Introduction to Traditional Computer Crime

•Definition: Crimes that involve computers or networks to commit

illegal activities.
•Types of Traditional Computer Crimes:
• Hacking: Unauthorized access to computer systems.
• Data Theft: Stealing sensitive data such as personal,
financial, or corporate data.
• Viruses and Malware: Creating and distributing malicious
software.
• Phishing: Tricking individuals into revealing personal
information.
• Software Piracy: Unauthorized copying and distribution of
software.

1
Hacking and Data Theft
•Hacking:
• Unauthorized access to computer systems or networks.
• Can be for malicious purposes (e.g., stealing data, disrupting
services).
•Data Theft:
• Stealing sensitive information (e.g., passwords, financial
records).
• Often involves bypassing security measures to gain access to
private data.
•Example: Cyberattack on a financial institution to steal customer
information.

2
Viruses, Malware, and Phishing
•Viruses and Malware:
• Software designed to disrupt, damage, or gain unauthorized
access to computer systems.
• Includes worms, Trojans, ransomware, etc.
•Phishing:
• Fraudulent emails or websites to deceive individuals into giving
away confidential data (e.g., bank credentials).
•Example: A Trojan horse virus used to steal credit card information.
Software Piracy
•Software Piracy:
• Illegally copying, distributing, or using software without a valid license.
• Can be done through file-sharing websites or counterfeit versions of
software.
•Example: Distributing a pirated version of an operating system or office suite.
3
Traditional Problems Associated with Computer Crime
1.Difficulty in Tracing the Perpetrator:
1. Anonymity: Criminals use encryption, VPNs, and proxy servers.
2. Global Reach: Cybercriminals can operate from anywhere, making
location tracking hard.
2.Lack of Awareness:
1. Many individuals and organizations are unaware of cybersecurity
risks.
2. Poor practices like weak passwords, outdated systems, and unpatched
software.
3.Complexity of Technology:
1. Cybercrimes are highly technical, requiring specialized knowledge.
2. Constantly evolving technologies make it difficult to stay ahead.

4
More Traditional Problems with Computer Crime
4.Legal and Ethical Issues:
4. Cybercrime laws often outdated or inconsistent globally.
5. Ethical concerns with privacy, surveillance, and data collection.
5.Loss of Evidence and Digital Footprints:
4. Data can be deleted, altered, or hidden using encryption or
obfuscation tools.
5. Hard to gather evidence due to the transient nature of digital data.
6.Resource Constraints for Law Enforcement:
4. Limited resources and training for addressing complex cybercrime
cases.
5. The speed at which cybercrimes evolve makes it challenging to
prosecute offenders.

5
Role of ECD (Electronic Commerce and Development) in
Cybercrime
1.Enabling Cybercrime:
1. Digital Transactions: Online payment systems (credit cards,
PayPal) are targeted for fraud.
2. E-commerce: Online shopping platforms are often targeted
for data theft or fraud.
2.Combating Cybercrime:
1. Secure Payment Systems: Encryption protocols (e.g.,
SSL/TLS) for secure online transactions.
2. Two-Factor Authentication (2FA): Added security for e-
commerce and online banking.

6
Role of ICT (Information and Communication Technology) in
Cybercrime
1.Facilitating Cybercrime:
1. Hacking Tools: Availability of sophisticated hacking software.
2. Dark Web: Online platforms for illegal activities like drugs, arms
trade, or data selling.
2.Combating Cybercrime:
1. Cybersecurity Tools: Firewalls, encryption, intrusion
detection/prevention systems.
2. Incident Response: Digital forensics tools to trace criminal activity.
3. International Collaboration: ICT enables global collaboration in
cybersecurity efforts.

7
Classification of Cybercrime - Overview
Cybercrimes can be classified into the following categories:
1.Cybercrime Against Individuals
2.Cybercrime Against Organizations
3.Cybercrime Against Government and State
4.Cybercrime Facilitated by Technology
5.Cybercrime in the Digital Economy

8
 Steps in Forensic Investigation
1. Identification
Determine the devices or digital media relevant to the investigation.
2. Preservation
Prevent alteration or destruction of digital evidence.
3. Collection
Collect evidence systematically to ensure its integrity.
4. Examination
Analyze the collected evidence for relevant data.
5. Analysis
Interpret the data to form a timeline or conclusions.
6. Reporting
Document and present findings in a clear and concise manner.
7. Presentation
Present the findings in a court or legal setting.

