Cyber Crime Investigations: Bridging the Gaps Between Security Professionals, Law Enforcement, and Prosecutors by Anthony Reyes, Richard Brittson, Kevin O'Shea, James Steele | | NOOK Book (eBook) | Barnes & Noble
Cyber Crime Investigations: Bridging the Gaps Between Security Professionals, Law Enforcement, and Prosecutors

Cyber Crime Investigations: Bridging the Gaps Between Security Professionals, Law Enforcement, and Prosecutors

by Anthony Reyes, Richard Brittson, Kevin O'Shea, James Steele

View All Available Formats & Editions

Written by a former NYPD cyber cop, this is the only book available that discusses the hard questions cyber crime investigators are asking.

The book begins with the chapter “What is Cyber Crime?” This introductory chapter describes the most common challenges faced by cyber investigators today. The following chapters discuss the methodologies behind


Written by a former NYPD cyber cop, this is the only book available that discusses the hard questions cyber crime investigators are asking.

The book begins with the chapter “What is Cyber Crime?” This introductory chapter describes the most common challenges faced by cyber investigators today. The following chapters discuss the methodologies behind cyber investigations; and frequently encountered pitfalls. Issues relating to cyber crime definitions, the electronic crime scene, computer forensics, and preparing and presenting a cyber crime investigation in court will be examined. Not only will these topics be generally be discussed and explained for the novice, but the hard questions —the questions that have the power to divide this community— will also be examined in a comprehensive and thoughtful manner.

This book will serve as a foundational text for the cyber crime community to begin to move past current difficulties into its next evolution.

* This book has been written by a retired NYPD cyber cop, who has worked many high-profile computer crime cases

* Discusses the complex relationship between the public and private sector with regards to cyber crime

* Provides essential information for IT security professionals and first responders on maintaining chain of evidence

Product Details

Elsevier Science
Publication date:
Sold by:
Barnes & Noble
File size:
3 MB

Read an Excerpt

Cyber Crime Investigations

Bridging the Gaps Between Security Professionals, Law Enforcement, and Prosecutors
By Anthony Reyes


Copyright © 2007 Elsevier, Inc.
All right reserved.

ISBN: 978-0-08-055363-4

Chapter One

The Problem at Hand

Midway upon the journey of our life I found myself within a forest dark, For the straightforward pathway had been lost. .... I cannot well repeat how there I entered, So full was I of slumber at the moment In which I had abandoned the true way —Dante Alighieri The Divine Comedy—Inferno

Solutions in this chapter:

* The Gaps in Cyber Crime Law * Unveiling the Myths Behind Cyber Crime * Prioritizing Evidence * Setting the Bar too High

  •   Summary
  •   Solutions Fast Track
  •   Frequently Asked Questions


    In the literary classic The Inferno, Dante wakes up from a semiconscious state only to find himself lost in the Dark Woods of Error. Uncertain how he came to stray from the True Way, Dante attempts to exit the woods and is immediately driven back by three beasts. Dante, faced with despair and having no hope of ever leaving the woods, is visited by the spirit of Virgil. Virgil, a symbol of Human Reason, explains he has been sent to lead Dante from error. Virgil tells him there can be no direct ascent to heaven past the beasts, for the man who would escape them must go a longer and harder way. Virgil offers to guide Dante, but only as far as Human Reason can go (Ciardi, 2001).

    As with Dante, I too frequently "strayed from the True Way into the Dark Woods of Error" when investigating cyber crime. Often times, I found myself lost as a result of a lack of available information on how to handle the situations I confronted. Yet other times I wasn't quite sure how I got to the point where I became lost. As a cyber crimes investigator, you've undoubtedly encountered similar situations where there was little or no guidance to aid you in your decision-making process. Often, you find yourself posting "hypothetical" questions to an anonymous list serve, in the hopes that some stranger's answer might ring true. Although you've done your due diligence, sleepless nights accompany you as you contemplate how your decision will come back to haunt you.

    We recently witnessed such an event with the Hewlett-Packard Board of Directors scandal. In this case, seasoned investigators within HP and the primary subcontracting company sought clarity on an investigative method they were implementing for an investigation. The investigators asked legal counsel to determine if the technique being used was legal or illegal. Legal counsel determined that the technique fell within a grey area, and did not constitute an illegal act. As a result, the investigators used it and were later arrested. This situation could befall any cyber crimes investigator.

