1 FOURTH AMENDMENT SEARCH AND THE POWER OF THE HASH Richard P. Salgado Replying to Orin S. Kerr, Searches and Seizures in a Digital World, 119 HARV. L. REV. 531 (2005). I. THE POWER OF HASHING Hashing is a powerful and pervasive technique used in nearly every examination of seized digital media. The concept behind hashing is quite elegant: take a large amount of data, such as a file or all the bits on a hard drive, and use a complex mathematical algorithm to generate a relatively compact numerical identifier (the hash value) unique to that data. Examiners use hash values throughout the forensics process, from acquiring the data, through analysis, and even into legal proceedings. Hash algorithms are used to confirm that when a copy of data is made, the original is unaltered and the copy is identical, bit-for-bit. That is, hashing is employed to confirm that data analysis does not alter the evidence itself. Examiners also use hash values to weed out files that are of no interest in the investigation, such as operating system files, and to identify files of particular interest. It is clear that hashing has become an important fixture in forensic examinations. What is not clear is whether the use of hashing implicates the Fourth Amendment, and if so, how. Is there a search when an examiner simply calculates the hash value of a hard drive in the data duplication process? Is there any Fourth Amendment moment if an examiner uses hashing to identify files on the media that are of interest but that are not within the scope of the search warrant or authority? What if those files constitute digital contraband? Does hashbased examination for child pornography fall outside the Fourth Amendment, allowing investigators throughout the country to look for child pornography on any seized electronic storage device, regardless of the nature of the investigation, without a warrant? This Reply examines those questions within the framework of Professor Kerr s exposure theory of search. I conclude that when used as part of the imaging process, hashing reveals no meaningful hints as Lecturer in Law, Stanford Law School; Certified Instructor, SANS Institute; Member, Board of Directors, Honeynet Project; Senior Legal Director, Yahoo!, Inc. (The statements expressed herein should not be taken as a position or endorsement of Yahoo!, Inc. or its subsidiaries and may not reflect the opinion of their affiliates, joint ventures, or partners). Thanks to Kyle French for his thoughtful insights. 38
2 2006] POWER OF THE HASH 39 to the contents of the imaged media and thus is not a search for the purposes of the Fourth Amendment. I also conclude that in the analysis process, the use of hashing to find only files that constitute contraband does not constitute a Fourth Amendment search under the rulings of United States v. Place, 1 United States v. Jacobsen, 2 and Illinois v. Caballes. 3 There are important differences between the type of contraband in those cases narcotics and digital contraband that may make the discussion somewhat academic, at least at this juncture. II. HASHING AND DIGITAL FORENSICS Hashing is the process of taking an input data string (the bits on a hard drive, for example), and using a mathematical function to generate a (usually smaller) output string. 4 For example, one could take a digital wedding photo from a hard drive and calculate the hash value of the photo. Hash values can also be calculated for other data sets, including the contents of a DVD, USB drive, or an entire hard drive. A. Key Properties of Hashing Algorithms For computer forensics purposes, a good hashing algorithm will result in a hash value with two important properties. First, the hash value will be, for all practical purposes, uniquely associated with the input. No other file will have the same hash value as the wedding photo, except a file that is identical, bit-for-bit. If one altered the wedding photo by changing so little as one bit, the hash value of the photo would be different as well. 5 The chance of two different inputs colliding, to use the language of cryptanalysts, is astronomically small. 6 Although research has shown cracks in MD-5 and SHA-1, two com U.S. 696 (1983) U.S. 109 (1984) S. Ct. 834 (2005). 4 See BRUCE SCHNEIER, APPLIED CRYPTOGRAPHY 30 (2d ed. 1996). 5 The name of the file and other file attributes are not included in calculating the hash. A file by any name will hash the same. 6 SCHNEIER, supra note 4, at 429. The range of values generated from commonly used hash algorithms is huge. For example, the prolific algorithm MD-5 can generate more than 340,000,000,000,000,000,000,000,000,000,000,000,000 (that s 340 billion, billion, billion, billion) possible values. The widely used SHA-1 algorithm generates a range of values over four billion times larger than that. Thus, although there is a finite number of possible hash values and an infinite number of possible data inputs, the odds of a collision are infinitesimally small.
