•  
  •  
 

Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

This paper describes a case study in which a method for forensic analysis of control was applied to resolve probative technical issues in a legal action. It describes one instance in which the analysis was successfully applied without challenge, addresses the details of most of the different facets of the analysis method, and demonstrates how such analysis provides a systematic approach to using technical methods to address legal issues as a case study.

References

[1] USC 18, PI, Ch47, § 1030, Fraud and related activity in connection with computers. http://www.law.cornell.edu/uscode/18/1030.html [Whoever (5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.]

[2] CA Penal Code Section 502, Unauthorized Access To Computers, Computer Systems and Computer Data [any person who commits any of the following acts is guilty of a public offense:(1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data. (2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network. (3) Knowingly and without permission uses or causes to be used computer services. (4) Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network. (5) Knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. (7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network. (8) Knowingly introduces any computer contaminant into any computer, computer system, or computer network.]

[3] F. Cohen, "A Method for Forensic Analysis of Control”, IFIP TC-11 Computers and Security, V29, #8, (2010) pp 891-902.

[4] RFC 821

[5] P. Mockapetris, “Domain Names – Implementation and Specification”, RFC 1035 available at ftp://ftp.rfc-editor.org/in-notes/rfc1035.txt defines Internet standard 13, November, 1987.

[6] RFC 2821

[7] F. Cohen, "Digital Forensic Evidence Examination - 2nd Edition", ASP Press, 2010

[8] Case BC375173, William Silverstein v. Liquid Minds, LLC, et. al.

[9] Turing, “On Computable Numbers, with an Application to the Entscheidungsproblem”, London Math Soc. Ser 2. Vol 42,Nov 12,1936,230-265.

[10] Intel Corporaiton, Plaintiff and Respondent, v. Kourosh Kenneth Hamidi, Defendant and Appellant. No. S103781. Supreme Court of California.

[11] F. Cohen, “A Note on Distributed Coordinated Attack”, IFIP-TC11, `Computers and Security', V15, #2, 1996, pp. 103-121(19).

[12] P. Gladyschev, “Formalising Event Reconstruction in Digital Investigations”, Dissertation, University College, Dublin, 2004-0-8.

[13] B. Carrier, “A Hypothesis-Based Approach to Digital Forensic Investigations”, Dissertation, Purdue University, 2006-05, also available as CERIAS Tech Report 2006-06.

[14] F. Cohen, "Two models of digital forensic examination", IEEE SADFE, 2009-05-21, Oakland, CA

[15] F. Cohen, "Digital Forensic Evidence Examination - 3re Edition", ASP Press, 2011, Chapter 3 available online at “http://infophys.com”

[16] F. Cohen, J. Lowrie, and C. Preston, “The State of the Science of Digital Evidence Examination“, IFIP Advances in Digital Forensics VII, pending publication, Springer, 2011.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.