1 Best Practices For Seizing Electronic Evidence v.3 A Pocket Guide for First Responders U.S. Department of Homeland Security United States Secret Service
2 BEST PRACTICES FOR SEIZING ELECTRONIC EVIDENCE This third edition of the Best Practices for Seizing Electronic Evidence was updated as a project of the United States Secret Service and participating law enforcement agencies. A working group of various law enforcement agencies was convened to identify common issues encountered in today's electronic crime scenes. Representatives from the following agencies designed and developed this manual: Alabama District Attorney's Association - Office of Prosecution Services Los Angeles Police Department Los Angeles County Sheriff's Department Medford Police Department, Massachusetts Presque Isle Police Department, Maine Rockland County Sheriff's Department, New York Ventura County District Attorney's Office, California United States Secret Service For additional copies, please contact the local office of the United States Secret Service. The committee wishes to thank those departments and agencies who provided their personnel and resources in support of the publication of this guide. This guide has also been endorsed by the International Association of Chiefs of Police. OFFICER SAFETY The safety of the officer is paramount in the investigation of any crime. Today, virtually every crime has an electronic component in terms of computers and electronic technology being used to facilitate the crime. Computers used in crimes may contain a host of evidence related to the crime being investigated, whether it is a conventional crime or a terrorist act. In light of this, law enforcement officers and investigators should not become complacent with individuals or their environment simply because the crime may involve a computer. During the investigation of electronic crimes or the seizure of computers and electronic items, be aware that as in any other crime, unexpected changes to a subject's involvement in a case may occur resulting in unexpected individual and environmental threats to an officer's safety. Utilizing proper procedures and tactics will ensure your personal safety as well as the safety of others at the electronic crime scene.
3 GOLDEN RULES There are general principles to follow when responding to any crime scene in which computers and electronic technology may be involved. Several of those principles are as follows: Officer safety - secure the scene and make it safe. If you reasonably believe that the computer is involved in the crime you are investigating, take immediate steps to preserve the evidence. Do you have a legal basis to seize this computer (plain view, search warrant, consent, etc.)? Do not access any computer files. If the computer is off, leave it off. If it is on, do not start searching through the computer. If the computer is on, go to the appropriate sections in this guide on how to properly shut down the computer and prepare it for transportation as evidence. If you reasonably believe that the computer is destroying evidence, immediately shut down the computer by pulling the power cord from the back of the computer. If a camera is available, and the computer is on, take pictures of the computer screen. If the computer is off, take pictures of the computer, the location of the computer and any electronic media attached. Do special legal considerations apply (doctor, attorney, clergy, psychiatrist, newspapers, publishers, etc)? GOLDEN RULES
4 EVIDENCE PRESERVATION Stand-Alone Home Personal Computer For proper evidence preservation, follow these procedures in order. If networked (attached to router and modem), see instructions on next page. Do not use computer or attempt to search for evidence. Photograph computer front and back as well as cords and connected devices, as found. Photograph surrounding area prior to moving any evidence. If computer is off, do not turn on. If computer is on and something is displayed on the monitor, photograph the screen. If computer is on and the screen is blank, move mouse or press space bar (this will display the active image on the screen). After image appears, photograph the screen. Unplug power cord from back of tower. If the laptop does not shutdown when the power cord is removed, locate and remove the battery pack. The battery is commonly placed on the bottom, and there is usually a button or switch that allows for the removal of the battery. Once the battery is removed, do not return it to or store it in the laptop. Removing the battery will prevent accidental start-up of the laptop. Diagram and label cords to later identify connected devices. Disconnect all cords and devices from tower. Package components and transport / store components as fragile cargo. Seize additional storage media (see storage media section). Keep all media, including tower, away from magnets, radio transmitters and other potentially damaging elements. Collect instruction manuals, documentation and notes. Document all steps involved in the seizure of a computer and components. See section on important investigative questions.
