Computer Forensics and Cyber Crime An Introduction

382 Bibliography Vince, Gaia (2005). “Explosives Linked to London Bombings Identified.” New Scientist. Retrieved from http://www.newscientist.com/article/ Money Transfer Organization. Retrieved from http://www.justice. dn7682-explosives-linked-to-london-bombings-identified.html (last gov/usao/nys/pressreleases/June04/jahcomplaintpr.pdf (last accessed accessed on October 16, 2011). on June 3, 2004). United States Attorney, Southern District of New York (September 9, Watanabe, Jacqueline B. (2005). “Real Problems, Virtual Solutions: 2005). “U.S. Indicts 39 Members and Associates of a Major, violent The (still) Uncertain Future of VirtualChild Pornography Criminal Organization.” Retrieved from http://www.justice.gov/ Legislation.” Journal of Technology, Law & Policy, 10(2): 195–222. usao/nys/pressreleases/September05/pandaindictmentpr.pdf (last accessed on 27 June 2011). Weinberg, J. (2006). “Everyone’s a Winner: Regulating, Not Prohibiting, United States Coast Guard (2005). Transcript from The Subcommittee Internet Gambling.” Southwestern University Law Review, 35(2): on Coast Guard and Maritime Transportation Hearing on Coast 293–326. Guard Law Enforcement. Retrieved from http://www.house.gov/ transportation/cgmt/06-15-05/_06-15-05memo.html#PURPOSE Whittaker, Zack (2012). “Visa Approves Smartphones for NFC (last accessed on June 15, 2005). Payments: Good Start, but Still Hurdles Ahead.” ZDNet. Retrieved United States Customs and Border Protection (2007). “Overview of from http://www.zdnet.com (last accessed on January 29, 2012). the Visa Waiver Program.” ID and Entry for Foreign Nationals. Retrieved from http://www.cbp.gov/xp/cgov/travel/id_visa/vwp/ Williams, Phil (2004). Department of Homeland Security, Office vwp.xml (last accessed on January 1, 2007). of Inspector General, Office of Information Technology. DHS United States Department of Justice (March 2000). “The Electronic Challenges in Consolidating Terrorist Watch List Information. Frontier: The Challenge of Unlawful Conduct Involving the Use of the Internet-A report of the President’s Working Group on Wilson, Clay (2005). “Computer Attack and Cyberterrorism: Unlawful Conduct on the Internet.” Washington, DC. Vulnerabilities and Policy Issues for Congress.” CRS Report for United States of America Federal Trade Commission Complaint. “In Congress. CRS Web—RL 32114. the Matter of CardSystems Solutions, Inc., A Corporation.” Docket No. C-052-3148. Retrieved from http://www.ftc.gov/os/caselist/052 Winick, Raphael (1994). “Searches and Seizures of Computers and 3148/0523148complaint.pdf. Computer Data.” Harvard Journal of Law and Technology, 8(1): 75–128. United States General Accounting Office (1998). “Critical Infrastructure Protection: Comprehensive Strategy Can Draw on Year 2000 Wischnowsky, Dave (2006). “Identity Theft of MLB Players Alleged.” Experience.” DOC # GAOAIMD—00-1, Washington, DC, p. 8. The Chicago Tribune (December 20, 2006). Retrieved from http:// United States Department of Homeland Security (2010). “Budget-in- www.chicagotribune.com (last accessed on February 22, 2007). Brief: Fiscal Year 2010.” Department of Homeland Security. Retrieved from http://www.dhs.gov (last accessed on August 29, 2011). Wolak, Janis; Finkelhor, David; and Mitchell, Kimberly J. (2005). “Child- United Nations (2000). “United Nations Manual on the Prevention Pornography Possessors Arrested in Internet-Related Crimes: and Control of Computer-related Criteria.” International Review Findings from the National Juvenile Online Victimization Study.” of Criminal Policy, 43 & 44. Available at http://www.ifs.univie. National Center for Missing and Exploited Children. Retrieved from ac.at/~pr2gq1/rev4344.html (last accessed on May 31, 2006). http://www.missingkids.com (last accessed on August 17, 2007). van Eijk, Onno and Roeloffs, Mark (2010). “Forensic Acquisition and Analysis of the Random Access Memory of TomTom CPS Wolfe, Scott E. and Higgins, George E. (2009). “Explaining Deviant Navigation Systems.” Digital Investigation, 6: 179–188. Peer Associations: An Examination of Low Self-Control, Ethical Vanguard (July 10, 2009). “Nigeria: Piracy, Bane of Nollywood Predispositions, Definitions, and Digital Piracy.” Western Growth, Says Emma Isikaku.” Africa News. Criminology Review, 10(1): 43–55. Vijayan, Jaikumar (2010). “FTC Warns Nearly 100 Firms of P2P Data Leaks.” Computerworld Retrieved from http://www.computer- Wood, Paul (2010). “Bot Wars: The Spammers Strike Back.” Network world.com/s/article/9160458/FTC_warns_nearly_100_firms_of_ Security, 4: 5–8. P2P_data_leaks (last accessed on January 2, 2011). Wright, Benjamin (2004). “Internet Break-Ins: New Legal Liability.” Computer Law and Security Report, 20(3): 171–174. Zambo, Scott (2007). “Digital La Cosa Nostra: The Computer Fraud and Abuse Act’s Failure to Punish and Deter Organized Crime.” New England Journal on Criminal and Civil Confinement, 33: 551–575. Zanini, Michele (1999). “Middle Eastern Terrorism and Netwar.” Studies in Conflict and Terrorism, 22: 247–256.

