Law Commons^™

The Survey On Cross-Border Collection Of Digital Evidence By Representatives From Polish Prosecutors’ Offices And Judicial Authorities, Paweł Olber Dr

Journal of Digital Forensics, Security and Law

Dynamic development of IT technology poses new challenges related to the cross-border collection of electronic evidence from the cloud. Many times investigators need to secure data stored on foreign servers directly and then look for solutions on how to turn the data into a legitimate source of evidence. To study the situation and propose solutions, I conducted a survey among Polish representatives of public prosecutors' offices and courts. This paper presents information from digital evidence collection practices across multiple jurisdictions. I stated that representatives from the prosecution and the judiciary in Poland are aware of the issues associated with cross-border …

Examining The Correlates Of Failed Drdos Attacks, Thomas Hyslip, Thomas Holt

Journal of Digital Forensics, Security and Law

Over the last decade, there has been a rise in cybercrime services offered on a feefor- service basis, enabling individuals to direct attacks against various targets. One of the recent services offered involves stresser or booter operators, who offer distributed reflected denial of service (DRDoS) attacks on an hourly or subscription basis. These attacks involve the use of malicious traffic reflected off of webservers to increase the volume of traffic, which is directed toward websites and servers rendering them unusable. Researchers have examined DRDoS attacks using realtime data, though few have considered the experience of their customers and the factors …

Sql Injection: The Longest Running Sequel In Programming History, Matthew Horner, Thomas Hyslip

Journal of Digital Forensics, Security and Law

One of the risks to a company operating a public-facing website with a Structure Query Language (SQL) database is an attacker exploiting the SQL injection vulnerability. An attacker can cause an SQL database to perform actions that the developer did not intend like revealing, modifying, or deleting sensitive data. This can cause a loss of confidentiality, integrity, and availability of information in a company’s database, and it can lead to severe costs of up to $196,000 per successful injection attack (NTT Group, 2014). This paper discusses the history of the SQL injection vulnerability, focusing on:

• How an attacker can exploit …

Cybercrime Deterrence And International Legislation: Evidence From Distributed Denial Of Service Attacks, Kai-Lung Hui, Seung Hyun Kim, Qiu-Hong Wang

Research Collection School Of Computing and Information Systems

In this paper, we estimate the impact of enforcing the Convention on Cybercrime (COC) on deterring distributed denial of service (DDOS) attacks. Our data set comprises a sample of real, random spoof-source DDOS attacks recorded in 106 countries in 177 days in the period 2004-2008. We find that enforcing the COC decreases DDOS attacks by at least 11.8 percent, but a similar deterrence effect does not exist if the enforcing countries make a reservation on international cooperation. We also find evidence of network and displacement effects in COC enforcement. Our findings imply attackers in cyberspace are rational, motivated by economic …

Fighting Child Pornography: A Review Of Legal And Technological Developments, Jasmine V. Eggestein, Kenneth J. Knapp

Journal of Digital Forensics, Security and Law

In our digitally connected world, the law is arguably behind the technological developments of the Internet age. While this causes many issues for law enforcement, it is of particular concern in the area of child pornography in the United States. With the wide availability of technologies such as digital cameras, peer-to-peer file sharing, strong encryption, Internet anonymizers and cloud computing, the creation and distribution of child pornography has become more widespread. Simultaneously, fighting the growth of this crime has become more difficult. This paper explores the development of both the legal and technological environments surrounding digital child pornography. In doing …

Criminalizing Hacking, Not Dating: Reconstructing The Cfaa Intent Requirement, David Thaw

Articles

Cybercrime is a growing problem in the United States and worldwide. Many questions remain unanswered as to the proper role and scope of criminal law in addressing socially-undesirable actions affecting and conducted through the use of computers and modern information technologies. This Article tackles perhaps the most exigent question in U.S. cybercrime law, the scope of activities that should be subject to criminal sanction under the Computer Fraud and Abuse Act (CFAA), the federal "anti-hacking" statute.

At the core of current CFAA debate is the question of whether private contracts, such as website "Terms of Use" or organizational "Acceptable Use …

Online Child Sexual Abuse: The French Response, Mohamed Chawki

Journal of Digital Forensics, Security and Law

Online child sexual abuse is an increasingly visible problem in society today. The introduction, growth and utilization of information and telecommunication technologies (ICTs) have been accompanied by an increase in illegal activities. With respect to cyberspace the Internet is an attractive environment to sex offenders. In addition to giving them greater access to minors, extending their reach from a limited geographical area to victims all around the world, it allows criminals to alter or conceal their identities. Sexual predators, stalkers, child pornographers and child traffickers can use various concealment techniques to make it more difficult for investigators to identify them …

A Curriculum For Teaching Information Technology Investigative Techniques For Auditors, Grover S. Kearns

Journal of Digital Forensics, Security and Law

Recent prosecutions of highly publicized white-collar crimes combined with public outrage have resulted in heightened regulation of financial reporting and greater emphasis on systems of internal control. Because both white-collar and cybercrimes are usually perpetrated through computers, internal and external auditors’ knowledge of information technology (IT) is now more vital than ever. However, preserving digital evidence and investigative techniques, which can be essential to fraud examinations, are not skills frequently taught in accounting programs and instruction in the use of computer assisted auditing tools and techniques – applications that might uncover fraudulent activity – is limited. Only a few university-level …

The Role Of Power And Negotiation In Online Deception, Chad Albrecht, Conan C. Albrecht, Jonathan Wareham, Paul Fox

Journal of Digital Forensics, Security and Law

The purpose of this paper is to advance theoretical understanding of the important role of both power and negotiation during online deception. By so doing, the paper provides insight into the relationship between perpetrator and victim in Internet fraud. The growing prevalence of Internet Fraud continues to be a burden to both society and individuals. In an attempt to better understand Internet fraud and online deception, this article attempts to build an interactive model, based upon the dimensions of power and negotiation from the management and psychology literature. Using the model presented, the article examines the effects of the Internet …