Assignment: Cybercrime-Related Laws and Digital Evidence

Imagine you are watching a movie that has a dramatic court scene where the prosecutor picks up a menacing weapon used in the commission of the crime. As he or she thrusts it up high for all to see, a collective gasp echoes through the courtroom. The jury’s eyes widen as their minds struggle to process the weapon visually. 
Now consider the same movie scene again. Except this time, the prosecutor picks up a laptop and thrusts it into the air. The same dramatic reaction, however, is unlikely. Although digital evidence that is stored in devices might seem intangible, this type of evidence has been used in previous legal cases for trying cybercrime. 
Cybercrime is just as real and subject to the same burdens of proof and judicial process. Yet, the admissibility of digital evidence for establishing proof of a cybercrime can be challenging. Understanding the linkage between digital evidence and the execution of a cybercrime is important for establishing a legal case.

To prepare for this Assignment, pick one of the following areas of cybercrime and select a federal or state law that addresses it:

•    Computer Intrusions
•    Cyberterrorism
•    Cyberharassment and Cyberstalking
•    Economic Espionage
•    Financial Crimes and Fraud

For this Assignment, write a 3- to 5-page paper in APA format that:

•    Summarizes the key elements of the law.
•    Explains the types of digital evidence that would need to be collected to prosecute a case under this law. Be sure that you include possible sources of evidence, such as computing devices, wireless devices, and Internet service providers (ISPs).
•    Proposes a new or emerging technology within the area of cybercrime selected that might not be covered under this law.

Required Readings
Easttom, C., & Taylor, J. (2011). Computer crime, investigation, and the law. Boston, MA: Course Technology.

Chapter 6, “Organized Crime and Cyber Terrorism” (pp. 210–223)
These pages discuss cyber terrorism, information warfare, and cyber espionage.

FindLaw. (1999). United States v. Upham. Retrieved from http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=search&case=/data2/circs/1st/981121.html

Assignment 1: Computer Incident Response Team Plan

You probably have heard the names Ebola, Bird Flu, and West Nile Virus. In recent years, these names have made headlines as clusters of outbreaks have occurred around the globe. Given the serious nature of infectious diseases and the possibility of regional or global outbreaks, organizations like the Centers for Disease Control and Prevention (CDC) have incident response teams that can quickly deploy anywhere in the world to investigate potential outbreaks and contain them if need be.
IT incidents are similar to infectious disease outbreaks in that if safeguards are not in place to prevent them, critical systems and information may be compromised. To mitigate these incidents, many IT departments have specialized teams, called computer incident response teams (CIRTs). These teams mobilize and respond to incidents. As with emergent infectious disease response teams, the sooner CIRT teams respond, the sooner incidents can be contained.
                                                                                ***
The Plush Packet Institute of Technology (PPIT) Board of Directors’ next priority is the school’s ability to respond to security incidents, especially with a second school opening in the near future. The board has asked you to begin drafting a CIRT plan.

For this Assignment, write a 2- to 3-page CIRT plan for PPIT that:

•    Classifies the types of computer incidents that would “activate” the CIRT
•    Defines at least three roles for CIRT members
•    Defines at least two primary responsibilities for CIRT members
•    Defines two CIRT policies

Assignment 2: Risk Management
Driving your car anywhere is risky. Imagine that your car’s tire treads are worn to the point that they might “blow out” at any moment. Unfortunately, you cannot afford new tires until the end of the month, but you still need to go to work every day. What should you do? To make a decision, you would need to assess the risks of driving your car carefully.
Like people, organizations must manage risk carefully. To do so, risks must be identified and evaluated continuously. Documents like risk assessment reports are integral to maintaining the appropriate level of risk tolerance.   
                                                                            ***
The Plush Packet Institute of Technology (PPIT) Board of Directors’ next priority is risk assessment. The board has asked you to begin drafting a risk assessment report for the current school.
To prepare for this Assignment, review the Case Study: Plush Packet Institute of Technology in this unit’s Learning Resources.