3 40 HARVARD LAW REVIEW FORUM [Vol. 119:38 monly used algorithms, 7 there is more than reasonable assurance that two different inputs will not have the same hash value. 8 A second property is that the hash algorithm works in only one direction. One can calculate a hash value from input, but cannot derive the input from the hash value. 9 The hash value of the wedding photo cannot be reversed to generate the photo itself. Of course, by virtue of the first property, if an unknown file has a hash value identical to that of another known file, then you know that the first file is the same as the second. B. Key Uses of Hashing Algorithms in the Digital Forensics Process These properties make hash algorithms highly useful throughout the forensics process. Often one of the first steps of the process is to generate an image of the media to be analyzed. 10 Because hash values uniquely identify the underlying data, a technician who generates an image can use a hash algorithm to ensure that the copying was done accurately, to the bit. To do this, the technician will calculate the hash value of the entire original drive, 11 generate an image, and then calculate the hash value of the entire image. 12 If the two hash values match, the imaging process worked and the duplicate is an exact replica of the original; if they don t match, then the imaging can be attempted again. Similarly, if additional forensics images are created, the hash value generated initially becomes the touchstone for ensuring those copies are and remain duplicates of the original. 13 During the analysis phase, analysts often must sort through massive amounts of data to gather the important information and disregard the unimportant. Hashing can automate much of this work. There are now libraries of hash values calculated for common programs and files. 14 Many digital analysis tools can be configured to cal- 7 See Xiaoyun Wang, Yiqun Lissa Yin & Hongbo Yu, Finding Collisions in the Full SHA-1, (last visited Jan. 17, 2006); Xiaoyun Wang & Hongbo Yu, How To Break MD5 and Other Hash Functions (2005), 8 Research shows that, under controlled and artificial circumstances, it is possible to engineer two different files with the same hash value. Some effort has been made to design a tool that can create collisions. It is extremely unlikely that collisions would happen in the wild, much less in the context of digital media imaging and forensics. 9 SCHNEIER, supra note 4, at See MICHAEL G. SOLOMON, DIANE BARRETT & NEIL BROOM, COMPUTER FORENSICS JUMPSTART: COMPUTER FORENSICS BASICS 85 (2004). 11 The process of calculating the hash value of data does not alter the data itself. 12 See SOLOMON ET AL., supra note 10, at See id. at The National Software Reference Library (NSRL), run by the National Institute of Science and Technology, has a huge set of hash values of software commonly found on computers. In
4 2006] POWER OF THE HASH 41 culate separate hash values of each individual file on the imaged media, and match the values against known hash sets. Depending on what the examiner is looking for, the forensic tool may include the matching files in a report or exclude them. For example, an investigator having no interest in the word processing software on a seized hard drive can load the hash set for common word processing programs and exclude those files from analysis. In this respect, the use of hash values minimizes the amount of data that the investigator sees. Using Professor Kerr s terminology, the unwanted data is not exposed in the forensics work. By the same token, hash sets can be used to look for particular programs or files on the media. For example, an examiner may need to look for signs of malicious code on the media (perhaps in anticipation of a suspect s claim that the computer was infected with a worm that gave somebody else control over it). The examiner can load hash sets for known worms, viruses, and Trojan horses to look for signs that corroborate or rebut the defense. 15 Likewise, an examiner may use hashing to look for steganography 16 software and similar programs for evidence the user employs data-hiding techniques. Although examinations are not necessarily flawed without hashing, the tool provides a reliable and inexpensive means to address critical data acquisition and examination goals. It also presents an interesting and important series of Fourth Amendment issues. In the next Part, I look at the Fourth Amendment implications of hashing, particularly in light of Professor Kerr s exposure theory of search. III. HASHING AND THE FOURTH AMENDMENT A. Hashing for Integrity Validation Professor Kerr proposes a rule whereby a Fourth Amendment search occurs when any data on a hard drive or information about that data, no matter how little, is exposed to human observation. 17 Could Professor Kerr s proposal mean that a search occurs no later June 2005, the NSRL had over 10.5 million unique hash values using different algorithms covering over 31.7 million files. National Software Reference Library, (last visited Jan. 17, 2006). 15 There are better ways to look for malware, but this is one technique. See Susan W. Brenner & Brian Carrier with Jef Henninger, The Trojan Horse Defense in Cybercrime Cases, 21 SANTA CLARA COMPUTER & HIGH TECH. L.J. 1, (2004); see also United States v. Bass, 411 F.3d 1198, 1200 (10th Cir. 2005) (defendant claimed a virus was responsible for downloaded child pornography). 16 Steganography refers to the process of hiding data within other data, such as hiding text in an image. 17 Orin S. Kerr, Searches and Seizures in a Digital World, 119 HARV. L. REV. 531, (2005).