Index A CERT (Computer Emergency Response three examples, 55–59 Team), 201 traditional problems, 52–54 Advanced Research Project Agency Network Computers, as commodities, 67–69 (ARPANET), 39, 40 Child Enticement/Exploitation, 94–95 black market dealers, 68 Child identity theft, 130–131 gray market dealers, 68 Advance-fee fraud/419 fraud, 134 Child pornography, 15, 92–96, 177, 193–194, Computer software, 31–32 Aggravated identity theft, 198 boot sequence, 31–32 Animal Liberation front (ALF), 150 220–225 operating system, 32 Anonymizer, 53 Child Pornography Prevention Act (CPPA), 194, Computers, theft of, 128–129 Anti-phishing working group, 134, 136 Computer terminology and history, 25–48 Application software, 38–39 224, 225–226, 227, 228 cloud computing, 43 Child Protection Act, 1984, 194 computer language, 28 bombs, 39 Classical era, 78 cyberworld realms, 44–45 droppers, 39 CMOS password, 340, 342 future issues, 48 logic bombs, 39 Collaborations and professional associations, internet, brief history, 39–44 Malware, malicious programming code, 38 internet communication, categorizing, 45–48 object code, 38 206–207 network language, 41–44 programs, 38 en vogue, 206 peer-to-peer networking (P2P), 43 PUP (potentially unwanted program), 38 Communications Assistance for Law Enforcement Confidence scams, 178–179 source code, 38 4–9 scam, 178 time bombs, 39 Act (CALEA), 246, 254–255 six additional patterns, 179 trap doors, 38 Compressed files, 291 six primary steps, 179 trojan horse, 38 Compression utility software, 291 Nigerian recompensation scam, 178 worms, 38–39 Computer Anomaly Detection Systems Confronting contemporary organized crime, 182 Ashcroft decision, 194 Contemporary cyber-criminals, hierarchy, 65–67 Ashcroft v. Free Speech Coalition, 225–227 (CADS), 12 criminal hackers, 66 Asian Pacific Economic Council (APEC), 212 Computer-Assisted Passenger Prescreening cyber-criminal organizations, 66 Association of Southeast Asian Nations cyberpunks, 65–66 System (CAPPS II), 204 hackers/crackers, 66 (ASEAN), 212 Computer crime script kiddies, 65 ATM manipulation, 132 Contemporary motivation, 63–65 Attack mechanism, 159–161 categorization of, 54–55 Contemporary terrorism, roots, 150–151 internet scams, 103, 138 Council of Europe’s (CoE), 209–210 computer network attacks, 160 jurisprudential inconsistency, 14 Counterfeiting, 103, 106 critical data threat, 161 perceived insignificance and stereotypes, 8–9 Crime Control Act, 228, 246 cyber attacks (in Estonia), 161 phreaking and telecom crimes, 59–60 Crime scene, securing, 315–316 electronic attacks, 160 physicality and jurisdiction, 7–8 Crimes-identity theft/fraud, 138–141 physical attacks, 160 problems associated with, 6–16 four-phase process, 138 physical infrastructure, 161 prosecutorial reluctance, 9–10 Crimeware, 136 Stuxnet, 162 reporting, lack of, 10–11 Crocker National Bank, 120 Automated Targeting System (ATS), 205–206 resources, lack of, 11–14 CryZip, 85 Automated teller machines (ATM), 132, 176 Computer Emergency Response Team (CERT), 10 CSL Coalition members, 206 Automatic Number Identification (ANI), 60 Computer forensic science: capabilities, Cybercrime conventions, 209–210 Cybercriminal, toolkit, 77 B developing, 279–280 Cyberharassment, 98–99 Computer forensic science and disk structure, Cyber Knight, 202 Back doors, 27, 67 CyberScience Laboratory, (CSL), 206 Bagging and tagging, 310, 324–327 272–279 Cyberstalking/harassment, 98–99 Bag operations, 129–130 Computer Fraud and Abuse Act, 1986, 55, Cyberterrorism, 90–91, 152–153 Black hat hacker, 27 Cybertipline, 92 Blackmail, 66 191–192 Blue boxes, 60 Computer investigations, 269–272 D Bombs, 27 automated programs, 271 Data analysis logic, 27 communication, lack of, 270–271 aspects of, 336–350 time, 27 evidence corruption, 