Scene of the Cybercrime

Scene of the Cybercrime

by Debra Littlejohn Shinder

View All Available Formats & Editions

When it comes to computer crimes, the criminals got a big head start. But the law enforcement and IT security communities are now working diligently to develop the knowledge, skills, and tools to successfully investigate and prosecute Cybercrime cases. When the first edition of "Scene of the Cybercrime" published in 2002, it was one of the first books that educated IT


When it comes to computer crimes, the criminals got a big head start. But the law enforcement and IT security communities are now working diligently to develop the knowledge, skills, and tools to successfully investigate and prosecute Cybercrime cases. When the first edition of "Scene of the Cybercrime" published in 2002, it was one of the first books that educated IT security professionals and law enforcement how to fight Cybercrime. Over the past 5 years a great deal has changed in how computer crimes are perpetrated and subsequently investigated. Also, the IT security and law enforcement communities have dramatically improved their ability to deal with Cybercrime, largely as a result of increased spending and training. According to the 2006 Computer Security Institute's and FBI's joint Cybercrime report: 52% of companies reported unauthorized use of computer systems in the prior 12 months. Each of these incidents is a Cybecrime requiring a certain level of investigation and remediation. And in many cases, an investigation is mandates by federal compliance regulations such as Sarbanes-Oxley, HIPAA, or the Payment Card Industry (PCI) Data Security Standard.

Scene of the Cybercrime, Second Edition is a completely revised and updated book which covers all of the technological, legal, and regulatory changes, which have occurred since the first edition. The book is written for dual audience; IT security professionals and members of law enforcement. It gives the technical experts a little peek into the law enforcement world, a highly structured environment where the "letter of the law" is paramount and procedures must be followed closely lest an investigation be contaminated and all the evidence collected rendered useless. It also provides law enforcement officers with an idea of some of the technical aspects of how cyber crimes are committed, and how technology can be used to track down and build a case against the criminals who commit them. Scene of the Cybercrime, Second Editions provides a roadmap that those on both sides of the table can use to navigate the legal and technical landscape to understand, prevent, detect, and successfully prosecute the criminal behavior that is as much a threat to the online community as "traditional" crime is to the neighborhoods in which we live. Also included is an all new chapter on Worldwide Forensics Acts and Laws.

* Companion Web site provides custom tools and scripts, which readers can download for conducting digital, forensic investigations.
* Special chapters outline how Cybercrime investigations must be reported and investigated by corporate IT staff to meet federal mandates from Sarbanes Oxley, and the Payment Card Industry (PCI) Data Security Standard
* Details forensic investigative techniques for the most common operating systems (Windows, Linux and UNIX) as well as cutting edge devices including iPods, Blackberries, and cell phones.

Product Details

Elsevier Science
Publication date:
Scene of the Cybercrime: Computer Forensics Handbook Series
Sold by:
Barnes & Noble
Sales rank:
File size:
7 MB

Read an Excerpt

Scene of the Cybercrime

By Michael Cross


Copyright © 2008 Elsevier, Inc.
All right reserved.

ISBN: 978-0-08-048699-4

Chapter One

Facing the Cybercrime Problem Head-On

Topics we'll investigate in this chapter:

* Defining Cybercrime

* Categorizing Cybercrime

* Reasons for Cybercrimes

* Fighting Cybercrime

  •   Summary

  •   Frequently Asked Questions


    Today we live and work in a world of global connectivity. We can exchange casual conversation or conduct multimillion-dollar monetary transactions with people on the other side of the planet quickly and inexpensively. The proliferation of personal computers, easy access to the Internet, and a booming market for related new communications devices have changed the way we spend our leisure time and the way we do business.

    The ways in which criminals commit crimes are also changing. Universal digital accessibility opens new opportunities for the unscrupulous. Millions of dollars are lost by both businesses and consumers to computer-savvy criminals. Worse, computers and networks can be used to harass victims or set them up for violent attacks—even to coordinate and carry out terrorist activities that threaten us all. Unfortunately, in many cases law enforcement agencies have lagged behind these criminals, lacking the technology and the trained personnel to address this new and growing threat, which aptly has been termed cybercrime.

