course_notes

CFC Week 5: Legal Framework

Learning outcomes

  • Briefly describe the legal aspects of cybersecurity.
  • Summarise the main pieces of computer misuse legislation.
  • Identify the different pieces of legislation governing intellectual property, copyright and data protection.
  • Identify the three ACPO principles and explain their implications for computer forensics.

11. Describe the three main sections of the UK Computer Misuse Act 1990, as modified by the Police and Justice Act 2006.

  1. unauthorised access to computer material, punishable by 24 months’ imprisonment and/or an unlimited fine

    • updated (2006): punishable by up to 2 years in prison or a fine or both

  2. unauthorised access with intent to commit or facilitate commission of further offence(s), punishable by 24 months’ imprisonment and/or an unlimited fine on summary conviction and/or 5 years imprisonment and/or an unlimited fine on indictment;

  3. unauthorised modification of computer material, punishable by 24 months’ imprisonment and/or an unlimited fine on summary conviction and/or 10 years imprisonment and/or an unlimited fine on indictment;

    • updated (2006) by unauthorised acts with intent to impair operation of computer, etc.
      • punishable by up to 10 years in prison or a fine or both to cover Denial of Service (DoS) attacks.

12. Describe the main provisions of the Investigatory Powers Act 2017 and explain how the Act can benefit certain digital forensic investigations.

  • Provides for UK intelligence agencies and UK law enforcement to carry out targeted interception of communications, bulk collection of communications data, and bulk interception of communications;
  • permits access to CSP(communication service providers) and ISP(Internet Service Provider) logs, and right to demand decryption keys to encrypted data.

How would law enforcement go about prosecuting terrorism in the UK and outside of the UK?

Apply Mutual Legal Assistance Treaties applicable for specific country

Two tiers of administrative fines that can be levied as penalties for non-compliance in General Data Protection Regulations (2018)

  • Up to €10 million, or 2 per cent annual global turnover – whichever is higher.
  • Up to €20 million, or 4 per cent annual global turnover – whichever is higher.

What type of data and individual’s fundamental rights are protected under the GDPR(General Data Protection Regulation)?

  • Type

Data minimisation: only collect and use what is needed for the processing activity being undertaken

  • Rights
  • Retention: keep it only for as long as required
  • Accountability: record keeping of data processing
  • Security: protect data against breaches or unlawful processing of personal data
  • Purpose limitation – data can only be used for the purpose it was collected for

10. Describe the four UK ACPO(Association of Chief Police Officers) principles on handling digital evidence, explaining the rationale underlying them.

  1. No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
  2. In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
  3. An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
  4. The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.

Proportionality issues relating to seizure

  1. Does the item may hold evidence?
  2. Where the item is found?
  3. When the offfence was committed?
  4. Seize the items current in usage first.
  5. Every seizure of item should be reasonable
  6. Follow the Human Rights

What should be prepared before attending a scene to capture digital evidence?

  1. Necessary equipment
  2. Consider potential sources of evidence: what, where?
  3. Consider seize cameras for taking digital photographs when evidence involve user-created digital images
  4. Take force’s speciallist advice in advance

What should do when attending a scene?

  1. All actions should be recorded
  2. Avoid unwanted changes, be aware of volatile data, accessed by trained personnel, e.g. powered on/running systems

Capturing online evidence

Online evidence
  1. publicly available (e.g. forum postins, do not need to login), be aware of potential issues.
  2. private (login required)
  3. make records of all actions

What could be included in source data

  • Internet history records;
  • E-mails;
  • Instan Messaging logs;
  • Media files (images and videos);
  • Text Messages;
  • Text documents;
  • Spreadsheets;
  • CCTV
digital_forensics
Licensed under CC BY-NC-SA 4.0
Last updated on May 06, 2022 23:11 +0100
comments powered by Disqus
© 2022 Under The Ginkgo
Cogito, ergo sum
Built with Hugo
Theme Stack designed by Jimmy