Investigations Involving the Internet and Computer Networks
Total Page:16
File Type:pdf, Size:1020Kb
U.S. Department of Justice Office of Justice Programs J National Institute of Justice AN. 07 Special REPORT Investigations Involving the Internet and Computer Networks www.ojp.usdoj.gov/nij U.S. Department of Justice Office of Justice Programs 810 Seventh Street N.W. Washington, DC 20531 Alberto R. Gonzales Attorney General Regina B. Schofield Assistant Attorney General David W. Hagy Deputy Assistant Attorney General, Office of Justice Programs and Principal Deputy Director, National Institute of Justice This and other publications and products of the National Institute of Justice can be found at: National Institute of Justice www.ojp.usdoj.gov/nij Office of Justice Programs Partnerships for Safer Communities www.ojp.usdoj.gov JAN. 07 Investigations Involving the Internet and Computer Networks NCJ 210798 David W. Hagy Deputy Assistant Attorney General, Office of Justice Programs and Principal Deputy Director, National Institute of Justice This document is not intended to create, does not create, and may not be relied upon to create any rights, substantive or procedural, enforceable by law by any party in any matter civil or criminal. Opinions or points of view expressed in this document represent a consensus of the authors and do not necessarily reflect the official position or policies of the U.S. Department of Justice. The products, manufacturers, and organizations discussed in this document are presented for informational purposes only and do not constitute product approval or endorsement by the U.S. Department of Justice. This document was prepared under Interagency Agreement #2003–IJ–R–029 between the National Institute of Justice and the National Institute of Standards and Technology, Office of Law Enforcement Standards. The National Institute of Justice is a component of the Office of Justice Programs, which also includes the Bureau of Justice Assistance, the Bureau of Justice Statistics, the Office of Juvenile Justice and Delinquency Prevention, and the Office for Victims of Crime. Photo Credits Cover: Getty Images and Photodisc Text: Photodisc, Getty Images, and Digital Stock Foreword As the use of the Internet and other ■ Electronic crime scene investigation by computer networks has grown rapidly first responders. in recent years, so has the opportunity for electronic crime. Unlawful activity ■ Forensic examination of digital evidence. can be committed or facilitated online. ■ Criminals can trade and share information, Internet and network investigations. mask their identity, identify and gather ■ Investigative uses of technology. information on victims, and communicate with co-conspirators. Web sites, electronic ■ Courtroom presentation of digital mail, chat rooms, and file sharing networks evidence. can all yield evidence in an investigation of computer-related crime. ■ Development of a digital evidence forensic unit. This report was developed by the Technical Working Group for the Investigation of The recommendations presented in this High Technology Crimes and is intended guide are not mandates or policy directives to be a resource for individuals responsible and may not represent the only correct for investigations involving the Internet course of action. The guide is intended to and other computer networks. It is one be a resource for those who investigate of a series of electronic crime investiga crimes related to the Internet and other tion documents already published or in computer networks. It does not discuss development by the National Institute of all of the issues that may arise in these Justice (NIJ). The guides are developed by investigations and does not attempt to technical working groups that consist of cover traditional investigative procedures. practitioners and subject matter experts brought together by NIJ to help law NIJ extends its appreciation to the mem enforcement agencies and prosecutors bers of the Technical Working Group for deal with the growing volume and com the Investigation of High Technology plexity of electronic crime. Crimes for their involvement. We commend them for the long hours of work required to The series of guides will discuss the inves prepare this report and recognize that they tigation process from the first responder, did this while still performing their existing to the laboratory, to the courtroom. duties with their home offices or agencies. Specifically, the guides will address: Their commitment of time and expertise was invaluable to the success of the project. David W. Hagy Deputy Assistant Attorney General, Office of Justice Programs and Principal Deputy Director, National Institute of Justice iii Technical Working Group for the Investigation of High Technology Crimes Planning panel Tom Sadaka