DOCSLIB.ORG

A Domain Specific Language for Digital Forensics and Incident

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Domain Specific Language for Digital Forensics and Incident View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of New Orleans University of New Orleans ScholarWorks@UNO University of New Orleans Theses and Dissertations Dissertations and Theses Fall 12-20-2019 A Domain Specific Language for Digital orF ensics and Incident Response Analysis Christopher D. Stelly [email protected] Follow this and additional works at: https://scholarworks.uno.edu/td Part of the Information Security Commons, and the Programming Languages and Compilers Commons Recommended Citation Stelly, Christopher D., "A Domain Specific Language for Digital orF ensics and Incident Response Analysis" (2019). University of New Orleans Theses and Dissertations. 2706. https://scholarworks.uno.edu/td/2706 This Dissertation is protected by copyright and/or related rights. It has been brought to you by ScholarWorks@UNO with permission from the rights-holder(s). You are free to use this Dissertation in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s) directly, unless additional rights are indicated by a Creative Commons license in the record and/ or on the work itself. This Dissertation has been accepted for inclusion in University of New Orleans Theses and Dissertations by an authorized administrator of ScholarWorks@UNO. For more information, please contact [email protected]. A Domain Specific Language for Digital Forensics and Incident Response Analysis A Dissertation Submitted to the Graduate Faculty of the University of New Orleans in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Engineering and Applied Science Computer Science by Christopher Drew Stelly B.S. University of Louisiana 2012 M.S. University of New Orleans 2014 December 2019 Declaration of Authorship I, Christopher STELLY, declare that this thesis titled, “A Domain Specific Language for Digital Forensics and Incident Response Analysis” and the work presented in it are my own. I confirm that: • This work was done wholly or mainly while in candidature for a research degree at this University. • Where any part of this thesis has previously been submitted for a degree or any other qualification at this University or any other institution, this has been clearly stated. • Where I have consulted the published work of others, this is always clearly attributed. • Where I have quoted from the work of others, the source is always given. With the exception of such quotations, this thesis is entirely my own work. • I have acknowledged all main sources of help. • Where the thesis is based on work done by myself jointly with others, I have made clear exactly what was done by others and what I have contributed myself. Signed: Date: ii UNIVERSITY OF NEW ORLEANS Abstract College of Science Department of Computer Science Doctor of Philosophy A Domain Specific Language for Digital Forensics and Incident Response Analysis by Christopher STELLY One of the longstanding conceptual problems in digital forensics is the dichotomy between the need for verifiable and reproducible forensic investigations, and the lack of practical mech- anisms to accomplish them. With nearly four decades of professional digital forensic practice, investigator notes are still the primary source of reproducibility information, and much of it is tied to the functions of specific, often proprietary, tools. The lack of a formal means of specification for digital forensic operations results in three major problems that go to the core of digital forensic science and its practical application. Specifically, there is a critical lack of : a) standardized and automated means to scientifically verify accuracy of digital forensic tools; b) automated methods to reliably reproduce forensic computations (their results); and c) common framework for inter-operability among disparate forensic tools. In addition, there is no standardized means for communicating software re- quirements between users (investigators) and researchers and developers, resulting in a mis- match in expectations, especially with respect to performance. Combined with the exponential growth in data volume and the complexity of applications and systems to be investigated, all of these concerns result in major case backlogs and inherently reduce the reliability of the dig- ital forensic analyses. This work proposes a new approach to the formal and usable specification of forensic com- putations, such that the above concerns can be addressed on a sound scientific basis via the introduction of a new domain specific language (DSL) called Nugget. DSLs are specialized lan- guages that aim to address the concerns of particular domains by providing practical abstrac- tions