CRIM 431 Exam 4 WVU

What is routine activities theory and what are the three different components the theory examines?

RAT argues that when a crime occurs, three things happen at the same time and in the same space:

1. A motivated offender

2. A suitable target

3. Absence of a capable guardian

What is differential association/social learning theory, and what are the principles articulated within the theory?

Crime is a learned behavior stemmed from intimate relationships (Social groups, friends or family).

Crime is learned as a dynamic process consisting of four components:

1. Differential association with deviant others

2. Definitions supportive of crime

3. Imitation of peer offending behavior

4. Differential reinforcement of offending

What is subculture theory and what are the main points of emphasis with the approach?

Cohen's subcultural theory assumes that crime is a consequence of the union of young people into so-called subcultures in which deviant values and moral concepts dominate.

There are five general techniques of neutralization...be able to explain the difference between them

Denial of responsibility - This technique involves shifting the blame away from oneself for the deviant behavior. Individuals might attribute their actions to external factors such as peer pressure, coercion, or circumstances beyond their control.

Denial of injury - Individuals using this technique downplay or negate the harm caused by their actions. They might argue that the victim deserved the consequences or that the impact was minimal.

Denial of the victim - In this technique, individuals rationalize their actions by dehumanizing or blaming the victim. They might believe the victim deserved the treatment or view them as unworthy of sympathy.

Condemnation of the condemners - This technique involves discrediting those who criticize or condemn the deviant behavior. Individuals might argue that those pointing out their actions are hypocrites, immoral themselves, or have ulterior motives.

Appeal to higher loyalties - Individuals use this technique by justifying their actions based on loyalties to a higher cause or group. They prioritize their allegiance to a group or ideology over societal norms.

What are the three primary components of deterrence theory, and what is considered the most important deterrence component?

Punishment must take certain forms to deter offenders:

1. Certainty

2. Severity

3. Celerity (Swiftness)

Strongest deterrent is certainty (of being caught/punished)

When talking about the evolution of computer forensics, be able to briefly summarize the key characteristics of the pre-forensics/ad hoc phase, the structured phase, and the enterprise phase.

Pre-forensics/ad hoc: 1970s - early 80s. Lack of formal structure, protocols, training, and tools.

Structured phase: Mid 1980s - 1990s. Harmonization between computer forensic procedure/policy and computer crime legislation. Forensic tools and organizations developed.

Enterprise phase: Early 2000s. - Rapid advancements in technology increasing volume and complexity of digital evidence. Emphasis on proactive measures for cybersecurity, incident response, and continuous monitoring to prevent and detect cybercrimes.

What does the term digital forensics refer to, and how is it different from computer forensics?

Digital forensics encompasses a broader range of digital devices beyond just computers, while computer forensics specifically focuses on investigating data stored on computers and related devices.

Digital evidence may be found phones, GPS devices, cameras, gaming systems, networks, cars, etc.

What are the four common stages of a digital forensics investigation?

1. Survey/Identification

2. Collection/Acquisition and preservation

3. Examination/Analysis

4. Presentation

What are examples of the hardware, software, and peripheral components of digital evidence?

Hardware: Computers, mobile devices, storage drives

Software: Operating systems, application software, forensics tools

Peripheral: Networking devices, printers/scanners, digital cameras

What are we referring to when we talk about evidence integrity?

Reliability and truthfulness of the evidence

What is the goal of data preservation when it comes to forensics, and what is the difference between the imaging and verification phases of data preservation?

Goal of data preservation is maintaining original state, ensuring forensic soundness, supporting investigation.

The imaging phase involves creating a bit-by-bit, forensically sound copy (forensic image) of the original digital evidence.

The verification phase focuses on ensuring the integrity and accuracy of the forensic image by verifying its integrity against the original evidence.

What are hash values? What are I/O values?

A hash value is created for both the original drive and its image (copy). If the hash values do not match, then a change has occurred and the duplicate copy is not the same as the original drive

I/O are input and output values. Input Values are data inputs obtained from various sources, such as storage media, network traffic logs, system logs, memory dumps, etc. Output values are the results or findings obtained from the analysis of input data.

Have a basic understanding of the difference between physical and logical forensic analysis techniques and be able to explain the differences between the various methods that fall under each of these approaches.

Physical analysis focuses on the entire device and aims to gather a complete snapshot, providing a comprehensive view of the data.

Examples of physical forensic analysis:

• Bitstream imaging

• Hex analysis

• File Carving

Logical forensic analysis focuses on specific file systems, partitions, or areas of interest within a storage device.

Examples of logical forensic analysis:

• File system analysis

• Keyword search

• Metadata examination

What is the difference between encryption and steganography, and what is the primary goal of each?

Encryption: The process of transforming information (plaintext) so that it is no longer legible (ciphertext). The goal of encryption is privacy.

Steganography: The practice of hiding information in such a way that others are not aware that a hidden message exists. The goal of steganography is secrecy.

Be familiar with how both the 4th and 5th amendments of the Constitution factor into law enforcement investigations involving cybercrime.

The Fourth Amendment protects people from unreasonable searches and seizures by the government. Applies to digital searches and seizures.

The Fifth Amendment: Also known as the right against self-incrimination. In cybercrime investigations, the Fifth Amendment protects individuals from being compelled to disclose passwords, encryption keys, or other self-incriminating information that could potentially unlock or provide access to encrypted data or incriminating evidence on digital devices.

What are the basic requirements of a search warrant and what are the exceptions to requiring a warrant for a search?

3 basic requirements: Probable cause, an oath of truthfulness, and specificity about what is being searched and seized.

Exceptions: Consent, Search incident to arrest (probable cause to believe the phone contains evidence of a crime)

Be familiar with how each of the following cases shaped law enforcement's ability to search and seize evidence:

• Katz vs. United States

• Illinois vs. Rodriguez

• United States vs. Finley

• Riley vs. California

• United States vs. Carey

• In re Boucher (2007)

• Katz vs. United States - expanded Fourth Amendment protections to encompass a person's reasonable expectation of privacy, not just physical spaces.

• Illinois vs. Rodriguez - This case clarified the "open fields" doctrine regarding Fourth Amendment protections.

• United States vs. Finley -

nvm im not gonna remember all this

What are key disclosure laws, and how would you generally describe the state of these laws in the U.S. today?

A key disclosure law is legislation that mandates a person to provide encryption keys or passwords to law enforcement for digital forensic investigations.

In the US, there is no specific key disclosure law. Recent cases have complicated the issue.

Although we can't predict the future, what are some of the general trends in technology and criminality that will ultimately impact investigations into the future?

• Changing technicways will affect our risk for cybercrime victimization and offending

• As technology connects the world, it will become a venue for social movements and extremists

• Trusted platforms and VPNs will continue to be abused by hackers, whether at the nation-state level or criminal actors

• Content generating platforms and social media sites will likely become a resource for cybercriminals