354 ◾ Official (ISC)
2
® Guide to the ISSMP® CBK®
© 2011 by Taylor & Francis Group, LLC
crime. For instance, it is unlikely that law enforcement ocials will be able to take
action against many cyber-criminals unless the majority of countries rst enact
laws that criminalize the behavior of the oenders.
Some of the primary issues that face law enforcement in cybercrime cases
include the following:
◾ Increased investigative costs due to the need for high-priced specialists
◾ e diculties of conducting “real-time” investigations
◾ e ease of anonymity on the Internet
◾ Diculties with jurisdictional issues
◾ e rate at which technology is evolving
◾ e irrelevance of geographic distance
Civil and Criminal Law
One of the key distinctions between all legal cases is whether a case is civil or
criminal. Generally, a criminal case is one where the government punishes a per-
son due to the person’s undesired behavior. A civil case revolves around a person
or company recovering damages or stopping some behavior, e.g., through injunc-
tion. Forensic practitioners are likely to encounter either type of case depending on
whom they work for.
Criminal or penal law concerns those issues that are believed to aect the whole
of the population. e fundamentals of criminal law are known as the actus reus
(the guilty act) and the mens rea (the guilty mind) of the crime. e actus reus cov-
ers the actual act of having committed the crime. is is the physical element. In
hacking, the physical act could be sitting at the oender’s computer and starting
an attack script.
e mens rea of an act is the mental element associated with the deed. is is
more commonly known as intent. In some instances recklessness may suce to
cover the element of intent. An example of intent could come from something like
bragging. A hacker who announces over Internet relay chat (IRC) the intent to
break into a site could be said to have intent. Conversely, a penetration tester who
unknowingly attacks sites belonging to someone else under the honest belief that
the site belonged to the tester’s client would either be at worst reckless if the tester
had not checked the address, or could be shown to not have intent if the tester is
acting in good faith.
ere are a variety of civil actions. For the most part, these are either contract
or tort actions. As an example of a tort, if you allow Bob to run his Web site on
your server but do not give him any permission to do anything else and then he
subsequently uses the server to send large volumes of unsolicited email, having
your site blacklisted, you could recover damages. e rule is if you let somebody
use your property, and the person uses it in a way you did not anticipate or give
authorization (license) for, you may recover for this tort of conversion. On the other
Law Investigation, Forensics, and Ethics ◾ 355
© 2011 by Taylor & Francis Group, LLC
hand, if you had oered the site to Bob for a monthly fee, which he accepted, the
action would be for breach of contract.
At times there will be occasions where the forensics professional will be involved
in gathering information that is not strictly attached to a legal action. Some exam-
ples include cases where the material is
◾ Highly oensive but not unlawful
◾ Breach of procedure, policy, etc.
◾ Inappropriate only
In “at will” employment situations, no legal wrong may have been committed.
However, an employer may seek to minimize risk by removing the party who is the
source of risk.
Intellectual Property
Intellectual property laws concern the protection of another’s intellectual designs
and works. It is important to understand that when surng the Internet, what is
seen is protected by copyright. In addition, the actual Web site visited the domain,
and host address, is often the subject of trademark or passing o litigation.
e law of intellectual property is aimed at the safeguarding of peoples’ ideas.
Intellectual property is an expanse of law that deals with the protection of intan-
gible items such as ideas and creativity that exist in some tangible form, such as a
movie, music CD, name, or design. ere are many separate subject areas in intel-
lectual property law, including the following:
◾ Copyright
◾ Condence
◾ Design rights
◾ Domain names
◾ Moral rights
◾ Performance rights
◾ Patents
◾ Passing o
◾ Trademarks
Copyright Laws
e United Sates Copyright Oce site (www.copyright.gov) denes copyright as
being “a form of protection provided by the laws of the United States” (title 17, U. S.
Code) to the authors of “original works of authorship,” including literary, dramatic,
musical, artistic, and certain other intellectual works (Figure5.1). is protection
is available to both published and unpublished works. Section 106 of the 1976
356 ◾ Official (ISC)
2
® Guide to the ISSMP® CBK®
© 2011 by Taylor & Francis Group, LLC
Copyright Act normally proers the copyright holder with the exclusive right to do
and to authorize others to do the following:
◾ Reproduce the work in copies or phonorecords
◾ Prepare derivative works based upon the work
◾ Distribute copies or phonorecords of the work to the public by sale or other
transfer of ownership, or by rental, lease, or lending
◾ Perform the work publicly, in the case of literary, musical, dramatic, and choreo-
graphic works, pantomimes, and motion pictures and other audiovisual works
◾ Display the work publicly, in the case of literary, musical, dramatic, and cho-
reographic works, pantomimes, and pictorial, graphic, or sculptural works,
including the individual images of a motion picture or other audiovisual work
◾ In the case of sound recordings, to perform the work publicly by means of a
digital audio transmission
Misuse of software in relation to copyrighting is a criminal oense with heavy
nes imposed for anyone caught copying copyrighted software. If in doubt, do not
copy. When implementing copyright policy within an organization, the following
questions should be asked:
1. Are users in your department aware of the current copyright laws (i.e., copy-
ing software, unless specied, is unlawful)?
2. Is each software package only installed on one machine in your department?
3. Are warranty registration cards led with the vendor?
4. Is each software package copyright documentation read before installation?
In the United Kingdom, copyright law is governed through the Copyright,
Designs, and Patents Act 1988 (the “1988 Act”) and the ensuing decisions of
courts. e Australian position
*
mirrors that of the United Kingdom where protec-
tion of a work is free and automatic upon its creation, and diers from the posi-
tion in the United States, where work has to be registered to be actionable. While
*
e Australian Act is modeled on the 1956 U.K. Act.
Registrations of books,
music, films, sound
recordings, maps, software,
photos, art, and multimedia.
Also includes all renewals
Registrations of periodicals,
magazines, journals, and
newspapers.
Copyright ownership
documents, such as name
changes and transfers.
Books, Music, etc. Serials Documents
Figure 5.1 U.S. copyright search.
Law Investigation, Forensics, and Ethics ◾ 357
© 2011 by Taylor & Francis Group, LLC
some divergences may be found, Australian copyright law largely replicates the
frameworks in place within the United States and United Kingdom.
How Long Does a Copyright Last?—As with all things, copyright protection
eventually ends; it is only a “limited monopoly.” When copyrights expire, they fall
into the public domain. With a number of exceptions, public domain works may
be unreservedly copied or used in the production of derivative works without either
the permission or authorization of the former copyright holder. In 1998, the con-
tentious “Sonny Bono Copyright Term Extension Act” (CTEA) passed into law.
is U.S. law added 20 years to most copyright terms and created a moratorium
that in eect stops any new works from entering the public domain until 2019.
CTEA was enacted to ensure protection for U.S. works in the foreign market and
includes access restrictions over works published later than 1922. e U.S. Supreme
Court rejected (Eldred et al. v. Ashcroft, Attorney General 537 U.S. 186) a popular
challenge to the CTEA.
e copyright term is shorter than these jurisdictions in Australia, being the
creator’s life plus 50 years, whereas the UK has a term of 70 years from the end of
the calendar year in which the last remaining author of the work dies for literary
works. As co-signatories to the Berne Convention, most foreign copyright holders
are also sheltered in both the United Kingdom and Australia.
The Doctrine of “Fair Use”
Section 107 of the U.S. Copyright Act details the doctrine of “fair use.” is
doctrine has evolved through the decisions of a number of court cases over time.
Reproduction of a selected work for criticism, news reporting, comment, teaching,
scholarship, and research is included within the provisions of “fair use” as dened
in Section 107 of the Act. e Copyright Oce does not provide the authoriza-
tion to use copyrighted works. You need to seek permission from the owner of a
particular copyrighted work.
Section 107 of the Act sets out four factors used in determining fair use:
1. e purpose and character of the use, as well as whether such use is of a com-
mercial nature or is for nonprot educational intentions
2. e nature of the copyrighted work
3. e degree and substantiality of the section used in relation to the copy-
righted work as a whole
4. e eect of the use upon the potential market for or value of the copyrighted
work
It is dicult to distinguish among use that is covered by “fair use” provisions and
copyright infringement. ere is no mention of the number of lines, words, and notes
that may be taken from a copyrighted work before it constitutes an infringement.
358 ◾ Official (ISC)
2
® Guide to the ISSMP® CBK®
© 2011 by Taylor & Francis Group, LLC
Copyright and Fraud: Plagiarism
e Webster New World Dictionary describes plagiarism as taking ideas of another
and passing them as “one’s own.” is section details the tools and detection factors
involved when investigating plagiarism. A common misconception is that plagia-
rism hurts nobody. e reality is that it is a fraud and thus a criminal oense (see
§ 1341. Frauds and swindles). Plagiarism takes away from the eort of the author
and society suers as a consequence.
Defining the Term “Trademark”
e United States Patent and Trademark Oce (USPTO) denes a trademark as
“a word, phrase, symbol or design, or a combination of words, phrases, symbols
or designs, which identies and distinguishes the source of the goods of one party
from those of others.” is denition includes brand names, symbols, slogans, a
design of merchandise—even the packaging style, specic words, smell, specic
color, or an amalgamation of any of the above that could aid the consumer in
dierentiating a particular product or service from others in an equivalent trade.
Trademarks can fall into three primary categories: service marks, collective marks,
and certication marks.
Service Mark—e USPTO denes a service mark as “any word, name, symbol,
device, or any combination, used, or intended to be used, in commerce, to identify
and distinguish the services of one provider from services provided by others, and
to indicate the source of the services.” It is comparable to a trademark with the
single distinction being that a service mark is designed to identify and dierentiate
the service of an organization from others in the equivalent eld of trade.
Collective Mark—e USPTO denes a collective mark as “a trademark or service
mark used or intended to be used, in commerce, by the members of a cooperative,
an association, or other collective group or organization, including a mark, which
indicates membership in a union, an association, or other organization.”
Certification Mark—e USPTO denes a certication mark as “any word, name,
symbol, device, or any combination, used, or intended to be used, in commerce
with the owner’s permission by someone other than its owner, to certify regional or
other geographic origin, material, mode of manufacture, quality, accuracy, or other
characteristics of someone’s goods or services, or that the work or labor on the goods
or services was performed by members of a union or other organization.”
Service Mark and Trade Dress—e dierence between a trademark and a ser-
vice mark is minor. Primarily, the dierentiation occurs as one of product and
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.