    Even though interest and awareness of the cybercrime phenomenon have grown in recent years, many information technology (IT) professionals and law enforcement officers have lacked the tools and expertise needed to tackle the problem. To make matters worse, old laws didn't quite fit the crimes being committed, new laws hadn't quite caught up to the reality of what was happening, and there were few court precedents to look to for guidance. Furthermore, debates over privacy issues hampered the ability of enforcement agents to gather the evidence needed to prosecute these new cases. Finally, there was a certain amount of antipathy—or at the least, distrust—between the two most important players in any effective fight against cybercrime: law enforcement agents and computer professionals. Yet, close cooperation between the two is crucial if we are to control the cybercrime problem and make the Internet a safe "place" for its users.

    Law enforcement personnel understand the criminal mindset and know the basics of gathering evidence and bringing offenders to justice. IT personnel understand computers and networks, how they work, and how to track down information on them. Each has half of the key to defeating the cybercriminal. This book's goal is to bring the two elements together, to show how they can and must work together to defend against, detect, and prosecute people who use modern technology to harm individuals, organizations, businesses, and society.

    Defining Cybercrime

    Cybercrime is a broad and generic term that refers to crimes committed using computers and the Internet, and can generally be defined as a subcategory of computer crime. If this sounds strange, consider that whether someone commits Internet fraud or mail fraud, both forms of deception fall under a larger category of fraud. The difference between the two is the mechanism that was used to victimize people. Cybercrime refers to criminal offenses committed using the Internet or another computer network as a component of the crime. Computers and networks can be involved in crimes in several different ways:

    * The computer or network can be the tool of the crime (used to commit the crime).

    * The computer or network can be the target of the crime (the "victim").

    * The computer or network can be used for incidental purposes related to the crime (for example, to keep records of illegal drug sales).

    Although it is useful to provide a general definition to be used in discussion, criminal offenses consist of specific acts or omissions, together with a specified culpable mental state. To be enforceable, laws must also be specific. In many instances, pieces of legislation contain definitions of terms. This is necessary to avoid confusion, argument, and litigation over the applicability of a law or regulation. These definitions should be as narrow as possible, but legislators don't always do a good job of defining terms (and sometimes don't define them at all, leaving it up to law enforcement agencies to guess, until the courts ultimately make a decision).

    To illustrate this, we can look at the Council of Europe's Convention on Cybercrime treaty, which you can view at The treaty attempts to standardize European laws concerning crime on the Internet, but one of the biggest criticisms of the treaty is its use of overly broad definitions. For example, the definition of the term service provider is so vague that it could be applied to someone who sets up a two-computer home network, and the definition of computer data, because it refers to any representation of facts, information, or concepts in any form suitable for processing in a computer system, would comprise almost every possible form of communication, including handwritten documents and the spoken word (which can be processed by handwriting and speech recognition software). Likewise, the U.S. Department of Justice (DOJ) has been criticized for a definition of computer crime that specifies "any violation of criminal law that involved the knowledge of computer technology for its perpetration, investigation, or prosecution" (reported in the August 2002 FBI Law Enforcement Bulletin). Under such a definition, virtually any crime could be classified as a computer crime, simply because a detective might have searched a computer database as part of conducting an investigation.

    Understanding the Importance of Jurisdictional Issues

    Another factor that makes a hard-and-fast definition of cybercrime difficult is the jurisdictional dilemma. Laws in different jurisdictions define terms differently, and it is important for law enforcement officers who investigate cybercrime, as well as network administrators who want to become involved in prosecuting cybercrimes that are committed against their networks, to become familiar with the applicable laws. In the case of most crimes in the United States, that means getting acquainted with local ordinances and state statutes that pertain to the offense. Generally, criminal behavior is subject to the jurisdiction in which it occurs. For example, if someone assaults you, you would file charges with the local police in the city or town where the assault actually took place.