For this Assignment, write a 4- to 5-page risk assessment report for PPIT that addresses the following:

•    Threats from agents, especially those from the network
•    Vulnerability appraisal
•    Risk assessment
•    Risk mitigation

Required Readings

Cichonski, P., Millar, T., Grance, K., & Scarfone, K. (2012). Computer security incident handling guide (Special Publication 800-61). Retrieved from http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf
This document provides computer incident response guidelines.

Kral, P. (2011). The incident handler’s handbook. Retrieved from http://www.sans.org/reading_room/whitepapers/incident/incident-handlers-handbook_33901
This document describes the six phases of the incident handling process.

University of Arkansas. (n.d.). Risk assessment guidelines. Retrieved from http://cardops.uark.edu/forms/RiskAssessment_Guide.pdf
This document describes risk assessment and provides a sample report.

Document: Case Study: Plush Packet Institute of Technology (PDF document)
Note: You will use this document to complete Assignment 2 in this unit.

Assignment: Certified Forensic Tools

Have you ever read a fictional story about a treasure hunt for pirate’s gold? Adventurers often follow a crude map that marks the exact spot of the treasure with a large “X.” To find the treasure, the adventurers must overcome many challenges and use a wide variety of resources. In the end, they unearth a treasure chest and delight in its riches.
Computer forensics investigations are like treasure hunts conducted in reverse. The location of the treasure is specified in a search warrant and “X” marks a property on a city map. As a forensics investigator, you are given the treasure first—a bounty of computers, devices, and information. Your job is to analyze this treasure and work backwards to the suspects. To accomplish this, you will use certified forensics tools to preserve digital evidence. Like a serpentine dashed trail on the treasure map, your path will have many twists and turns and might take you through memory addresses, inside devices, and across networks. Without certified forensics tools, authorities would find it difficult, if not impossible to collect and preserve digital evidence. Prosecutors would have an even greater challenge bringing many cases to trial.
                                                                                ***
You are a forensics expert working at a federal lab. You have been given the following physical evidence for a suspect being held on numerous charges that include plotting to destroy federal facilities, aiding and abetting terrorists, and counterfeiting:
•    Phones (3 smart phones, 1 old analog phone, and 1 used pre-paid cell phone)
•    Media (44 data DVDs, 13 data CDs, 2 SD cards, and two 3.5” floppy disks)
•    Cameras (1 digital camera with a cracked lens and 1 DSLR camera body)
•    Hard Drives (5 external and 8 internal hard drives)
•    Routers (1 router)
•    Tablets (2 tablets)
•    PDAs (1 PDA [personal digital assistant])
•    Laptops (2 PC laptops and 1 Mac notebook)
•    Desktops (1 PC desktop with monitor, mouse, and external 3.5” floppy drive)
•    Thumb Drives (1 thumb drive)

One of the laptops is on and connected to a foreign network through a wireless access point—a directory structure is visible; the operating system is Windows XP. The suspect is also known to have an account with an Internet Service Provider (ISP).

For this Assignment, write a 4- to 5-page report in APA format that evaluates several forensic software tools.

Explain which ones you might use to conduct your investigation of the physical evidence. Be sure to address tools that you might use to collect evidence from the foreign network. Justify your choices.

Required Readings
Easttom, C., & Taylor, J. (2011). Computer crime, investigation, and the law. Boston, MA: Course Technology.

•    Chapter 7, “Observing, Collecting, Documenting, and Storing Electronic Evidence” (pp. 227–245)
This chapter outlines the steps for an investigator to follow when initiating any investigation.

•    Chapter 8, “Collecting Evidence from Hardware” (pp. 247–273)
This chapter describes how to perform a forensic examination, find, and catalog evidence from a hard drive.

•    Chapter 9, “Collecting Evidence from the Operating System” (pp. 275–300)
This chapter describes how to gather information from the operating system.

•    Chapter 10, “Collecting Evidence from Other Sources” (pp. 301–315) 
This chapter describes how evidence is collected from various sources such as firewalls and routers.

Assignment 1: Jurisdictional Aspects of Cybercrime

You are using your wireless device to locate a restaurant. Suddenly, a large flashing skull-and-crossbones appears on your screen and a menacing laugh plays. Seconds later your device has been wiped clean. You are the victim of a cybercrime. If caught, can the cybercriminal that destroyed your device’s data be brought to justice, regardless of jurisdiction?
To prepare for this Assignment, examine a law that addresses cybercriminal (e.g., hackers, spammers, or cyber terrorists) offenses.

