| Previous | Table of Contents | Next |
One other method of computer surveillance that is used is “sting operations.” These operations are established so as to continue to track the attacker, online. By baiting a trap or setting up “Honey Pots,” the victim organization lures the attacker to a secured area of the system. The system attackers were enticed into accessing selected files. Once these files or their contents are downloaded to another system, their mere presence can be used as evidence against the suspect. This enticement is not the same as entrapment because the intruder is already predisposed to commit the crime. Entrapment only occurs when a law enforcement officer induces a person to commit a crime that the person had not previously contemplated.
It is very difficult to track and identify a hacker or remote intruder unless there is a way to trace the call (e.g., caller ID or wire tap). Even with these resources, many hackers meander through communication networks, hopping from one site to the next, through a multitude of telecommunications gateways and hubs, such as the Internet. In addition, the organization cannot take the chance of allowing the hacker to have continued access to its system, potentially causing additional harm.
Telephone taps require the equivalent of a search warrant. Moreover, the victim will be required to file a criminal report with law enforcement and must show probable cause. If sufficient probable cause is shown, a warrant will be issued and all incoming calls can be traced. Once a trace is made, a pen register is normally placed on the suspect’s phone to log all calls placed by the suspect. These entries can be tied to the system intrusions based on the time of the call and the time that the system was accessed.
Investigative and Forensic Tools
Exhibit 2, although not exhaustive, identifies some of the investigative and forensic tools that are commercially available. Exhibit 2 identifies the hardware and software tools that should be part of the investigators toolkit, and Exhibit 3 identifies forensic software and utilities.
| Investigative Tools | |
|---|---|
| Investigation and Forensic Toolkit Carrying Case | Static Charge Meter |
| Cellular Phone | EMF/ELF Meter (Magnetometer) |
| Laptop Computer | Gender Changer (9 Pin and 25 Pin) |
| Camcorder w/NTSC adapter | Line Monitor |
| 35mm Camera (2) | RS232 Smart Cable |
| Polaroid Camera | Nitrile Antistatic Gloves |
| Tape Recorder (VOX) | Alcohol Cleaning Kit |
| Scientific Calculator | CMOS Battery |
| Label Maker | Extension Cords |
| Magnifying Glass 3 1/4" | Power Strip |
| Crime Scene/Security Barrier Tape | Keyboard Key Puller |
| PC Keys | Cable Tester |
| IC Removal Kit | Breakout Box |
| Compass | Transparent Static Shielding Bags (100 Bags) |
| Felt Tip Pens | Antistatic Sealing Tape |
| Diamond Tip Engraving Pen | |
| Extra Diamond Tips | Serial Port Adapters (9 Pin - 25 Pin & 25 Pin - 9 Pin) |
| Inspection Mirror | Foam-Filled Carrying Case |
| Evidence Seals (250 Seals/Roll) | Static-Dissipative Grounding Kit w/Wrist Strap |
| Plastic Evidence Bags (100 Bags) | Foam-Filled Disk Transport Box |
| Evidence Labels (100 Labels) | Printer and Ribbon Cables |
| Evidence Tape — 2" × 165' | 9 Pin Serial Cable |
| Tool Kit containing: | 25 Pin Serial Cable |
| Screwdriver Set (inc. Precision Set) | Null Modem Cable |
| Torx Screwdriver Set | Centronics Parallel Cable |
| 25' Tape Measure | 50 Pin Ribbon Cable |
| Razor Knife | LapLink Parallel Cable |
| Nut Driver | Telephone Cable for Modem |
| Pliers Set | |
| LAN Template | |
| Probe Set | |
| Neodymium Telescoping Magnetic Pickup | |
| Allen Key Set | |
| Alligator Clips | |
| Wire Cutters | |
| Small Pry Bar | |
| Hammer | |
| Tongs and/or Tweezers | |
| Cordless Driver w/Rechargeable Batteries (2) | Batteries for Camcorder, Camera, Tape Recorder, etc. (AAA, AA, 9-volt) |
| Pen Light Flashlight | |
| Computer Dusting System (Air Spray) | |
| Small Computer Vacuum | |
| Computer Supplies | Software Tools |
|---|---|
| Diskettes: | Sterile O/S Diskettes |
| 3 1/2" Diskettes (Double and High-Density Format) | |
| 5 1/4" Diskettes (Double and High-Density Format) | |
| Diskette Labels | Virus Detection Software |
| 5 1/2" Floppy Diskette Sleeves | SPA Audit Software |
| 3 1/2" Floppy Diskette Container | Little-Big Endian Type Application |
| CD-ROM Container | Password Cracking Utilities |
| Write Protect labels for 5 1/4" Floppies | Disk Imaging Software |
| Tape Media | Auditing Tools |
| 1/4" Cartridges | Test Data Method |
| 4 mm DAT | Integrated Test Facility (ITF) |
| 8 mm DAT | Parallel Simulation |
| Travan | Snapshot |
| 9-Track/1600/6250 | Mapping |
| QIC | Code Comparison |
| Checksum | |
| Hard Disks | File Utilities (DOS, Windows, 95, NT, UNIX) |
| IDE | |
| SCSI | |
| Paper | Zip/Unzip Utilities |
| 8 1/2 × 11 Laser Paper | |
| 80 Column Formfeed | |
| 132 Column Formfeed | |
| Miscellaneous Supplies | Miscellaneous Supplies |
| Paper Clips | MC60 Microcassette Tapes |
| Scissors | Camcorder Tapes |
| Rubber Bands | 35 mm Film (Various Speeds) |
| Stapler and Staples | Polaroid Film |
| Masking Tape | Graph Paper |
| Duct Tape | Sketch Pad |
| Investigative Folders | Evidence Checklist |
| Cable Ties/Labels | Blank Forms — Schematics |
| Numbered and Colored Stick-on Labels | Label Maker Labels |
| Previous | Table of Contents | Next |