    Because cybercrimes often occur in the virtual "place" we call cyberspace, it becomes more difficult to know what laws apply. In many cases, offender and victim are hundreds or thousands of miles apart and might never set foot in the same state or even the same country. Because laws can differ drastically in different geographic jurisdictions, an act that is outlawed in one location could be legal in another.

    What can you do if someone in California, which has liberal obscenity laws, makes pornographic pictures available over the Internet to someone in Tennessee, where prevailing community standards—on which the state's laws are based—are much more conservative? Which state has jurisdiction? Can you successfully prosecute someone under state law for commission of a crime in a state where that person has never been? As a matter of fact, that was the subject of a landmark case, U.S. v. Thomas and Thomas (see the "CyberLaw Review" sidebar in this section).

    Even if the act that was committed is illegal across jurisdictions, however, you might find that no one wants to prosecute because of the geographic nightmare involved in doing so (see the "On the Scene" sidebar in this section for an example of one officer's experience).

    Although we'll discuss jurisdictional issues in greater depth in Chapter 16, it is important that we also notice the other edge of this double-edged sword. Legislation in different states or countries may be in direct conflict or diverge from the intent of different laws or constitutional rights. For example, in 2001, a number of nonmember States of the Council of Europe signed the Convention on Cybercrime treaty that we discussed earlier. These included Canada, Japan, and the United States. The treaty was ratified by the U.S. Senate in 2006 and put it into force January 1, 2007, improving international cooperation in cybercrime investigations. However, this has created some controversy, as the treaty doesn't require dual criminality, whereby an act must be criminal under the laws of both countries. This would enable one country to spy on the Internet activities of citizens of another country, where no laws have been broken. Under the terms of the treaty, a service provider would need to cooperate with search and seizures (without reimbursement), and may be prevented from deleting logs or other data related to a person who is law abiding in that country.

    Quantifying Cybercrime

    Although the potential infringement on a person's rights may seem like something out of George Orwell's 1984, we would do well to remember that sacrificing privacy and certain freedoms has become a norm in the twenty-first century. For better or worse, the Internet has largely grown beyond the anonymous free-for-all that was seen in its early years. Fears of terrorism, identity theft, predators on the Internet, and other criminal activity have brought about new laws, and it will take years to iron out the inconsistencies in courts, political debates, and public forums such as the Internet. Although cybercrime once sounded like the stuff of futuristic science fiction novels, law enforcement, computer professionals, and the general public have grown to recognize it as a contemporary problem.

    * The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), and provides a way to report Internet crimes online. The IC3 began as the Internet Fraud Complaint Center (IFCC), and during its first year of operation (May 2000 and May 2001) its Web site received 30,503 complaints of Internet fraud. Changing its name to reflect the broadened scope of Internet crimes, in June 2007 the IC3 received its 1 millionth complaint, with 461,096 of the cases reported to it being referred to federal, state, and local law enforcement. Of this, these cases reflected an estimated loss of $647.1 million, or a median loss of $270 per complainant. You can find annual reports reporting these figures on the IC3 Web site (

    * In its 2007 Annual Report, the IC3 reported that the majority of cybercrime complaints (44.9 percent) involved cases of Internet auction fraud, where people would bid online for various items. Of these complaints, 19 percent involved situations in which people had paid for items but never received the merchandise, or in which the merchandise had been sent to a bidder and payment was never received (

    * According to the Computer Security Institute's Computer Crime and Security Survey for 2007, 494 computer security professionals in U.S. corporations, government agencies, universities, and financial and medical institutions reported that fraud was the greatest source of financial losses, with losses resulting from virus attacks falling into second place for the first time in seven years. In addition to this, 29 percent of the organizations suffered a computer intrusion that they reported to law enforcement (

    * According to the Cybersnitch Voluntary Online Crime Reporting System, the most-reported Internet-related crime is child pornography, with other crimes ranging from desktop forgery to such potentially violent crimes as electronic stalking and terrorist threats. (A full list of reported cybercrimes is available at

    Although almost anyone has the potential to be affected by cybercrime, two groups of people must deal with this phenomenon on an ongoing basis:

    * IT professionals, who are most often responsible for providing the first line of defense and for discovering cybercrime when it does occur

    * Law enforcement professionals, who are responsible for sorting through a bewildering array of legal, jurisdictional, and practical issues in their attempts to bring cybercriminals to justice


    Excerpted from Scene of the Cybercrime by Michael Cross Copyright © 2008 by Elsevier, Inc.. Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
    Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

  • Meet the Author

    Debra Littlejohn Shinder is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and client and server security over the last fourteen years. These include Scene of the Cybercrime: Computer Forensics Handbook, published by Syngress, and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband, Dr. Thomas Shinder, of the best-selling Configuring ISA Server 2000, Configuring ISA Server 2004, and ISA Server and Beyond.

    Deb has been a tech editor, developmental editor and contributor on over 20 additional books on networking and security subjects, as well as study guides for Microsoft's MCSE exams, CompTIA's Security+ exam and TruSecure’s ICSA certification. She formerly edited the Element K Inside Windows Server Security journal. She authored a weekly column for TechRepublic’s Windows blog, called Microsoft Insights and a monthly column on Cybercrime, and is a regular contributor to their Security blog, Smart Phones blog and other TR blogs. She is the lead author on and, and her articles have appeared in print magazines such as Windows IT Pro (formerly Windows&.NET) Magazine. She has authored training material, corporate whitepapers, marketing material, webinars and product documentation for Microsoft Corporation, Intel, Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET and other technology companies.

    Deb specializes in security issues, cybercrime/computer forensics and Microsoft server products; she has been awarded Microsoft’s Most Valuable Professional (MVP) status in Enterprise Security for eight years in a row. A former police officer and police academy instructor, she has taught many courses at Eastfield College in Mesquite, TX and sits on the board of the Criminal Justice Training Center there. She is a fourth generation Texan and lives and works in the Dallas-Fort Worth area.
    Michael Cross is a SharePoint Administrator and Developer, and has worked in the areas of software development, Web design, hardware installation/repairs, database administration, graphic design, and network administration. Working for law enforcement, he is part of an Information Technology team that provides support to over 1,000 civilian and uniformed users. His theory is that when the users carry guns, you tend to be more motivated in solving their problems.

    Michael has a diverse background in technology. He was the first computer forensic analyst for a local police service, and performed digital forensic examinations on computers involved in criminal investigations. Over five years, he recovered and examined evidence involved in a wide range of crimes, inclusive to homicides, fraud, and possession of child pornography. In addition to this, he successfully tracked numerous individuals electronically, as in cases involving threatening e-mail. He has consulted and assisted in numerous cases dealing with computer-related/Internet crimes and served as an expert witness on computers for criminal trials. In 2007, he was awarded a Police Commendation for work he did in developing a system to track local high-risk offenders and sexual offenders.

    With extensive experience in Web design and Internet-related technologies, Michael has created and maintained numerous Web sites and implementations of Microsoft SharePoint. This has included public Web sites, private ones on corporate intranets, and solutions that integrate them. In doing so, he has incorporated and promoted social networking features, created software to publish press releases online, and developed a wide variety of solutions that make it easier to get work done.

    Michael has been a freelance writer and technical editor on over four dozen I.T. related books, as well as writing material for other genres. He previously taught as an instructor and has written courseware for IT training courses. He has also made presentations on Internet safety, SharePoint and other topics related to computers and the Internet. Despite his experience as a speaker, he still finds his wife won't listen to him.

    Over the years, Michael has acquired a number of certifications from Microsoft, Novell and Comptia, including MCSE, MCP+I, CNA, Network+. When he isn’t writing or otherwise attached to a computer, he spends as much time as possible with the joys of his life: his lovely wife, Jennifer; darling daughter Sara; adorable daughter Emily; and charming son Jason.

    For the latest information on him, his projects, and a variety of other topics, you can follow him on Twitter @mybinarydreams, visit his Facebook page at, follow him on LinkedIn at, or read his blog at

    Customer Reviews

    Average Review:

    Write a Review

    and post it to your social network


    Most Helpful Customer Reviews

    See all customer reviews >