5 42 HARVARD LAW REVIEW FORUM [Vol. 119:38 than when the imaging technician views the hash values to verify that the process was completed successfully? Is exposure of the media s hash value a constitutional moment? After all, the hash value is derived from each bit on the drive and its placement relative to the other bits. There is essentially no chance that any other hard drive would have the same hash value. It is a value intimately associated with all the data on the media. The Supreme Court decision in Arizona v. Hicks, 18 involving a search of an apartment, sheds an interesting light on this question. In Hicks, the Court concluded that there was a search for Fourth Amendment purposes when an officer, legitimately on the premises, moved a turntable to view a serial number on the bottom. 19 At first glance, the facts in Hicks may seem analogous to a hash calculation: the serial number serves to identify the turntable, just as the hash value serves to identify the data on the hard drive. Finding the serial number required that the agent manipulate the turntable, just as calculating a hash value requires accessing the data on the hard drive. But those similarities are superficial. In Hicks, the item that the agent was searching for and found, the serial number, was already in existence and was located on the turntable. A hash value, on the other hand, is something that the agent will derive; it is not something the agent will look for stored on the hard drive. 20 Moreover, although the hash is generated from the data on the drive, it will normally reveal nothing about that information. 21 It does not suggest what the information is or lay bare any of its characteristics or attributes. Although a search is a search, even if it happens to disclose nothing but the bottom of a turntable, 22 hash calculations disclose nothing. As a predictor of data, the hash value is no more useful than a random number. Though one may argue that there is a reasonable expectation of privacy in the hash value of the drive, and thus its exposure constitutes a search, the true degree of intrusion into private matters is, at most, de minimis. Generating the hash value of the image serves the purpose of allowing the analysis of a massive quantity of data to proceed with great confidence that the data were collected correctly and will not be tainted by the forensic process. A defendant hardly can be heard to claim a constitutional right to a lesser standard of evidence U.S. 321 (1987). 19 Id. at Professor Kerr notes that some metadata stored on a drive could be revealed as part of the imaging, and suggests that to the extent these data are exposed, there is a search. Kerr, supra note 17, at 560 n.130. Like the serial number in Hicks, and unlike the hash value, the metadata themselves are taken from the media. 21 There may be some rare edge cases where this is not true. One such case is discussed infra section III.B Hicks, 480 U.S. at 325.
6 2006] POWER OF THE HASH 43 handling. 23 Because hashing is minimally intrusive and is driven by operational necessities, there is little constitutional significance. 24 B. Hashing for Data Reduction and Data Exposure 1. Data Reduction. Hashing can greatly speed up forensic analysis by acting as a sorting mechanism. When a technician uses hashing to exclude files, not only can the examination conclude more efficiently, but it is also less intrusive. Files that are known to be outside of the scope of the legitimate search (and for which hash values are available) can be carved from the examination altogether. Under Professor Kerr s exposure theory of search, so long as the list of excluded files found on the media was not exposed, the data would not have been searched in this data reduction process. This conclusion is also consistent with the recognition that it is permissible to sort through reams of data in order to find and search only the information within the scope of the warrant. 25 Indeed, because the process is largely automated, the privacy interest of the searched party is better protected than it would be if the sorting were done by human hands as it is done with paper archives. 2. Data Exposure. A technician can also match the media hash list against a known-file hash list to find particular files. This could include looking for evidence that the computer had been compromised by malicious code, such as a worm, virus, or Trojan horse. Custommade known-file hash lists provide nearly unlimited flexibility to look for unusual files that would not be found in a public hash set. A customized list could include hash values for files stolen in an intrusion, or pirated software not yet released generally. Under Professor Kerr s analysis, use of hashing in this manner would constitute a Fourth Amendment search, because the results expose certain contents of the media. 26 The more interesting, and controversial, question is whether hashbased examination may be used to find digital contraband without a 23 Cf. United States v. Jacobsen, 466 U.S. 109, 119 & n.16 ( Protecting the risk of misdescription hardly enhances any legitimate privacy interest, and is not protected by the Fourth Amendment. ). 24 Cf. Hicks, 480 U.S. at 327 ( We have held that [a seizure] can [be justified on less than probable cause] where, for example, the seizure is minimally intrusive and operational necessities render it the only practicable means of detecting certain types of crime. ). 25 Cf. United States v. Brooks, 427 F.3d 1246, (10th Cir. 2005). 26 A related question arises if the hash list generated from the seized media contains entries for files outside the search authority and is viewed by the investigators. Arguably, to the extent such an entry is compared against a known-file hash list and a match is discovered, information is revealed from the hash. Under Professor Kerr s proposal, this too may constitute exposure and trigger Fourth Amendment requirements.