5 Networked Home Personal Computer For proper evidence preservation, follow these procedures in order. Unplug power to router or modem. Do not use computer or attempt to search for evidence. Photograph computer front and back as well as cords and connected devices, as found. Photograph surrounding area prior to moving any evidence. If computer is off, do not turn on. If computer is on and something is displayed on the monitor, photograph the screen. If computer is on and the screen is blank, move mouse or press space bar (this will display the active image on the screen). After image appears, photograph the screen. Unplug power cord from back of tower. Diagram and label cords to later identify connected devices. Disconnect all cords and devices from tower. Package components (including router and modem) and transport / store components as fragile cargo. Seize additional storage media (see storage media section). Keep all media, including tower, away from magnets, radio transmitters and other potentially damaging elements. Collect instruction manuals, documentation and notes. Document all steps involved in the seizure of a computer and components. See section on important investigative questions. EVIDENCE PRESERVATION
6 EVIDENCE PRESERVATION Network Server / Business Network Consult a computer specialist for further assistance Secure the scene and do not let anyone touch except personnel trained to handle network systems. Pulling the plug could: - Severely damage the system - Disrupt legitimate business - Create officer and department liability Storage Media Storage media is used to store data from electronic devices. These items may vary in memory quantity. Collect instruction manuals, documentation and notes. Document all steps involved in seizure of storage media. Keep away from magnets, radio transmitters and other potentially damaging devices.
7 PDA, Cell Phone & Digital Camera Personal digital assistants, cell phones and digital cameras may store data directly to internal memory or may contain removable media. The following section details the proper seizure and preservation of these devices and associated removable media. If the device is off, do not turn on. With PDAs or cell phones, if device is on, leave on. Powering down device could enable password, thus preventing access to evidence. Photograph device and screen display (if available). Label and collect all cables (to include power supply) and transport with device. Keep device charged. If device cannot be kept charged, analysis by a specialist must be completed prior to battery discharge or data may be lost. Seize additional storage media (memory sticks, compact flash, etc). Document all steps involved in seizure of device and components. EVIDENCE PRESERVATION
8 PURPOSE PURPOSE In today's society, people utilize various electronic media and computers in numerous aspects of their lives. Criminals also use a host of electronic media and computers in facilitation of their unlawful activities. Modern and current technology permits suspects to commit crimes internationally and remotely, obtain intelligence and conduct counter-intelligence with near anonymity. Instant communication and electronic mail provides a venue for communication between suspects as well as victims. As such, computers and other electronic media can be used to commit crimes, store evidence of crimes and provide information on suspects and victims. This field guide is designed to assist the patrol officer, detective and investigator in recognizing how computers and electronic devices may be used as an instrument of a crime or as a storage device for evidence in a host of federal and state crimes. It will also assist these individuals in properly securing evidence and transporting it for examination at a later time by a digital evidence forensic examiner. We recommend that the patrol officer, detective and investigator consult and seek assistance from their agency's resources or other agencies that seize electronic media. This may include your local District Attorney, State Prosecutor or Assistant United States Attorney.
9 AUTHORITY FOR SEIZING EVIDENCE This guide assumes that the patrol patrol officer, detective or investigator is legally present at a crime scene or other location and has the legal authority to seize the computer, hardware, software or electronic media. If you have a reason to believe that you are not legally present at the location or the individual (suspect or victim) does not have the legal ability to grant consent then immediately contact the appropriate legal counsel in your jurisdiction. PLAIN VIEW The plain view exception to the warrant requirement only gives the legal authority to SEIZE a computer, hardware, software and electronic media, but does NOT give the legal authority to conduct a SEARCH of this same listed electronic media. CONSENT When obtaining consent, be certain that your document has language specific to both the seizure and the future forensic examination of the computer hardware, software, electronic media and data by a trained computer forensic examiner or analyst. If your department or agency has a consent form relevant to computer or electronic media and its analysis by a computer forensic examiner, it should be used. If you do not have a form and are drafting a consent form, consult with your District Attorney, State Prosecutor or Assistant United States Attorney for advice regarding proper language and documentation. SEARCH WARRANT Search warrants allow for the search and seizure of electronic evidence as predefined under the warrant. This method is the most preferred and is consistently met with the least resistance both at the scene and in a court of law. Search warrants for electronic storage devices typically focus on two primary sources of information: Electronic Storage Device Search Warrant Search and seizure of hardware, software, documentation, user notes and storage media. AUTHORITY
10 AUTHORITY Examination / search and seizure of data. Service Provider Search Warrants Service records, billing records, subscriber information, etc. Obtain identification information for further investigative purpose. Special Issues Role of the computer The search warrant should state the computer's role in the crime and why it will contain evidence. Nexus Establish why you expect to find electronic evidence at the search location. Specify evidence sought Specifically describe the evidence you have probable cause to search for and any evidence of ownership of the computer. Boiler plate language Adapt all search language to the specific facts of your case. Avoid using boiler plate language. Non-Disclosure May be necessary to protect the integrity of the investigation, to protect informants or to prevent the disclosure of trade secrets / intellectual property. Special Master Special legal considerations involving doctors, attorneys, spouses, publishers, clergy, etc.
