Use Of ICT in Police investigation

Question 1

Provides a target rich environment for criminals

Answer 1

Cyberspace

Question 2

It is easy to carry out an attack, has lower risks associated with it, is hard to trace technically, and hard to prosecute.
Sophisticated tools are readily available on the Internet publicly.
Access and attack can be from anywhere and anonymous.

Answer 2

Cyberspace

Question 3

Cybercrime Offenses

Answer 3

1. Offense against Confidentially, Integrity and Availability (CIA) of computer data and system
2. Computer-Related Offense
3. Content- Related Offense

Question 4

Offense against Confidentiality, Integrity and Availability of computer data and system

Answer 4

1. Illegal access
2. Illegal interception
3. Data Interference
4. Misuse of devices
   except fine should be no more than ₱500,000.
5. Cyber-squatting

Question 5

Offense against CIA of computer data and system penalty

*(imprisonment of 6 years and 1 day up to 12 years) or a fine of at least P200,000 up to a maximum amount commensurate to the damage incurred or BOTH. And

If committed against critical infrastructure:

• (imprisonment for 12 years and 1 day up to 20 years) or a fine of at least P500,000 up to a maximum amount commensurate to the damage incurred or both

Answer 5

• Prision mayor

* Reclusion Temporal

Question 6

Computer-Related Offense

Answer 6

Computer-related Forgery
Computer-related Fraud
Computer-related Identity theft

Question 7

Prison Mayor (imprisonment of 6 years and 1 day up to 12 years) or a fine of at least P200,000 up to a maximum amount commensurate to the damage incurred or BOTH. And

On provided that no damage has yet been caused, the penalty imposed shall be one (1) degree lower

Answer 7

Computer-Related Offense

Question 8

Content-Related Offense

Answer 8

• Cybersex
• Child Pornography
• Unsolicited Commercial Communications (SPAMMING)
• Libel
  Defined in Article 355 of the Revised Penal Code

Question 9

Prision mayor (imprisonment of 6 years and 1 day or a fine at least P200,000 but not exceeding P1,000,000.

Penalty to be imposed shall be one (1) degree higher than that provided for in Republic Act 9775, if committed through a computer system.

THIS PROVISION WAS STRUCK DOWN BY THE SUPREME COURT AS UNCONSTITUTIONAL

Penalty to be imposed shall be one (1) degree higher than that provided for by the Revised Penal Code, as amended, and special laws, as the case may be.

Answer 9

Content-Related Offense

Question 10

CHAPTER IV ENFORCEMENT AND IMPLEMENTATION
Section 10. Law Enforcement Authorities - The National Bureau of investigation (NBI) and Philippine National Police (PNP) shall be responsible for the efficient and effective law enforcement of the provisions of this Act. The NBI and the PNP shall organize a cybercrime unit or center manned by special investigator to exclusively handle cases involving of this Act.

Answer 10

RA 10175 ALSO KNOWN AS “CYBERCRIME PREVENTION ACT OF 2012”

Question 11

“Cybercrime Prevention Act of 2012”;

Answer 11

• R.A. 10175 –

Question 12

“Data Privacy Act of 2013”;

Answer 12

• R.A. 10173 –

Question 13

“Anti-Photo and Voyeurism Act of 2009”;

Answer 13

• R.A. 9995 –

Question 14

“Anti-Child Pornography Act of 2009”;

Answer 14

R.A. 9775 –

Question 15

“E- Commerce Act of 2000”;

Answer 15

• R.A. 8792 –

Question 16

“Access Device Regulation Act of 1998”;

Answer 16

R.A. 8484 –

Question 17

1. Crime occurs
2. Policemen responds
   3.
   4.
   5.
3. Writes report
4. Prosecution

Answer 17

Reactive law enforcement

Question 18

Cybercrime Investigation Process
Step 1 - Interview the Complainant
Step 2 - Gathering & Documentation of Evidence
Step 3 - Complaint & Witness detailed sworn statement
Step 4 - Request for the conduct of Digital Forensic Examination on the submitted electronic evidence
Step 5 - Coordination, Verification & Presentation with TELCO/ISP and/or Website Admin/Provider.
Step 6 - Preparation of MLAT (Mutual Legal Assistance Treaty).
Step 7 - Preparation & Application for Court Order to TELCO/ISP to give the preserve information requested.
Step 8 - investigation Report
Step 9 - Referral to the Office of the Prosecutor

Answer 18

Cybercrime Investigation Process

Question 19

Recognizing and Identification
Arrival in the electronic crime scene
Documentation
1. Sketch of Location
2. Photograph
- 4 shots corners room
- 2 shots outside room
3. Photograph and Sketch digital Evidence
4. Log at the working notes
5. Examine 
6. Interview

Answer 19

Recognizing and Identification

Question 20

Can be seized in a variety of different forms, and from a variety of different sources.