271–272 creation and verification of image, 339–340 Boot disks, 286, 306 inadequate resources, 270 data remnants, 345 Boot sector, 278 plan preparation and personnel, 308–311 executable programs, 347–348 Boot sequence, 31–32 problems with, 269–272 image verification, 342 Border crossings, 139–141 reporting, lack of, 271 list of files, 290 Bulletin boards, 36 toolkit preparation, 311–314 logical examination, 343 warrant preparation and application, 306–308 physical examination, 338–339 C Computer language, 28 piping of evidence, 347 hardware, 29–31 restoration of files, 343–344 Call-sell operations, 61 software, 31–32 CAN-SPAM Act, 2003, 82–83 Computers: brief history, 26–28 Card skimmers, 132–133 classification, 149–150 Cargo heists and armed robbery, 175–176 hacking, 61–64 Carnivore, 202 hardware, 67–69 software, 69–71 “DragonWare Suite,” 202 Computer crime Cathode ray tubes (CRT), 29 categorizing internet communication, 45–48 computer crime, recognizing and defining, 54–55 contemporary crimes, 65–67 383

384 Index Erased files, 287 expectation of privacy and surveillance, Data analysis (continued) Euzkadi Ta Askatasuna (ETA), 149 247–248 Evidence location, 320–322 returning equipment, 349 history, 235–237 software, 290–291 clothing, 321 legal considerations, 263–264 sterile conditions, 336–338 desktops, 321 privacy acts, 250–256 tools, legitimacy and capabilities, 338 garbage containers, 321 private v. public-sector searches, 248–249 unlocking files, 345–346 inside computer, 322 Fraggling, 82 user data files, 347 keyboards, 321 Fraud, 176–177 Database Breach Notification Act, 199 monitors, 321 ATM/credit card fraud, 176 Data diddling, 103 printers, 322 bank fraud, 176 Data duplication, verification and preservation telephone, 321 stock fraud, 176–177 wallets or purses, 321 Fraudulent instruments, 106 tools, 285–287 Evidence preservation, 325 Fraudulent or fictitious companies, 131–132 Data hiding, 292 environmental characteristics, 326 Future issues, 359–371 Data manipulation, 103–104 magnetic fields, 326 future trends and concerns, 366–371 Data mining, 202–203 oil, dirt, dust, 326 governing decency and virtual pornography, Data piracy, 179–181 static electricity, 326 temperature, 325–326 368–369 data integrity, 279 Evolving child pornography statutes, 193–194 problems and recommendations, 360–364 disk structure and data storage, 273–275 Exclusionary rule, 246–247 wireless communications, 367 fat (file allocation table), 277 Expectation of privacy, 247, 261 Fuzzy logic, 313, 347 file system, 276–277 Extortion, 76, 175 firmware, 277–279 distributed denial of service attacks (DDoS), G MDS HASH, 279 NTFS, 277 175 General Agreement on Trade in Services partition table, 275–276 (GATS), 230 Day trading, 104 F Defense Advanced Research Projects Agency General Electric, 130 FACTS (Factual Analysis Criminal Threat Golden triangle, 183 (DARPA), 203 Solution), 205 Good Fellas, 175 Denial of service attack, 80, 90–91 Government efforts, 165 Department of Defense Appropriations Act, Fair and Accurate Credit Transactions Act, 2003 GPCoder, 85 (FACTA), 125, 196–197 Graphic User Interface (GUI), 28, 296, 344 2004, 204 Department of Justice, 10 provisions, 196–197 H Digital equipment corporation, 192 Federal Bureau of Investigation (FBI), 205, 270 Digital precious metals, 21 Federal interest computer, 191, 193 Hackers, 27, 66 Digital Subscriber Line (DSL), 45 Federally funded initiatives/collaborations, Hacking, 61–67 Diskettes, examining, 348 Domain Name Hijacking, 104 199–201 hacking community, evolution, 62–63 Domain Name System entry (DNS), 42 approach, three-tiered, 199–200 Hacking statute, 191 DOS, 77, 80 evaluation, 199 HAMAS (Islamic Resistance Movement), Federal Trade Commission, 122–123, 130, alternatives to, 32–38 Hezbollah, 149 Denial