Best practice and the law Flashcards
What is a computer virus?
Program or file
- A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels.
- Can’t spread without human interaction
What is a worm?
Transport features
- A worm is similar to a virus by design and is considered to be a sub-class of a virus.
- Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action.
- A worm takes advantage of file or information n transport features on your system, which is what allows it to travel unaided.
What is the dangers of a worm?
Devastating effect
- It can replicate itself on your system
- It could send out hundreds or thousands of copies of itself, creating a huge devastating effect.
What is a trojan horse?
Backdoor
- Appear to be useful software but will actually do damage once installed or run on your computer.
- Create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised.
- Do not reproduce by infecting other files nor do they self-replicate.
What is it an offence to do under section 58 of the Terrorism Act 2000?
It is also an offence under section 58 of the Terrorism Act 2000 to take a photograph of a kind likely to be useful to a person committing or preparing an act of terrorism, or possessing such a photograph.
What are examples of digital crime?
- Hacking
- Trojans
- Grooming
- Viruses
- Fraud
- Paedophilia
- Terrorism
- Blackmail
- Trafficking
- Identity theft
When handling digital evidence, what should you do?
- Create a hash (message digest) from the data (43-character long string of numbers and letters) acts as a URN for data.
- Even if the evidence changes by 1 binary digit you’ll have a completely different hash.
- This ensures the evidence is no more than what you started with.
What is Principle 1: Data Preservation?
No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
What is Principle 2: Competence?
In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
What is Principle 3: Audit trail?
- An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
- Here the assumption is that the 3rd party is a forensic practitioner
What is Principle 4: Responsibility?
The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.
For the reconstruction of the system, what should be seized?
MAIN UNIT - usually the box to which the keyboard and monitor are attached
MONITOR
KEYBOARD AND MOUSE
ALL LEADS (including power cables)
POWER SUPPLY UNITS
HARD DISKS - not fitted inside the computer
DONGLES (small connectors plugged into the back of the machine)
What is a logic drive?
A logical drive is a drive space that is logically created on top of a physical hard disk drive.
What is a logical partition?
Hardware resources, separate
A logical partition, commonly called an LPAR, is a subset of a computer’s hardware resources, virtualized as a separate computer. In effect, a physical machine can be partitioned into multiple logical partitions, each hosting a separate operating system.
What does Section 1 of the Computer Misuse Act 1990 cover?
Unauthorised access to computer material