that allow users to directly provide an intuitive, but formal, description of their problem statements. Successful DSLs, such as SQL in relational databases, can transform an application domain by providing a standardized way for users to communicate what they need without specifying how the computation should be performed. This is the first effort to build a DSL, and a prototype support infrastructure for (digital) forensic computations with the following research goals: 1) provide an intuitive formal spec- ification language that covers core types of forensic computations and common data types; 2) provide a mechanism to easily extend the language that can incorporate arbitrary compu- tations; 3) provide a prototype execution environment that allows the fully automatic (and optimized) execution of the specified computation; 4) provide a complete, formal, and au- ditable log of computations that can be used to independently reproduce the results of an investigation; 5) demonstrate scalable, cloud-ready processing that can match the growth in data volumes and complexity with necessary hardware resources. iii Keywords. nugget,scarf, digital, forensics, cyber, security iv Contents Declaration of Authorship ii Abstract iii List of Figures vii List of Tables viii List of Listings ix 1 Introduction 1 1.1 Definitions, Usage, and Models.............................1 1.1.1 Methods, artifacts, tools, and targets......................2 1.1.2 Digital forensics usage..............................4 1.2 Brief History of Digital Forensics............................5 1.2.1 Examples and notable cases...........................6 1.3 The Problems within Digital Forensics.........................7 1.3.1 Replication and Verification...........................8 Domain Specific Languages...........................9 1.3.2 Tools........................................9 1.3.3 Tool veracity.................................... 10 1.3.4 Educational materials.............................. 11 1.3.5 Scaling....................................... 11 1.4 Brief description of research............................... 12 1.5 Contribution Claims................................... 12 2 Literature Review 14 2.1 Background........................................ 14 2.2 Modeling a Standardized Approach.......................... 14 2.2.1 Background.................................... 14 2.2.2 Low-Level and Mathematical Models..................... 15 Carrier’s history testing model......................... 15 Gladyshev’s finite state machine........................ 15 Garfinkel’s differential analysis......................... 15 2.2.3 High Level Models................................ 16 Cognitive task model............................... 16 Best Practices................................... 16 2.3 Digital Forensics Languages............................... 17 2.3.1 DERRIC - A (narrow) data language for Digital Forensics.......... 17 v 2.3.2 DEX - Digital evidence exchange........................ 17 2.3.3 Formalization of Computer I/O - Hadley Model............... 18 2.3.4 XIRAF - XML indexing and querying for DF................. 18 2.3.5 DFXML...................................... 19 2.3.6 Digital Forensics Ontologies........................... 19 2.3.7 SEPSES - logging with common vocabulary.................. 19 2.3.8 Roussev - a DSL for Digital Forensics..................... 20 2.3.9 Summary of proposed models and languages................ 20 2.4 Scaling Digital Forensics................................. 20 2.4.1 Initial discussions................................. 20 2.4.2 Hadoop and Sleuthkit integration....................... 22 2.4.3 Pig, Hadoop, and Sawzall............................ 22 2.4.4 Distributed Environment for Large-scale Investigations DELV- Distributed Forensics...................................... 22 2.4.5 GRR - Distributed Incident Response..................... 23 2.4.6 Hansken project.................................. 23 2.5 Summary.......................................... 23 3 Proposed Methodology 24 3.1 Introduction........................................ 24 3.2 Develop a language.................................... 25 3.2.1 What is a DSL?.................................. 25 Internal vs. external............................... 26 3.2.2 Developing a DSL now............................. 27 3.2.3 Necessary attributes of a Forensic DSL..................... 28 3.2.4 Describing a language.............................. 30 3.3 Develop a Distributed Architecture........................... 31 3.3.1 Containers..................................... 31 3.4 Extend the Language to Integrate Multiple Third-party Tools............ 33 3.4.1 Application Programming Interfaces (APIs) and Interoperability..... 33 3.5 Putting it all together..................................