Of Counsel Carleton Bryant Berger Singerman Staff Attorney Attorneys at Law Knox County Sheriff’s Office Ft. Lauderdale, Florida Knoxville, Tennessee Raemarie Schmidt John Davis Vice President Operations Manager Digital Intelligence, Inc. Colorado Regional Computer Forensics Waukesha, Wisconsin Laboratory Lone Tree, Colorado Todd Shipley Director, Systems Security and High Tech Toby Finnie Crime Prevention Training Director SEARCH Group, Inc. High Tech Crime Consortium Sacramento, California Tacoma, Washington Chris Stippich Alex Graves President Program Specialist Digital Intelligence, Inc. Federal Law Enforcement Training Center Waukesha, Wisconsin Brunswick, Georgia Patrick Hogan Technical Working Special Agent Group members Investigator/DE Examiner USSS Electronic Crimes Section Walter E. Bruehs Washington, D.C. Forensics Examiner Forensic Audio, Video and Imaging Michael J. Menz Analysis Unit HP-IT Security Investigator Federal Bureau of Investigation Detective Quantico, Virginia Sacramento High Technology Crimes Task Force Tim Dees Sacramento, California Regional Training Coordinator Oregon Department of Public Safety Sean P. Morgan Standards and Training White Collar Crime Program Manager Kennewick, Washington American Prosecutors Research Institute Alexandria, Virginia Michael W. Finnie Senior Computer Forensic Specialist Cynthia Murphy Computer Forensics, Inc. Detective Seattle, Washington Madison Police Department Madison, Wisconsin v Carlton Fitzpatrick Bill Moylan Chief, Financial Investigations Branch Detective Federal Law Enforcement Training Center Nassau County Police Department U.S. Department of Homeland Security Westbury, New York Glynco, Georgia Thomas Musheno Grant Gottfried Forensic Examiner MITRE Forensic Audio, Video and Image Analysis McLean, Virginia Federal Bureau of Investigation Engineering Research Facility Ronald J. Green Quantico, Virginia Senior Vice President Corporate Information Security Tim O’Neill Bank of America Hewlett-Packard Information Security Charlotte, North Carolina Roseville, California Gerald Griffin Scott R. Patronik Director Chief, Division of Technology and Forensic and Technical Services Advancement U.S. Postal Inspection Service Erie County Sheriff’s Office U.S. Postal Service Buffalo, New York Dulles, Virginia Jim Riccardi, Jr. William Harrod Electronic Crime Specialist Director, Investigative Response CyberScience Lab TruSecure National Law Enforcement and Herndon, Virginia Corrections Technology Center–Northeast Rome, New York Dave Heslep Sergeant Rebecca Richardson Maryland State Police Network Administrator Technical Investigation Division Montana State University–Billings Columbia, Maryland Billings, Montana Darrell Johnson Alan Roth Captain Postal Inspector Knox County Sheriff’s Office Forensic and Technical Services Knoxville, Tennessee U.S. Postal Service Dulles, Virginia Kevin Manson Coordinator Jonathan J. Rusch Internet Investigations Training Programs Special Counsel for Fraud Prevention Financial Fraud Institute Criminal Division, Fraud Section Federal Law Enforcement Training Center U.S. Department of Justice Glynco, Georgia Washington, D.C. Michael McCartney Kim Schaffer Special Investigator New Technologies, Inc. New York State Attorney General’s Office Gresham, Oregon Buffalo, New York vi Michael Schirling Mike Weil Lieutenant Huron Consulting Group Burlington Police Chicago, Illinois Vermont Internet Crimes Task Force Burlington, Vermont Craig Wilson Detective Sergeant Greg Schmidt Kent Police Computer Crime Unit Computer Forensics United Kingdom Frisco, Texas Howard Schmidt Facilitators Chief Security Officer Susan Ballou Ebay, Inc. Program Manager for Forensic Sciences Campbell, California Office of Law Enforcement Standards National Institute of Standards and Russ Skinner Technology Sergeant Gaithersburg, Maryland Maricopa County Sheriff’s Office Computer Crimes Division Anjali R. Swienton Phoenix, Arizona President & CEO SciLawForensics, Ltd. Fred Smith Germantown, Maryland Assistant United States Attorney Albuquerque, New Mexico vii Contents Foreword . iii Technical Working Group for the Investigation of High Technology Crimes .........................................................v Chapter 1. Introduction and Investigative Issues ...........................1 Chapter 2. Tracing an Internet Address to a Source ........................5 Chapter 3. Investigations Involving E-Mail. 17 Chapter 4. Investigations Involving Web Sites . 27 Chapter 5. Investigations Involving Instant Message Services, Chat Rooms, and IRC. 33 Chapter 6. Investigations Involving File Sharing Networks . 49 Chapter 7. Investigations of Network Intrusion/Denial of Service . 55 Chapter 8. Investigations Involving Bulletin Boards, Message Boards, Listservs, and Newsgroups . 61 Chapter 9. Legal Issues. 73 Appendix