Add to collection(s) Add to saved
  1. Business
  2. Finance

Extended Learning Module H Computer Crime and Forensics H-1

Extended Learning Module H
Computer Crime and
Forensics
H-1
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Presentation Overview



H-2
Computer Crime
Computer Forensics
Recovery and Interpretation
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime

Computer crime - a crime in which a
computer, or computers, play a significant
part.





H-3
Illegal gambling
Forgery and money laundering
Child pornography
Electronic stalking
The list goes on…
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime
Outside the Organization

H-4
Computer virus (or virus) - software that was
written with malicious intent to cause
annoyance or damage. There are two types of
viruses.

Benign viruses display a message or slow
down the computer, but don’t destroy any
information.

Malignant viruses damage your computer
system.
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime
Outside the Organization

Macro viruses - spread by binding
themselves to software such as Word or
Excel.

Worm - a computer virus that replicates
and spreads itself, not only from file to file,
but from computer to computer via e-mail
and other Internet traffic.
H-5
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime
Outside the Organization

Denial-of-service (DoS) attacks - flood a
Web site with so many requests for
service that it slows down or crashes.

Distributed denial-of-service (DDos) –
attacks from multiple computers that flood
a Web site with so many requests for
service that it slows down or crashes.
H-6
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime
Outside the Organization

Code Red was the first virus that combined a
worm and DoS attack.

Probably a hoax e-mail if:



H-7
Says to forward it to everyone you know,
immediately.
Describes the awful consequences of not acting
immediately.
Quotes a well-known authority in the computer
industry.
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime
Outside the Organization
On Your Own
What Polymorphic Viruses
Are Floating Around
Cyberspace?
H-8
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime
Outside the Organization

Stand alone worms can run on any computer that can
run Win32 programs.

Spoofing - the forging of the return address on an e-mail
so that the e-mail message appears to come from
someone other than the actual sender.

Trojan horse virus - hides inside other software, usually
an attachment or download.

Key logger, or key trapper, software - a program that,
when installed on a computer, records every keystroke
and mouse click.
H-9
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime
Web Defacing

Web defacing replaces the site with a substitute
that’s neither attractive nor complimentary.

Web defacing is a favorite sport of the people
who break into computer systems.
H-10
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime
The Players








Hackers
Thrill-seeker hackers
White-hat (or ethical) hackers
Black-hat hackers
Crackers
Hacktivists
Cyberterrorist
Script kiddies or script bunnies
H-11
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime
The Players
Team Work
Make up a
Good Password
H-12
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime
Inside the Company

Along with the traditional crimes of fraud and
other types of theft, managers sometimes have
to deal with harassment of one employee by
another.

Chevron Corporation and Microsoft settled
sexual harassment lawsuits for $2.2 million each
because employees sent offensive e-mail to
other employees and management didn’t
intervene.
H-13
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Crime
Inside the Company
On Your Own
Digital Signatures and
Certificates
H-14
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Forensics

Computer forensics - the collection,
authentication, preservation, and examination of
electronic information for presentation in court.

In a well-conducted computer forensics
investigation, there are two major phases:
1.
2.

Collecting and authenticating electronic evidence.
Analyzing the findings.
Computer forensics experts use special hardware
and software tools to conduct investigations.
H-15
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Forensics
The Collection Phase

Step one of the collection phase is to get physical
access to the computer and related items.








Computers
Hard disks
Floppy disks
CD’s and DVD’s
Zip disks
Printouts
Post-it notes, etc.
This process is similar to what police do when
investigating crime in the brick world.
H-16
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Forensics
Phase I - The Collection Phase

Step two of the collection phase is to make a
forensic image copy of all the information.


H-17
Forensic image copy - an exact copy or snapshot of
the contents of an electronic medium.
MD5 hash value - a mathematically generated
number that is unique for each individual storage
medium at a specific point in time, because it’s based
on the contents of that medium.
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Forensics
Phase II - The Analysis Phase

The analysis phase consists of the
recovery and interpretation of the
information that’s been collected and
authenticated.

The analysis phase of the investigation is
when the investigator follows the trail of
clues and builds the evidence into a crime
story.
H-18
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Computer Forensics
Phase II - The Analysis Phase

Computer forensic programs can pinpoint
a file’s location on the disk, its creator, the
date it was created, the date of last
access, the date it was deleted, as well as
file formatting, and notes embedded or
hidden in a document.
H-19
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Recovery and Interpretation

Much of the information comes from:





Recovered
Deleted files
Currently unused disk space
Deliberately hidden information or files
People whose e-mail was recovered to their extreme
embarrassment (or worse) were:



H-20
Monica Lewinsky
Arresting officer in the Rodney King case
Bill Gates of Microsoft
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Recovery and Interpretation
Places to Look for Stray Information

Information is written all over a disk, not only
when you save a file, but also when you create
folders, repartition the disk, and so on.

File remnants could be found in:
1.
2.
3.
4.
H-21
Slack space
Unallocated disk space
Unused disk space
Hidden files
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Recovery and Interpretation
Ways of Hiding Information






Rename the file.
Make the information invisible.
Use windows to hide files.
Protect the file with a password.
Encrypt the file.
Use steganography.
H-22
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Summary
Assignments & Exercises
1.
2.
3.
4.
H-23
Find computer forensics software
Is your financial identity at risk for theft?
The international anti-cybercrime treaty
Does the fourth amendment apply to
computer search and seizure?
Management Information Systems
for the Information Age
Copyright 2004
The McGraw-Hill Companies, Inc.
All rights reserved
Related documents
Functions of the Family
Functions of the Family
4700lwc1.ppt
4700lwc1.ppt
Chapter 6 – Index of Sample Problems
Chapter 6 – Index of Sample Problems
Download