9
Forensic Examination Proces
The forensic examination process follows a structured approach to
ensure that the evidence is handled and analyzed in a way that preserves
its integrity.
• Preparation:
• Imaging:
• Analysis:
• Validation:

10
Types of Cyber Forensics (CF) Techniques
1. Disk Forensics
•Focus: Examining the contents of storage devices (hard drives, USB
drives, memory cards, etc.).
•Tools: FTK Imager, EnCase, X-Ways Forensics.
•Purpose: Recover deleted files, analyze file system structures, and
retrieve hidden data.
2. Network Forensics
•Focus: Monitoring and analyzing network traffic to detect malicious
activity, data breaches, and other cybercrimes.
•Tools: Wireshark, TCPdump.
•Purpose: Identify suspicious network activity, track data exfiltration,
and reconstruct cyberattacks.

11
3. Email Forensics
•Focus: Investigating emails to track suspicious communications, including
phishing, identity theft, or fraud.
•Tools: X1 Social Discovery, MailXaminer.
•Purpose: Analyze email metadata, recover deleted emails, and trace email
sources.
4. Mobile Forensics
•Focus: Recovering data from mobile devices (smartphones, tablets) and
mobile applications.
•Tools: Cellebrite, Oxygen Forensics, and FTK Imager.
•Purpose: Retrieve text messages, call logs, images, GPS data, and app
data that may be pertinent to the case.

12
5. Cloud Forensics
•Focus: Analyzing cloud-based services to extract data relevant to the
investigation.
•Tools: CloudExtractor, ElcomSoft Cloud Explorer.
•Purpose: Recover data from cloud environments like AWS, Google Drive,
Dropbox, and others.

13
 Forensic Duplication and Investigation
Forensic Duplication
Forensic duplication involves creating an exact, bit-by-bit copy of a digital
device's storage medium. This ensures that the original device remains
untouched and secure while the copy is analyzed.
Process:
•Tools for Duplication: Use forensic software such as FTK Imager, dd (Unix-
based tool), or EnCase to create the duplicate.
•Hashing: Before and after duplication, hashing algorithms (MD5, SHA-1,
SHA-256) are used to verify that the duplication process is accurate and that
the original data hasn't been altered.
Importance:
•Protects the integrity of evidence.
•Ensures that the original device can be returned to its rightful owner.
•Provides a backup of the evidence for further analysis.

14
Forensic Technology and Systems
The use of technology is crucial in cyber forensics. Some of the important
systems and technologies include:
•Forensic Software: These tools help investigators retrieve and analyze data
from various sources.
• Examples: EnCase, FTK (Forensic Toolkit), X1 Social Discovery.
•Data Recovery Software: Helps recover lost, deleted, or damaged files.
• Examples: Recuva, R-Studio.
•Encryption Decryption Tools: To access encrypted data, forensic experts
use decryption tools to gain access to protected files.
• Examples: ElcomSoft, AccessData.
•Network Monitoring Tools: Used to capture and analyze network traffic.
• Examples: Wireshark, TCPdump.

15
Data Acquisition in Cyber Forensics
Data acquisition is the process of collecting digital evidence from a storage
device, memory, or network. This is one of the most critical stages in the
cyber forensics process because it involves preserving the integrity of the
data.
Types of Data Acquisition:
•Live Acquisition: Collecting data from a device that is still running. This
can include volatile data such as system logs, memory dumps, and running
processes.
•Static Acquisition: Collecting data from a powered-off device. This
includes non-volatile data such as files, disk structures, and system
partitions.
Data Acquisition Tools:
• FTK Imager
• dd (Unix)
• EnCase

16
Data acquisition refers to the process of collecting digital evidence
from a variety of sources (e.g., hard drives, memory, mobile devices,
network traffic). It is the first step in a forensic investigation, ensuring
that evidence is collected in a manner that maintains its integrity.

Types of Data Acquisition

• Live Acquisition: This involves collecting data from a system that
is still powered on. It is particularly useful for capturing volatile data
like RAM contents (which may contain live passwords, encryption
keys, or running processes).
• Dead Acquisition: This occurs after the system has been powered
off. In this case, the system is disconnected and data is imaged or
copied for analysis. Dead acquisition is generally preferred for
preserving data as it eliminates the risk of tampering while
collecting evidence.

17
Data Acquisition Techniques
• Disk Imaging: Involves creating a bit-by-bit copy of a storage
device. Disk images are used for offline analysis to preserve
the original data.
• Memory Dumping: Captures the content of volatile memory
(RAM) which may contain important information like running
processes, passwords, encryption keys, or other temporary
data.
• Mobile Device Acquisition: Collecting data from mobile
devices, including call logs, texts, emails, location data, and
app information.
• Network Data Acquisition: Network forensics involves
capturing network traffic to analyze data packets for evidence
of malicious activity, such as unauthorized access, malware
infections, or data breaches.
18
Key Principles in Data Acquisition
• Integrity:
• Chain of Custody:
• Documentation:
• Preservation of Volatile Data:

19
20