    Cyber crime investigations are still a relatively new phenomenon. Methods used by practitioners are still being developed and tested today. While attempts have been made to create a methodology on how to conduct these types of investigations, the techniques can still vary from investigator to investigator, agency to agency, corporation to corporation, and situation to situation. No definitive book exists on cyber crime investigation and computer forensic procedures at this time. Many of the existing methodologies, books, articles, and literature on the topic are based on a variety of research methods, or interpretations on how the author suggests one should proceed. The field of computer forensics is so new that the American Academy of Forensic Sciences is only now beginning to accept it as a discipline under its general section for forensic sciences. I suspect that cyber crime investigations and the computer forensic methodologies are still in their infancy stages and that the definitive manual has yet to be written.

    In the following pages and chapters, areas of difficulties, misconceptions, and flaws in the cyber investigative methodology will be discussed in an attempt to bridge the gaps. This book is by no means intended to be the definitive book on cyber crime investigations. Rather, it is designed to be a guide, as Virgil was to Dante, to help you past the "Beasts" and place you back on the road to the True Way. While I anticipate readers of this book to disagree with some of the authors' opinions, it is my hope that it will serve to create a dialogue within our community that addresses the many issues concerning cyber crime investigations. Dante was brought to the light by a guide—a guide that symbolized Human Reason. We, too, can overcome the gaps that separate and isolate the cyber-investigative communities by using this same faculty, our greatest gift.


    In the Hewlett-Packard case, legal consul did not fully understand the laws relating to such methodologies and technological issues. The lesson for investigators here is don't sit comfortable with an action you've taken because corporate consul told you it was okay to do it. This is especially true within the corporate arena. In the HP case, several investigators were arrested, including legal consul, for their actions.

    The Gaps in Cyber Crime Law

    When I started my stint as a "Cyber Detective" many cyber crime laws were nonexistent, information on the topic was scarce, and there were only a handful of investigators working these types of cases. Today, cyber crime laws are still poorly worded or simply don't apply to the types of crimes being investigated. Additionally, many cyber crimes laws still vary from state to state. Attempts to address cyber crimes in the law are thwarted by the speed at which technology changes compared to the rate at which laws are created or revised.

    In a research report published by the National Institute of Justice in 2001, researchers determined that uniform laws, which kept pace with electronic crimes, were among the top ten critical needs for law enforcement (National Institute of Justice, 2001). It found that laws were often outpaced by the speed of technological change. These gaps in the law were created by the length of time it took for legislation to be created or changed to meet the prosecutorial demands of cyber crimes.

    In 2003, I worked a child pornography case that demonstrated the gap between the legal framework and changing technology. In this case, I arrested a suspect who was a known trader in the child pornography industry. He had set up a file server that traded pictures and videos of child porn. This site was responsible for trading child porn with hundreds of users around the world on a daily basis. So the idea was to take over control of the file server and record the activities of the users who logged on. Knowing that I would essentially be recording the live activity of unsuspecting individuals, it was prudent to think I would need a wiretap order from the court. The only problem was that child pornography was not listed as one of the underlying crimes for which you could obtain a wiretap order under the New York State Criminal Procedure Code. Some of the crimes for which wiretapping was allowed at the time included murder, arson, criminal mischief, and falsifying business records—but not child pornography. As a result, we relied on the fact that New York State was a one-party consent state. This allowed me to record my side of the conversation—in this case, the computer activity. However, a problem still arose with the issue of privacy as it pertained to the IP addresses of the individuals logging in. The legal question was whether the unsuspecting users had a reasonable expectation of privacy as it related to their IP address. This issue caused great debates among the legal scholars involved. Nevertheless, we erred on the side of caution and obtained a trap and trace order. This court order allowed us to record the inbound connections of unsuspecting suspects and trace their connection back to their Internet service provider. We then issued subpoenas to identify the connection location and referred the case to the local jurisdiction. In the end, numerous arrests were made and cases where generated around the world. This is an example where the legal framework did not address our situation.


    One-party consent state The wiretap laws differ from state to state, and the # party consent refers to the number of parties that must consent to the recording of a conversation in a given state. Two-party states require that both parties consent to the recording of the conversation. Many times you may hear a recording when calling a company informing you that the conversation is going to be recorded. This helps fulfill the consent requirement for states that require both parties to consent. In the case discussed, one-party consent means that only one of the conversation's participants needs to agree in order to record the conversation. Traditionally, one-party consent applied to only telephone conversations, but in today's world, consent can include the recording of electronic communications.

    Trap and trace Trap and trace refers to a court order that allows law enforcement to capture calls to and from a location. Originally, it applied only to telephones but with the advent of computers and Voice over IP, it now encompasses other types of communication methods.

    Notes from the Underground ...


    Whenever there is a question of whether or not a warrant should be written, err on the side of caution. Get the warrant; chances are your intuition is right. So remember my little phrase: "when in doubt, write it out."