For this Assignment, write a 2- to 3-page paper in APA format that:

•    Explains the law’s key elements, especially those related to jurisdiction and sentencing.
•    Analyzes the jurisdictional aspects of cybercrime related to bringing cybercriminals to justice. Provide an example in which this law might apply.

Assignment 2: Copyright and its Various Owner Rights

The Internet has facilitated exposure for a multitude of industries, artists, and products. However, inherent challenges exist when attempting to protect ownership. If users have access to someone else’s media and documents, should they be able to copy, modify, or distribute them? This is a crucial question that individuals and legislators are attempting to answer in this digital age.
                                                                        ***
You have just passed the state bar exam and are now officially an attorney. As a reward, the junior partner has assigned you a case. Your client is a popular band named Pixel the Pony. The band’s manager, Hub “The Hippo,” and record producer, Mac “The Meerkat” are in your office. Hub explains that the band’s new single “Pony Express” is being distributed illegally by music lovers on the Internet in mp3 format. He discusses at length the substantial time and costs the band incurred creating this original work.
Once he finishes, Mac shows you spreadsheets detailing costs, expenses, and projected profits. She feels that the illegal distribution (via peer-to-peer networks [P2P]) will result in the record label losing significant income. Hub and Mac want the distributions to stop immediately and those responsible held accountable. So far, the record label’s investigators have determined that illegal distribution has occurred in the United States and abroad.

For this Assignment, write a 4- to 5-page paper in APA format that:

•    Specifies which U.S. intellectual property, digital rights management, and/or property laws apply to this case
•    Enables your case as a consideration in the purview of “fair use” under the law
•    Proposes remedies the law provides for the enlisted violations
•    Addresses how your client’s expected revenues will be adversely impacted
•    Discusses legal remedies that you will be seeking on behalf of your client
•    Briefly addresses possible international jurisdictional problems

Assignment: Cybercrime-Related Laws and Digital Evidence

Imagine you are watching a movie that has a dramatic court scene where the prosecutor picks up a menacing weapon used in the commission of the crime. As he or she thrusts it up high for all to see, a collective gasp echoes through the courtroom. The jury’s eyes widen as their minds struggle to process the weapon visually.  

Now consider the same movie scene again. Except this time, the prosecutor picks up a laptop and thrusts it into the air. The same dramatic reaction, however, is unlikely. Although digital evidence that is stored in devices might seem intangible, this type of evidence has been used in previous legal cases for trying cybercrime.  

Cybercrime is just as real and subject to the same burdens of proof and judicial process. Yet, the admissibility of digital evidence for establishing proof of a cybercrime can be challenging. Understanding the linkage between digital evidence and the execution of a cybercrime is important for establishing a legal case.

To prepare for this Assignment, pick one of the following areas of cybercrime and select a federal or state law that addresses it:

  • Computer Intrusions
  • Cyberterrorism
  • Cyberharassment and Cyberstalking
  • Economic Espionage
  • Financial Crimes and Fraud

 For this Assignment, write a 3- to 5-page paper in APA format that:

  • Summarizes the key elements of the law.
  • Explains the types of digital evidence that would need to be collected to prosecute a case under this law. Be sure that you include possible sources of evidence, such as computing devices, wireless devices, and Internet service providers (ISPs).
  • Proposes a new or emerging technology within the area of cybercrime selected that might not be covered under this law.

Required Readings

Easttom, C., & Taylor, J. (2011). Computer crime, investigation, and the law. Boston, MA: Course Technology.

Chapter 6, “Organized Crime and Cyber Terrorism” (pp. 210–223)
These pages discuss cyber terrorism, information warfare, and cyber espionage.

FindLaw. (1999). United States v. Upham. Retrieved from http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=search&case=/data2/circs/1st/981121.html

 Assignment 1: Computer Incident Response Team Plan

 

You probably have heard the names Ebola, Bird Flu, and West Nile Virus. In recent years, these names have made headlines as clusters of outbreaks have occurred around the globe. Given the serious nature of infectious diseases and the possibility of regional or global outbreaks, organizations like the Centers for Disease Control and Prevention (CDC) have incident response teams that can quickly deploy anywhere in the world to investigate potential outbreaks and contain them if need be.

