENCE (CONT.…)

• Digital Forensic Admissibility


• Relevance to the charge under investigation
• Reliable
• Derived in forensically sound (preserve the original meaning of the data) manner
• Derived evidence should be
• Reliable
• Complete
• Accurate
• Abel to test and verified
DIGITAL FORENSIC INVESTIGATION PROCEDURES

• Investigation procedures tip


• Every case is different
• Procedures depends on jurisdictions
• Driven by Requirement of judges
DIGITAL FORENSIC INVESTIGATION PROCEDURES (CONT.…)

1. Basic Procedure
1. Acquiring data without altering or damaging the original
2. Verify recovered data is the same as original
3. Analyze the data without modifying it.
4. Clearly report findings
DIGITAL FORENSIC INVESTIGATION PROCEDURES (CONT.…)

1. Identification
• Identify that a crime (or event) has taken place
• Crime detection
• Complaint
• Anomaly detection (IDS)
• Audit Analysis
2. Preservation
• Is the device on
• Chain of custody
DIGITAL FORENSIC INVESTIGATION PROCEDURES (CONT.…)

1. Collection /collect suspect hardware/data


 Legal authority
 Scope
 Volatile data
 Static data
 Verify collected data

2. Examination
 Do not modify the data
 Extraction (convert into human readable)
 Examination checklist
 Preprocessing
 Filtering technique
 Pattern matching
 Hidden data discovery
DIGITAL FORENSIC INVESTIGATION PROCEDURES (CONT.…)

• Analysis
• What the information tells
• How does it related to the hypothesis and to the overall question
• Data must be analyzed in context

• Analysis type
• Relational Analysis
• Functional analysis
• Temporal analysis
DIGITAL FORENSIC INVESTIGATION PROCEDURES (CONT.…)

• Presentation
• Result must be communicated well
• Summary key result first
• Comprehensive report about all action
• Conclusion reached
• Ensure documentation is detailed so that it is reproducible by another investigator

• Decision
DIGITAL FORENSIC

• Digital forensic teaches you


• How computer works
• how data is stored and accessed
• how to manage large amount of data
• how to think logically and objectively
• how to connect concepts
• how to write and communicate

• Prerequisites
• Operating system concepts.
• Linux command Line
• Windows command Line
• no need to know programming

You might also like