CSH4 Chapter 34 - Working with Law Enforcement

	34.1		Introduction
	34.2		Goals of Law Enforcement
	34.2.1		Identification and Prosecution
	34.2.2		Deterrence
	34.3		History of Law Enforcement and Computer Crime
	34.3.1		Enforcement Rule
	34.3.2		Forensic Examinations
	34.3.3		Training
	34.4		Anatomy of a Criminal Investigation
	34.4.1		Commission
	34.4.2		Discovery
	34.4.3		Investigation
	34.4.3.1		Length and Control of the Investigation
	34.4.3.2		Inadvertent Discovery of Malfeasance
	34.4.3.3		Interviews
	34.4.3.4		Interrogations
	34.4.4		Identification of the Perpetrator
	34.4.5		Decision to Prosecute
	34.4.6		Indictment
	34.4.7		Trial
	34.4.8		After the Verdict
	34.5		Establishing Relationships with Law Enforcement
	34.5.1		Mutual Assistance Organizations
	34.5.1.1		High Technology Crime Investigation Association
	34.5.1.2		National Infrastructure Protection Center and InfraGard
	34.5.1.3		Northwest Computer Technology and Crime Analysis Seminar
	34.5.2		Prosecutors
	34.5.2.1		Federal Prosecutors
	34.5.2.2		State Prosecutors
	34.5.2.3		Local Prosecutors
	34.6		Organizational Policy
	34.6.1		Use of Corporate Counsel
	34.6.2		Communicating with Law Enforcement
	34.6.3		Preservation of Computer Evidence
	34.6.4		Production of Evidence
	34.7		Developing Internal Investigative Capabilities
	34.7.1		Incident Response
	34.7.2		Computer Forensics
	34.8		Internal Investigations
	34.8.1		Reportable versus Nonreportable
	34.8.2		Choice to Go Civil Instead of Criminal
	34.8.3		Acceptable-Use Policy Violations
	34.9		International Investigations
	34.9.1		Coordinating Efforts
	34.9.2		Criminal Process
	34.10		Computer Evidence
	34.10.1		Seizing and Preserving
	34.10.2		Chain of Custody
	34.10.3		Reports and Documentation
	34.11		Decision to Report Computer Crime
	34.11.1		Regulatory Requirements
	34.11.2		Ethical Considerations
	34.12		Summary
	34.13		Notes

Please report problems to the webmaster at: webmaster@removethis.rlgsc.com