Sunday, April 11, 2010

Outside Reading Two

Outside Reading Two
“An Extended Model of Cybercrime Investigations”
Answer the following four questions.

1. Why is a good model of cybercrime important?

· A good model of cybercrime investigation is important, because it provides an abstract reference framework, independent of any particular technology or organizational environment, for the discussion of techniques and technology for supporting the work of investigators.

2. Typically, how is the awareness created that an investigation is needed? Give two different types of examples.

· This awareness is typically created by events external to the organization which will carry out the investigation, e.g. a crime is reported to the police or an auditor is requested to perform an audit. It may also result from internal events, e.g. an intrusion detection system alerts a system administrator that a system’s security has been compromised.

3. What is the largest single gap in the existing models that the proposed model remedies?

· The single largest gap in the existing models is that they do not explicitly identify the information flows in investigations. For example, Reith et al. (2002) themselves have noted the absence of any explicit mention of the chain of custody in their model. This is a major flaw when one considers the different laws, practices, languages, and so on which must be correctly dealt with in real investigations.

4. According to the author, what makes this model more comprehensive than previous models?

· A comprehensive model can provide a common reference framework for discussion and for the development of terminology. It can support the development of tools, techniques, training, certification and accreditation of investigators and tools. It can also provide a unified structure for case studies/lessons learned materials to be shared among investigators, and for the development of standards, conformance testing, and investigative best practices.