11 The following is a general reference guideline for consent forms pertaining to computers and electronic media. Consult your District Attorney or Assistant U.S. Attorney regarding consent language applicable to your jurisdiction. CONSENT TO SEARCH ELECTRONIC MEDIA I,, hereby authorize, who has identified himself / herself as a law enforcement officer, and any other person(s), including but not limited to a computer forensic examiner, he / she may designate to assist him / her, to remove, take possession of and / or conduct a complete search of the following: computer systems, electronic data storage devices, computer data storage diskettes, CD-ROMs, or any other electronic equipment capable of storing, retrieving, processing and / or accessing data. The aforementioned equipment will be subject to data duplication / imaging and a forensic analysis for any data pertinent to the incident / criminal investigation. I give this consent to search freely and voluntarily without fear, threat, coercion or promises of any kind and with full knowledge of my constitutional right to refuse to give my consent for the removal and / or search of the aforementioned equipment / data, which I hereby waive. I am also aware that if I wish to exercise this right of refusal at any time during the seizure and or search of the equipment / data, it will be respected. This consent to search is given by me this day of, 20, at am / pm. Location items taken from: Consenter Signature: Witness Signature: Witness Signature: AUTHORITY
12 HOME NETWORKING ELEMENTS Home Networking Basic Elements Internet Wired Workstations Wireless Workstations Modem Router Wireless Access Point As seen in this picture, a home network is often comprised of a modem, router and desktop or laptop computers. The typical purpose of a home network is to allow multiple computers to share a single internet connection, such as DSL, cable or dial-up. A home network also permits multiple users to share information with other computers on the network. When confronting a home network, you should disable the network's connection to the internet as soon as practical. This is accomplished by disconnecting the power source from the modem and / or router. In many instances home networks are connected via wireless routers or access points, which can be easily hidden. Increasingly, many home networks also serve as small offices or businesses. When confronting these types of home networks, you should contact a computer specialist and have him or her present or readily available to provide assistance with seizing the computer and digital evidence.
13 The following is a list of crimes which may involve the use of a computer or other electronic media. Listed below are the crimes and potential evidence which may be recovered from various types of electronic evidence. Account data from online auctions Accounting software and files Address books Calendar Chat Logs Customer information Computer Fraud Investigations: Credit card data Databases Digital camera software , notes and letters Financial and asset records Child Abuse and Pornography Investigations: Chat logs Digital camera software s, notes and letters Games Graphic editing and viewing software Images Internet activity logs Movie files User created directory and file names which classify images Address books Configuration files s, notes and letters Executable programs Internet activity logs Network Intrusion Investigations: Internet protocol address & usernames Internet relay chat logs Source code Text files and documents with usernames and passwords Address books s, notes and letters Financial asset records Internet activity logs Legal documents and wills Medical records Homicide Investigations: Telephone records Diaries Maps Photos of victim / suspect Trophy photos CRIMES AND DIGITAL EVIDENCE
14 CRIMES AND DIGITAL EVIDENCE Address books Diaries s, notes and letters Domestic Violence Investigations: Financial asset records Telephone records Financial Fraud and Counterfeiting Investigations: Address books Financial asset records Calendar Images of signatures Currency images Internet activity logs Check and money order images On-line banking software Customer information Counterfeit currency images Databases Bank logs s, notes and letters Credit card numbers False identification Threats, Harassment and Stalking Investigations: Address books Internet activity logs Diaries Legal documents s, notes and letters Telephone records Financial asset records Victim background research Images Maps to victim locations Address books Calendar Databases Drug recipes s, notes and letters Narcotics Investigations: False ID Financial asset records Internet activity logs Prescription form images Chat logs s, notes and letters Image files of software certificates Internet activity logs Software Piracy Investigations: Software serial numbers Software cracking utilities User created directories and file names which classify copyrighted software
15 Telecommunication Fraud Investigations: Cloning software s, notes and letters Customer database records Financial asset records Electronic serial numbers Internet activity logs Mobile identification numbers Hardware and Software Tools - Backdrops - Credit card reader / writer - Digital camera software - Scanner software Identification Templates - Birth certificates - Check cashing cards - Digital photo images - Driver s licenses - Electronic signatures - Counterfeit vehicle registrations - Counterfeit insurance documents - Social security cards Identity Theft Investigations: Internet Activity Related to ID Theft: - and newsgroup postings - Deleted documents - On-line orders - On-line trading information - Internet activity logs Negotiable Instruments - Business checks - Cashier s checks - Credit card numbers - Counterfeit court documents - Counterfeit gift certificates - Counterfeit loan documents - Counterfeit sales receipts - Money orders - Personal checks CRIMES AND DIGITAL EVIDENCE
