H-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies,...

H-H-11 Management Information Systems Management Information Systems

for the Information Agefor the Information Age

Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.

All rights reservedAll rights reserved

Extended Learning Module HExtended Learning Module H

Computer Crime and Computer Crime and ForensicsForensics





Presentation OverviewPresentation Overview

Computer CrimeComputer Crime Computer ForensicsComputer Forensics Recovery and InterpretationRecovery and Interpretation





Computer CrimeComputer Crime

Computer crime - Computer crime - a crime in which a a crime in which a computer, or computers, play a significant computer, or computers, play a significant part. part. Illegal gamblingIllegal gambling Forgery and money launderingForgery and money laundering Child pornographyChild pornography Electronic stalkingElectronic stalking The list goes on…The list goes on…





Computer CrimeComputer CrimeOutside the OrganizationOutside the Organization

Computer virusComputer virus (or (or virus) - virus) - software that was software that was written with malicious intent to cause written with malicious intent to cause annoyance or damage. There are two types of annoyance or damage. There are two types of viruses.viruses.

Benign viruses display a message or slow Benign viruses display a message or slow down the computer, but don’t destroy any down the computer, but don’t destroy any information. information.

Malignant viruses damage your computer Malignant viruses damage your computer system. system.






Macro viruses - Macro viruses - spread by binding spread by binding themselves to software such as Word or themselves to software such as Word or Excel. Excel.

WormWorm - a computer virus that replicates - a computer virus that replicates and spreads itself, not only from file to file, and spreads itself, not only from file to file, but from computer to computer via e-mail but from computer to computer via e-mail and other Internet traffic. and other Internet traffic.






Denial-of-service (DoS) attacksDenial-of-service (DoS) attacks - flood a - flood a Web site with so many requests for Web site with so many requests for service that it slows down or crashes. service that it slows down or crashes.

Distributed denial-of-service (DDos) Distributed denial-of-service (DDos) ––attacks from attacks from multiplemultiple computers that flood computers that flood a Web site with so many requests for a Web site with so many requests for service that it slows down or crashes.service that it slows down or crashes.






Code Red was the first virus that combined a Code Red was the first virus that combined a worm and DoS attack. worm and DoS attack.

Probably a hoax e-mail if:Probably a hoax e-mail if: Says to forward it to everyone you know, Says to forward it to everyone you know,

immediately.immediately. Describes the awful consequences of not acting Describes the awful consequences of not acting

immediately.immediately. Quotes a well-known authority in the computer Quotes a well-known authority in the computer

industry.industry.






On Your Own

What Polymorphic Viruses Are Floating Around

Cyberspace?






Stand alone worms can run on any computer that can Stand alone worms can run on any computer that can run Win32 programs.run Win32 programs.

SpoofingSpoofing - the forging of the return address on an e-mail - the forging of the return address on an e-mail so that the e-mail message appears to come from so that the e-mail message appears to come from someone other than the actual sender. someone other than the actual sender.

Trojan horse virusTrojan horse virus - hides inside other software, usually - hides inside other software, usually an attachment or download. an attachment or download.

Key loggerKey logger, or , or key trapperkey trapper, software - a program that, , software - a program that, when installed on a computer, records every keystroke when installed on a computer, records every keystroke and mouse click. and mouse click.





Computer CrimeComputer CrimeWeb DefacingWeb Defacing

Web defacing replaces the site with a substitute Web defacing replaces the site with a substitute that’s neither attractive nor complimentary.that’s neither attractive nor complimentary.

Web defacing is a favorite sport of the people Web defacing is a favorite sport of the people who break into computer systems. who break into computer systems.





Computer CrimeComputer CrimeThe PlayersThe Players

HackersHackers Thrill-seeker hackersThrill-seeker hackers White-hat (or ethical) hackersWhite-hat (or ethical) hackers Black-hat hackers Black-hat hackers CrackersCrackers HacktivistsHacktivists CyberterroristCyberterrorist Script kiddies Script kiddies oror script bunnies script bunnies





Computer CrimeComputer CrimeThe PlayersThe Players

Team Work

Make up a Good Password





Computer CrimeComputer CrimeInside the CompanyInside the Company

Along with the traditional crimes of fraud and Along with the traditional crimes of fraud and other types of theft, managers sometimes have other types of theft, managers sometimes have to deal with harassment of one employee by to deal with harassment of one employee by another. another.

Chevron Corporation and Microsoft settled Chevron Corporation and Microsoft settled sexual harassment lawsuits for $2.2 million each sexual harassment lawsuits for $2.2 million each because employees sent offensive e-mail to because employees sent offensive e-mail to other employees and management didn’t other employees and management didn’t intervene. intervene.