of Service, 80–82 133, 195 Hidden files, 272 LINUX, 36–37 Federal Wire Fraud Act, 70, 212 High Tech Computer Investigators Association Macintosh, 32 Federal Wiretap Act, 246, 251–252, 254–255 Microsoft Windows, 32–34 Film piracy, 71 (HTCIA), 206 smartphones, 37–38 High Terrorist Factor (HTF), 205 UNIX, 36 types, 71 Homeland Security Act, 165 Drug Enforcement Administration, 205 Financial action task force, FATF, 210–211 Human smuggling, 181–182 Dumpster diving, 127–128 recommendations, 210 I E Financial modernization Act, 1999 Identifying information, 116, 133 Earth First!, 150 (Appendix B), 195 Identity fraud, 115 Earth Liberation Front (ELF), 150 First Amendment, 46, 53, 65, 92, 94, 99, 194 Ecoterrorism, 76, 149 credit identity, 121 Electronic Communications Privacy Act (ECPA), application of, 229 criminal record, 119–120 applying case law, 220–223 virtual identity, 120–121 1986, 244, 246, 250–252, 254 Identity theft, 114–143 interception, 246 New York v. Ferber, 193, 221–222 credit identity, 121 Electronic Frontier Foundation, 4, 58 Osborne v. Ohio, 222–223 criminal record, 119–120 Electronic Numerical Integrator and Computer child pornography, defining, 220 internet-facilitated, 133–138 decency, notions of, 217–218 physical methods of, 126–132 (ENIAC), 27 emerging statutes, 218–220 virtual identity, 120–121 Electronic Privacy Information Center (EPIC), 58 general principles, 216 Identity Theft and assumption deterrence Act, Electronic surveillance, 213 obscenity, 216–217 Emergence of e-cash, 20 technology-specific legislation, 224–228 1998 (Appendix A), 195, 197, 198 Floating windows, 134 Identity Theft Clearinghouse, 122 digital precious metal, 21 Floppy era, 78 Identity theft and financial privacy internet payment services, 21 Forensic computer science, 268 mobile payments, 20–21 softwares, 296–298, 354–355 statutes, 195–198 prepaid cards, 20 report and documentation, 356–357 Identity theft/identity fraud, distinguish stored value cards, 20 Forgery, 106 Encryption, 202, 237 Fourth Amendment, 58, 234–264 between, 116 Environmental terrorism, 149–150 applying case law, 220–223 Identity Theft Penalty Enhancement Act, 2004, electronic surveillance, 213 197–198 Identity Theft Resource Center, 125

Miller v. California, 221 Index 385 Imaging programs, 285 MILNET system, 55 Organized crime, 66 Imaging and verification software, 313 Minimum hardware requirements, 282–285 Immigration benefit fraud, 140 Minimum housing requirements, 281–282 definition, 167–172 Immigration fraud and border crossings, 139–141 Minimum software requirements, 285–295 technology, 174–182 Immigration Reform and Control Act, 182 Organized crime, cybergangs, distinguish, Indecency, 217 data piracy, 179–181 Individual terrorism, 149 problems in computer investigations, 269–272 172–173 Information Awareness Office (IAO), 203 Modus operandi, 52 Orkut, 159 Information theft, 86–89 Money laundering, 177 Ortega doctrine, 249 Morris Worm, 55, 192 Osborne v. Ohio, 222–223, 231 traditional methods, 86–87 Mosaic Interface, 40 Infragard, 200 Multi-State Anti-Terrorism Information Exchange P Innocent Images, 92 Insider trading, 105 Pilot Project (MATRIX), 205 Packet sniffers/key loggers, 42, 77, 202 Insurance/loan fraud, 139 Murphy’s Law, 191 carnivore, 202 Interception, 189 Mutual Legal Assistance (MLA), 210 omnivore, 202 Internal Revenue Service, (IRS), 135 International Association for Computer N Palestine Liberation Front (PLF), 149 Particularity, 202, 216, 237–239, 241 Investigation Specialists (IACIS), 207 NAMBLA (the National Association of Men Partition tables, 275–276 Internet communication, categorizing, 45–48 and Boy Lovers of America), 92 Password cracking programs, 346 Peer-to-Peer file sharing (P2P), 261 internet relay chat, 47–48 National Association of Men