Chapter 34 – |
Working with Law Enforcement |
Morgan Wright
Chapter Contents:
|
34.1 |
|
Introduction
|
|
34.2 |
|
Goals of Law Enforcement
|
|
34.2.1 |
|
Identification and Prosecution
|
|
34.2.2 |
|
Deterrence
|
|
34.3 |
|
History of Law Enforcement and Computer Crime
|
|
34.3.1 |
|
Enforcement Rule
|
|
34.3.2 |
|
Forensic Examinations
|
|
34.3.3 |
|
Training
|
|
34.4 |
|
Anatomy of a Criminal Investigation
|
|
34.4.1 |
|
Commission
|
|
34.4.2 |
|
Discovery
|
|
34.4.3 |
|
Investigation
|
|
34.4.3.1 |
|
Length and Control of the Investigation
|
|
34.4.3.2 |
|
Inadvertent Discovery of Malfeasance
|
|
34.4.3.3 |
|
Interviews
|
|
34.4.3.4 |
|
Interrogations
|
|
34.4.4 |
|
Identification of the Perpetrator
|
|
34.4.5 |
|
Decision to Prosecute
|
|
34.4.6 |
|
Indictment
|
|
34.4.7 |
|
Trial
|
|
34.4.8 |
|
After the Verdict
|
|
34.5 |
|
Establishing Relationships with Law Enforcement
|
|
34.5.1 |
|
Mutual Assistance Organizations
|
|
34.5.1.1 |
|
High Technology Crime Investigation Association
|
|
34.5.1.2 |
|
National Infrastructure Protection Center and InfraGard
|
|
34.5.1.3 |
|
Northwest Computer Technology and Crime Analysis Seminar
|
|
34.5.2 |
|
Prosecutors
|
|
34.5.2.1 |
|
Federal Prosecutors
|
|
34.5.2.2 |
|
State Prosecutors
|
|
34.5.2.3 |
|
Local Prosecutors
|
|
34.6 |
|
Organizational Policy
|
|
34.6.1 |
|
Use of Corporate Counsel
|
|
34.6.2 |
|
Communicating with Law Enforcement
|
|
34.6.3 |
|
Preservation of Computer Evidence
|
|
34.6.4 |
|
Production of Evidence
|
|
34.7 |
|
Developing Internal Investigative Capabilities
|
|
34.7.1 |
|
Incident Response
|
|
34.7.2 |
|
Computer Forensics
|
|
34.8 |
|
Internal Investigations
|
|
34.8.1 |
|
Reportable versus Nonreportable
|
|
34.8.2 |
|
Choice to Go Civil Instead of Criminal
|
|
34.8.3 |
|
Acceptable-Use Policy Violations
|
|
34.9 |
|
International Investigations
|
|
34.9.1 |
|
Coordinating Efforts
|
|
34.9.2 |
|
Criminal Process
|
|
34.10 |
|
Computer Evidence
|
|
34.10.1 |
|
Seizing and Preserving
|
|
34.10.2 |
|
Chain of Custody
|
|
34.10.3 |
|
Reports and Documentation
|
|
34.11 |
|
Decision to Report Computer Crime
|
|
34.11.1 |
|
Regulatory Requirements
|
|
34.11.2 |
|
Ethical Considerations
|
|
34.12 |
|
Summary
|
|
34.13 |
|
Notes
|
|
|
|