Load more

Recommended publications
  • Hacks, Leaks and Disruptions | Russian Cyber Strategies
    CHAILLOT PAPER Nº 148 — October 2018 Hacks, leaks and disruptions Russian cyber strategies EDITED BY Nicu Popescu and Stanislav Secrieru WITH CONTRIBUTIONS FROM Siim Alatalu, Irina Borogan, Elena Chernenko, Sven Herpig, Oscar Jonsson, Xymena Kurowska, Jarno Limnell, Patryk Pawlak, Piret Pernik, Thomas Reinhold, Anatoly Reshetnikov, Andrei Soldatov and Jean-Baptiste Jeangène Vilmer Chaillot Papers HACKS, LEAKS AND DISRUPTIONS RUSSIAN CYBER STRATEGIES Edited by Nicu Popescu and Stanislav Secrieru CHAILLOT PAPERS October 2018 148 Disclaimer The views expressed in this Chaillot Paper are solely those of the authors and do not necessarily reflect the views of the Institute or of the European Union. European Union Institute for Security Studies Paris Director: Gustav Lindstrom © EU Institute for Security Studies, 2018. Reproduction is authorised, provided prior permission is sought from the Institute and the source is acknowledged, save where otherwise stated. Contents Executive summary 5 Introduction: Russia’s cyber prowess – where, how and what for? 9 Nicu Popescu and Stanislav Secrieru Russia’s cyber posture Russia’s approach to cyber: the best defence is a good offence 15 1 Andrei Soldatov and Irina Borogan Russia’s trolling complex at home and abroad 25 2 Xymena Kurowska and Anatoly Reshetnikov Spotting the bear: credible attribution and Russian 3 operations in cyberspace 33 Sven Herpig and Thomas Reinhold Russia’s cyber diplomacy 43 4 Elena Chernenko Case studies of Russian cyberattacks The early days of cyberattacks: 5 the cases of Estonia,
    [Show full text]
  • 11 Gamero Cyber Conflicts
    Explorations in Cyberspace and International Relations Challenges, Investigations, Analysis, Results Editors: Nazli Choucri, David D. Clark, and Stuart Madnick This work is funded by the Office of Naval Research under award number N00014-09-1-0597. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research. DECEMBER 2015 Chapter 11 Cyber Conflicts in International Relations: Framework and Case Studies ECIR Working Paper, March 2014. Alexander Gamero-Garrido This work is funded by the Office of Naval Research under award number N00014-09-1-0597. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research. 11.0 Overview Executive Summary Although cyber conflict is no longer considered particularly unusual, significant uncertainties remain about the nature, scale, scope and other critical features of it. This study addresses a subset of these issues by developing an internally consistent framework and applying it to a series of 17 case studies. We present each case in terms of (a) its socio-political context, (b) technical features, (c) the outcome and inferences drawn in the sources examined. The profile of each case includes the actors, their actions, tools they used and power relationships, and the outcomes with inferences or observations. Our findings include: • Cyberspace has brought in a number of new players – activists, shady government contractors – to international conflict, and traditional actors (notably states) have increasingly recognized the importance of the domain.
    [Show full text]
  • The Myth of the Superuser: Fear, Risk, and Harm Online
    The Myth of the Superuser: Fear, Risk, and Harm Online ∗ Paul Ohm Fear of the powerful computer user, the “Superuser,” dominates debates about online conflict. He is a mythic figure: difficult to find, immune to technological constraints, and aware of legal loopholes. Policymakers, fearful of his power, too often overreact by passing overbroad, ambiguous laws intended to ensnare the Superuser but which are instead used against inculpable, ordinary users. This response is unwarranted because the Superuser is often a marginal figure whose power has been greatly exaggerated. The exaggerated focus on the Superuser reveals a pathological characteristic of the study of power, crime, and security online, which springs from a widely held fear of the Internet. Building on the social science fear literature, this Article challenges the conventional wisdom and ∗ Associate Professor of Law and Telecommunications, University of Colorado Law School. Thanks to Tim Wu, Orin Kerr, Phil Weiser, Julie Cohen, Pierre Schlag, Brett Frischmann, Victor Fleischer, Miranda Fleischer, Viva Moffat, and Jean Camp for their helpful comments. Thanks also for suggestions and support from participants in the University of Colorado Law School Faculty Workshop, including Clare Huntington, Nestor Davidson, Scott Peppett, Mimi Wesson, Amy Schmitz, Sarah Krakoff, and Brad Bernthal; the Intellectual Property Scholars Conference; and the Telecommunications Policy Research Conference. Thanks also to Todd Blair and Michael Beylkin for outstanding research assistance. 1327 1328 University of California, Davis [Vol. 41:1327 standard assumptions about the role of experts. Unlike dispassionate experts in other fields, computer experts are as susceptible as laypeople to exaggerate the power of the Superuser.