and Boy Lovers Personal information, protection, 198 newsgroups/bulletin boards, 46–47 of America (NAMBLA), 92 world wide web, 45–46 Drivers Privacy Protection Act, 198 Internet era, 80 National Center for Missing and Exploited Health Insurance Portability and Internet Gambling Prohibition and Enforcement Children (NCMEC), 92 Accountability Act, 198 Act, 1996 (IGPEA), 228 National Computer Security Center, 192 Pharming, 134 Internet, history of, 39–41 National Hi-Tech Crime Unit, (NHTCU), 137 Phishing, 134–135 Internet Message Access Protocol (IMAP), 41 National information infrastructure protection Internet Protocol (IP), 42 detection, 137 Internet Relay Chat (IRC), 47–48 Act, 1996 (NIIPA), 193 Phonemasters, 173 Internet Service Providers (ISPs), 40, 103 National Infrastructure Protection Center Phreaking, 17, 27, 55, 59–60 subscriber records, 261–262 (NIPC), 200 blue boxes, 60 Internet theft/fraud, typologies, 116–121 National Institute of Justice Office of Science Ramparts, 60 telecommunications fraud, 59 credit identity, 121 and Technology (NIJ/OST), 201, 206 war on, 60–61 criminal record identity, 119–120 Nationalist terrorism, 149 Piracy, 69–71 identity, assumption of, 117 National Security Agency (NSA), 206 Plain view, 238, 242, 244–245, 253 theft for employment and/or border entry, Navigation systems, 355–356 Plan preparation and personnel, 308–311 New Technologies Incorporated (NTI), 13, 298 on-scene personnel, 309–311 118–119 New York Electronic Crimes Task Force, 172, 206 Political espionage, 87–89 virtual identity, 120–121 New York v. Ferber, 193, 221–222, 231 Political-social terrorism, 149 Interpol, 211 Popcorning, 127 Intersection of organized crime and terrorism, O Post Office Protocol (POP), 41 Privacy Act, 250–256 182–184 Obscenity, 194 challenges to CALEA, 255 Interstate Stalking Punishment and Prevention Office of Juvenile Justice and Delinquency communications assistance, 254–255 Privacy, legislation, 264 Act, 1996, 98 Prevention (OJJDP), 92 Privacy, questions regarding, 261–263 Irish Republican Army (IRA), 149 Omnibus Appropriations Act for Fiscal Year, Privacy Protection Act, 250–256 ISP-Jacking, 103 three titles under ECPA, 251–253 2003, 204 warrantless searches, 242–246 K Online fraud, 100–101 Probable cause, 235, 236, 306–307 Problems and recommendations, 360–364 Kefauver Committee, 168 auctions, 101 accountability for internet users, 360–361 Key disk, 342 credit card, 101 clarification of criminal behavior, 308–309 Keyloggers, 136–137 Online gambling, 96–98 increasing agency cooperation, 361–362 combat, 97 increasing public awareness and L Online pharmacies, 95–96 Online Service Providers (OSP), 40 research, 361 La Corporacion, 177 Online social networking sites, 159 international cooperation, 362–363 La Cosa Nostra (LCN), 169, 172 Online stock manipulation, 368 legislation, 360 LawNet, 200–201 On-scene activities, 314–327 relationships between agencies and private additional assistance, 316 M scene processing, 316–318, 320 sector, 362 securing crime scene, 315–316 standardization of accreditation, 363–364 Macro era, 79 Operating system, 32 Profanity, 218, 220 macro viruses, 79 command-line interfce (CLI), 32 Propaganda, information dissemination, graphical user interface, (GUI), 32 Magic Lantern, 202, 278 multiple-user systems, 32 recruiting, and fundraising, 154–156 Magnetic tapes, 240 syntax error, 32 communication, 158–159 Mail theft, 126–127 WIMP (windows, icons, multitasking, and electronic dead drops, 158 Malware/malicious programming code, 38, 77, 80 four categories, 154–155 Massachusetts Institute of Technology (MIT), 62 pointing device), 32 research and planning, 157 Master Boot Record, 275, 276 Operating System Dumpster diving, training, 156–157 Mens rea, 192, 292 Microsoft windows, 32–34 127–128, 306 Operation Bot Roast, 82

