CyberJustice Course 1

What are the three pillars of the U.S. criminal justice system?

Law Enforcement, Courts, Corrections

In the CIA Triad, what does “I” stand for?

Integrity

Which best defines 'Confidentiality' in cybersecurity?

Encrypting all emails

A phishing attack typically targets which human vulnerability?

User trust and behavior

Which of the following is NOT an example of cybercrime?

Trespassing on propert

The 2016 DNC breach was primarily caused by:

Social Engineering (Phishing)

Which part of the justice system would likely be responsible for prosecuting cybercrime cases?

Courts

What happens if the ‘Availability’ principle is violated?

Systems are down or inaccessible

Digital fraud is best defined as:

Using deception online to steal assets or identity

The CIA Triad applies primarily to:

 

Cybersecurity frameworks

What is law enforcement?

• Deect and investigate crime through evidence collection, suspect identification, and case building (police)

What are courts?

Adjudicate case and interpreting law of federal, state, and local courts. Ensures due process, fair trials, and appropriate sentencing based on establisnhed legal frameworks

Corrections

Enforce sentences, rehabilitation, and reintegration through prisons, jails, probation, and aprole systems

What are evidence challenges?

Digitial evidence may be altered

What is jurissdictioinal complexity?

Cybercrimes can span many countries which creates enforcement challenges as each country varies in law, treaties, and political considerations

What is investigative adaptation?

Law enforcement must develop new technical skills and investigative methods. Requires specialized training, tools, and understanding of digital forensics principles that differ significantly from policing appraoches

What is legal admissibility?

Courts face complex questions regarding admissibility, authenticity, and reliability of digital evidence (Chain of custody)

Case Example 2016 DNC Hack

Attack Vector: Attackers used phishing email to gain access to sensitive email accounts and network resources

Impact: Thousands of emails and documents were exfiltrated and leaked publicly, affecting the US election and damaging organizational credibility

Justice challenges; Case raised complex issues of sovereignty, attribution, and foreign interference in domestic affairs

Security Lessosn: Email security, employee training, and multi-factor authebtication

Computer Fraud and Abuse Act (CFAA)

• US law for addressing cyber based crimes

Electornic Communications Privacy Act (ECPA)

• US law

Summarry of the HIPAA Security Rule

The Security Rule establishes a national set of security standards to protect certain health information that is maintained or transmitted in electronic form.

ogether, the Privacy, Security, and Breach Notification Rules help to protect the privacy and security of protected health information (PHI).¹⁰

European Commission - GDPR

Applies to european citizens and companies handling their data

The Equifax breach exposed

143 million credit records

Under GDPR, what is a ‘data cubject’?

A person whose data is being processed

Colonial Pipeline was shut down due to:

Ransomeware attack

Which law is most concerned with privacy in email and phone communication?

ECPA

Which of the following is a challenge when prosecuting international hackers?

Jurisdiction across borders

Case Study: Equifax Breach (2017)

Massive data preach of 147.9 million american, 15.2 million UK, and 19,000 Canadian consumers (social security numbers, birthdates, addresses, driver’s licenses)

• Failed to patch a known critical Apache Struts vulenrability (CVE-2017-5638) despite a patch being avaialble for months

• OVer $700 million in fines and settlements (FTC, CFPB, 50 US States) for consumer restitution, credit monitoring, and identity restoration

• Influence GDPR, strengthened breach notfic

Case Study: Colonial Pipeline (2021)

• DarkSide ransomeware disrupted 45% of US east coast fuel supply through a single compomised VPN password

• Company paid 4.4 million to hackers

• FBI later recovered some o the ransom

• Exposed weaknesses in infrastructure protection

What is the primary purpose of digital forensics?

To collect, preserve, and analyze digital evidence

Which concept ensures digital evidence is trustworthy in court?

Chain of custody

Which of the following is an example of metadata?

File creation and modification dates

If the chain of custody is broken, what is a likely consequence?

The evidence may be ruled inadmissible in court

Which of the following tools is commonly used for capturing network traffic?

Wireshark

What does FTK stand for?

Forensic Toolkit

In a forensic investigation, why is taking a disk image important?

To preserve the original data in a tamper-free state

Which of the following is the LEAST likely source of digital evidence?