16 INVESTIGATIVE QUESTIONS INVESTIGATIVE QUESTIONS PURPOSE: This section is to provide assistance to the patrol officer, detective or investigator in identifying particular types of electronic crimes as well as providing general questions which should be asked during the initial phases of the investigation. In conjunction with these investigative questions, the following information should be provided / documented to assist in the forensic examination of the electronic media: Case Summary - investigative reports, witness statements Internet Protocol (IP) Addresses - if available Key Word List - names, locations, identities Nicknames - all nicknames used by victim or suspect Passwords - all passwords used by victim or suspect Points of Contact - name of investigator making request Supporting Documents - consent form, search warrant Type of Crime - provide specific information General Investigative Questions that may be asked regarding a crime involving computers and electronic evidence are as follows: When and where was the computer obtained? Was it new or used? Who has access to the computer hardware and software? Where is the computer's electronic media (compact disks, floppy disks, thumb drives, etc) stored? Whose fingerprints might be found on the electronic media? If other people have access to the computer, hardware or software can they access everything on the computer or only certain files, folders or programs? How many people use the computer? Who are they? What is the level of computer experience of each computer user? What times of the day do the individual users have access to the computer? What are the user names on the computers? What programs are used by each computer user? Does the computer require a user name and password? What are they? Is there any software that requires a username or password? How does the computer have access to the internet (DSL, Cable, Dial-Up, LAN, etc)?
17 Does the victim or suspect have an account? Who is the service provider (Yahoo, AOL, Gmail, Hotmail, etc)? If s are involved in the case, ask the victim and suspect for their addresses. Which client (program) does the suspect or victim use? Does the victim or suspect remotely access their computer (can they get into their computer when away from the office or home)? Do any of the users use on-line or remote storage? Have any programs been used to clean the computer? Does the computer contain encryption software or hard drive wiping utilities? Is the computer always on? Electronic Crime Specific Questions target specific offenses and are as follows: Identity Theft / Financial Crimes: Victim Questions: Are you aware of any unusual activity on any of your accounts? What accounts have been compromised? Have you provided any personal information to any organization or individual? For what purpose was that information provided? Have you recently completed any credit applications or loan documents? Do you maintain any of your personal information on your computer? Have any bills or other financial statements not regularly arrived via mail? Have you checked your credit reports? Suspect / Target Questions: Where is your computer software (CDs, floppy disks, etc)? Does the computer contain any software for making checks or other financial documents? Does the computer contain any software to manipulate photographs? Does the computer contain any scanned or manipulated identification? Was the computer used in doing any on-line purchases? INVESTIGATIVE QUESTIONS
18 INVESTIGATIVE QUESTIONS Internet Crimes Against Children (ICAC): Victim Questions: Has the victim been on-line in any chat rooms? Does the victim use the internet, or chat from any other computers? If so, at what locations? Did the victim provide any information to anyone on line regarding their true name, age and location? What is the victim's address or on-line chat room name? Who is on the victim's buddy list in chat rooms? Does the victim save / archive chat room logs? What type of chat / client does the victim use? What were the specific sexual acts observed in the images or the electronic communications? Has the victim received any pictures or gifts from the suspect? Suspect / Target Questions: Where are all of the suspect's computers? Does the suspect remotely store data (external hard drive, on-line storage, etc)? What is the suspect's on-line identity or chat room name? Has the suspect electronically communicated with any person? How does the suspect communicate with other persons? (chat, s, etc.) Has the suspect viewed any child pornography using the computer? If so, how did the suspect obtain the child pornography? Did the suspect send child pornography to any other person in the suspect's state or in another state? Did the suspect realize that they were viewing images of children as opposed to computer generated images of children? Intrusions / Hacking: (Network Questions) Home Networks Can you physically trace all of the network cables back to their respective computers? Can each computer be associated to an individual user? Is the network connected to the internet? How is the network connected to the internet (DSL, Cable, Dial-up, etc)? Where is the DSL / cable modem located? Is it currently connected? Who is the internet service provider (ISP)? Is there more than one computer that can connect to the internet? Is there any wireless networking in place?
