topic 15 - best practice and the law Flashcards

1
Q

what are examples of digital crime?

A

Hacking

Trojans

Grooming

Viruses

Fraud, e.g., Phishing

Paedophilia

Blackmail

Terrorism

Trafficking

Identity theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is a computer worm? [Stuxnet]

A

Stuxnet is a malicious computer worm, first uncovered in 2010 and is believed to be responsible for causing substantial damage to Iran’s nuclear program.

It specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery and industrial processes including centrifuges for separating nuclear material.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what is Locard’s exchange principle?

A

“Wherever he steps, whatever he touches, whatever he leaves, even unconsciously, will serve as a silent witness against him. Not only his fingerprints or his footprints, but his hair, the fibers from his clothing, the glass he breaks, the tool mark he leaves, the paint he scratches, the blood or semen he deposits or collects. All of these and more bear mute witness against him. This is evidence that does not forget.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is principle 1 of ACPO?

A

principle 1 (Data Preseveration)

No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is principle 2 of ACPO?

A

principle 2 (Competence)

In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is principle 3 of ACPO?

A

Principle 3 (Audit Trail)

An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is principle 4 of ACPO?

A

principle 4 (Responsibility)

The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what are the first actions when seizing computer equipment?

A

Legal considerations

Have a plan before you go in!

Once you’re in:

Move people away

Preserve the scene

Stand back - don’t touch

Now consider your options

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what should be seized when seizing computer equipment?

A

for reconstruction of the system:
- MAIN UNIT - usually the box to which the keyboard and monitor are attached
- MONITOR
- KEYBOARD AND MOUSE
- ALL LEADS (including power cables)
- POWER SUPPLY UNITS
- HARD DISKS - not fitted inside the computer
- DONGLES (small connectors plugged into the back of the machine).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what is the forensic process of seizing computer equipment?

A

Acquisition

Identification

Evaluation

Presentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what is Acquisition?

A

Correct consents, legal documents and procedures must be in place

Pictures, video, written descriptions of where everything was found

Don’t alter anything!

Forensic Duplication

Write blocker

dd - copies a file

Not just a normal copy, but a bit for bit copy

MD5/SHA1 Hash Function

File integrity check

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what is identification?

A

Physical identification of digital equipment, bagged and tagged

An exhibit

Number of hard drives

Where, logically, did evidence come from, e.g., directory?

Partitions and structure of file system

What kind of evidence is it?

File type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is evaluation?

A

How was the data produced?

Who produced it?

When did they produce it?

Is the evidence relevant to the investigation?

Are there any signs of foul play, e.g., Trojan defence?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is presentation?

A

Interpretation of data recovered

Write/present for non-experts

Technically correct

Defence of findings in the witness box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what is the computer misuse act 1990?

A

Section 1
Unauthorised access to computer material

Section 2
Unauthorised access with intent to commit or facilitate the commission of a further offence

Section 3
Unauthorised modification of computer material

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what is the protection of children act 1978?

A

Section 1

(a) Taking, making or possessing …

(b) Distributing …

(c) Possessing with a view to distributing an indecent photograph of a child

17
Q

what is the criminal justice and public order act 1994?

A

Amended S(1) of POCA to include pseudo-photographs.

18
Q

what is the sexual offences act 2003?

A

Amended POCA further:

Increased the age of a child from 16 to 18

Added a defence where an indecent photograph of a child over the age of 16 was created by the child’s long term partner (married or ‘enduring relationship’)

Added a defence where it is necessary to create an indecent image of a child for criminal investigation.