    [Show full text]
  • Mapping Notions of Cyberspace
    MAPPING NOTIONS OF CYBERSPACE: OPTIMISM, SKEPTICISM, AND THE ISSUES OF IDENTITY AND SPIRITUALITY A thesis presented to the faculty of the College of Communication of Ohio University In partial fulfillment of the requirements for the degree Master of Arts Putut Widjanarko June 2005 This thesis entitled MAPPING NOTIONS OF CYBERSPACE: OPTIMISM, SKEPTICISM, AND THE ISSUES OF IDENTITY AND SPIRITUALITY BY PUTUT WIDJANARKO has been approved for the School of Telecommunications and the College of Communication by Drew McDaniel Professor of Telecommunications Greg Shepherd Interim Dean, College of Communication WIDJANARKO, PUTUT. M.A. June 2005. Telecommunications Mapping Notions of Cyberspace: Optimism, Skepticism, and the Issues of Identities and Spirituality (151 pp.) Director of Thesis: Drew McDaniel This is a literature survey on concepts of the Internet and cyberspace and their influence, both on society at large and at the individual level. On society, it discusses the optimistic and skeptic views on the impact of the Internet. At the personal level, it discusses issues of self and identity, and spirituality and religiosity. Except for spirituality and religiosity issues of the Internet, this work chose one author to represent each category: Howard Rheingold for the optimistic view, Clifford Stoll for the skeptic view, and Sherry Turkle for the issues of self and identity. The author’s critiques on those notions are offered in the last chapter. The author argues that the diversity of notions on the Internet can be put in a broader historical and social context. These notions reflect the ever-present questions about the relationship between human and its technologies. Approved: Drew McDaniel Professor of Telecommunications To Elin, Faikar, Hanum and Ranti ACKNOWLEDGEMENTS Praise be to Allah, the Cherisher and Sustainer of the Worlds.
    [Show full text]
  • Digital Forensics: Tools and Techniques What Is Digital Forensics?
    Digital Forensics: Tools and Techniques What is Digital Forensics? In short, digital forensics is the investigation and recovery of material found in digital devices. Digital forensics is often used for the investigations of crimes that involve technology. As technology has evolved, so have the techniques of digital forensics. Digital forensics is now a broad term, with many sub-branches. Why Digital Forensics? Digital forensics is used to investigate a wide variety of crimes. The first practical application of digital forensics was in 1986 and was used to capture hacker Markus Hess. Since then, more applications have been found for digital forensics. Other examples of digital forensics: Cyberbullying and cyberstalking Issues with copyright infringement Cybercrimes involving the sale of illegal items, such as drugs and credit card numbers Cyberwarfare and cyberterrorism Markus Hess: Early Example of Digital Forensics Markus Hess was a German citizen who is known for his hacking in the late 1980s. He hacked into military networks in the US, Europe, and East Asia, and sold the information to the Soviet KGP. (Sold the information for $54,000) Hess used a transatlantic cable to the Tymnet International gateway, which routed him to any computer that also used the Tymnet service. Clifford Stoll, a systems admin for a laboratory in California, traced the call made to a Tymnet switch in Oakland, CA. By tracing various calls, they traced Hess to Hanover, Germany. Stoll created fake military project records on computers that would be hacked by Hess, to keep him connected long enough to trace his connection. Branches of Digital Forensics Computer forensics Used to explain the current state of a digital artifact(computer, hard drive, electronic document) Deals with emails, files, internet logs Mobile device forensics Used for the investigation and recovery of digital evidence from mobile devices.
    [Show full text]
  • Computer Forensics Methodology and Praxis
    University of Louisville ThinkIR: The University of Louisville's Institutional Repository Electronic Theses and Dissertations 8-2006 Computer forensics methodology and praxis. Robin Cincinnatis Morrison 1975- University of Louisville Follow this and additional works at: https://ir.library.louisville.edu/etd Recommended Citation Morrison, Robin Cincinnatis 1975-, "Computer forensics methodology and praxis." (2006). Electronic Theses and Dissertations. Paper 1011. https://doi.org/10.18297/etd/1011 This Master's Thesis is brought to you for free and open access by ThinkIR: The University of Louisville's Institutional Repository. It has been accepted for inclusion in Electronic Theses and Dissertations by an authorized administrator of ThinkIR: The University of Louisville's Institutional Repository. This title appears here courtesy of the author, who has retained all other copyrights. For more information, please contact [email protected]. COMPUTER FORENSICS METHODOLOGY AND PRAXIS By Robin Cincinnatis Morrison B.S., University of Louisville, 1999 A Thesis Submitted to the Faculty of the University of Louisville Speed School of Engineering in Partial Fulfillment of the Requirements for the Professional Degree of MASTER OF ENGINEERING Department of Computer Engineering and Computer Science Speed School of Engineering University of Louisville Louisville, KY August 2006 Copyright © 2006 by Robin C. Morrison All rights reserved COMPUTER FORENSICS METHODOLOGY AND PRAXIS By Robin Cincinnatis Morrison B.S., University of Louisville, 1999 A Thesis Approved On: 28 July 2006 by the following Thesis Committee: _______________________________________ Adel Elmaghraby, Ph.D., Thesis Director _______________________________________ Ibrahim Imam, Ph.D. _______________________________________ Michael Losavio, J.D. _______________________________________ Julius Wong, Ph.D. ii ACKNOWLEDGMENTS I would like to say thank you to my distinguished committee members, especially Dr.