7 44 HARVARD LAW REVIEW FORUM [Vol. 119:38 warrant or exception to the warrant requirement. 27 The question stems from three Supreme Court decisions, each of which involved narcotics detection: United States v. Place, United States v. Jacobsen, and Illinois v. Caballes. In Caballes, the Court held that the use of a well-trained narcotics-detection dog one that does not expose noncontraband items that otherwise would remain hidden from public view during a lawful traffic stop, generally does not implicate legitimate privacy interests. 28 (Place similarly involved use of a narcotics-sniffing dog at an airport. 29 ) In Jacobsen, the Court held that a field chemical test that merely discloses whether or not a particular substance is cocaine does not compromise any legitimate interest in privacy. 30 All three decisions are premised on the doctrine that unless government conduct compromises a legitimate interest in privacy, there is no search subject to the Fourth Amendment warrant requirement. 31 Because there is no legitimate interest in possessing something that is illegal to possess (for example, contraband), there is similarly no search when an investigator uses a tool that reveals only contraband. 32 In concluding that there was no search, the key focus, particularly in Caballes, was on two main questions: (1) is the item to be detected illegal to possess, and (2) will the detection tool reveal only that item? 33 The decisions could have significant implications for digital media forensics, particularly in light of powerful hash-based examinations. It is clear that digital child pornography constitutes contraband in the Caballes-sense that it is illegal to possess. 34 Further, hash-based examination provides a very effective and efficient means to identify only particular files. Does this suggest that law enforcement could, as a routine practice in all forensics labs when searching digital media, also conduct a hash search for child pornography without regard to the confines of the search authority? Could every examination of every electronic storage device include 27 See, e.g., Ric Simmons, The Two Unanswered Questions of Illinois v. Caballes: How To Make the World Safe for Binary Searches, 80 TUL. L. REV. (forthcoming 2006); Michael Adler, Note, Cyberspace, General Searches, and Digital Contraband: The Fourth Amendment and the Net-Wide Search, 105 YALE L.J (1996). 28 Illinois v. Caballes, 125 S. Ct. 834, 838 (2005) (citation omitted) (quoting United States v. Place, 462 U.S. 696, 707 (1983)). 29 Place, 462 U.S. at United States v. Jacobsen, 466 U.S. 109, 123 (1984). 31 Caballes, 125 S. Ct. at Id.; Jacobsen, 466 U.S. at 124 n See Caballes, 125 S. Ct. at 838; Jacobsen, 466 U.S. at 123 ( Congress has decided and there is no question about its power to do so to treat the interest in privately possessing cocaine as illegitimate; thus governmental conduct that can reveal whether a substance is cocaine, and no other arguably private fact, compromises no legitimate privacy interest. ) 34 See Caballes, 125 S. Ct. at 839.
8 2006] POWER OF THE HASH 45 a hash-based search for child pornography, even in, for example, a tax evasion case where there is no predicate to believe child pornography is present on the media? In 2004, the Regional Computer Forensics Laboratories, run largely by the FBI, conducted over 1300 examinations. 35 No doubt that many were accompanied by a warrant or valid consent allowing a search for evidence of child pornography, but many involved other investigations such as homicides, terrorism, and healthcare fraud. 36 Certainly we benefit from an aggressive battle against the scourge of child pornography. Yet there would be something very creepy about an expansive and unrestrained search through media, even though properly in the hands of law enforcement, for offending images. Aside from this visceral reaction, however, Caballes and its line do present some opportunity for hash-based examinations for contraband. But how good a fit is it? Arguably, the hash tool is less like the narcotics-detecting dog of Caballes, and more like the heat imaging device used to detect marijuana in a home in Kyllo v. United States. 37 After all, in many cases the computer will have been used in and seized from a personal residence. But that is about where the similarity ends. Significantly, in distinguishing Caballes from Kyllo, the Court did not rely on the fact that Caballes involved a traffic stop and Kyllo a home. 38 Rather, the Court held that unlike a dog sniff, the heat imaging tool of Kyllo was not discerning enough to reveal only illicit activities. 39 Hash-based file detection works extraordinarily well in identifying only those files that are exact matches, and is far more akin to Caballes in this material feature than Kyllo. It would seem that Caballes would allow for the routine use by government of hash-based contraband detection in any search of a digital storage device, regardless of the scope of the search authority. But it may not be as simple as that. For hash-based examinations to work, the underlying known-file hash lists must contain hash values for images that are illegal to possess. It is one thing to conclude that 35 FBI REG L COMPUTER FORENSICS LAB. PROGRAM, FISCAL YEAR 2004 ANNUAL REPORT 6, available at 36 Id. at U.S. 27 (2001). 38 Nothing in the analysis of Caballes suggested that it was location-dependent, or that location separated Caballes from Kyllo. That is not to say there is no room left to argue that the degree of intrusiveness is greater when the drug dog sniffs outside a home or apartment. Cf. United States v. Thomas, 757 F.2d 1359, 1366 (2d Cir. 1985) (use of dog to sniff outside suspect s apartment constituted a search). In most digital forensics examinations, however, the hash-matching process will be conducted entirely off-site, with no additional intrusion of the home or meaningful delay in the examination. 39 Caballes, 125 S. Ct. at 838.