Computer CrimeComputer CrimeInside the CompanyInside the Company

On Your Own

Digital Signatures and Certificates





Computer ForensicsComputer Forensics

Computer forensicsComputer forensics - - the collection, the collection, authentication, preservation, and examination of authentication, preservation, and examination of electronic information for presentation in court. electronic information for presentation in court.

In a well-conducted computer forensics In a well-conducted computer forensics investigation, there are two major phases: investigation, there are two major phases:

1.1. Collecting and authenticating electronic evidence.Collecting and authenticating electronic evidence.2.2. Analyzing the findings.Analyzing the findings.

Computer forensics experts use special hardware Computer forensics experts use special hardware and software tools to conduct investigations.and software tools to conduct investigations.





Computer ForensicsComputer ForensicsThe Collection PhaseThe Collection Phase

Step one of the collection phase is to get physical Step one of the collection phase is to get physical access to the computer and related items. access to the computer and related items. ComputersComputers Hard disksHard disks Floppy disksFloppy disks CD’s and DVD’sCD’s and DVD’s Zip disksZip disks PrintoutsPrintouts Post-it notes, etc.Post-it notes, etc.

This process is similar to what police do when This process is similar to what police do when investigating crime in the brick world.investigating crime in the brick world.





Computer ForensicsComputer ForensicsPhase I - The Collection PhasePhase I - The Collection Phase

Step two of the collection phase is to make a Step two of the collection phase is to make a forensic image copy of all the information. forensic image copy of all the information. Forensic image copyForensic image copy - an exact copy or snapshot of - an exact copy or snapshot of

the contents of an electronic medium. the contents of an electronic medium. MD5 hash valueMD5 hash value - a mathematically generated - a mathematically generated

number that is unique for each individual storage number that is unique for each individual storage medium at a specific point in time, because it’s based medium at a specific point in time, because it’s based on the contents of that medium. on the contents of that medium.





Computer ForensicsComputer ForensicsPhase II - The Analysis PhasePhase II - The Analysis Phase

The analysis phase consists of the The analysis phase consists of the recovery and interpretation of the recovery and interpretation of the information that’s been collected and information that’s been collected and authenticated. authenticated.

The analysis phase of the investigation is The analysis phase of the investigation is when the investigator follows the trail of when the investigator follows the trail of clues and builds the evidence into a crime clues and builds the evidence into a crime story. story.





Computer ForensicsComputer Forensics Phase II - The Analysis PhasePhase II - The Analysis Phase

Computer forensic programs can pinpoint Computer forensic programs can pinpoint a file’s location on the disk, its creator, the a file’s location on the disk, its creator, the date it was created, the date of last date it was created, the date of last access, the date it was deleted, as well as access, the date it was deleted, as well as file formatting, and notes embedded or file formatting, and notes embedded or hidden in a document. hidden in a document.





Recovery and InterpretationRecovery and Interpretation

Much of the information comes from:Much of the information comes from: Recovered Recovered Deleted filesDeleted files Currently unused disk spaceCurrently unused disk space Deliberately hidden information or filesDeliberately hidden information or files

People whose e-mail was recovered to their extreme People whose e-mail was recovered to their extreme embarrassment (or worse) were: embarrassment (or worse) were: Monica LewinskyMonica Lewinsky Arresting officer in the Rodney King caseArresting officer in the Rodney King case Bill Gates of MicrosoftBill Gates of Microsoft





Recovery and InterpretationRecovery and InterpretationPlaces to Look for Stray InformationPlaces to Look for Stray Information

Information is written all over a disk, not only Information is written all over a disk, not only when you save a file, but also when you create when you save a file, but also when you create folders, repartition the disk, and so on. folders, repartition the disk, and so on.

File remnants could be found in:File remnants could be found in:1.1. Slack spaceSlack space

2.2. Unallocated disk spaceUnallocated disk space

3.3. Unused disk spaceUnused disk space

4.4. Hidden filesHidden files





Recovery and InterpretationRecovery and InterpretationWays of Hiding InformationWays of Hiding Information

Rename the file.Rename the file. Make the information invisible.Make the information invisible. Use windows to hide files.Use windows to hide files. Protect the file with a password.Protect the file with a password. Encrypt the file.Encrypt the file. Use steganography.Use steganography.





SummarySummary Assignments & ExercisesAssignments & Exercises

1.1. Find computer forensics softwareFind computer forensics software

2.2. Is your financial identity at risk for theft?Is your financial identity at risk for theft?

3.3. The international anti-cybercrime treatyThe international anti-cybercrime treaty

4.4. Does the fourth amendment apply to Does the fourth amendment apply to computer search and seizure?computer search and seizure?

H-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies,...

Documents

Transcript of H-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies,...