• basedon unwritten principles
• generally accepted
• determined by Court Decision, Sovereign
• est. precident

• passed by legislative body
• codification process of documentation and grouped by subject
• Criminal or Civil

1. Criminal against society;fine or jailtime
2. Civil against 1 party by 1 party; fines/court costs/attorney fees

• regulations
• developed by executive in accordance w/legislation will
• violations pursued in admin law court
• iie. OSHA, USDA, FAA

protects rights of ownership of ideas, trademarks, patents, etc.

1. Patent invention
2. Copyright artistic work
3. Trademark design/phrase 
4. Trade Secret disclosure will damage business
5. Licensing to use other's work
6. Privacy individ. info

• Privacy Act of 1974
• FERPA
• ECPA
• HIPAA
• GLBA
• COPPA
• USA Patriot Act
• SOX Act

• CFAA
• CSA
• NIIPA
• FISMA

• awareness and adherence to relevant laws/regulations
• evolve w/new laws
• top mgt priority
• legal support is advised for Sec. Professionals

• legal responsibility for any damage caused by 1 party to another party
• avoid by following compliance, prudent person and:
  • due diligence prove authencity of claims

1. Internal
   • Audit dept
   • review processes, logs, transactions
   • Ensure compliance
2. External
   • 3rd Party
   • Verify Compliance
   • Provide oversight

• criminal act involving using computer as source or target
• stealing restricted information via hacking
• fraud
• illegal activity
• malicious code

1. Response capability
2. Incident Response and handling
3. Triage
4. Investigateive
5. Containment
6. Analysis and tracking
7. Recovery
8. Repair
9. Debriefing and feedback

1. Discover/recognize
2. Protection
3. Recording
4. Collection
5. Identification
6. Storage/preservation
7. Transportation
8. Presentation in court
9. Returned to victim/owner

1. Special techniques differ from physical crime
2. Utilize PROs
3. Amateurs may damage evidence

1. Best
2. Secondary
3. Direct
4. Conclusive
5. Opinion Expert (facts and expertise) vs Non-expert (just facts)
6. Corroborative multiple sources
7. Circumstantial
8. Hearsay
9. Demonstrative

• record of evidence history from collection to presentation
• legal control to provide accountability and integrity

1. Collect evidence
2. Maintain evidence
3. Present in court
4. Return to owner

1. Reliable
2. Preserved
3. Relevant
4. Properly ID'd
5. Legally Permissible

1. Protocol Analyzers/Sniffers intercept network traffic
2. CCTV video
3. Wire Taps subject to ECPA, requires subpeona
4. Security Personnel

• may be able to collect w/in org's boundary
  
• law enforcement has restrictions
  
• consult legal advisors regarding legal limitations if violated, could be excluded from court
• inform employees of privacy policies

1. Analyze SW for virus/worms
2. Obtain forensic copies of disk drive
3. Analyze disk drives for hidden information: slack space, deleted files, unallocated space
4. Analyze network traffic to locate criminal activity
5. Shutdown system w/o losing evidence