9 46 HARVARD LAW REVIEW FORUM [Vol. 119:38 child pornography is contraband; it is quite another to conclude that a particular image to be included in a hash set is child pornography. The definition of child pornography cannot be set out as a chemical formula, unlike drug contraband, and no legislative body has declared particular images to be contraband, much less blessed a hash set. Instead, the definitions describe the attributes that make an image contraband. 40 It would seem that populating a hash set requires exercise of discretion that is not required when teaching a dog to detect cocaine or developing a chemical test to react to particular narcotics. There are, however, known series of confirmed child pornography. These are images in which the person depicted has been identified as underage, and perhaps has even provided sworn statements and other evidence to that effect. Some of the images have been the subject of adjudication. 41 There is little doubt that these images are child pornography. Is it enough under Caballes that the facts as developed in judicial proceedings so strongly support the conclusion these images fit within the statutory definition of child pornography, or must that decision be made by the legislature? At least theoretically, Caballes and its line may very well provide a basis for using hash-based tools to find child pornography on any digital media properly in the control of law enforcement. The technology for running hash-based examinations is well established in the most common of forensics tools. The more difficult problem is creating a hash set that contains only images that are illegal to possess. Without that, and in spite of its phenomenal ability to reveal only files it is asked to reveal, the tool becomes more like the Kyllo device; it exposes that to which there is a legitimate privacy interest. CONCLUSION The hash algorithm has afforded digital media forensic analysis a highly reliable and efficient means to ensure that the integrity of the digital evidence collected remains uncompromised. It also provides a means to discard from the examination the irrelevant, and focus in on the important, while exposing little, if any, ancillary information. The interests of law enforcement are served, as are the legitimate privacy interests of the subject. The use of hashing thus does a laudable job at advancing the purposes of the Fourth Amendment. As collections of known hash values grow and are incorporated into widely used forensics tools, however, the potential for hashing to intrude into private areas also grows. 40 See 18 U.S.C.A. 2256(8) (West 2000 & Supp. 2005) (defining child pornography ). 41 See, e.g., United States v. Venson, 82 F. App x 330 (5th Cir. 2003) (prosecution for possessing and receiving child pornography).
COMMON SENSE AND KEY QUESTIONS Stuart Minor Benjamin In the net neutrality proceeding at the FCC and in Verizon v. FCC, 1 Internet access service providers contended that the First Amendment applied to
STATE OF FLORIDA, Plaintiff, v. RICARDO H. GLASCO, Defendant. Circuit Court, 18th Judicial Circuit in and for Brevard County. Case No. 05-2010-CF-021349-AXXX-XX. February 24, 2011. John M. Harris, Judge.
