Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Digital Forensics > Criminal-procedural law > Flashcards

Criminal-procedural law Flashcards

1
Q

What are the means for obtaining evidence?

A

The means for obtaining evidence are: Inspections, Searches, Seizures, and Interceptions of conversations or communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What the Digital Investigations must be capable of doing?

A

The Digital Investigations must be capable of guaranteeing the preservation of the original data and preventing their alteration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the difference between Post Mortem Forensics and Live Forensics?

A

Post mortem forensics is the forensics that concerns the deactivated devices. Instead, the live forensics is the forensics that concerns the devices turned on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the difference between inspection and search?

A

It can be said that the inspection is performed with the eyes or with technical equipment that is used to observe anyway.
Instead, the search is performed with the hands. It is an activity aimed not only at observing, but also looking for something.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a seizure?

A

The seizure consists in depriving a subject of an asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an interception?

A

An interception is an investigation aimed at capturing the contents of a confidential conversation or communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Digital investigation.

A

A digital investigation is an investigation aimed at searching digital evidence in order to identify the perpetrator of a crime or to prevent a crime from being committed.

The term “Digital Investigation” refers to any type of investigation that employs digital technology, regardless of the type of crime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Pretrial Investigation

A

“The pretrial investigations are carried out in order to prevent crimes from taking place. It should be noted that the criminal systems currently tend to become more and more preventive systems.
The cybersecurity is perceived as a critical aspect of the state security worldwide. This because problems related to cybersecurity can evolve into serious threats to national or also global security, undermining the operation of national critical infrastructure and, more generally, the integrity of any computer system.
This fact has led various states to strengthen cyber defense also through specific training programs for state personnel. The authorities and bodies involved in cyber defense must face the effects of a continuous development of technology in an ever-changing world, where particularly invasive technological threats can appear. It should be noted that some regulatory acts specifically require investigators to work together with universities and public or private research centers. This is because an effective preventive action can be carried out by means of both interpenetration of several bodies of knowledge and cooperation between the police and other actors, e.g. scholars”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cyber intelligence

A

“Cyber investigations are characterized by a continuous increase of the field of operation of the intelligence, which is called in this area cyber intelligence (the so-called Cybint).
It is necessary to point out that, nowadays, more and more states use spy software in pretrial investigations. These systems are particularly invasive, especially in terms of privacy. In fact, they not only can capture and store any digital data contained within a computer system (computer, cloud, servers, smartphones, etc.), but also can automatically activate the webcam and microphones on the devices. In this way, they can hear everything said and film everything that happens.
The general trend of pretrial investigations is an exponential increase of the amount of collected data. The fight against terrorism has given an added impetus to this phenomenon. However, there is a serious risk that an undemocratic legislation, which could lead to new and insidious forms of totalitarianism, can also be legitimized within a democratic framework. This risk of authoritarian tendencies can only be prevented by placing clear limits to an indiscriminate collection of data and defining a clear and exhaustive list of the crimes for which the data retention is allowed.
It should also be noted that the size of extremely large data sets could be beyond the ability of commonly available tools to capture, manage, and process data within a tolerable elapsed time. This is the problem of “Big data”, whose analysis can require supercomputers and specific analysis techniques and related research work, which are prerogatives of a limited number of states”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Reactive Investigations

A

“Reactive investigations are carried out after a crime has been committed and the corresponding notitia criminis has been received by the competent authority. A same type of cyber investigation can be regulated in a very different way worldwide. Moreover, some types of cyber investigation are governed by legislation in only certain States, while in others there is no a specific law”.
Pretrial investigations are carried out before a crime is reported. Instead, reactive investigations are carried out after a crime is reported

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ex officio prosecution crime

A

An ex officio prosecution crime is a crime that can be prosecuted regardless of whether a complaint has been filed by the aggrieved party, i.e. regardless of whether the victim has, or has not, expressed his will for suspect to be persecuted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Crime prosecuted on complaint by the injured party

A

A crime prosecuted on complaint by the injured party is a crime that can be prosecuted only if the aggrieved party has expressed his will for suspect to be persecuted and has filed a complaint accordingly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Preservation of the original data and preventing their alteration in digital investigations

A

In all cases where this is possible, the Digital Investigations must be capable of guaranteeing the preservation of the original data and preventing their alteration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Characteristics of digital investigations

A
  1. Technical nature;
  2. Transnationality;
  3. Cooperation of private entities.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Most significant issues due to technical nature of digital investigations