    [Show full text]
  • Cyber Conflicts in International Relations: Framework and Case Studies
    Cyber Conflicts in International Relations: Framework and Case Studies Alexander Gamero-Garrido Engineering Systems Division Massachusetts Institute of Technology [email protected] | [email protected] Executive Summary Overview Although cyber conflict is no longer considered particularly unusual, significant uncertainties remain about the nature, scale, scope and other critical features of it. This study addresses a subset of these issues by developing an internally consistent framework and applying it to a series of 17 case studies. We present each case in terms of (a) its socio-political context, (b) technical features, (c) the outcome and inferences drawn in the sources examined. The profile of each case includes the actors, their actions, tools they used and power relationships, and the outcomes with inferences or observations. Our findings include: • Cyberspace has brought in a number of new players – activists, shady government contractors – to international conflict, and traditional actors (notably states) have increasingly recognized the importance of the domain. • The involvement of the private sector on cybersecurity (“cyber defense”) has been critical: 16 out of the 17 cases studied involved the private sector either in attack or defense. • All of the major international cyber conflicts presented here have been related to an ongoing conflict (“attack” or “war”) in the physical domain. • Rich industrialized countries with a highly developed ICT infrastructure are at a higher risk concerning cyber attacks. • Distributed Denial of Service (DDoS) is by far the most common type of cyber attack. • Air-gapped (not connected to the public Internet) networks have not been exempt from attacks. • A perpetrator does not need highly specialized technical knowledge to intrude computer networks.
    [Show full text]
  • Research in Computer Forensics
    CORE Metadata, citation and similar papers at core.ac.uk Provided by Calhoun, Institutional Archive of the Naval Postgraduate School Calhoun: The NPS Institutional Archive Theses and Dissertations Thesis Collection 2002-06 Research in computer forensics Wai, Hor Cheong Monterey, California. Naval Postgraduate School http://hdl.handle.net/10945/5910 NAVAL POSTGRADUATE SCHOOL Monterey, California THESIS RESEARCH IN COMPUTER FORENSICS by Hor Cheong Wai June 2002 Thesis Co-Advisors: Daniel F. Warren Dan C. Boger Approved for public release; distribution is unlimited. THIS PAGE INTENTIONALLY LEFT BLANK REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington DC 20503. 1. AGENCY USE ONLY (Leave blank) 2. REPORT DATE 3. REPORT TYPE AND DATES COVERED June 2002 Master’s Thesis 4. TITLE AND SUBTITLE: Research in Computer Forensics 5. FUNDING NUMBERS 6. AUTHOR(S) Hor Cheong Wai 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING Naval Postgraduate School ORGANIZATION REPORT Monterey, CA 93943-5000 NUMBER 9. SPONSORING /MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10.