19 Business Networks Who first observed the illegal activity? Obtain the type of illegal activity and contact information for all witnesses. Identify the network administrator and obtain contact information. (The network administrator should not be contacted by the first responder.) Are any employees / former employees considered to be a suspect? Is there a printed diagram of the network available? Are computer logs being maintained? Can the computer logs be immediately secured for further investigation? Have any other law enforcement agencies been contacted? Crimes Involving s Victim Questions: Identify victim addresses and internet service provider (ISP) information. Identify all usernames and accounts used by the victim. Obtain any printed copies of s that the victim has received. Do not turn on the computer to print s. Suspect / Target Questions: Identify suspect addresses and internet service provider (ISP) information. Identify all usernames and accounts used by the suspect. Obtain all passwords and associated software / usernames used by the suspect. Instant Messaging / Internet Relay Chat (IRC) Crimes Victim Questions: Ask if the victim had logging or archiving activated during chat sessions. Identify the victim's online screen name and addresses. Obtain copies of any material the victim has already printed. What type of software / chat client is used by the victim? Suspect/Target Questions: Identify the suspect's online screen name and addresses. Obtain all passwords and associated software / usernames used by the suspect. INVESTIGATIVE QUESTIONS
20 GALLERY Computer Tower Pager Blackberry Cell Phone Storage Media (CDs, DVDs, Floppy Disks, Zip Disks and Flash Cards)
21 Desktop / Server Hard Drive Laptop Hard Drive Wireless Router ipod Thumb Drives GALLERY
22 GLOSSARY Glossary and Explanation of Terms BACKUP: A copy of information off a computer. BOOT: To load the first piece of software to start a computer. BYTE: A unit of data generally consisting of 8 bits. KILOBYTE (KB): A Kilobyte is 1024 bytes. MEGABYTE (MB): A Megabyte is 1024 Kilobytes. GIGABYTE (GB): A Gigabyte is 1024 Megabytes. CD-R: Compact disk to which data can be written to but not erased. CD-RW: Compact disk to which data can be written and erased. CPU: Central processing unit. It is the "brain" that performs all arithmetic, logic and control functions. DDOS: Distributed denial of service. An assault on a network that floods it with so many additional requests that regular traffic is slowed or completely interrupted. DONGLE: A device that attaches to a computer to control access to a particular application. Dongles provide one of the most effective means of copyright protection. DVD: Digital versatile disc or digital video disc. Similar in appearance to a compact disk, but can store larger amounts of data (typically a minimum of 4.7GB of data). ENCRYPTION: The process of scrambling or encoding information in an effort to guarantee that only the intended recipient can read the information. FIREWALL: A firewall allows or blocks traffic into and out of a private network or the user's computer. A firewall is a method for keeping computers secure from intruders. HARD DISK: The hard disk is usually inside the PC. It stores information in the same way as floppy disks but can hold far more data. Popular types of hard disks are IDE, SCSI and SATA. HARDWARE: The physical parts of a computer that can be picked up. ISP: Internet service provider. A company that sells access to the Internet via telephone or cable line to your home or office.
23 MEMORY: The electronic holding place for instructions and data that a computer's microprocessor can reach quickly. MODEM: A device that connects a computer to a data transmission line. MONITOR: A device on which the computer displays information. OPERATING SYSTEM: This software is usually loaded into the computer memory upon switching the machine on. It is a prerequisite for the operation of any other software. PERSONAL ORGANIZER or PERSONAL DIGITAL ASSISTANT (PDA): These are pocket-sized machines usually containing phone and address lists, diaries and other information. PIRATE SOFTWARE: Software that has been illegally copied. RAM: Random access memory. The computer's short-term memory that is lost when the computer is turned off. REMOVABLE MEDIA: Floppy disks, CDs, DVDs, cartridges and tapes that store data and can be easily removed. REMOVABLE MEDIA CARDS: Small data storage media which are more commonly found in other digital devices such as cameras, PDAs and music players. ROUTER: A network device that forwards packets from one network to another. USB STORAGE DEVICES: Small storage devices accessed using a computer's USB ports. They store large volumes of data files. They are easily removed, transported and concealed. They are about the size of a car key or highlighter pen. WARDRIVING: Driving around an area with a laptop and a wireless network adapter in order to locate unsecured wireless networks. WIRELESS NETWORK CARD: An expansion card present in a computer that allows a cordless connection between that computer and other devices on a computer network. The card communicates by radio signals to other devices present on the network. ZIP DRIVE / DISK: A 3.5-inch removable disk drive. The drive is bundled with software that can catalogue disks and lock files for security. GLOSSARY