A

The technical nature of digital investigations is related to the immateriality and easy alterability of digital data.
The Digital Investigations must be capable of guaranteeing the preservation of the original data and preventing their alteration
Expert evidence shall be admitted when it is necessary to perform investigations or gather data or evaluations requiring specific technical, scientific or artistic competence.
The following five categories of people cannot assume the role of expert.
1. minors, persons declared totally or partially disable and mentally- ill person;
2. person barred from public office, also temporarily, or barred or suspended from performing a profession on an art;
3. person who are subject to personal security or preventive measures:
4. persons who cannot be called as witness or have the right to abstain from testifying or have been called as witness or interpreters;
5. persons who have been appointed as technical consultants in the same proceedings or in a joined one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Transnationality

A

“A second feature of cyber investigations is their transnationality. A digital evidence is often characterized by its dispersion across several states. For example, it can be allocated in servers located in different countries. This fact implies the need to establish global rules aimed at determining which is the State that is entitled to carry out the investigation. In this way, it can be avoided an overlap between investigations carried out by detectives belonging to different states in order to prosecute a same crime.”

17
Q

Principle of double criminality

A

“The transnationality of cyber investigations creates several issues, which are mainly due to the diversity of criminal law between countries and the difficulties of transnational investigative cooperation in criminal matters.
(…) In order to understand the issues due to diversity of criminal law between countries, an example is provided here. Suppose someone lives in Italy, for example in Rome. He uses his mobile to write a message having defamatory content and publishes it on Facebook using a fake account. If he destroys the mobile after the offence has been committed, no a copy of this defamatory message that can be directly linked to him still exists in Italy. However, a copy of the message is also stored in Facebook’s database, but Facebook is an US company. In order to gather evidence, the Italian investigators could request from Facebook a copy of the message, but there is a problem. Although the Italian law, in general, punishes defamation, this action is a criminal offence only in rare cases in the USA because the protection for freedom of speech, which is covered by the First Amendment to the United States Constitution, prevails. The consequence is that Facebook could refuse to supply a copy of the defamatory message to Italians investigators, because this company could consider that the principle of double incrimination is not met. Such a principle in many countries is a pre-condition for the gathering of evidence.
This simple example highlights how effective investigative activities require not only uniformity of the crimes, but also uniformity of the facts constituting criminal offences between countries. Therefore, a harmonization of the criminal Law must be pursued on a global scale”.

18
Q

Need of international cooperation.

A

“A second issue related to the transnationality of cyber investigations is due to the fact that, if no special agreements between states exist, ordinary forms of mutual assistance in criminal matters should be used. This means that international letters rogatory should be used. Nevertheless, the letters rogatory are characterized by long timelines. In many cases, when the letter rogatory is obtained, the data that should be acquired have been already canceled.
A significant impetus to cooperation, in particular about a faster gathering of evidence, came from the 2001 Convention on Cybercrime (the so-called Convention of Budapest), which provides that: “The Parties shall afford one another mutual assistance to the widest extent possible for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence” (art. 25.1). The Convention of Budapest also provides that: “Each Party may, in urgent circumstances, make requests for mutual assistance or communications related thereto by expedited means of communication, including fax or e-mail, to the extent that such means provide appropriate levels of security and authentication (including the use of encryption, where necessary)” (art. 25.3).
The 2001 Budapest Convention is a Council of Europe Convention which can be signed by all countries. For this reason, it was signed by member countries and countries which are not members of the Council of Europe. At present, 55 countries signed the Convention. This is a relatively large number of countries, but is not enough”.
The European Investigations Order (EIO) in criminal matters is “the more advanced regulation of transnational gathering of evidence never appeared in Europe”.
The European Investigation Order in Criminal Matters provides that a State can ask another State to send it evidence. And the receiving State must send the evidence within ninety days. You understand very well that a piece of digital evidence can be deleted in an instant. For this reason, efforts are being made at the European level to prepare other much faster regulations specifically designed to manage “e-evidence”, that is digital evidence.

19
Q

Traffic data

A

Traffic data “means any computer data relating to a communication by means of a computer system, generated by a computer system that formed a part in chain of communication, indicating the communication’s origin, destination, route, time, data, size, duration, or type of underlying service”.

