Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
© 2009 CCH. All Rights Reserved. Chapter 14 155 Chapter 14 Digital Forensics Analysis CHAPTER SUMMARY Overview This chapter presents an overview of some of the more important steps and tools to use in pro f ling and tracing perpetrators of cybercrimes, but these steps are preliminary, and the cybercriminal may remain untraceable. Sifting for Cyber Clues ¶14,001 Collecting Evidence All computers connected to the Internet are protected under federal law. Federal investigators can use subpoenas, court orders, search warrants, and electronic surveillance, as well as traditional investigative methods. Investigators without supporting legal authority are faced with using Internet forensic research to try to identify the cybercriminal before the electronic trail disappears. Most cybercrimes leave clues for the forensic investigator provided the investigator knows where to look. ¶14,011 Clues Versus Evidence In tracking down these clues, both legal and technological factors should be considered. Most clues collected by the forensic investigator are not going to meet the rigorous requirements of courtroom evidence unless the information is uncovered by legal authorities and its evaluation is strictly controlled. Still, the clues collected by the forensic investigator, who is not part of law enforcement, may provide legal authorities with enough preliminary information to request a subpoena or search warrant, and thus speed up the collection of electronic evidence before it disappears. Technical Searches ¶14,021 Internet Protocols: Technical Searches Begin Here A forensic accountant should acquire a behind-the-scenes understanding of network traf f c on the Internet. An understanding begins with Internet protocols , which are those rules allowing different operating systems and machines to communicate with one another over the Internet. Transmission Control Protocol (TCP) and Internet Protocol (IP). TCP/IP protocols are the communication guidelines used and widely supported over the Internet. Almost every packet of information sent over the Internet uses the datagrams contained within a TCP/IP envelope. The datagram consists of layers of information needed to verify the packet and get the information from the sender’s to the receiver’s locations following traf f c control guidelines. Message encapsulation is used in sending the packets. In message encapsulation, each layer of information in the sent packet is interpreted by the same layer at the receiving end of the transmission. Additionally, each layer can only communicate with the one directly above or below it. The application layer issues the commands that de f ne the operations such as those required for an e-mail or the interpretation of the software protocol for a f nancial transaction request. The
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/12/2012 for the course ACCT 555 taught by Professor Briggs during the Spring '11 term at University of Texas at Dallas, Richardson.

Page1 / 12


This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online