Case 1:07-cr-00014-BLW Document 24 Filed 09/07/2007 Page 1 of 10 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF IDAHO UNITED STATES OF AMERICA, ) ) Case No. CR-07-14-S-BLW Plaintiff, ) ) MEMORANDUM
THE NOT A SEARCH GAME JOHN F. STINNEFORD * The privacy versus security discussion is not just about the Fourth Amendment it involves policy considerations as well. The Fourth Amendment concerns frame the
STATE OF TENNESSEE OFFICE OF THE ATTORNEY GENERAL Searches and Arrests on School Property February 24, 2014 Opinion No. 14-21 QUESTIONS 1. Do public school students have any expectation of privacy in their
DEPARTMENT OF JUSTICE WHITE PAPER Sharing Cyberthreat Information Under 18 USC 2702(a)(3) Background Improved information sharing is a critical component of bolstering public and private network owners
Unit title: Digital forensics Unit number: 30 Level: 5 Credit value: 15 Guided learning hours: 60 Unit reference number: D/601/1939 UNIT AIM AND PURPOSE To provide learners with an understanding of digital
Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model Judge Dr. Ehab Elsonbaty Cyber Crime expert email@example.com Why should we care about CYBER CRIME & CYBER SECURITY? Clarification
UNPUBLISHED UNITED STATES COURT OF APPEALS FOR THE FOURTH CIRCUIT No. 10-4683 UNITED STATES OF AMERICA, Plaintiff - Appellee, v. MARCO THOMAS MOORE, Defendant - Appellant. Appeal from the United States
United States of America, UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA Criminal No. 13-107(DSD/FLN) Plaintiff, v. ORDER Michael Duane Hoffman, This matter is before the court upon the objection by
David W. Opderbeck New Jersey Law Journal, May 16, 2016 Over the past few months, there has been a flurry of sometimes contradictory activity concerning the government's ability to access electronic information
FOR PUBLICATION UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT UNITED STATES OF AMERICA, Plaintiff-Appellee, v. DANNY TEAGUE, Defendant-Appellant. No. 10-10276 D.C. No. 1:05-cr-00495- LJO-1 OPINION
Computer Networks & Computer Security SE 4C03 Project Report Hackers: Detection and Prevention Due Date: March 29 th, 2005 Modified: March 28 th, 2005 Student Name: Arnold Sebastian Professor: Dr. Kartik
A MURDER SCENE EXCEPTION TO THE 4TH AMENDMENT WARRANT REQUIREMENT? Bryan R. Lemons Senior Legal Instructor It is firmly ingrained in our system of law that searches conducted outside the judicial process,
United States Court of Appeals FOR THE EIGHTH CIRCUIT No. 09-1408 United States of America, * * Appellee, * * Appeal from the United States v. * District Court for the * District of Minnesota. Aaron Jay
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
Cyber Security Laws and Policy Implications of these Laws In an age where so many businesses and systems are reliant on computer systems, there is a large incentive for maintaining the security of their
Understanding and Integrating KODAK Picture Authentication Cameras Introduction Anyone familiar with imaging software such as ADOBE PHOTOSHOP can appreciate how easy it is manipulate digital still images.
ACCEPTABLE USE AND TAKEDOWN POLICY This Acceptable Use and Takedown Policy ( Acceptable Use Policy ) of Wedding TLD2, LLC (the Registry ), is to be read together with the Registration Agreement and words
STATE OF MINNESOTA COUNTY OF HENNEPIN COUNTY ` DISTRICT COURT FOURTH JUDICIAL DISTRICT STATE OF MINNESOTA, Plaintiff, vs. JIMMIE DALE JACKSON, File No: 04085182 ORDER AND MEMORANDUM OF LAW Defendant. Defendant
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
Computer Forensics Processing Checklist Pueblo High-Tech Crimes Unit Cmdr. Dave Pettinari Pueblo County Sheriff's Office firstname.lastname@example.org The purpose of this document is to provide computer forensic technicians
UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF TEXAS HOUSTON DIVISION IN THE MATTER OF APPLICATION FOR CELL TOWER RECORDS MAGISTRATE NO. H-15-136M UNDER 18 U.S.C. 2703(D) OPINION On February 10, 2015
Drug-Free Workplace Policy and Procedures July 16, 2015 Regional Transit Authority of Southeast Michigan Drug-Free Workplace Policy and Procedures Purpose In compliance with regulations governing anti-drug
BUSINESS ONLINE BANKING AGREEMENT This Business Online Banking Agreement ("Agreement") establishes the terms and conditions for Business Online Banking Services ( Service(s) ) provided by Mechanics Bank
Are Employee Drug Tests Going Up in Smoke? Robert D. Meyers Meghan K. McMahon On January 1, 2014, the nation s first marijuana retail stores opened in Colorado. This landmark event came approximately 14
To Catch a Thief: Computer Forensics in the Classroom Anna Carlin email@example.com Steven S. Curl firstname.lastname@example.org Daniel Manson email@example.com Computer Information Systems Department California
Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National
NATIONAL CRIME PREVENTION COUNCIL What is Cybercrime? A crime committed or facilitated via the Internet is a cybercrime. Cybercrime is any criminal activity involving computers and networks. It can range
Digital signature in insecure environments Janne Varjus Helsinki University of Technology firstname.lastname@example.org Abstract Due to current legislation the digital signatures can be as valid as the hand written
