Professional Documents
Culture Documents
Gregory J. Lubinsky
Andrew J. Mahaney
Abstract
The abject differences between Law Enforcement Agencies compared to Corporate Investigators
and the differences in responsibility for handling evidence and enforcement of the privacy laws.
How corporate and LEA divides the work load in four areas and the law that governs LEA to
Introduction
between what Law Enforcement does, opposed to what a corporation do? The total time and
endeavor due to initial preparation and careful research is decisive to a triumphant investigation
in computer forensics (AIU, 2010). Police take time to plan before initiating an investigation,
corporate investigators develop guidelines and plans to contain incidents (AIU, 2010). In short
this determination has a dual focus for computer forensics (See Appendix A)
Corporate Investigations
Corporate side of computer investigation: Little can be done to prevent a attack even if
you know one is coming, simply because you don’t know what kind of attack it will be. In this
case neither LEA or Corporate Investigators are saverily limited to what they can do. Once an
attack has begun, LE cannot do much it is up to the IRT (Incident Response Team) to protect and
defend the system. However it is necessary to have LE close by to relay any pertinent data and
information such as who is attacking, and where they are attacking from! This is why
corporations focus on prevention and detection more so than anything else (AIU). Specifics of
the intrusion is also relevant due to the nature of the attack, such as if the attack is internal to the
corporation or if it leads to an outside source also dictates whether or not it is necessary for Law
Enforcement to get involved or not. Detection points to the individual or group, in a specific
location as much as it identifies the type of incident and the recourse needed to deter the attack
and counter future attacks and to implement safeguards. It might also be said that protection of
Computer Forensic v. Law Enforcement: It has been said many times about the
commencement of computer investigations, and from that point of view there is a lot more work
than there is for law enforcement. However without the aid of law enforcement, investigations
could not even be initiated, and the need for warrants, computer forensics might not ever get
started! At the very beginning of the investigation, you have to take in account a persons privacy
and rights under the law, this includes the fourth amendment and in some cases the 1st and 5th
amendments. Probable cause without backup and follow up is moot, the evidence collected can
get thrown out of court, this is why it is important to follow the rules of investigation,
Computers are owned by people, and people place personal information on them such as
bank, health, financial and insurance information that is specific to their livelihood, in some
cases intellectual work or in other words copyright material. This is one reason for the fourth
amendment and other privacy laws.The concept of privacy for computers is a controlled
disclosure, sensitive data and affected subject (Pfleeger, 2007). Privacy as it relates to computers
involves eight dimensions of privacy tha tinclude: Collection, Usage, Retention, Disclosure,
Security, Access Control, Monitoring and fair information policies (Pleeger, 2007). Some of
these concepts and dimensions are in multiple parts, like controlled disclosure also involves non-
disclosure or access without consent (Pfleeger, 2007). Another is Fair Information polices which
is described in two section four to eight parts, see list in Appendix C(Pfleeger, 2007). In order for
COMPUTER FORENSICS TECHNIQUES 5
privacy acts to be effective the Federal Trade Commission there would have to be support from
the government to safeguard websites with condition that would have to be met before the
implementation of privacy laws. The five stipulations are: Notice (Self Identification of
Conclusion
Computer Crime Investigation it that the LEA during an active attact will arrest the suspect, or
after the crime is committed secure the location and crime scene and any additional areas noted
byt eh computer inspector. Enforcement of warrants and conforming to laws of privacy for all
concerned in addition with any seized material and the unbroken chain of custody from the
investigation. The LEA is also responsible for the transportation and lock up of all pertinent
Reference
AIU Online (2010). ITF 403 Unit 2 Computer forensics techniques [Multimedia]. Retrieved from
=/Default.aspx website.
Pfleeger, C.P. & S.L., (2007). Security in computing (4th ed.). Upper Saddle River, N.J.,
Prentice/Hall
Steel, C. (2006). Windows forensics, a field guide for conducting corporate computer
Appendix A
11B
B464C67A2
12345678967A2
*AA%45A3742C4
12324567789AB6C
DFA68E9F6F4
C424
4CA34EC945A F972A56A
94E922A645
92CA4AA5
9891645
E925AE69
98!B964"74#$AC967A2
DF7C992B78769
1242679CAA2426592
43742C46A94
A641237EA24269 %7E728CA278E967A25
AC967A2
CA2767A25 A4C6$949&'#()B755
DEA64C7A2
Appendix B
F4AC5AE$9%2AEC42675
1!1*AC5
.2
45A3742C4 F972A56A
+C-7E4$A8A2969
4CE46F4+E49 D4E7557A2EA6F4
DFA6A8E9FC424 54C6 11B
4CA34E75C9E4 A4C6B969
964E79!A645 A24/9EBE7345728
A64AA592 %E764A2C4B0592
CA4AA5 B1B5
,2A%6F4
-7426 254A*AE6AAA%434E
DF57C974C4A43742C"
,2A%39E7A5 593444C6EA27C969752A%
.5645 F57C943742C4
#A6%9E4
E925AE6%76FA*AE"
25E4434E6F7287572
,2A%6F4$9% +56967CE449892
14267749698
94"24E"96492
AC967A2
Appendix C
Fair Information
*97E12AE967A2DA7C745
*97E12AE967A2DE9C67C45 DEA64C66AE4B969
$776967A25A
A4C67A2 4C4
3A5E4
4976A
B++ 4C4
425767376
DEA54A
12AE967A2
+2A2754
4976A B969
B++
254A 2CE66F4
12AE967A2 B969
4CE76
9489E5
.42455
127379
9E67C7967A2
+CCA269776