Beruflich Dokumente
Kultur Dokumente
1
Please allow me
to introduce myself …
• Debra Littlejohn Shinder, MCSE
– Former police sergeant/police academy
and college criminal justice instructor
– Technical trainer
• Networking, operating systems, IT security
– Author
• Cisco Press, Syngress Media, Que, New
Riders
• TechRepublic, CNET,
Cramsession/Brainbuzz
– Consultant
2
• Businesses and government agencies
What I’m going to talk
about today
• What is cybercrime and is it really
a problem?
• Who are the cybercriminals?
• Why should you want to help law
enforcement officers catch them?
• The Great Governmental Divide
• How techies can build a bridge
• Building the cybercrime case
3
Civil vs. Criminal Law
• Two separate systems of law
• What are the differences?
• Double jeopardy doesn’t apply
• Constitutional protections – when do
they apply?
9
The Great
(Governmental) Divide
• Law enforcement culture
– Highly regulated
– Paramilitary (emphasis on “para”)
– “By the book”
Weight of law
agency policy
political factors
Public relations
10
Police Secrets
• Most officers are not as confident as
they appear
– Command presence required
– The bluff is in
• Most cops feel pretty powerless
– Cops don’t like feeling powerless
• Most cops don’t understand
technology
– Cops don’t like not understanding
11
This leads to…
• A touch of paranoia
• “Us vs. Them” attitude
– Cops against the world
• The truth about the thin blue line
• The blue wall of silence
12
Why cops and techies
don’t mix
• Lifestyle differences
• Elitist mentality – on both sides
• Adversarial relationship
– Many techies support or at least admire
talented hackers
– It’s human nature to protect “your own”
– Many cops don’t appreciate the
difference between white and black hat
– Bad laws
13
What cops and techies
have in common
• Long, odd hours
• Caffeine addiction
• Dedication to/love of job
• Want things to “make sense”
• Problem solvers by nature
16
Building the Case
• Detection techniques
• Collecting and preserving digital
evidence
• Factors that complicate prosecution
• Overcoming the obstacles
17
Cybercrime
Detection Techniques
• Auditing/log files
• Firewall logs and reports
• Email headers
• Tracing domain name/IP addresses
• IP spoofing/anti-detection techniques
18
Collecting and Preserving
Digital Evidence
• File recovery
• Preservation of evidence
• Intercepting transmitted data
• Documenting evidence recovery
• Legal issues
– Search and seizure laws
– Privacy rights
– Virtual “stings” (honeypots/honeynets)
Is it entrapment? 19
Factors that complicate
prosecution of cybercrime
• Difficulty in defining the crime
• Jurisdictional issues
• Chain of custody issues
• Overcoming obstacles
22
Chain of Custody
23
Overcoming the
obstacles
• Well defined roles and
responsibilities
• The prosecution “team”
– Law enforcement officers
– Prosecutors
– Judges
– Witnesses
What can CEOs and IT managers do?
24
Testifying in a
cybercrimes case
26
Scene of the Cybercrime
The book: by Debra Littlejohn Shinder