Physical fingerprints on a laptop

What type of case would most likely rely on memory forensics?

Rootkit detection during a live breach

What is the FIRST step when beginning a digital investigation?

Acquire and preserve the evidence

What is digital forensics?

• Collecting, preserving, and analyzing digital evidence for use in investigations

  • Criminal investigations

  • Civil litigation and disputes

  • Internal corporate investigations

• Goal: Create legally admissible evidence that can withstand court proceedings and lead to just outcomes

Chain of Custody

Documentation process that maintains the integrity of digital evidence throughout an investigation

Collection

Evidence is discovered and documented at the scene

Preservation

Evidence is secured using forensic methods

Documentation

Every transfer and access is recorded

Presentation

Evidence is presented in court

Cyberjustice invovles sensitive digital evidence across various forms like:

• Emails and Chat Messages

• Hard Drives & Mobile Devices

• Malware Samples

• Screenshots

• Login records

• Cloud logs

• Forensic imags

• System access history

Whos on the Law team and what they need

• Prosecutors

  • Authentic

• Defense attorneys

  • Legally obtained

• Corporate legal counsel

  • Properly documented

• Compliance officers

  • Securly preserved

• Risk management teams

  • Traceable from beginning to end

• HR investigators

• Forensic Analysts (Expert witnesses)

Understanding the chain of custyd

What - What evidence was collected?

Where - Where it was stored

Who - Who collected it

Handled by - Who handled or transferred it

When - When it was collected

Why - Why it was accessed or moved

Protected - Whether it remained protected from alteration

Types of Digital evidence

Storage Media

• Hard drive images

• USB drives

• Cloud storage

Communication Date

• Email metadata

• Chat logs

• Call records

User activity

• Broswer history

• Download records

• Search queries

System data

• Server logs

• timestamps

• Mobile phone content

Common forensic tools

• FTK Forensic Toolkit

  • Comprehensive evidence processing and analysis

• Autopsy

  • Open source GUI tool for disk analysis

• EnCase

  • Enterprise grade forensic analysis platform

• Wireshark

  • Captures and analyzes network packts

• Volatility

  • Memory forensic framework

• Cellebrite

  • Mobile device forensic extraction

Real-World Case Scenarion

1. Initial Alert

2. First Response

3. Investigation

4. Documentation

What is predictive policing?

• Predictive policing tries to harness the power of information, geospatial technologies and evidence-based intervention models to reduce crime and improve public safety.

Which ethical dilemma is often linked to predictive policing systems?

Algorithmic bias

Which of the following is a GDPR principle?

 

Right to be forgotten

Which of these is NOT a typical ethical concern in cyber law enforcement?

Increased IT funding

True or False: The CFAA is enforced only by state governments.

 

False

Which case highlighted ransomware risks to U.S. critical infrastructure?

Colonial Pipeline

Ethical Dilemmas in Cybersecurity

• Surveillace vs. Privacy

• Algorithmic justice

• Facial recognition boundries

• Encryption backdoors

Which responsibility is most closely associated with the role of a SOC Analyst?

Monitoring security alerts, analyzing suspicious activity, and escalating potential incidents

What is the primary value of resources such as CyberSeek or the NICE Framework?

They map cybersecurity roles, skills, and career pathways to help learners understand workforce opportunities

Which scenario best represents an ethical issue in cybersecurity?

Deciding whether to deploy a monitoring tool that improves security but may intrude on user privacy

Which concern is most often raised about advanced surveillance technologies?

They may expand public safety capabilities while also increasing risks to privacy, fairness, and civil liberties

Why is digital evidence handled carefully during forensic investigations?

Because improperly handled evidence may lose integrity, credibility, or evidentiary value

Which example best illustrates metadata?

Information such as file creation date, author, location tags, or transmission time associated with data

In digital investigations, chain of custody is best understood as:

A documented record showing who collected, handled, transferred, and stored evidence over time

During a suspected cybersecurity incident, why is evidence preservation so important in the early stages of response?

Because preserved evidence can support investigation, containment decisions, and possible legal action

Which of the following scenarios is the clearest example of cybercrime rather than a general technology misuse issue?

The judicial system, because it oversees adjudication and application of law in court proceedings