24 Online Identity Theft Guide PREVENTION Never give out any of the following information to unknown sources: Date / Place of Birth Credit Card Number Address Social Security Number Mother's Maiden Name Phone Number Review credit reports at least once a year. Ensure secure online transactions by locating the closed lock icon at the bottom right side of your web browser before disclosing personal information. Unless absolutely necessary, do not store any financial information on a computer. Prior to discarding a computer, destroy all information contained on the hard drive. A wiping utility is necessary, as formatting will not safely destroy data. Use strong passwords and do not allow programs to save passwords. Use virus protection software and firewalls to prevent the loss of personal information from your computer or the introduction of malware. RESPONSE Contact bank or credit card issuer to report fraud. Place a fraud alert with the following credit agencies: Equifax Experian TransUnion File an identity theft complaint with your local police department and the Federal Trade Commission (FTC) at
APR. 08 Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition Cover photographs copyright 2001 PhotoDisc, Inc. NCJ 219941 Chapter 1. Electronic Devices: Types, Description,
Massachusetts Digital Evidence Consortium Digital Evidence Guide for First Responders May 2015 Digital Evidence Guide for First Responders - MDEC A Note to the Reader There are an unlimited number of legal
Digital Forensics Larry Daniel Introduction A recent research report from The Yankee Group found that 67.6 percent of US households in 2002 contained at least one PC The investigators foresee three-quarters
The Dimensions of Cyber Crime Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials appear as 2, CYBER CRIME AND ITS DIMENSIONS,
The Internet and Network Technologies Don Mason Associate Director Copyright 2013 National Center for Justice and the Rule of Law All Rights Reserved Inside vs. Outside Inside the Box What the computer
Computer Forensics Processing Checklist Pueblo High-Tech Crimes Unit Cmdr. Dave Pettinari Pueblo County Sheriff's Office email@example.com The purpose of this document is to provide computer forensic technicians
Best Practices for Incident Responders Collecting Electronic Evidence rev. April 2013 Prepared by: Rick Clyde Forensic Examiner firstname.lastname@example.org M: (402) 709-6064 Chris Hoke Principal and Owner
Responsible Access and Use of Information Technology Resources and Services Policy Functional Area: Information Technology Services (IT Services) Applies To: All users and service providers of Armstrong
Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not
INTRODUCTION CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM The Osceola County Board of County Commissioners is committed to protecting consumers who do business with Osceola County, and as such
Valmeyer Community Unit School District #3 Acceptable Use Of Computers and Networks The Valmeyer Community Unit School District #3 Board of Education supports the use of the Internet and other computer
Computer Forensics in Virginia Presented by: Computer Forensic Examiner Christine Bryce and First Sergeant Rob Keeton What is Computer Crime? Romanticized notion of High Tech crimes High Tech crime portrayed
TH3. Data storage http://www.bbc.co.uk/schools/gcsebitesize/ict/ A computer uses two types of storage. A main store consisting of ROM and RAM, and backing stores which can be internal, eg hard disk, or
Understanding Computers Today and Tomorrow 12 th Edition Chapter 15: Computer Security and Privacy Learning Objectives Explain why all computer users should be concerned about computer security. List some
MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009 Current Laws: Identity Crime: A person is guilty of identity
Scientific Working Group on Digital Evidence Best Practices for Computer Forensics Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification
Digital Forensics Dr. Vic Fay-Wolfe Department of Computer Science University of Rhode Island Topics What is Digital Forensics? Cases Digital Forensics Practice Algorithms and Computer Sci Digital Forensics
CAYUGA COUNTY POLICY MANUAL Section 11 Subject: Electronic messaging and internet 1 Effective Date: 5/25/10; Res. 255-10 Supersedes Policy of: November 28, 2000 Name of Policy: County Computer Hardware-Software
Valmeyer Community Unit School District #3 Acceptable Use Of Computers and Networks The Valmeyer Community Unit School District #3 Board of Education supports the use of the Internet and other computer
Below are SAMPLE interrogatories and requests for production that are meant to be complementary (i.e., any devices or electronic files that are identified in answer to an interrogatory or interrogatories
CHAPTER 18 CYBER CRIMES 18.1 With increased use of computers in homes and offices, there has been a proliferation of computer-related crimes. These crimes include: Crimes committed by using computers as
APR. 08 U.S. Department of Justice Office of Justice Programs National Institute of Justice Special REPORT Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition www.ojp.usdoj.gov/nij
Cablelynx provides a variety of Internet Services (the Services) to both residential and business customers (the Customer). Below, you will find the terms and conditions that you agree to by subscribing
E Safety Policy This e safety policy was approved by the Governing Body on: The implementation of this e safety policy will be monitored by: Monitoring will take place at regular intervals: Reporting to
By Detective John Alvarez Corona Police Department High Technology Crimes Unit California Penal Code 530.5(a) defines Identity Theft: Every person who willfully obtains personal identifying information,
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
MCOLES Information and Tracking Network Security Policy Version 2.0 Adopted: September 11, 2003 Effective: September 11, 2003 Amended: September 12, 2007 1.0 POLICY STATEMENT The Michigan Commission on
Key 2 Communications Inc. Acceptable Use Policy Please read carefully before accessing and/or using the Key 2 Communications Inc. Web site and/or before opening an account with Key 2 Communications Inc..
Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable
Reynoldsburg City Schools Computer and Technology Acceptable Use Policy Staff, Volunteers and Students AUP Sections 1. Acceptable Use 2. Privileges 3. Internet Access 4. Procedures & Caveats 5. Netiquette
Digital Evidence Collection and Use CS 585 Fall 2009 Outline I. II. III. IV. Disclaimers Crime Scene Processing Legal considerations in Processing Digital Evidence A Question for Discussion Disclaimers
ICT POLICY AND PROCEDURE POLICY STATEMENT St Michael s College regards the integrity of its computer resources, including hardware, databases and software, as central to the needs and success of our day-to-day
GENERAL STATEMENT TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE 1.1 The Council recognises the increasing importance of the Internet and email, offering opportunities for improving
BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY The Acceptable Use Policy ("the Policy") governs use of the Buckeye Express High Speed Internet Service ("the Service"). All subscribers
ipad Acceptable Use Regulation The Mamaroneck School District has purchased Apple ipads for selected students of the Mamaroneck School District. These students will be issued ipads with predetermined applications
Computer Forensics and Digital Evidence James Phelps, Ph.D. Angelo State University email@example.com 325-942-2167 Pre-Test So we can evaluate how well we do. The Chinese utilize a large, well-organized
Section: Information Security Revised: December 2004 Guideline: Description: Backup Security Guidelines: are recommended processes, models, or actions to assist with implementing procedures with respect
IDENTITY THEFT Security Breaches Our economy generates an enormous amount of data. Most users of that information are from honest businesses - getting and giving legitimate information. Despite the benefits
Computer Storage Computer Technology (S1 Obj 2-3 and S3 Obj 1-1) Storage The place in the computer where data is held while it is not needed for processing A storage device is device used to record (store)
Technology Department 1350 Main Street Cambria, CA 93428 Technology Acceptable Use and Security Policy The Technology Acceptable Use and Security Policy ( policy ) applies to all CUSD employees and any
MEMORANDUM TO: FROM: RE: Employee Human Resources MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY Please find attached the above referenced policy that is being issued to each
Victorian Certificate of Education 2004 SUPERVISOR TO ATTACH PROCESSING LABEL HERE INFORMATION SYSTEMS Written examination Friday 12 November 2004 Reading time: 11.45 am to 12.00 noon (15 minutes) Writing
FRESNO COUNTY EMPLOYEES' RETIREMENT ASSOCIATION INTERNET AND E-MAIL USAGE POLICY Effective August 24, 2004 Overview: The Fresno County Employees Retirement Association (FCERA) provides access to the Internet
Glossary Acceptable Use Policy (AUP): Policy which provides rules governing use of district technology. Access Fees: Fee charged to user for usage of services. Application: A program written to perform
1 Chapter 7 Securing Information Systems LEARNING TRACK 3: COMPUTER FORENSICS For thirty years, a serial murderer known as the BTK killer (standing for bind, torture, and kill) remained at large in Wichita,
McAfee.com Personal Firewall 1 Table of Contents Table of Contents...2 Installing Personal Firewall...3 Configuring Personal Firewall and Completing the Installation...3 Configuring Personal Firewall...