14 Improving the Complaints Process Our systemic review demonstrated that the complaints mechanisms in place to address public concerns about the work of pathologists providing forensic pathology services
Computer Forensics and What Is, and Is Not, There on Your Client s Computer Rick Lavaty, Computer Systems Administrator, District of Arizona Eddy Archibeque, Computer Systems Administrator, District of
DEPARTMENT OF JUSTICE AND FEDERAL TRADE COMMISSION: ANTITRUST POLICY STATEMENT ON SHARING OF CYBERSECURITY INFORMATION Executive Summary Cyber threats are becoming increasingly more common, more sophisticated,
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
YOUTH RIGHTS MANUAL Youth Rights Manual Police Interaction: On and Off Campus Last Updated January 2010 ACLU FOUNDATION OF TEXAS P.O. BOX 8306 HOUSTON, TX 77288 T/ 713.942.8146 F/ 713.942.8966 WWW.ACLUTX.ORG
Aftermath of Arizona v Gant Mark M. Neil Senior Attorney National Traffic Law Center National District Attorneys Association A Little History - Facts of Gant 99 Canal Center Plaza, Suite 330 Alexandria,
For Now, New York State Investigators Can Ping Cellphones Without A Warrant in New York State Can New York State Inspectors General and other law enforcement agencies use real-time GPS tracking on cellphones
Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of
Tax Controversy Services IRS Insights In this issue: The Federal Circuit Affirms a Court of Federal Claims Decision Dismissing Foreign Tax Credit Refund Claims as Untimely... 1 The Court of Federal Claims
CSET 4850 Computer Network Security (4 semester credit hours) CSET Elective IT Elective Current Catalog Description: Theory and practice of network security. Topics include firewalls, Windows, UNIX and
The Ohio State University Knowledge Bank kb.osu.edu Ohio State Law Journal (Moritz College of Law) Ohio State Law Journal: Volume 22, Issue 3 (1961) 1961 Automobile Liability Policy Held to Cover Stolen
Law Enforcement Incident Response to Cybercrimes & Battling Current Technological Trends Corey J. Bourgeois, Computer Forensic Examiner & David Ferris, Investigator Louisiana Department of Justice HTCU
Contact Attorneys Regarding This Matter: Aaron M. Danzig 404.873.8504 direct email@example.com W. Jerad Rissler 404.873.8780 direct firstname.lastname@example.org Client Alert When Is Qui Tam False Claims Act
2:10-cr-20535-DML-MAR Doc # 335 Filed 05/31/13 Pg 1 of 8 Pg ID 6782 UNITED STATES OF AMERICA, UNITED STATES DISTRICT COURT EASTERN DISTRICT OF MICHIGAN SOUTHERN DIVISION v. Plaintiff, BOBBY W. FERGUSON,
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
United States vs. McNeely: Analysis and Implications for DWI Enforcement in Minnesota 1 By Peter Ivy and Peter Orput, MCPA Co-Counsel 2 1) McNeely Background and Supreme Court Holding On April 17, 2013,
Section II Privacy and Legislation 1 Privacy and Legislation Privacy Definition What is privacy? The Fourth Amendment: The right of the people to be secure in their persons, houses, papers, and effects,
Fraud Detection and Prevention Timothy P. Minahan Vice President Government Banking TD Bank Prevention vs. Detection Prevention controls are designed to keep fraud from occurring Detection controls are
September 18, 1998 No. 8261 This opinion is issued in response to questions from Jan Curry, Manager of the Driver and Motor Vehicle Services Branch of the Oregon Department of Transportation (ODOT), about
Boston College Law Review Volume 52 Issue 6 Volume 52 E. Supp.: Annual Survey of Federal En Banc and Other Significant Cases Article 15 4-1-2011 The Need for Sneed: A Loophole in the Armed Career Criminal
Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further
National District Attorneys Association National Center for Prosecution of Child Abuse Computer Forensics for Prosecutors February 18-19, 2013 Portland, Oregon Detective Michael Smith Computer Crimes &
The Legal Argument 1 email@example.com Abstract This paper addresses digital forensic analysis tools and their use in a legal setting. To enter scientific evidence into a United States court, a
Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility
Union County College Faculty Curriculum Committee New Course Proposal Form To all faculty members seeking to introduce a new course proposal to the Curriculum Committee, please make sure to complete the
CHAPTER Policing: Legal Aspects Changing Legal Climate The U.S. Constitution is designed to protect citizens against abuses of police power. Changing Legal Climate 1960 s The U.S. Supreme Court clarified
I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis
I. Introduction Computer Use Policy Approved by the Ohio Wesleyan University Faculty: March 24, 2014 Ohio Wesleyan University (OWU) provides computing resources to support the educational mission and administration
MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY HTTP://SCIENCE.HAMPTONU.EDU/COMPSCI/ The Master of Science in Information Assurance focuses on providing
Commentary Perfect 10, Inc. v. Visa International Service, Association, 494 F.3d 788 (9th Cir. 2007): A Free Pass For Merchant Account Providers For Secondary Liability In Trademark Counterfeiting Cases?
Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible
dnasaves.org The Facts About Forensic DNA Analysis and DNA Databases A guide to scientific methodologies, laws and regulations for forensic DNA sample analysis. The shared local, state and national forensic
Computer Forensics for CEO s and Managers Robert Reed, MSCIS Forensics Investigator, Tucson Police Department Synopsis Computer forensics can serve a vital role in any organizations incident response planning.
TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME Haya Fetais & Mohammed Shabana Saint Leo University COM- 510 November 23, 2014 Introduction Globalization and technological developments have infiltrated
NCVLI NATIONAL CRIME VICTIM LAW INSTITUTE PROTECTING, ENFORCING & ADVANCING VICTIMS RIGHTS Protecting, Enforcing & Advancing Victims Rights AUGUST 2014 * LEGAL PUBLICATIONS PROJECT OF THE NATIONAL CRIME
Filed 5/21/10 CERTIFIED FOR PUBLICATION APPELLATE DIVISION SUPERIOR COURT OF CALIFORNIA COUNTY OF ORANGE THE PEOPLE, CASE No. 30-2009-304893 Plaintiff and JUDGMENT ON APPEAL Respondent, from the SUPERIOR
Establishing a Mechanism for Maintaining File Integrity within the Data Archive Thomas C. Stein, Edward A. Guinness, Susan H. Slavney Earth and Planetary Sciences, Washington University, St. Louis, MO,
State of the States Cyber Crime Consortium By Justin Fitzsimmons Program Manager, High-Tech Crime Training Services SEARCH On April 30, 2015, the Office of the Massachusetts Attorney General, along with
First Circuit Prohibits Warrantless Search of Cellular Phones In United States v. Wurie, 1 a police officer, while performing routine surveillance, observed what he believed was an illegal drug transaction
This opinion will be unpublished and may not be cited except as provided by Minn. Stat. 480A.08, subd. 3 (2012). STATE OF MINNESOTA IN COURT OF APPEALS A13-1698 Brian Jeffrey Serber, petitioner, Respondent,
Network Working Group Request for Comments: 1281 R. Pethia Software Engineering Institute S. Crocker Trusted Information Systems, Inc. B. Fraser Software Engineering Institute November 1991 Status of this
WHEN CAN THE POLICE CONDUCT A NEBRASKA SEARCH AND SEIZURE OF YOUR HOME? A man's house shall be his own castle, privileged against all civil and military intrusion. Petersen Criminal Defense Law Regardless
2011 Parent-Teen Internet Safety Report GFI Software June 2011 TABLE OF CONTENTS INTRODUCTION STUDY METHODOLOGY KEY FINDINGS AT A GLANCE CONTENT COMMUNICATIONS MALWARE INTERNET SAFETY EDUCATION ANALYSIS
ADVANCED THREATS IN THE ENTERPRISE Finding an Evil in the Haystack with RSA ECAT White Paper With thousands of workstations and servers under management, most enterprises have no way to effectively make
N-CAP Users Guide Everything You Need to Know About Using the Internet! How Worms Spread via Email (and How to Avoid That) How Worms Spread via Email (and How to Avoid That) Definitions of: A Virus: is
Criminal Justice (Scotland) Bill [AS INTRODUCED] CONTENTS Section PART 1 ARREST AND CUSTODY CHAPTER 1 ARREST BY POLICE 1 Power of a constable 2 Exercise of the power Arrest without warrant Procedure following
Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started