20
Q

Types of data to be retained

A

(a) data necessary to trace and identify the source of a communication:
(1) concerning fixed network telephony and mobile telephony: (i) the calling telephone number;
(ii) the name and address of the subscriber or registered user;
(2) concerning Internet access, Internet e-mail and Internet telephony:
(i) the user ID(s) allocated;
(ii) the user ID and telephone number allocated to any communication entering the public telephone network;
(iii) the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication;

(b) data necessary to identify the destination of a communication:
(1) concerning fixed network telephony and mobile telephony:
(i) the number(s) dialled (the telephone number(s) called), and, in cases involving supplementary services such as call forwarding or call transfer, the number or numbers to which the call is routed;
(ii) the name(s) and address(es) of the subscriber(s) or registered user(s);
(2) concerning Internet e-mail and Internet telephony:
(i) the user ID or telephone number of the intended recipient(s) of an Internet telephony call;
(ii) the name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication;

(c) data necessary to identify the date, time and duration of a communication:
(1) concerning fixed network telephony and mobile telephony, the date and time of the start and end of the communication;
(2) concerning Internet access, Internet e-mail and Internet telephony:
(i) the date and time of the log-in and log-off of the Internet access service, based on a certain time zone, together with the IP address, whether dynamic or static, allocated by the Internet access service provider to a communication, and the user ID of the subscriber or registered user;
(ii) the date and time of the log-in and log-off of the Internet e-mail service or Internet telephony service, based on a certain time zone;
(d) data necessary to identify the type of communication:
(1) concerning fixed network telephony and mobile telephony: the telephone service used;
(2) concerning Internet e-mail and Internet telephony: the Internet service used;

(e) data necessary to identify users’ communication equipment or what purports to be their equipment:
(1) concerning fixed network telephony, the calling and called telephone numbers;
(2) concerning mobile telephony:
(i) the calling and called telephone numbers;
(ii) the International Mobile Subscriber Identity (IMSI) of the calling party;
(iii) the International Mobile Equipment Identity (IMEI) of the calling party
(iv) the IMSI of the called party;
(v) the IMEI of the called party;
(vi) in the case of pre-paid anonymous services, the date and time of the initial activation of the service and the location label (Cell ID) from which the service was activated;
(3) concerning Internet access, Internet e-mail and Internet telephony: (i) (ii) (f) the calling telephone number for dial-up access; the digital subscriber line (DSL) or other end point of the originator of the communication;

(f) the calling telephone number for dial-up access; the digital subscriber line (DSL) or other end point of the originator of the communication; data necessary to identify the location of mobile communication equipment:
(1) the location label (Cell ID) at the start of the communication;
(2) data identifying the geographic location of cells by reference to
their location labels (Cell ID) during the period for which communications data are retained.

No data revealing the content of the communication may be retained.

21
Q

Data retention period

A

Article 132 of the Italian Personal Data Protection Code provides that:

  1. Telephone traffic data shall be retained by the provider for twenty-four months as from the date of the communication.
  2. Electronic communications traffic data shall be retained by the provider for twelve months as from the date of the communication.
  3. The data related to unsuccessful calls that are processed on a provisional basis by the providers of publicly available electronic communications services or a public communications network shall be retained for thirty days.
  4. For the fight against terrorist attacks, all data must be retained for the same period of time, i.e. six years. Hence, telephone traffic data, electronic communications traffic data, and the data related to unsuccessful call must be kept for six years.
22
Q

Means for obtaining evidence

A

The means for obtaining evidence are: Inspections, Searches, Seizures, and Interceptions of conversations or communications.

23
Q

Difference between Post Mortem Forensics and Live Forensics

A

Post mortem forensics is the forensics that concerns the deactivated devices. Instead, the live forensics is the forensics that concerns the devices turned on.

24
Q

Difference between inspection and search

A

It can be said that the inspection is performed with the eyes or with technical equipment that is used to observe anyway.
Instead, the search is performed with the hands. It is an activity aimed not only at observing, but also looking for something.

25
Q

Seizure

A

The seizure consists in depriving a subject of an asset

26
Q

Interception

A

An interception is an investigation aimed at capturing the contents of a confidential conversation or communication.

27
Q

Copying data

A

The best practices specify that, where possible, a bit stream image of digital data should be used. In digital forensics, copying data cannot be carried out by means of “copy and past”. If you cut and past to copy the contents of digital files, some information could be lost. This piece of information could be important for the investigation. What’s more, the guarantee that the data has not been altered could be lost. For this reason, best practices provide that, where possible, copying is done using a bit- stream image.

28
Q

Bit-stream image

A

A bit-stream image is a bit-by-bit copy. Therefore, a bit-stream image is an exact copy of digital data.

29
Q

OSINT

A

Osint means Open Source Intelligence.

Digital Forensics (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions