Digital Forensics and the Chain of Custody to Counter Cybercrime

Digital Forensics and the Chain of Custody to Counter Cybercrime

Andreas Mitrakas (European Network and Information Security Agency (ENISA), UK) and Damián Zaitch (Erasmus University, The Netherlands)
Copyright: © 2009 |Pages: 19
DOI: 10.4018/978-1-60566-204-6.ch010
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Targeting information technology resources has marked a growing trend for all sorts of reasons that include, profit making, causing damage, carrying out espionage, exploiting human beings etc. Although information security is used to protect information assets, electronic crime remains firmly on the rise. Computer forensics is the analysis of data processing equipment such as a data carrier, a network etc. to determine whether that equipment has been used for illegal or unauthorised purposes. Establishing the chain of custody through appropriate policy frameworks can be used in order to assess the quality of the collected data. Policy for forensics may address the practices of forensics agents and labs in investigating cybercrime. This chapter concludes that full-scale harmonisation of policies on criminal law and legal processes is likely to only happen at regional level (e.g. the EU) rather than at a global scale. Along with the assumption that safe havens where criminals operate from are not likely to be suppressed any time soon, leads to the conclusion that cyber-crime is here to stay for the long run in spite of the good efforts made to trail digital suspects through digital forensics.
Chapter Preview
Top

Framing The Debate

Forensics or forensic science is the application of science to questions, which are of interest to the legal system. Computer forensics is the analysis of data processing equipment such as a data carrier, a network etc. to determine whether that equipment has been used for illegal or unauthorised purposes. Linking the equipment with its user can provide breakthroughs in the investigation process of an illegal act or a crime.

In spite of the criminological debate regarding concept and scope, most authors and policy makers interchangeably use concepts such as high-tech crime, digital crime, e-crime, computer-facilitated crime, cybercrime or computer-related crime as mere synonyms. In this chapter the term cybercrime is used to describe computer assisted crime. Additionally this chapter addresses aspects of illegal acts that do not necessarily have an interest from a penal law or a criminology point of view, they consist, nevertheless breaches that have to be dealt with.

Cybercrime involves attacking information systems or data for malicious purposes that often include a wide variety of crimes against persons, property or public interest. In these instances information systems are used to facilitate criminal activity. In other cases cyber criminals might directly target such information systems for the purpose of making profit, stealing secrets or damaging the interest of third parties. Cyber attacks have received substantial attention in view of the growing variety of means to carry them out. Various forms of attacks may target individual users (e.g. identity theft), groups of users (e.g. e-government systems, e-banking systems etc.), industrial interests (e.g. IPR theft), general malicious behaviour (e.g. spamming, spreading viruses or malware) etc. While in general property is the main target of cybercrime in the various ways that it can be accomplished, other crimes can be accomplished too such as the accessing and exchange of child pornography etc [Pfleeger, 2000].

Complete Chapter List

Search this Book:
Reset