IT incidents are similar to infectious disease outbreaks in that if safeguards are not in place to prevent them, critical systems and information may be compromised. To mitigate these incidents, many IT departments have specialized teams, called computer incident response teams (CIRTs). These teams mobilize and respond to incidents. As with emergent infectious disease response teams, the sooner CIRT teams respond, the sooner incidents can be contained.

                                                                                 ***

The Plush Packet Institute of Technology (PPIT) Board of Directors’ next priority is the school’s ability to respond to security incidents, especially with a second school opening in the near future. The board has asked you to begin drafting a CIRT plan.

For this Assignment, write a 2- to 3-page CIRT plan for PPIT that:

  • Classifies the types of computer incidents that would “activate” the CIRT
  • Defines at least three roles for CIRT members
  • Defines at least two primary responsibilities for CIRT members
  • Defines two CIRT policies

Assignment 2: Risk Management

Driving your car anywhere is risky. Imagine that your car’s tire treads are worn to the point that they might “blow out” at any moment. Unfortunately, you cannot afford new tires until the end of the month, but you still need to go to work every day. What should you do? To make a decision, you would need to assess the risks of driving your car carefully.

Like people, organizations must manage risk carefully. To do so, risks must be identified and evaluated continuously. Documents like risk assessment reports are integral to maintaining the appropriate level of risk tolerance.     

                                                                            ***

The Plush Packet Institute of Technology (PPIT) Board of Directors’ next priority is risk assessment. The board has asked you to begin drafting a risk assessment report for the current school.

To prepare for this Assignment, review the Case Study: Plush Packet Institute of Technology in this unit’s Learning Resources.

For this Assignment, write a 4- to 5-page risk assessment report for PPIT that addresses the following:

  • Threats from agents, especially those from the network
  • Vulnerability appraisal
  • Risk assessment
  • Risk mitigation

Required Readings

Cichonski, P., Millar, T., Grance, K., & Scarfone, K. (2012). Computer security incident handling guide (Special Publication 800-61). Retrieved from http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf
This document provides computer incident response guidelines.

Kral, P. (2011). The incident handler’s handbook. Retrieved from http://www.sans.org/reading_room/whitepapers/incident/incident-handlers-handbook_33901
This document describes the six phases of the incident handling process.

University of Arkansas. (n.d.). Risk assessment guidelines. Retrieved from http://cardops.uark.edu/forms/RiskAssessment_Guide.pdf
This document describes risk assessment and provides a sample report.

Document: Case Study: Plush Packet Institute of Technology (PDF document)

Note: You will use this document to complete Assignment 2 in this unit.

Assignment: Certified Forensic Tools

Have you ever read a fictional story about a treasure hunt for pirate’s gold? Adventurers often follow a crude map that marks the exact spot of the treasure with a large “X.” To find the treasure, the adventurers must overcome many challenges and use a wide variety of resources. In the end, they unearth a treasure chest and delight in its riches.

Computer forensics investigations are like treasure hunts conducted in reverse. The location of the treasure is specified in a search warrant and “X” marks a property on a city map. As a forensics investigator, you are given the treasure first—a bounty of computers, devices, and information. Your job is to analyze this treasure and work backwards to the suspects. To accomplish this, you will use certified forensics tools to preserve digital evidence. Like a serpentine dashed trail on the treasure map, your path will have many twists and turns and might take you through memory addresses, inside devices, and across networks. Without certified forensics tools, authorities would find it difficult, if not impossible to collect and preserve digital evidence. Prosecutors would have an even greater challenge bringing many cases to trial.

                                                                                ***

You are a forensics expert working at a federal lab. You have been given the following physical evidence for a suspect being held on numerous charges that include plotting to destroy federal facilities, aiding and abetting terrorists, and counterfeiting:

  • Phones (3 smart phones, 1 old analog phone, and 1 used pre-paid cell phone)
  • Media (44 data DVDs, 13 data CDs, 2 SD cards, and two 3.5” floppy disks)
  • Cameras (1 digital camera with a cracked lens and 1 DSLR camera body)
  • Hard Drives (5 external and 8 internal hard drives)
  • Routers (1 router)
  • Tablets (2 tablets)
  • PDAs (1 PDA [personal digital assistant])
  • Laptops (2 PC laptops and 1 Mac notebook)
  • Desktops (1 PC desktop with monitor, mouse, and external 3.5” floppy drive)
  • Thumb Drives (1 thumb drive)

One of the laptops is on and connected to a foreign network through a wireless access point—a directory structure is visible; the operating system is Windows XP. The suspect is also known to have an account with an Internet Service Provider (ISP).

For this Assignment, write a 4- to 5-page report in APA format that evaluates several forensic software tools.

 Explain which ones you might use to conduct your investigation of the physical evidence. Be sure to address tools that you might use to collect evidence from the foreign network. Justify your choices.

Required Readings

Easttom, C., & Taylor, J. (2011). Computer crime, investigation, and the law. Boston, MA: Course Technology.

  • Chapter 7, “Observing, Collecting, Documenting, and Storing Electronic Evidence” (pp. 227–245)
    This chapter outlines the steps for an investigator to follow when initiating any investigation.

  • Chapter 8, “Collecting Evidence from Hardware” (pp. 247–273)
    This chapter describes how to perform a forensic examination, find, and catalog evidence from a hard drive.

  • Chapter 9, “Collecting Evidence from the Operating System” (pp. 275–300)
    This chapter describes how to gather information from the operating system.

  • Chapter 10, “Collecting Evidence from Other Sources” (pp. 301–315)  
    This chapter describes how evidence is collected from various sources such as firewalls and routers.

Assignment 1: Jurisdictional Aspects of Cybercrime

You are using your wireless device to locate a restaurant. Suddenly, a large flashing skull-and-crossbones appears on your screen and a menacing laugh plays. Seconds later your device has been wiped clean. You are the victim of a cybercrime. If caught, can the cybercriminal that destroyed your device’s data be brought to justice, regardless of jurisdiction?

To prepare for this Assignment, examine a law that addresses cybercriminal (e.g., hackers, spammers, or cyber terrorists) offenses.

For this Assignment, write a 2- to 3-page paper in APA format that:

  • Explains the law’s key elements, especially those related to jurisdiction and sentencing.
  • Analyzes the jurisdictional aspects of cybercrime related to bringing cybercriminals to justice. Provide an example in which this law might apply.

Assignment 2: Copyright and its Various Owner Rights

The Internet has facilitated exposure for a multitude of industries, artists, and products. However, inherent challenges exist when attempting to protect ownership. If users have access to someone else’s media and documents, should they be able to copy, modify, or distribute them? This is a crucial question that individuals and legislators are attempting to answer in this digital age.

                                                                        ***

You have just passed the state bar exam and are now officially an attorney. As a reward, the junior partner has assigned you a case. Your client is a popular band named Pixel the Pony. The band’s manager, Hub “The Hippo,” and record producer, Mac “The Meerkat” are in your office. Hub explains that the band’s new single “Pony Express” is being distributed illegally by music lovers on the Internet in mp3 format. He discusses at length the substantial time and costs the band incurred creating this original work.

Once he finishes, Mac shows you spreadsheets detailing costs, expenses, and projected profits. She feels that the illegal distribution (via peer-to-peer networks [P2P]) will result in the record label losing significant income. Hub and Mac want the distributions to stop immediately and those responsible held accountable. So far, the record label’s investigators have determined that illegal distribution has occurred in the United States and abroad.

For this Assignment, write a 4- to 5-page paper in APA format that: 

  • Specifies which U.S. intellectual property, digital rights management, and/or property laws apply to this case
  • Enables your case as a consideration in the purview of “fair use” under the law
  • Proposes remedies the law provides for the enlisted violations
  • Addresses how your client’s expected revenues will be adversely impacted
  • Discusses legal remedies that you will be seeking on behalf of your client
  • Briefly addresses possible international jurisdictional problems