I-6400 2012 Arizona School Boards Association IJNDB USE OF TECHNOLOGY RESOURCES IN INSTRUCTION Appropriate use of Electronic Information Services The District may provide electronic information services
BOARD OF EDUCATION POLICY ADMINISTRATIVE GUIDELINE 6.6.1A(3) BROADALBIN-PERTH CENTRAL SCHOOL ADOPTED 1/22/00 3 RD READING AND ADOPTION 5/21/12 Employee Computer Use Agreement The district is pleased to
City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011 Purpose and Intent The City of Boston recognizes the importance
WIN reserves the right to prioritize traffic based on real time and non-real time applications during heavy congestion periods, based on generally accepted technical measures. WIN sets speed thresholds
Chapter 3: Computer Hardware Components: CPU, Memory, and I/O What is the typical configuration of a computer sold today? The Computer Continuum 1-1 Computer Hardware Components In this chapter: How did
SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information
Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms
Windows BitLocker Drive Encryption Step-by-Step Guide Microsoft Corporation Published: September 2006 Abstract Microsoft Windows BitLocker Drive Encryption is a new hardware-enhanced feature in the Microsoft
BTEC First Diploma for IT Scheme of Work for Computer Systems unit 3 (10 credit unit) Overview On completion of this unit a learner should: 1 Know the of 4 Be able to. Num of hours Teaching topic Delivery
Storage and Backup No matter how well you treat your system, no matter how much care you take, you cannot guarantee that your data will be safe if it exists in only one place. The risks are much greater
Technology Assessment Checklist for Small Businesses A quick way to help your small-business customers get the best technology. Today's small-business owners want reliable technology that helps them do
Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees
EZblue BusinessServer The All - In - One Server For Your Home And Business Quick Start Guide Version 3.8 1 2 3 EZblue Server Overview EZblue Server Installation EZblue Server Configuration 4 EZblue Magellan
Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of
1 ACCEPTABLE USE POLICY (AUP) EMERSON PARK ACADEMY (Signature of Headteacher) 1 St September 2014 2 ACCEPTABLE USE POLICY EMERSON PARK ACADEMY 'Acceptable and Responsible Use of ICT Resources' Contents
PERSONAL COMPUTERS 1 2 Personal computer a desktop computer a laptop a tablet PC or a handheld PC Software applications for personal computers include word processing spreadsheets databases web browsers
Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model Judge Dr. Ehab Elsonbaty Cyber Crime expert firstname.lastname@example.org Why should we care about CYBER CRIME & CYBER SECURITY? Clarification
Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
TVS CableNet Technical Support Guide Effective August 15, 2006 All materials 2006 TV Service, Inc. This material may not be reproduced in any form except for personal private use by TV Service Cable Internet
EZblue BusinessServer The All - In - One Server For Your Home And Business Quick Start Guide Version 3.11 1 2 3 EZblue Server Overview EZblue Server Installation EZblue Server Configuration 4 EZblue Magellan
COMPUTER BASICS Seema Sirpal Delhi University Computer Centre What is a Computer? An electronic device that stores, retrieves, and processes data, and can be programmed with instructions. A computer is
E DUCATION I NNOVATION A DVANCING J USTICE THE NATIONAL JUDICIAL COLLEGE OUTSIDE THE BOX: INTERNET & NETWORK TECHNOLOGY DIVIDER 7 Professor Donald R. Mason OBJECTIVES: After this session, you will be able
BOBCAT COMPUTING POLICY The overarching policy governing computing and networking at Jones is the Policy on Acceptable Use of Electronic Resources. The policy is reprinted in its entirety below. Faculty,
OLEAN CITY SCHOOL DISTRICT STUDENT LAPTOP GUIDELINES AND PROCEDURES 1. RECEIVING A LAPTOP a. Each student will receive a Dell Latitude 3340 laptop, a power adapter, and a slip on case for the laptop. b.
Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching
University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations
Page 1 of 8 I. PURPOSE To outline the University's policies for students, faculty, staff and others, concerning the use of the University's computing and communication resources, including those dealing
This Time Safety & Security in ICT Systems INFO 2 Oliver Boorman-Humphrey www.oliverboorman.biz This time we look at the need to protect data in ICT systems and the subsequent threats if these measures
Customer Awareness for Security and Fraud Prevention Identity theft continues to be a growing problem in our society today. All consumers must manage their personal information wisely and cautiously to
April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal
(Return this page to the Executive Staff member or Principal) MEMPHIS CITY SCHOOLS EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No. 14197 As a condition of using the MCS network, I
Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines
COUGAR WIRELESS ACCEPTABLE USE POLICY I. INTRODUCTION Cougar Wireless and its various affiliates and subsidiaries (collectively we, us, our ) are committed to being responsible network citizens. To assist