    [Show full text]
  • Digital Forensics and Born-Digital Content in Cultural Heritage Collections
    Digital Forensics and Born-Digital Content in Cultural Heritage Collections by Matthew G. Kirschenbaum Richard Ovenden Gabriela Redwine with research assistance from Rachel Donahue December 2010 Council on Library and Information Resources Washington, D.C. ISBN 978-1-932326-37-6 CLIR Publication No. 149 Published by: Council on Library and Information Resources 1752 N Street, NW, Suite 800 Washington, DC 20036 Web site at http://www.clir.org Additional copies are available for $25 each. Orders must be placed through CLIR’s Web site. This publication is also available online at http://www.clir.org/pubs/abstract/pub149abst.html. The paper in this publication meets the minimum requirements of the American National Standard 8 for Information Sciences—Permanence of Paper for Printed Library Materials ANSI Z39.48-1984. Copyright 2010 by the Council on Library and Information Resources. No part of this publication may be reproduced or transcribed in any form without permission of the publisher. Requests for reproduction or other uses or questions pertaining to permissions should be submitted in writing to the Director of Communications at the Council on Library and Information Resources. Cover photo collage: Inside view of a hard drive, by SPBer, licensed under Creative Commons; On The Road Manuscript #3, by Thomas Hawk, licensed under Creative Commons. Library of Congress Cataloging-in-Publication Data Kirschenbaum, Matthew G. Digital forensics and born-digital content in cultural heritage collections / by Matthew G. Kirschenbaum, Richard Ovenden, Gabriela Redwine ; with research assistance from Rachel Donahue. p. cm. -- (CLIR publication ; no. 149) Includes bibliographical references. ISBN 978-1-932326-37-6 (alk.
    [Show full text]
  • Nsic Focus Forensic Focus Forensic Focus
    STEVENSON UNIVERSITY FORENSIC FOCUS FORENSIC FOCUS FORENSIC FOCUS Collected By: ___________________________________________________________School of Graduate and Professional Studies Issue: _______________Fall 2015 IN THIS ISSUE Maryland Leaders Raise Concerns about Maryland Leaders Raise Computer Forensic Shortages Concerns about Computer According to RAND Institute’s 2014 research report Hackers Wanted, the perception Forensic Shortages that there is a shortage of cybersecurity professionals within the United States could leave the country vulnerable to cyber-attacks. While initiatives have been set in motion A Guide to to combat the shortage, the labor market continues to lag and is predicted to slowly Advancement in the catch up to the demand. Digital Forensics Field To address forensic challenges, Stevenson University established a Center for Forensic Excellence. The Center’s Cuckoo’s Egg: inaugural meeting held in May 2015, gathered many local, The Case that Put Digital state, and federal law enforcement leaders from Maryland Forensics on the Map to help identify opportunities and challenges facing forensic professionals in the state. Several of the meeting’s attendees Faculty Profile: echoed the concerns stated in the RAND report and have first- Michael Robinson hand experience with the shortage of cyber and computer forensics personnel, facilities, and services. Among the attendees was Stevenson’s Cyber Forensics Program Coordinator and Professor Michael Robinson. Robinson has experience performing computer and cell phone exploitation and analysis for agencies in the U.S. Intelligence Community. He has also worked for the FBI’s Investigative Analysis Unit and various corporations as a Honorable Rod Rosenstein, United computer forensic examiner. States Attorney delivering the keynote address at the Center for Forensic As a practitioner in the field, Robinson describes the extent Excellence May 15 meeting.
    [Show full text]
  • Training Manual (Draft)
    Project on Cybercrime www.coe.int/cybercrime Economic Crime Division Directorate General of Human Rights and Legal Affairs Strasbourg, France Version 31 March 2010 Cybercrime training for judges: Training manual (draft) Council of Europe Project on Cybercrime www.coe.int/cybercrime The initial version of this manual hass been prepared by Dr. Marco Gercke (Germany) for the Economic Crime Division of the Council of Europe (Directorate General of Human Rights and Legal Affairs) within the framework of the Project on Cybercrime. Inputs have also been received from Nigel Jones (Technology Risk Limited, UK) Fredesvinda Insa (CYBEX, Spain), Jan Spoenle (Max-Planck Institute, Freiburg, Germany) and other experts. It has furthermore been reviewed in connection with the PROSECO project of the European Commission and the Council of Europe on judicial networking in South-eastern Europe ( www.coe.int/economiccrime ). Contact Alexander Seger Economic Crime Division Council of Europe Strasbourg, France Tel +33 3 9021 4506 The views expressed in this technical report do Tel +33 3 9021 5650 not necessarily reflect official positions of the [email protected] Council of Europe Cybercrime training for judges 2 Council of Europe Project on Cybercrime www.coe.int/cybercrime Contents 1 Introduction: how to use this manual.......................................................................6 2 About cybercrime ...................................................................................................10 2.1 Why has cybercrime become an issue?..................................................................10
    [Show full text]