uploaded by [stormrg] Software Transportation Security Administration data analysis, 290–291 (TSA), 204 386 Index data piracy, 70 Prosecution and government efforts, 187–214 reporting software, 292 Trap doors, 38 software piracy, 69–70 Traveler Redress Inquiry Program, 205 child pornography statutes, 193–194 wareZ sites, 70–71 Trinoo and Tribe Flood Network (TFN), 81 computer-specific statutes, evolution of, Trojan horses, 27, 38, 77, 103 Spam, 82–83 Trojans, 77, 134, 137–138 189–193 Special Operations Command (SOCOM), 202 Tyrannicide, 150 international efforts, 207 Specialty and hacker computers, 316 law enforcement initiatives, 125 Specificity, 237 U traditional statutes, 189 Spoofing, 27, 104, 134 Prosecutorial Remedies and Other Tools to Spyware, 77, 134, 136 Ultimate Toolkit™, 296–297 State-sponsored terrorism, 150 Undercover techniques, 263 End the Exploitation of Children Today Steganography, 183, 237, 242 Uniform Resource Locator (URL), 46 (PROTECT) Act, 194, 227 Stolen property, fencing of, 179 United Nations Convention against Transnational protection measures, 194 Stored Communications Act, 246, 252 Protection of Children against Sexual Exploitation Swift & Company, 140 Organized Crime (UNCATOC), 212 Act, 1977 (PCSE), 193, 220, 224 United States Border Patrol, 181 seizure, 239–240 T U.S. Customs and Immigration Enforcement Protection of Film and Video Works (FVWP), 71 Telecommunications fraud, 59 Agency, 140 PUPS (potentially unwanted programs), 38, 137 Telecommunications Reform Act, 1996, 219 U.S. Department of Veterans Affairs (VA), 129 Terrorism U.S. v. Williams, 228 R classification, 149–150 V Ransomware, 84 criminal activities, 164 factors, 85 VBS Worm Generator, 80 9/11 attacks, 164 Vicinage, 52, 263 Red hat hacker, 27 criminalizing terrorist acts, 164–165 Victimology, 122–123 Redirectors, 134 definition, 148–149 Victims, victimization costs, 123–125 Regulation of Investigatory Powers Act Terrorism Information Awareness Program, Virtual Global Taskforce (VGT), 211 Virus, 38, 77, 78–80 (RIP), 208 (TIA), 203 Virus software, 293, 313 Religious terrorism, 150 Terrorist Surveillance Program, 203–204 Visa Waiver Pilot Program (VWPP), 140, 182 Republique Francaise (or) the French Republic, Terror online, 153 Text searching, 291 W (RF), 141 Theft of information, 86–89 Reverse criminal record identity theft, 119 Theft of intellectual property, 69–71 Warrant preparation and application, 306–308 Right to financial privacy Act, 1978, 191 no-knock warrants, 307 film piracy, 71 probable cause, 306–307 S software, 69–71 Threatening/harassing communications, Web-based criminal activity, 75–77 Salami technique, 103 implications, 76–77 Scene processing, 316–322 97–100 erotomaniacs, 98 Web-cramming, 103 bagging and tagging, 324–326 obsessional stalkers, 98 Web encroachment, 86 departure and transportation, 327 vengeance/terrorist stalker, 98 Wetware, 27 identifying potential evidence, 319–320 Toolkit preparation, 311–314 White hat hackers, 27 locating evidence, 320–322 equipment, 311–312 Wiping software, 292 photograph/video, 224 materials, 312–314 Wire Act, 54, 360 seizure and documentation, 322–324 Total information awareness, 203 World Trade Organization (WTO), 230 secondary/multiple warrants, 308 Trace evidence, 319 Worms, 38, 78–80 sketching scene, 318 Trade Secrets/Copyrights, 87 Secondary warrants, 238, 308 Traditional problems in computer investigations, host computer, 39 Secure flight, 203–204 network, 38 Seizures, 247, 306 269–272 Write-blocking programs, 322 Sex trade, 177–178 Transmission Control Protocol/Internet Protocol Shoulder-surfing, 86 Z Smartphones and GPS forensics, 353–354 (TCP/IP), 41 Smurfing, 82 Zombies/bots, 77, 80 Sneaker, 27, 191 Social engineering, 64–65, 86, 342, 346