Answer 20

Digital Evidence

Question 21

Devices

Answer 21

Computers and Drives
Personal Devices
Removable Media
Miscellaneous

Question 22

Identifying Digital Evidence

Answer 22

Devices

Data

Question 23

Email account contents
Social media accounts
Cloud storage account
Server data

Answer 23

Data

Question 24

Servers
Workstations
Laptops
External Hard Disk Drives

Answer 24

Computes and Drives

Question 25

Mobile handsets

Tablets

Answer 25

Personal Devices

Question 26

USB drives
SD Media cards
DVD- R
CD-R

Answer 26

Removable Media

Question 27

Digital Cameras
Web cameras
Wireless access point
Routers
Gaming system

Answer 27

Miscellaneous

Question 28

Collection and Preservation of Computers and Drives

Running state => Implement “Bag and Tag” procedure

Answer 28

Off

Question 29

Collection and Preservation of Computes and Drives

Running State => Check network => Implement “Bag and Tag” Procedure

Answer 29

ON and Not connected to Network

Question 30

Collection and preservation of Computers and drives

Running State => Check Network => Screen Saver Running => Implement “Incident Response” => Implement “Bag and Tag” Procedure

Answer 30

ON, Connected to Network, Screen Saver Not running, with password

Question 31

Collection and Preservation of Computers and drives
Note:

See also flow chart

Answer 31

1. Photograph monitor
2. Move arrow keys
3. Photograph monitor
4. Document

Question 32

SOP in providing cybercrime assistance to requesting operating PNP units and other LEAs

Answer 32

See handout

Question 33

Collection and preservation of Computer Drives

• remove power source from the system, not from wall outlet.
• remove any removable media that are present to ensure safe transport.

Answer 33

Bag and Tag Procedure

Question 34

Collection and preservation of computers and drives

Bag and Tag Procedure

A and A1
E MTY E and E2
D MTY
B MTY

Answer 34

Labeling

Question 35

Collection and Preservation of Personal Devices

For smartphone and similar devices

• Do not turn ON
• Place phone in a sealed envelope before placing in an evidence bag to prevent from being turned ON
• if possible, seize the mobile phone charger

Answer 35

Of power is OFF

Question 36

Collection and Preservation of Personal Devices

For smartphone and similar devices:

• Consideration should be given before turning OFF the device because of password/passcodes
• Immediately switch to flight mode or place phone on a faraday bag.

Answer 36

If power is ON

Question 37

•In case that there is/are electronic evidence presented. Investigator will prepare necessary memorandum request to * for the conduct of forensic examination on the submitted electronic evidence.

Answer 37

ACG Digital Forensic Laboratory

Request for the conduct of Digital Forensic Examination

Question 38

Collection and Preservation of Data

Outlook
Outlook Express
Mozilla Thunderbird

Answer 38

Stand-alone

Question 39

Collection and Preservation

Hotmail
Gmail
Yahoo

Answer 39

Web-based Data

Question 40

Collection and Preservation of Data

• To determine the “sender” of an e-mail message, investigators need to review the *
• **is the information added to the actual message
• Entries in the email header is stamped by *** handing the email.

Answer 40

• e-mail header
• *Email header
• **mail server

Question 41

Collection and Preservation of Data

• “Received lines” show how message entered the Internet. * are most formative. Some may be fake.
• “From” Line is address given by the sender; may be **
• Lines that start with *** are comments added by software; may be true or false

Answer 41

• Last one or two
• *totally false
• **X

Question 42

Collection and preservation of Data

• can be one of the most effective tools the investigator uses during his research.

Answer 42

Searching with Google

Question 43

Special Search Characters

These characters have special meaning to Google. Always use these characters without surrounding spaces!

• force inclusion of something common
• • exclude a search item
• ** use quotes around search phrases
• *** a single-character wildcard
• ** any word
• ***** Boolean ‘OR’

Answer 43

• (+)
• • (-)
• ** (“)
• ***(.)
• ** (*)
• ***** (|)

Question 44

ATM

Answer 44

ATM skimming

Question 45

Importance of Camera Security System

In the present day * has become one of the most important factors governing everyday life.

Facilities that are monitored by CCTV Cameras may be an aid on investigating theft, robbery, etc. With a ** in a place it becomes easier to monitor the premises and also gathers formation of an accident.

Answer 45

• security

* *security system

Question 46

Importance of Camera Security Systems

• For what regards the license plate enhancement, which is for sure one of the most common requests, according to our experience we can say that in a typical CCTV video of the resolution of a certain subject to be enhance is (*) we cannot obtain any meaningful improvement.

Answer 46

less than 2.0 megapixel or 1600x1200 pixels

Question 47

Find my IP

Answer 47

Whois.net/domaintool