    Even though legal issues identified in the cyber porn example existed back then, little has changed to date. Revisiting the Hewlett-Packard Board of Directors scandal, the investigative techniques included pretexting and e-mail tracing. Lawyers, academic scholars, and investigators have raised the issue of whether or not HP's actions during the investigation were in fact illegal. According to news reports, there were no specific federal laws prohibiting HP's use of these investigative techniques (Krazit, 2006). Randal Picker, a professor of commercial law, also stated that he believes the techniques are legal, but that evidence collected from these techniques may not be admissible in a court of law (Picker, 2006).

    Getting back to the child porn example from 2003, would it surprise you to know that during the writing of this chapter I perused the New York State Legislature's Web site under the Criminal Procedure Law and still found that none of the laws pertaining to Article 263 (Sexual Performance by a Child) of the Penal Law are listed as designated offenses for which a wiretap order could be granted? Fear not, they at least updated the law to include Identity Theft (New York State, 2006). As you can see, these types of legal issues will continue to be raised as lawmakers and legislators struggle to find ways to respond adequately, and immediately, to change when technology affects the law.

    Unveiling the Myths Behind Cyber Crime

    Investigating cyber crime can be very intimidating to a technophobe. I recall walking into police stations, prosecutor's offices, and court rooms and seeing the faces of those on duty when I told them I had a crime that involved a computer. Many an expression would transform from a welcoming look to that of abject fear. Maybe the fear comes from the fact that most folks born prior to the year 2000 just weren't exposed to computers. I remember playing with "Lincoln Logs" and a "Barrel of Monkeys" growing up. Today, my nine-year-old son creates his own Web sites, and competes for rank when playing "Call of Duty 3" on his X-Box Live system. My older son, who's only 13, can maneuver quite well in the Linux environment.


    Excerpted from Cyber Crime Investigations by Anthony Reyes Copyright © 2007 by Elsevier, Inc.. Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
    Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

  • Meet the Author

    Anthony Reyes is a retired Detective with the New York City Police Department’s Computer Crimes Squad. During his assignment with the Computer Crimes Squad, he investigated computer intrusion, fraud, identity theft, child exploitation, and software piracy. Detective Reyes previously sat as an alternate member of New York Governor George E. Pataki's Cyber-Security Task Force. Mr. Reyes is a member of the New York State Internet Crimes Against Children Taskforce. He is also a member of the National Institute of Justice Electronic Crime Partnership Initiative (ECPI). Additionally, he is a member of the High Technology Crime Investigation Association (HTCIA), and served as the President in 2005 of the Association’s Northeast Chapter.
    Kevin O’Shea is a Homeland Security and Intelligence Specialist for the Technical Analysis Group in the Justiceworks program at the University of New Hampshire. Kevin assisted in the development of the NH Strategic Plan to Combat Cyber Crime and currently supports the implementation of the Strategic Plan. Kevin has authored and coauthored a number of high-tech training programs for the law enforcement community and has assisted in the development of a new digital forensics paradigm in use in N.H.

    Prior to working at the University of New Hampshire, he was a Research Associate for Project Management within the Technical Analysis Group in the Institute for Security Technology Studies at Dartmouth College. He was a member of the research team and substantive author of three critical national reports to document and present the most pressing impediments facing the law-enforcement community when investigating and responding to cyber attacks: Law Enforcement Tools and Technologies for Investigating Cyber Attacks: A National Needs Assessment, Gap Analysis, and the Research and Development Agenda.
    James “Jim” Steele (CISSP, MCSE: Security, Security+) has a career rich with experience in the security, computer forensics, network development, and management fields. For over 15 years he has played integral roles regarding project management, systems administration, network administration, and enterprise security management in public safety and mission-critical systems. As a Senior Technical Consultant assigned to the NYPD E-911 Center, he designed and managed implementation of multiple systems for enterprise security; he also performed supporting operations on-site during September 11, 2001, and the blackout of 2003. Jim has also participated in foreign projects such as the development of the London Metropolitan Police C3i Project, for which he was a member of the Design and Proposal Team. Jim’s career as a Technical Consultant also includes time with the University of Pennsylvania and the FDNY. His time working in the diverse network security field and expert knowledge of operating systems and network products and technologies has prepared him for his current position as Manager of Digital Forensics with a large wireless carrier. His responsibilities include performing workstation, server, PDA, cell phone, and network forensics as well as acting as a liaison to multiple law enforcement agencies, including the United States Secret Service and the FBI. On a daily basis he investigates cases of fraud, employee integrity, and compromised systems. Jim is a member of HTCC, NYECTF, InfraGard, CTIN and the HTCIA.

    Customer Reviews

    Average Review:

    Write a Review

    and post it to your social network


    Most Helpful Customer Reviews

    See all customer reviews >